UNIVERSITE OUVERTE DE HCMV UNIVERSITE LIBRE DE BRUXELLES
ECOLE DE COMMERCE SOLVAY
MMVCFB
PROGRAMME DE MAITRISE EN MANAGEMENT
VIETNAM-COMMUNAUTE FRANCAISE DE BELGIQUE



PHAN QUYNH ANH


BUILDING A RISK MANAGEMENT SYSTEM AT
HO CHI MINH CITY INVESTMENT FUND FOR
URBAN DEVELOPMENT
(HIFU)



MASTER DEGREE THESIS IN MANAGEMENT
(MMVB 6)



HO CHI MINH CITY
2007




MMVCFB

PROGRAMME DE MAITRISE EN MANAGEMENT
VIETNAM – COMMUNAUTE FRANCAISE DE BELGIQUE

PHAN QUYNH ANH

CASE STUDY:

BUILDING A RISK MANAGEMENT SYSTEM AT
HO CHI MINH CITY INVESTMENT FUND FOR
URBAN DEVELOPMENT
(HIFU)


MASTER DEGREE THESIS IN MANAGEMENT
(MMVB 6)


GUIDANCE COUNSELOR: DR. VU HUU DUC


HO CHI MINH CITY
2007

































ACKNOWLEDGMENTS
After learning the two years of the Vietnam Belgium Master-In-Management
Program - Intake 6 (MMVB6), I have gained knowledge on various aspects of
business management which are very valuable for my application in my actual
work. When studying with my classmates, I have also gained the team spirit and
the assistance and cooperation that help me build and develop my relationship

with friends at school. In preparing the thesis on
“Building a risk management
system at Ho Chi Minh City Investment Fund for Urban Development (HIFU)”
,
I would like:
- To express my sincere thanks to the organizers of MMVB6 who have
successfully held the courses under the MMVB Program;
- To thank all Vietnamese and Belgian Professors who have educated me
over the two years at MMVB 6 in Ho Chi Minh City Open University;
- To express my special thanks to Dr. Vu Huu Duc for his devoted
guidance and informative comments for my thesis, assisting me in completing this
thesis with fruitful outcomes;
To complete this thesis, I very much appreciate the assistance received from
the director in charge of my department and many colleagues at HIFU who have
created convenient environment for my work, my study and provided me with
advices and necessary information as valuable materials for me to write up my
thesis.
Last but not least, I would like to devote my mind and my heart to all my
family members and my friends who have encouraged and supported me in the
most positive way from the start until the completion of the MMVC 6.
Ho Chi Minh City, 28 February 2006

MMVB6


ABSTRACT

Together with economic development, enterprises and financial institutions
have faced with different kind of risks. Consequently, risk management has
become a critical issue for many organizations all over the world in recent years.

Currently, in Vietnam, this concept has still been a new issue to many
enterprises, especially for state-owned company. Apparently, risks in trading,
including financial transactions of Vietnamese firms are likely to occur frequently
and at more serious level. In addition, those risks have more and more
complicated and sophisticated and would lead to serious damages and losses for
firms if those firms have not willing to face with those matters. Accordingly, it is
very crucial to have a tool of risk prevention for Ho Chi Minh City Investment
Fund for Urban Development (HIFU) to deal with risks in its operation and
development.
This research aims to identify potential risks and the current situation that
may cause to the Fund’s activities and suggest a risk management system for the
Fund. Attempts are made to propose a risk management system for the Fund in
risk management and give some recommendations for State and for the Fund itself
to implement that system efficiently and effectively
The research suggests that all the Fund’s employees should keep in mind the
increasing risks in the Fund’s operation due to the rise in uncertainty of the
market. However, knowing risk management and applying an appropriate risk
management will help them in preventing and minimizing loss.





WARRANT STATEMENT

I declare that this thesis is my own work and the source of
information and material that I have used have been fully
identified.
PHAN QUYNH ANH








COMMENTS OF GUILDANCE COUNSELOR
TOPIC
: Build a risk management system at Ho Chi Minh City Investment Fund
for Urban Development (HIFU).
PERFORMED BY
: Phan Quynh Anh
GUIDED BY
: Dr. Vu Huu Duc

The thesis is necessary as it is meaningful in both argument and reality. This
is a sincere and meticulous research to apply the theory of Risk management,
international standards, etc in order to propose a risk management system which
is comprehensive and feasible for Ho Chi Minh City Investment Fund for Urban
Development (HIFU.)

