TABLE OF CONTENT

ACKNOWLEDGMENT
During studying and completing this thesis, I have received guidance, great
assistance from teachers, friends and classmates. With deep respect and gratitude, I
would like to express sincere thanks to:

Faculty of

International Training -

Vietnam University of Commerce

have

created all favorable conditions to help me in my education background and
completing thesis.

All teachers of Vietnam University of Commerce and other foreign experts from
IAE de LYON,specialy Doctor Vu Manh Chien who were very helpful and have taught,
encouraged, created favorable conditions for me during the course to date of thesis.

Despite great efforts with all enthusiasm for this thesis, but my thesis still has
mistake. So I hope to receive sympathy and suggestions of all teachers in the
marking council .


ABSTRACT
In recent years, the trend of liberalization and globalization of economy has brought
Vietnam economy both opportunities and challenges requiring the government and
authorities put more efforts. In the field of Finance & Banking, we have built crucial basis

for a financial monetary economy, technology modernization and bank operations to create
the market mechanism. The institutions for bank operations have been improved and the
operating mechanism of monetary policy has been innovated basically. Moreover,
regulations and international standards of bank operations have been applied, so the credit
quality has been improved significantly.
However, in the period of integration, the opening of the financial market increases
the number of wealthy foreign banks with high technology and management quality
entering into Vietnam market, pressure of competition for commercial banks in Vietnam
also increases along with the loosened regulations for foreign financial institutions. At that
time, with the small size, low management quality, low technology and labor skills, the
commercial banks will not catch up with foreign commercial banks and lose the game if
they do not innovate. Besides, occurring risks of banks; especially the credit risks, have not
been managed and controlled strictly, which can lead to a big loss. At the moment, the risk
of bankruptcy of banks can appear at any time if they do not focus on enhancing the
efficiency of risk management in their business activities.
With the reasons above, ensuring the sustainability and consistency of the
development is the most important target in management and operation of Vietnam
commercial banks.
One of necessary strategic solutions is to reorganize and upgrade the control
system, internal audit of each commercial bank. In the small scope, among activities of
bank, the credit activities need focusing on because it is the main source of finance for the
banks, however, containing a lot of risks.


Recognizing the importance of internal auditing of credit activities in the time
working at Petrolimex, I choose the topic for the Master thesis: “Improving the internal
credit audit system in Petrolimex Group Commercial joint stock Bank”

CHAPTER I: OVERVIEW OF RESEARCH
1.1. Necessity of research

The increasing of society's demands day by day, with fierce competition in the
market requires commercial banks to diversify its product portfolio to increase revenue for
banks, and distributed risk. But among the products that banks providing the credit
operation is the basic activity and plays a decisive role with existence of each bank. This
shows very clearly the scale of credit operations accounted for the largest proportion of
total bank assets (about 70%) and brings 80% of revenues for banks. However, credit also
contains many business risks.
Credit risk is the potential losses that banks incur when making loans to customers,
the losses associated with the customer who does not repay the full credit when due. Credit
risk is various and complex. It depends on the customer (financial status, responsibility
with debts) and bank (ability of management, risk prediction), and this is also the risk most
common in the banking activities. Therefore, to deal with these risks, the requirement is
that the commercial banks have to set up a complex control system, and pay special
attention to the work of internal audit to credit operations used to monitor individual credit
as soon as it arises until the end, and the entire process of monitoring the implementation
of credit granted as consideration for loan disbursement, loan monitoring...
And this also demonstrates the actual loss and disruption that the commercial banks
have to suffer from the loss of internal control systems to ensure safe and efficient
operation.
Hence, the internal audit did not fully accomplish the task; the banks are faced with
uncontrolled risks. Especially, credit risk and consequences of these risks are very
unpredictable. Thus, the perfection and development of internal audit work in general and


internal auditing credit activities in particular are essential requirements set for commercial
banks to ensure safety in the business of the bank, while improving the efficiency of capital
use and improving the quality of bank credit.

1.2. Problematic of research:
From those reasons I mentioned above, I choose the research project:

“Improving the internal credit audit sytem in Petrolimex group commercial joint
stock bank”.
1.3. Research objectives:
Research objectives are to clarify the theory of internal audit work in enterprises in
general, banks in particular and the actual situation of internal credit audit works in
Petrolimex group commercial joint stock bank.
1.4. The questions are posed in the study:
What is the theory of internal audit work in banks in general and in PG Bank in
particular?
Is internal credit audit of Petrolimex group commercial joint stock bank reliable?
Is organization of internal audit work in Petrolimex group commercial joint stock bank?
In compliance with basic principles? What are shortcomings? Specifically as follows:
How the internal credit audit look like?
Organizational structure of internal auditing like?
The internal credit audit process is closely organized?
Organized testing, quality control, internal credit audit?
1.5 Object of research:
Petrolimex group commercial joint stock bank
1.6 Scope of research
Although internal audit is an essential tool for all types of organizations, the topic
only focuses on internal credit audit work organization in Petrolimex group commercial
joint stock bank.
1.7. Research methodology:


Illustration of the method mainly in research materials, surveys, interviews,
observations combined with the actual method, methods of analysis, synthesis,
comparison, evaluation, directly investigation as a basis to organize the internal credit audit
in Petrolimex group commercial joint stock bank.


1.8. Contribution of research
The topic helps clarify the perception of internal audit work in general and internal
credit audit work organization in Petrolimex group commercial joint stock bank in
particular. Assessment of the situation of internal credit audit work in Petrolimex group
commercial joint stock bank is to synthesis and makes some proposals for improvement of
internal credit audit work in Petrolimex group commercial joint stock bank.
1.9. Structure of thesis
Besides thanks, contents, list of diagrams and references, structure of thesis include
four chapters. Specifically:
Chapter 1:

Overview research on internal audit

Chapter 2:

Some basic theory on the organization of internal audit work

Chapter 3:

Research Methodology and organisation of internal credit
audit at Petrolimex group Commercial Joint Stock bank.

Chapter 4:

Conclusions, discussions and recommendations to improve the
internal credit audit system at Petrolimex group Commercial Joint
Stock bank.


CHAPTER II: THEORETICAL FRAMEWORK

2.1 Some concepts and theories of internal audit
2.1.1. Internal audit definition
Internal audit has come a long way over the last two or three decades. In the past,
internal audit was seen as a mechanism to double – check the many thousands of financial
transactions that were posted to the accounts each week. In the 1950s and 60s, it pretty
much consisted of basic tests of the accounts with a view to isolated errors and
irregularities. Huge standardized audit work programs would be prepared that determined
the steps that had to be taken to verify figures in the main accounting ledger and feeder
systems. In contrast, today’s internal auditor facilitates the development of suitable
controls as part of a wider risk strategy as well as providing assurances on the reliability of
these controls. The move from detailed low-level checks of huge volumes of mainly
financial transactions to high-level input into corporate risk strategies has been
tremendous.
Other industries also expanded their internal audit programs, and in 1941 the Institute
of Internal Auditors was born to herald a distinctive a discipline quite apart from public
accounting.
The definition of internal auditing began to evolve. In Latin ‘auditor’ literally means
‘listener’. Nowadays, not that much has changed in the essential elements of auditing if we
follow the definition from Arens and Loebbecke (1997, 2): “Auditing is the accumulation
and evaluation of evidence about information to determine and report on the degree of
correspondence between the information and established criteria. Auditing should be done
by a competent independent person”.
Furthermore, internal auditing in the Standards for the Professional Practice is defined


in this way: “Internal auditing is an independent appraisal function established within an
organization to examine and evaluate its activation as a service to the organization.”
Auditing Standard ASA 610 Considering the Work of Internal Audit, issued by the
Auditing and Assurance Standards Board (AUASB) defines internal audit as follows:
Internal audit” means an appraisal activity established within an entity as a service to the