The thesis was in a good presentation, written in a clear and
transparent style and reasonably structured.
During time doing this thesis, student Phan Quynh Anh has learning spirit,
serious research and has executed well the plan and research’s process as she
proposed.
As such, the work as performed by student Phan Quynh Anh has
completely met requirements of the thesis of the Master-in-Management
Program.
As the guidance counselor, I evaluate the quality of this thesis at the level:

Great Distinction: 18/20.

Ho Chi Minh City, 28 February 2006

(Signed)

Dr. Vu Huu Duc
Guidance Counselo
r



COMMENTS FROM ASSESSOR 1
TOPIC
: Build a risk management system at Ho Chi Minh City Investment Fund
for Urban Development (HIFU).












COMMENTS FROM ASSESSOR 2
TOPIC

: Build a risk management system at Ho Chi Minh City Investment Fund
for Urban Development (HIFU).












TABLE OF CONTENTS
INTRODUCTION 1
1. Background 1
2. Objectives and scope of the research 2
3. Methodology 2
4. Research framework 3
5. Structure of research 3
CHAPTER I - LITERATURE REVIEW 4
1.1 General concepts about risk management 4
1.1.1 Concepts of risk 4
1.1.2 Concepts of risk management 5
1.1.3 Objectives of risk management 6
1.1.4 Cause and factor of influences 7
1.1.5 Risk management’s keystones 8
1.1.6 The major risks in finance industry 9
1.1.7 Summary of some typical cases 11

1.2 Introduction of COSO’s Enterprise risk management 13
1.2.1 Introduction of COSO 13
1.2.2 COSO – Internal Audit Framework, 1992 and Improvements to
Enterprise Risk Management Framework 14
1.2.3 Introduction of COSO’s Enterprise Risk Management Integrated
Framework 17
1.2.4 Enterprise Risk Management defined by COSO 17
1.2.5 Components of COSO’s Enterprise Risk Management
Framework 19
1.2.6 Benefits of Enterprise Risk Management 20
1.2.7 Limitation of Enterprise Risk Management 21
CHAPTER II - CURRENT SITUATION AT THE FUND 23
2.1 Overview of local investment funds in Vietnam 23



2.2 Overview of the Fund 24
2.2.1 History and development 24
2.2.2 The Fund’s missions 27
2.2.3 Organization chart 28
2.2.4 Nine years of operation (1997 – 2005) 29
2.2.5 Oriented development for period 2006-2010 30
2.3 Current management processes 32
2.3.1 The appraising process 32
2.3.2 The process of trusted fund management 33
2.3.3 The process of credit financing 34
2.3.4 Direct investment process 35
2.4 Current situation of risk management at the Fund 36
CHAPTER III - PROPOSAL RISK MANAGEMENT SYSTEM AT THE
FUND 43

3.1 Propose to build a risk management system at the Fund 43
3.1.1 Establishing the internal environment 43
3.1.2 Setting the objectives and event identification 44
3.1.3 Setting the risk assessment and risk prevention 45
3.1.4 Setting the monitoring procedure 46
3.2 Proposed risk management procedures in specific activities 47
3.2.1 Credit risk management procedure 47
3.2.2 Anti-money laundering procedure 56
3.3 Recommendations 71
3.3.1 General direction 71
3.3.2 Recommendations for the Authority – State 71
3.3.3 Recommendation for the Fund’s Board of Directors and Board
of Management 75
CONCLUSION 78
REFERENCE



ABBREVIATIONS

AML Anti-Money Laundering
AMLIC Anti-Money Laundering Information Center
ADB Asian Development Bank
AFD Agence Française de Développement
BOD Board of Director
FATF Financial Action Task Force
HIFU Ho Chi Minh City Investment Fund for Urban Development
HCMC Ho Chi Minh City
IFC International Finance Corporation
GoV The Government