entity. Its functions include, amongst other things, monitoring internal control”.
The objective of internal audit to assist members of the organization carries out their
responsibilities effectively. It equips them how to analyze, evaluate, suggestions,
recommendations and information concerning activities reviewed. The objective of internal
audit framework also gives effective control at reasonable cost.
- Loyal to the nature of the audit, independence in internal audit is given top priority.
Internal auditors are independent when they can perform their work in a free and objective
manner. In reality, as they are members of an organization, the meeting of this requirement
can be more difficult than State auditors and independent auditors. Therefore, this
independence is only relative. In fact, all cases, scope, progress and effectiveness of
internal audit work should not be limited by any things. If so, internal auditors can get the
desired results. To this end, internal auditors should have equal status and necessary
independence.
• To ensure the independence, first of all, internal auditors conduct a review of any
findings related to the organization. Based on surveys, initial research, their professional
skills, they consider and assess activities of the organization. Results obtained from the
review and assessment will form a basis for them to clarify and give consultations for the
next operations.
• Result of internal audit is a great support for members of organizations such as the
Board of Management, Board of Directors, shareholders, and all staffs. Therefore, the
scope of the work is very widespread and it affects all activities of the organization. It is
the reason why internal audit is established as a division of the organization.
According to the professional guidance of the Institute Internal Auditors
(IIA), public sector governance encompasses the policies and procedures used to
direct an organization’s activities to provide reasonable assurance that objectives are met


and that operations are carried out in an ethical and accountable manner. In addition, the
Institute of Internal Auditors (IIA) has developed the globally accepted definition of
‘internal auditing’ as follow: “Internal auditing is an independent, objective assurance and

consulting activity designed to add value and improve an organization. It helps an agency
accomplish its objectives by bringing a systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control and governance processes”.
According to this definition, an internal audit function could be viewed as a first line
defense” against inadequate organizational governance and financial reporting. With
appropriate support the Board of Directors’ and Audit Committee (if any), the internal
audit staff is in the best position to gather intelligence on appropriate accounting practices,
inadequate internal controls, and infective corporate governance. The scope of internal
audit activity embraces the wider concepts of corporate governance and risk – recognizing
that control exists in an organization to manage risk and promote effective governance.
The remainder of the IIA’s definition of internal auditing covers a number of
important terms that apply to the profession
• The term independent is used for auditing that is free of restrictions that could
significant limit the scope and effectiveness of any internal auditor review or the later
reporting of resultant findings and conclusions.
• The word appraisal confirms the need for an evaluation that is the thrust of
internal auditors as they develop their conclusions.
- The term established confirms that an internal audit is formal, definitive function in
the modern enterprise.
• The phrase examine and evaluate describe the active roles of internal audit work
that applies to all of the activities of the modern enterprise.
• The word service recalls that the help and assistance to the audit committee,
management, and other members of the enterprise are the end products of all internal
audit work.
• The phrase to the organization confirms that internal audit’s total service scope
pertains to the entire enterprise, including all personnel, the board of directors and their
audit committee, stockholders, and the owners.


For the banking and credit institution in Vietnam, aaccording to No.37/2006/QDNHNN, Decision of the governor of the State bank of Vietnam on the issuance of the

Regulation on internal audit of credit institutions, defined ““Internal audit” is an act of
independent, objective inspection, verification, assessment for the internal inspection,
control system; independent assessment of the appropriateness and compliance with
policies, procedures and process which are set up in the credit institutions, whereby the
unit performing internal audit shall provides proposals, advices for the purpose of
enhancing the operation effectiveness, efficiency of systems, processes, provisions, making
contribution to the assurance of the prudential, efficient and lawful operation of credit
institutions.
As such, according to this definition, internal audit is conducted in the organization
by its staff and ensured by independence and objectiveness. That is, it is not hindered by
any divisions or objects when determining work scope, work performance and work result
reporting. At the same time, internal auditors must be impartial, fair so as to not to be
dependent on or dominated by others.
The term “Internal Audit” itself expresses its particular characteristic and nature.
Based on the origin and different forms of internal audit, we can see that internal audit
appears and develops due to objective needs.
From the above analysis, we can draw the nature of Internal Audit is an independent
division of a organization performing examination, assessment work and giving
recommendations of improvements on its activities for managers’ objectives
2.1.2. Some theories of internal audit in commercial bank.
Theoretical framework for internal auditor in commercial banks is determined by the
provisions of the Institute Internal Audit (IIA), Basel Committee, Ministry of Finance, and
State Bank of Vietnam.
- The Institute of Internal Auditors (IIA) is the primary international professional
association, organized on a worldwide basis, dedicated to the promotion and development
of the practice of internal auditing. The IIA is the recognized authority, chief educator, and
acknowledge leaders in standards, education, certification, and research for the profession
worldwide. The Institute provides professional and executive development training,
educations products, research studies, and guidance to more than 122,000 members in
more than 100 countries. From 1941, IIA has been well equipped to help members to meet