KYC Know Your Customer
LDIFs Local Development Investment Funds
ML Money Laundering
MLRO Money Laundering Representative Officer
OFAC Office of Foreign Asset Control
PCs The People’s Committee
SOE State-Owned Enterprise
USTDA United States Trade and Development Agency
VND Vietnamese dong
WB World Bank




INTRODUCTION

BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY
INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 1

INTRODUCTION

1. BACKGROUND

In the process of integration with the international economy, Vietnam
government has had efforts to achieve the progress on many areas of economy, politics
and society.
By 2005, Vietnam has established commercial relations with over 220 countries
and territories among the total number of 250 countries and territories in the world
1
.

Although obtaining remarkable improvement in turnover and expanding market in
trading, Vietnamese firms still have faced a number of problems in their activities. The
reasons are that they have not got accustomed with the international custom, practices,
regulations and law systems, lacking of information and knowledge of risk
management. Therefore, risks in trading as well as in business activities are inevitable.
As a result, managing the risks to sustainable development and competition
enhancement is the essential strategy of the each country as well as each enterprise. In
fact, risk management has received much more attention from enterprises and they
have recognized that enhancing risk management and internal control will help them to
increase their value as well as to be vital in a full hapless environment. From that,
being a key financial institution of the City Government, Ho Chi Minh City
Investment Fund for Urban Development (HIFU) (hereinafter referred to as “the
Fund”) really need to have a risk management system, not least at the present time its
activities and international collaboration are much more increasing gradually.
This research aims to identify risks that the Fund may face during its operation,
and suggest to build a risk management system. From that, some recommendations for
the improvement in risk management are given.





1
Source: The Ministry of Planning and Investment, The Five Year Socio-Economic Development Plan 2006-
2010, Hanoi March 2006
INTRODUCTION

BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY
INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 2
2. OBJECTIVES AND SCOPE OF THE RESEARCH


ϖ The objectives of this research are:
• Identify potential risks and inherent risks may impact on the Fund based
upon the Fund’s functions and characteristics.
• Introduction a risk management framework for the Fund’s implementation
which has issued by COSO (Committee of Sponsoring Organizations)
• Give concluding remarks and recommend solutions to State and the Fund
for better risk management at the Fund.
ϖ The scope of the research:
The thesis will first guide an introduction of concepts of risks, risk management
and comprehensive introduction of COSO and its enterprise risk management
framework that is used popularly all over the world.
The main part of this thesis focuses on the Fund’s current situation and the need
of risk management system. With the above objectives, this research focus only on a
proposal of risk management system and proposes two processes as two specific
examples in managing two among of various risks which are probably occurred at the
Fund. In conclusion, this research gives some recommendations for the State and the
Fund’s Board of Management on better building risk management system for the
Fund.
3. METHODOLOGY

This research is conducted in 2 stages:
1. Review literature on:
- Concepts of risk and risk management in finance and banking field
- COSO – Enterprise risk management framework.
- Some official documents, analysis, reports of the Fund
2. Conclusions and recommendations:
Following a new kind of risk management framework, the literature of risk
management as well as a comparison with the current situation of the Fund and current
situation of Vietnam as well, some conclusions and suggestions are given to help the

Fund in setting an effective and efficient risk management.
INTRODUCTION

BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY
INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 3

4. RESEARCH FRAMEWORK














5. STRUCTURE OF RESEARCH

Excluding the introduction and the conclusion of the thesis, this thesis includes three
following parts:
♣ Chapter 1: Introduces the literature review of risk, risk management theories and
COSO – enterprise risk management framework.
♣ Chapter 2: Current situation of the Fund, the overview of the Fund and current
situation of risk management at the Fund.
♣ Chapter 3: Propose a risk management system for the Fund, and two risk

management procedure as examples. In addition, there are some
recommendations for the State and the Fund to implement the risk management
in the better way.