generally accepted professional standards by:
• Issuing ethical law
• Approving an announcement on responsibility of internal auditors
• Establishing frequent training program
• Building general knowledge content
Approval of professional standards is one of important steps in the development
process of internal audit. Professional standards of internal audit are the result of great
efforts made by the Committee in three years. They are tools for professional activities in
all business fields at various levels of the Government and organizations where internal
audit appear.
Basel Committee established in 1974 by central bank governors of 10 countries, this
Commission to develop and publish standards relating to banking activities. Basel
Committee in 1988 issued measurement system which consists of 25 basic principles of
banking supervision (Basel I). However, after a period of application, the principles of
Basel I have shown some weakness. Specifically provides only a single measure of risk
capital for banks operating on international scale through its own capital indicators on
assets adjusted for risk (CAR ≥ 8%) without considering the different nature of the bank
risks, the loans and other factors. Also, the application of Basel I cannot help countries
prevent financial and monetary crisis.
Basel Committee issued the measure of risk framework (Basel II) on July 01 in 2001
and takes effect in late 2006, replacing the treaty of Basel I. Basel II consists of a series of
standards aimed at improving monitoring and risk management techniques and is
structured in three levels: (i) required minimum capital ratio for credit risks and operational
risks, (ii) give directions relating to the monitoring process, (iii) requires banks to provide
basic information related to the capital, to ensure that risks encouraging the principles of
the market.
Treaty of Basel II emphasis on methods of control, internal audits in the bank itself,
process monitoring and market rules, increase flexibility in the management of risk and

greater attention to risk sensitivity. Treaty showed specific concepts as well as other
measures of risk such as credit risk, market risk, and operational risks.


Basel Committee encourages each bank should develop a process to monitor and
manage operational risks and specific details. Should be conducted regularly to monitor all
operations, all the chains in the transaction process to make the report warned of defects,
errors or omissions in any business policies, operating procedures in bank.
Ministry of Finance: the main content of Decision No 832/TC-QD-CDKT dated on
28/10/1997 is the developing internal audit regulations for State enterprises. Circular No
52/1998-TT-BTC issued on 16/04/1998 guide apparatus internal audit in State enterprises,
Circular No 171/1998-TC-BTC replace Circular 52/1998-TT-BTC.
Based on the characteristics of the sector, State Bank issued QD37/2006/QD-NHNN
on 01/08/2006. Decision guides the internal audit regulations apply to credit institutions.
2.1.3 The function of internal audit
Internal audit’s function is both to verify and express opinions, control and consult.
Control is the first function of internal audit which is similar to verification function of
general audit. It is the control function that decides to the appearance of internal audit. It is
said that Internal Audit is an organized type whose function is to measure and assess the
effectiveness of other controls. An organization set objectives for divisions and follow up
them. The next work is to use internal audit to measure and assess other existent controls.
As such, internal auditor’s role is controller to understand the nature and scope of other
controls. Specifically, internal audit is to “assess and measure accurately the level of risks
relating to management systems, activities and information provision system of the
organization. Based on results of risk evaluation, internal auditors must assess the
propriety and effectiveness of activities and internal control system over these above
systems”
(Campbell and Timothy, 2003). Therefore, internal auditors both perform their tasks
and become experts in designing and performing other controls to get the best result. These
experts’ skills include their understanding of controls, relation and diversified co-operation

in the internal control system. Through controls, internal auditors consider and evaluate
activities of the organization. In fact, their professional fluency of internal auditors cannot
be compared to that of people who directly perform these tasks. However, they can help
related people to get better results by clarifying existent control works and making
improvements in the work.


With the development of internal audit, its function is expanded from control and
evaluates the internal control system to evaluate and make improvements in the
organization’s activities. From an analysis of definitions of internal audit, we see that
modern internal audit not only control but also more focus on consulting and assisting
audit division in risk management and improvement of work effectiveness. Expanded
function and role have created positive changes in role of internal audit. Internal audit
which was originally coercive by managers has become voluntary work of audited
divisions.
(Campbell and Timothy, 2003). Therefore, internal auditors both perform their tasks
and become experts in designing and performing other controls to get the best result. These
experts’ skills include their understanding of controls, relation and diversified co-operation
in the internal control system. Through controls, internal auditors consider and evaluate
activities of the organization. In fact, their professional fluency of internal auditors cannot
be compared to that of people who directly perform these tasks. However, they can help
related people to get better results by clarifying existent control works and making
improvements in the work.
With the development of internal audit, its function is expanded from control and
evaluates the internal control system to evaluate and make improvements in the
organization’s activities. From an analysis of definitions of internal audit, we see that
modern internal audit not only control but also more focus on consulting and assisting
audit division in risk management and improvement of work effectiveness. Expanded
function and role have created positive changes in role of internal audit. Internal audit
which was originally coercive by managers has become voluntary work of audited

divisions.
2.1.4 Basic principles of internal audit activity
According to Article 4 of Decision 37/2006/NHNN – QD, banks have to ensure the
following principles:
* Independence
The internal audit department shall operate independently compared with units,
managing, professional operation departments of the credit institution; the internal audit
activity shall be independent of activities of management, professional operation of the


credit institution. In the process of auditing or providing accounting services, auditors are
not dominated or influenced by any material or spiritual benefits which affect their
truthfulness and objectivity and professional independence. Auditors are not allowed to
perform the audit work at entities where their relatives are working for. In the audit
process, if there are any factors affecting their independence, the auditors must remove
them. If not removed, they must be clearly stated in the audit report.
* Objectiveness
The internal audit department, internal auditors must assure the objectiveness,
truthfulness, fairness, non-prejudice when they perform the task of internal audit.
Objectivity is to ensure not to leave out the mistakes, let their opinion on audit report
depend on others’ and occur any substantial agreement on quality.
* Specialty
Internal auditors shall be those who have necessary knowledge, standard and skills of
internal audit and do not concurrently undertake other posts and specialized works of the
credit institution. Internal auditors must be qualified at the working process
Three principles are in internal audit in banks of the Basel Committee, July 2000.
However, under this document, banks must comply with other following principles
* Continuity
Internal audit in banks must be regularly and continuously conducted. Therefore, the
management must provide the appropriate power and support internal audit department to

achieve its goals.
* Principle of operation scope
Every division and operation is subject to internal audit, regardless of branch or
subsidiary.
Overall, internal audit must consider and assess the appropriateness and effectiveness
of internal control activities.
2.1.5 Content of internal audit
It is the work that internal auditors have to perform in the internal audit process.
Organizing internal audit work includes the following: organizing internal audit
apparatus, process, inspecting and controlling internal audit work.


Organization of internal audit apparatus: Internal audit apparatus organized in line
with an entity’s scale will help the leaders closely and effectively control its business
activities. At the same time, it will help managers control the quality of internal audit
easily, appropriately assign tasks.
Setting up an internal audit department is based on the operation scale and scope of
operation, staff qualifications and operation fields.
In Vietnam, under Article 15 of Internal Audit Regulations applicable to State-owned
enterprises issued together with Decision No. 832 TC/QĐ/CĐKT dated 28 October 1997 of
the Minister of Finance, internal audit is organized directly under the General Director of
the enterprise. Under Article 7 – Decision No. 37/206/QĐ-NHNN dated 01 August 2006 of
Vietnam State Bank Governor on issuing Internal Audit Regulations, internal audit at credit
organizations and banks is consistently organized under the direct supervision of Board of
Control. As such, to ensure independence of internal audit, Internal Audit department is
often under the direct management of Board of Management (Board of Control) or
(General) Director.
Internal audit department often includes: manager, deputy manager (if any), group
leader, internal auditors and internal auditor assistants (if any). Internal auditors often
perform work with high pressure. Their work includes:

• Examine the true and fair view of financial information, business information and
use methods to identify, evaluate, classify and report such information.
-

Check the compliance with the policy, plan and rules.

-

Check asset protection and consider whether assets are actually existent or not?

• Internal auditors must examine whether the use of resources are economical or
cost-effective or not?
• Internal auditors must evaluate work or programs to confirm whether obtained
results are consistent with set objectives or work and programs are implemented as
scheduled or not?
Normally, internal audit department in enterprises in general and banks in
particular can be organized under the following models:
- Centralized model: Internal audit department is only set up at the head office, not at
units or branches… This model ensures the objectivity, independence of internal audit and
helps improve the profession of internal audit.
- Decentralised model: apart from the internal audit department at the head office, it


is also set up at dependent units, subsidiaries, branches, etc. The central internal audit
department will conduct the audit of all activities of the organization and perform complex
audit engagements. This model is usually applied to multinational companies having
operations in many geographically separated countries and territories.
- Combined model: apart from the internal audit department at the head office, the
enterprise can conduct the internal audit at an area and be responsible for a certain
geographical area.