- Current situation in Risk
management of HIFU
- Propose a risk
management system at
HIFU
Objectives of Research
Literature review on:
- COSO-Enterprise Risk
Management
Framework
- Concept of Risks and
Risk Mana
g
ement
Conclusion and
recommendations
CHAPTER I

BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY
INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 4

CHAPTER I
LITERATURE REVIEW
1.1 General concepts on risk management
1.1.1 Concepts of risk
There are many definitions of risk depending on the specific application and

situational contexts. Generally, risk is a concept that denotes a potential negative
impact to an asset or some characteristic of value that may arise from some present
process or future event (Wikipedia). However, there are some more specific concepts
of risk such as:
+ Williams, JR, Smith and Young (1998) stated that ’’risk is potential variation in
outcomes. When risk is present, outcomes cannot be forecasted with certainty’’.
+ Frank Knight (1921) defined that “Risks are uncertainties that are able to be
measured”. His approach related to the determinable or undeterminable abilities of
uncertainties.
+ Allan Willett (1901) said that “Risk is a specific uncertainty related to an
unexpected experience”. Therefore, his approach related to the people’s attitudes. The
unforeseen incidents are risks; the expected one is not called risk.
+ Hertz & Thomas (1984) have suggested that “ risk means uncertainty and the
results of uncertainty… risk refers to a lack of predictability about problem structure,
outcomes or consequences in a decision or planning situation.”
+ Irving Pferffer (1956) claimed that “Risk was measurable in terms of probability
and that uncertainty was a state of mind measured by degree of belief”.
+ Holton (2004) defined that “if people don’t know what will happened, the
outcome is uncertain. It seems that risk entails two essential components such as
exposure and uncertainty. Then, risk is exposure to a proposition of which one is
uncertain”.
According all above risk concepts, risks can be understood as below:
CHAPTER I

BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY
INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 5
• Risks are uncertain events which happen suddenly.
They happen without ability to know in advance the exact. They can occur at any
time in future.
• Risks cause losses.

When risks happened, they will damage the life, spirit, assets of the people which
can lead to material or immaterial consequences.
• Risks are unexpectable events.
The uncertainties happened without expectation will be referred as risk,
otherwise, with expected one is not called a risk.
Finally, if event occurs intentionally or is known in advance, or happened
without leaving any consequences, those events are not seen as risks. Alternatively, if
an event occurred that lead to losses in the plan will not be seen as risk.
1.1.2 Concepts of risk management
Nowadays, the world economy has faced a lot of many criminals or business
corruptions due to lack of management, especially lack of risk management. So that
the enterprise risk management is now become a critical issue in business that all
companies must deal with. Generally, enterprise risk management is so-called a tool
which enables management to identify, assess and manage risks in the face of
uncertainty.
Similarly, risk management is a general management function that seeks to
assess and address the causes and effects of uncertainty and risk on an organization.
The purpose of risk management is to enable an organization to progress toward its
goals and objectives (its mission) [Williams, JR, Smith and Young, 1998].
Moreover, James Lam (2003) stated that ‘‘Risk Management is the process of
measuring, or assessing risk and then developing strategies to manage the risk’’. In
general, the strategies include transferring the risk to another party, avoiding the risk,
reducing the negative effect of the risk, and accepting some or all of the consequences
of a particular risk. Traditional risk management focuses on risks stemming from
physical or legal causes (e.g. natural disasters or fires, accidents, death, and lawsuits).
CHAPTER I

BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY
INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 6
Financial risk management, on the other hand, focuses on risks that can be managed

using traded financial instruments. Regardless of the type of risk management, having
risk management teams is more and more necessary for all corporations.
In sum, risk management is known as a tool in helping the management to
achieve the entity’s performance and profitability targets and prevent loss of resources.
1.1.3 Objectives of risk management
Nowadays, every enterprise faces a myriad of risks affecting different parts of the
organization and it is important for the management is how much uncertainty and risks
to be accepted. Consequently, the enterprise risk management helps the management
better deal with risks in achieving an entity’s objectives.
These objectives are set in four categories as below:
ϖ Strategic: risk management supports the management achieve the entity’s
high –level goals and its mission.
ϖ Operations: based on risk management, the entity can use effectively and
efficiently of its resource.
ϖ Reporting: the reports of risk management have more reliable information
ϖ Compliance: risk management provides reasonable assurance of compliance
with laws and regulations
Besides helping in achieving an entity’s objectives, risk management also assists
the management in enhancing risk response decisions. Based on this system, the
management can identify and select among different risk responses as risk avoidance,
reduction, sharing and acceptance. Alternatively, risk management is a discipline for
dealing with the possibility that future events may cause adverse effects by providing
methodologies and techniques for making the decisions. Last but not least, the risk
management can help an entity in reducing operational surprises and losses, and in
avoiding damages to its reputation and associated consequences. In other word,
enterprise risk management helps an entity get to where it wants to go and avoid
obstacles and surprises along the way.
CHAPTER I

BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY

INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 7
1.1.4 Cause and factor of influences
ϖ Objective causes:
Theses causes of risk happen unexpected, uncontrollable and not directly related to
human activity. The objective causes of risks include:
a. Causes arise from unfavorable natural conditions such as: storm, tsunami,
flood, earthquake, etc. These are phenomena follows the law of nature and are
influent by many different factors.
b. Causes arise from the business environment: the business environment contains
many potential risks to those not either able to recognize and apply economic
rules, nor to take business opportunities, or not being adaptive with the
environment change, etc. These are indirect causes of risks and damages to
companies. The causes of risks arise from the business environment include:
• Economic crisis: a fundamental factor causes bankruptcy to several
businesses.
• Economic policy of the government: changes in economic and public policy
represent a potential source of risk to the business environment that
businesses are facing.
• Changes in monetary policy, exchange rates: is an important risk factor to
businesses, especially to business relying on international trade.
Therefore, objective causes are uncontrollable. The solution against this type of
risks largely is depended on the forecasting and the adaptive capability of the
businesses. Risks come from these objective causes although does not occur so often
but they cost severe and widespread damages to the business environment.
ϖ Subjective causes:
These causes of risks arise from both direct and indirect human or institute actions
in doing their business. Some major subjective causes as follows:
a. Human mistakes in selecting business strategy.
b. Human mistakes in selection management structure and policy.
c. Lack of information.

CHAPTER I

BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY
INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 8
d. Lack of competence in profession as well as management.
e. Due to negligence, imprudence, subjectiveness of all members in enterprise.
f. Due to lack of work experience, sense of responsibility and moral.
g. Smuggling, swindle and unfair competition.
h. Corruption and bureaucracy.
In sum, those causes even if it be objectivity or subjectiveness which are to cause
risks damages or losses to human as well as the entity. However, regarding to
objective causes, it is very difficult for the human to control or eliminate those risks
because they depend on outside externalities. The people mainly focus on the methods
of reduction, avoidance or sharing the risks. In the other hand, regarding to subjective
causes, although they are so complicated, they are caused by human activities;
therefore; they can be controlled by various solutions such as reduction, sharing,
control, dispersing, and transferring the risks.
1.1.5 Risk management’s keystones
Risk is an indispensable to business environment. As a result, risk management is
a critical and important task for an existence and stable growth of an entity. To run risk
management system effectively, the entities should thoroughly understand of some
keystones as below:
• Impact: important or non-important.
• Probability: likelihood of its happening.
• No risk, no profit.
• Separate a person who accepts risks with a person who controls risks.
• Public and transparent.
• Actively response risks
• Control: what methods are in place to protect or deal with that situation.
CHAPTER I


BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY
INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 9

1.1.6 The major risks in finance industry
Basically, there are three types of fundamental risks that all enterprises have to
face during their operation such as Business risk, Financial risk and Operational
risk. However, depend on business type; enterprise’s characteristic that each above
risks will include many different concrete risks.
HIFU is a financial institution, i.e. its operation mainly is in finance industry.
According to Bank Training Center (2006), they define each type of fundamental
above risks will include following concrete risks:
ϖ Business risk:
This risk is the uncertainty associated with operating cash flows of a business. In
other word, it is the risk that a company will not have adequate cash flow to meet its
operating.
It includes some risks as above:
o Political risk, Policy risks: the risk that regulators will change the current
rules or impose new rules. They may negatively impact to entity’s
position.
o Credit risk: this risk is identified when a business partner is not being able
to fulfill the agreements in the contract.
o Environment risk: generally refers to the increased chance that biological
or ecological damages could occur as a result of exposure to hazardous
substances present in the environment. Any living organism can be
affected.
CHAPTER I

BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY
INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 10


ϖ Operational risk:
This risk is identified when an entity indirectly or directly suffer a loss as a
consequences of failures in technologies, processing, human resources and other
similar risks.
It includes some risks as below:
o Reputation risks: this risk is identified when an entity’s performance or its
methods does not meet the creditors’ expectations.
o Technology risk: the risks are influence to technology information system.
Any uncertainties, vulnerabilities impact to security of information
system.
o Personnel risk: any intentional frauds, mistakes can be referred as
personnel risks of an entity.
o Money Laundering and Fraud risk: the risk is considered as a conduct of
individual or organization seeking a way to legalize money or assets
obtained as a result of crime.
ϖ Financial risk:
The uncertainty associated with how a firm finances its business (that is, debt vs.
equity).
It includes some risks as below:
o Bankruptcy risk: the risk is identified when a counterparty, which owes an
entity’s money, goes bankrupt.
o Market risk: it is the risk that the value of an investment will decrease due
to moves in market factors (including interest risk, foreign exchange risk,
and liquidity risk).
+ Interest risk: the sensitivity of a security's price to the change in market
yields. The longer the maturity of a bond (all other features the same), the
CHAPTER I

BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY

INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 11
more the interest rate risk. The greater the coupon rate of a bond (all other
features the same), the less the interest rate risk.
+ Liquidity risk: this risk is identified when a debtor is not being able to
pay off their liabilities when they come due.
+ Foreign Exchange risk: the risk of an investment's value changing due
to changes in currency exchange rates.
1.1.7 Summary of some typical cases
(a) Typical examples on international banks suffered from losses in 1990
2

• The case of Barings, Plc
On 26 February 1995, Barings Plc (UK) announced bankruptcy after 233 years of
existence. Direct cause that led to this case was due to Mr. Leeson who was an officer
in charge of the Bank’s operations in Singapore. He self-managed to decide to invest
USD 7 billion in term exchange contracts on the index of Nikkei on the stock
exchange of Japan. Due to wrong anticipation of the exchange rate, Barings suffered a
loss of USD 1.3 billion. The mistake of Barings was due to the fact that Leeson took at
the same time 2 functions: operation and post-operation (examine, supervise the
Bank’s operation, absolute compliance to guidelines and policies of the Bank) while in
principle, those 2 functions shall be totally independent to each other. Leeson was over
confident in his business skills and made use of over-centralization of power on him
that led to the above-mentioned losses. The lesson on the bankruptcy of Barings was
an alert to all the banks in the world about losses that may occur due to the loop holes
in monitoring, supervision, management and assigning of functions per job.
• The case of Daiwa Bank Limited, Japan and Daiwa Bank Trust in New
York:
This bank was one of the 12th largest banks in Japan. On 26 January 1995, the
Bank advised Mr. Igushu, Executive Office of the Bank in New York that the Bank




2
Extracted from the article on ‘Risks and financial loss: some typical lessons to learn published on the Financial
and Monetary Market – Serial No. 4 – Year 2002 (pages 17, 18, 19)
CHAPTER I

BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY
INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 12
has suffered from 1.1 billion dollars worth 1/7 of the Bank’s total resources. More
seriously, Igushu had hidden and provided totally wrong reports on the Bank’s
operation over 11 years from 1984. Even though there are warnings on loop holes in
the Bank’s internal control but this fact was not cared by the Bank’s Executive Board.
As a result, the Bank’s branch in New York had to be closed as a warning that the
Bank’s operations were not secured nor healthy and breaking the laws.
(b) Typical examples in Vietnam in recent years