CHAPTER 3
RESEARCH METHODS AND ORGANISATION OF INTERNAL
CREDIT AUDIT AT PETROLIMEX GROUP COMMERCIAL
JOINT STOCK BANK
AN OVERVIEW OF PG BANK’S HISTORY
►History
Petrolimex Group Commercial Joint Stock Bank (PG Bank) was formerly Dong Thap
Muoi Rural Joint Stock Bank. Dong Thap Muoi Rural Joint Stock Bank’s operation permit
was issued by the State Bank’s Governor’s License No. 0045/NH – GP dated November
13, 1992. Accordingly, the bank’s initial charter capital was 700,000,000 VND (seven
hundreds million Vietnam dong) and its operating district was Dong Thap province. After
10 years of operation, PG bank‘s organizational system has constantly been strengthened,
achieving a steady growth rate with a low overdue debit and an annual business result that
always brings about high profits to its shareholders. The bank’s charter capital now
reaches 5,000 million VND, which is seven times higher than the initial charter capital.
In an effort to restructure its operation, in July 2005, Dong Thap Muoi Bank decided to
invite new shareholders to participate, making an increase of the charter capital to 90 billion
VND. Among the new shareholders were financially potential and banking-business experienced
Vietnam National Petroleum Corporation (Petrolimex) and Sai Gon Security INC (SSI).
With the contribution of big shareholders, the bank has made a significant progress.
In September 2006, the bank increased its capital to 200 billion VND. Its total asset as of
December 31st, 2006 was 1,187 billion VND, the outstanding loan was 801 billion VND,
the total revenue in 2006 was 69 billion VND and its profit before tax was 17.49 billion
VND. The bank, in cooperation with a foreign consultant, was able to create a long-term
development strategy. It was also successful in the selection and deployment of the core


banking software by IFLEX, one of the most modern banking software presently.
In March 2007, PG Bank was authorized to be transformed into an urban joint stock

bank by State Bank Decision No. 125/QD-NHNN dated January 12, 2007 and to change its
name to Petrolimex Group Commercial Joint Stock Bank (PG Bank) by Decision No.
368/QD- NHNN dated February 8, 2007. Accordingly, PG bank was licensed to expand its
network nation-wide and to perform full banking services including international payment
and foreign currency trading.
► PG Bank’s Development Milestones
In May 2007, it was decided at PG Bank Annual Shareholder Conference to increase
the Bank’s capital to 500 billion VND in 2007 with a plan to increase the capital to at least
1,000 billion VND in 2008 and at least 3,000 billion in the period from 2008 to 2010. As of
May 31, 2007, PG Bank’s total asset was 1,632 billion VND, its outstanding loan was 900
billion VND and the profit before tax was 17,49 billion VND.
On June 26, 2007, PG Bank Hanoi Branch was officially inaugurated. This
significant event did not only denote the emergence of PG Bank in the active banking
market of economically imperative Hanoi, but also represented the commencement of PG
Bank’s development strategy of branch and transaction offices expansion nationwide.
Organization structure of PG Bank


3.1. Research method
3.1.1. Data collection method
Data collection method is a very important stage. To obtain the necessary data for the
writing of the topic, I used the following methods: investigation, interviews,.
a. Investigation method
• Investigation method is to use questionnaires for managers and people directly
relating to internal credit audit.
• The content of the survey is to use test questions for surveyed people based on their
actual jobs. The content of questionnaires is close to the topic, especially to internal credit
audit at Petrolimex group commercial joint stock bank.



• Investigation process:
• The first step is to issue questionnaire votes. The investigation process is
implemented within 1 month. The number of questionnaire votes is 24.
• The second step is to collect questionnaire votes. The obtained votes are 23,
equipment to the response rate of 90.9%.
• The third step is to summarize results and give conclusions. Summarization of
results and necessary conclusions after the end of the investigation process is shown in the
data summarization table.


19

Table 3.1: Summing up of investigation data

No.

Object of
investigation

Number of

Number of

people to

investigation

investigate

card


Knowledge of internal audit

Knowledge of bank

work
Excellent

Good

Average

Excellent

Good

Average

(%)

(%)

(%)

(%)

(%)

(%)


1

Credit dept

3

3

90

10

0

80

20

0

2

Internal audit dept

4

4

80


20

0

78

20

2

3

Credit risk management dept

5

5

55

35

10

65

25

10


4

Credit loan admin dept

3

3

90

10

0

80

20

0

5

5

55

35

10


25

65

10

3

3

70

30

0

40

50

10

5
6

Credit Policy and Product
Development Dept.
Market risk management dept



20
• Interviewing method:
• Interviewing was conducted through direct interviews or through phone interviews
of some managers as well as those directly conducting the internal credit audit work at PG
Bank and some concerned departments.
• The content of the interview is prepared, not overlapped among the interviewed and
focused on internal audit. In addition, during project implementation, if questions arise out
of the interviewed content, the interviews will be conducted via phone.
Table 3.2: List of interviewee
No.

Name

Job title

1

Đỗ Văn Thắng

Internal audit management

2

Vũ Quỳnh Nga

Internal audit deputy management

3

Nguyễn Thị Minh Đức


Internal auditor menber

4

Hà Tiến Hùng

Internal auditor menber

5

Nguyễn Thị Vân Khánh

Internal auditor menber

3.1.2. Data analysis method:
After interviewing and studying materials, I synthesize and analyze information. The
method focuses on the information obtained from Petrolimex group commercial joint stock
bank , then referring to the situation and giving conclusion on internal credit audit. After
all, I study proposals for completion of internal credit audit work in line with the general
and particular regulations of Petrolimex group commercial joint stock bank . This method
is used when I write chapter 3 and 4 for this thesis.
3.2 Internal audit credit activities at PG Bank
3.2.1. The objective of the audit credit activities
Audit activities are to assess the true credit status, credit quality, detect loopholes in
credit operations, potential risks and operational risks of the bank credit, from which to
propose, and consult the Board, General Director, and Directors of the member units about
solutions to reduce risks in the credit activities of bank.
3.2.2. Requirements of internal audit credit activities
1. Assess compliance with policies, regulations, operating procedures current credit.

2. Assessing risks in credit operations.


21
3. Assess the appropriateness, effectiveness of control procedures in credit activities.
4. Assess the truthfulness and reliability of the information on credit activities.
5. Assess compliance with the objectives of the program credit activities.
6.
7.

Check the security measures for credit operations.
Evaluation of loan classification and provisioning risks under the current

regulations.
8.

Recommendations on the editing issues identified through audit work.

3.2.3. Scope of audit credit activities
1. The whole loan sales, debt collection, outstanding time of the audit or the time
specified in the audit decision.
2. The entire credit file is available at the office or at branches of Bank System PG
Scope of audit credit operations.
3.2.4. The main audit methods
1.

Analysis methods: on the basis of analysis of a general indicator of the credit

activities such as: total loans, bad debt, debt structure by industry, the structure of debt in
the form of credit … auditors conduct reviews and evaluate the volatilities in each item in

two aspects of nature and thereby determining the focus of the audit credit operations,
identify types of loans and lines focused audit, the audit selected number of samples,
record the number of audit sampling.
2. Audit sampling methods: selecting representative samples for each customer
group / group credit products, industry groups .... make sure the records are sufficiently
representative samples for the overall basis for testing evaluation to draw general
conclusions for the overall.
3. Survey methodology: collecting confirmation of balance from the borrower,
ensuring the consistency of data stored on file at the bank and borrowers.
3.2.5. Content of audit credit activities
Part A. Audit at the audited units
A 1. Risk assessment related to credit activities
According to 3 levels (high, medium and low). When analyzing and evaluating risks
in credit operations it needs going into the following key risks:


22
a) Client records are incomplete.
b) The evaluation of information about customers and the loan is not fully and
accurately.
c) Failure to comply with the decentralization process authorized in lending to
customers.
d) The information in the credit contract, mortgage contract, pledge not match with
the decision to approve loans and information on FLEXCUBE system.
e) The registration of security transactions and making inventories of original papers
of related properties securing loans are not made according to regulations.
f) Based on incomplete and disbursement regulations.
g) The following customers to check loan is not timely, quality assurance and may
not be strictly controlled.
h) The management of debt collection has not been close.