• The case of La Thi Kim Oanh:
This is a typical example of outcome of work style without a principle that many
joint stock banks (JSB). Only with introduction letters from 2 vice-ministers at
Ministry of Agriculture and Rural Development, La Thi Kim Oanh obtained total
loans of VND 77 billion but only invested for those projects with a total amount of
VND 12 billion, the balance was drawn down for herself expenditures. At the court,
when being asked why the Bank did not perform any project appraisal before
disbursing the loan, but disbursed the loans immediately. The Bank’s representatives
explained that they only examined briefly the loan documents and they relied too
much on the managers swimming skills. (Extracted from Lao dong – Issue No. 81,
dated 21/03/2004, page 7).
• The case of Nguyen Trong Quy and his team
Due to opening accounts with Branch No. 5 (the Branch) of Incombank (the

Bank) from 2001, Director and Chief Accountant at MK Construction & Trade Co.,
Ltd. (MK) created close relationship with Director of the Branch, Credit Manager and
Credit Officer at the Branch. From that, MK was granted loans without fulfilling
procedures required by the Bank. Moreover, the Director and Chief Accountant at MK
regularly cooperated with officers at the Branch to misappropriate in lending
transactions.
Knowing the above problems, at beginning 2002, Nguyen Trong Quy actively
proposed MK Chief Accountant to create chances for Hoang Dinh Co., Ltd., Dai Phat
Co., Ltd. to approach credit officers of the Bank to obtain loans with promises that
CHAPTER I

BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY
INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 13
they would share commissions if successful. With cheating knowledge and techniques,
Nguyen Trong Quy had helped the above accomplices to falsify dossiers,
documentations relative to loan projects, etc. to formalize loan documentation. After
drawing the loans, those people fled away leaving the huge loss to the Branch
(Extracted from People’s Police News – Issue dated 28 February 2004, page 5)
Lesson learnt
: Based on the above-mentioned typical cases both on international
and local levels, though the seriousness and circumstance of each case may be
different but overall lessons learnt can be summarized as below:
• Some high level management executives of the banks have ignored
compliance to operating principles and legal regulations on banking
activities;
• Executives at lower levels, officers directly handling transactions were not
educated in professional ethics and became of low level of accountabilities,
their quality became easy to be changed or deteriorated, thus being easy to
be lured by customers.
• Procedures at companies were not clear in authorization of rights, leading

case of executing in exceed of allotted rights. Reviews, supervision for
process of granting loans, use of loans were considered as weak.
• Internal control as well as risk management tools at the banks were
inefficient in timely finding out errors and frauds to stop them from
happening. After actual losses have occurred, the banks started to find
measures to rectify the errors and frauds, but could not avoid serious results
that they could not recover the banks assets and loans.

1.2 Introduction of COSO’s Enterprise risk management
1.2.1 Introduction of COSO
Due to questionable corporate political campaign finance practices and foreign
corrupt practices in the mid-1970s, the Securities and Exchange Commission (SEC)
CHAPTER I

BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY
INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 14
and the U.S. Congress enacted campaign finance law reforms and the 1977 Foreign
Corrupt Practices Act (FCPA) which criminalized transnational bribery and required
companies to implement internal control programs. In response, a private-sector
initiative, called the National Commission on Fraudulent Financial Reporting
(commonly known as the Treadway Commission) was formed in October 1985. As a
result, COSO was originally formed in 1985 to sponsor the Treadway Commission
studied the causal factors that can lead to fraudulent financial reporting and developed
recommendations for public companies and their independent auditors, for the
Securities and Exchange Commission (SEC) and other regulators, and for educational
institutions.
COSO - The Committee of Sponsoring Organizations of the Treadway
Commission - is a voluntary private sector organization dedicated to improving the
quality of financial report through business ethics, effective internal controls, and
corporate governance.

The National Commission was jointly sponsored by five major professional
associations in the United States as below:
• The American Accounting Association – AAA
• The American Institute of Certified Public Accountants - AICPA
• Financial Executives International - FEI
• The Institute of Internal Auditors - IIA
• Institute of Management Accountants – IMA
The Commission was wholly independent of each of the sponsoring
organizations, and contained representatives from industry, public accounting,
investment firms, and the New York Stock Exchange.
1.2.2 COSO – Internal Audit Framework, 1992 and Improvements to
Enterprise Risk Management Framework