i) The debt structure (extending term debt and adjusted) is not sufficient grounds.
j) The classification of liabilities is carried out strictly according to regulations. The risk of
provision is not factually correct classification of debt.
k) The customer reviews have not been conducted periodically in time and fully.
l) The management and distribution module access to credit in the system of regulations
PLEXCUBE...
A 2. Assessing the performance of the audit statute
Overall evaluation of the implementation of the credit limit of the audited unit and
overall assessment of the operation, the credit quality of the unit.
Auditors conducting counter reporting system to collect, examine and analyze the
overall targets through a number of times, including:
- Total outstanding debt:
+ The proportion of short-term debt, medium and long term total outstanding loans
compared to planned targets.
+ The proportion of outstanding loans under the economic component of total
outstanding loans compared to planned targets.


23
- Credit quality:
+ Delinquency rate, loans over total loans outstanding at the time of inspection.
The rate of loan interest income in the comparable period real interest loan receivables in
the period.
A 3. Quality assessment activities of the credit control system in the unit audited
a) Consider the division of the Board of Directors, Sales, Support Credit and other
departments involved in the process of credit in the branch (in writing) on the credit has
not used reasonable? the assignment of a right is not defined?
b) Review and assess the organizational model of the unit, the proportion of staff on
customer relations personnel in total units, the number of records and have outstanding
management of a Customer Relations Officer , changes in personnel in the organizational

structure, particularly in management positions.
c) The implementation of the lending regulations, the provisions relating to credit
operations of PG Bank, Bank of Agriculture ... at the branch have been no adequate and
timely?
d) The implementation amend the shortcomings of the first test, inspection and
auditing have timely and complete?.
e) Measures to improve unit operations and growth in credit outstanding.
A 4. Perform audit procedures, regulations
a. Checking system data on FLEXCUBE
Check the consistency of the outstanding loans (including loans and debt qualify
unqualified) report on balancing G / L and balance statement detailing each customer.
Inspect and analyze the data and parameters to detect credit customer data
irregularities, errors and violations on the system:
(I) A borrower may borrow money or time in excess of the credit authorization
decision of the branch.
(II) has a level of interest rates is not normal, ceiling or floor rates prescribed head office.
(III) Term loans are not appropriate for the type loan.
(IV) Do not overdue in the following cases:
- Timeout rescheduling maximum prescribed but continue to extend.


24
- Never pay interest on time or a long time no see interest arising under the
regulations.
- Other cases are subject to overdue but not overdue.
(V) Identify potential risks to customers:
- There overdue debts or outstanding loans overdue rate on total outstanding debt.
- A long time is not incurred debt principal and interest.
- Has been overdue for too long.
- Customer is overdue but worth little or no guarantee of security assets.

- Customers have been paid interest for big loans.
- Customers have more than one of CIF.
- Customers frequently change organizations, managers apparatus
- The expression can lead to risk: As the rapid credit growth, credit growth exceeded
the average system ...
(VI) Accounting for the wrong loan product code of the customer.
(VII) The data value of the property to ensure there is unreasonable.
(VIII) Classification of the debt is incorrect.
(IX) Identify the access code (USER ID) transactions and the inspectors who
conducted the transaction is flawed.
(X) The data and parameters show abnormal screen to check on FLEXCUBE system
and credit record.
b. Check details of credit records
(I) Check credit record details of a customer:
Based on data analysis through detailed files on the system FLEXCUBE, the auditor
will determine the object to be inspected in detail by credit profile:
• These clients have unreasonable data, they need to complete verification.
Customers have the potential risks and delinquency.
Customers can check the balance of debt.
• Check representative sampling of each customer group / product group credit.
Customers who have credit relations with many branches. For a borrower:


25
• Check the total outstanding debt of clients at the time of inspection included in the
term debt, overdue and check account status of each loan contract.
• Detailed examination of credit files include legal documents and financial records,
loan records, property records to ensure process credit before lending, while lending and
after lending.
(II) The appraisal before the loan:

- Legal documents
• Check the completeness, validity and legality of the records (the reference list of
legal documents stipulated in the credit process in PG Bank). The documents are
considered valid when the photo has been authenticated. The documents provided to banks
under the control of the units issued loans must be originals or copies certified by the seal
unit. Inspection process to note the amendment of current legislation and internal
regulations for the application accordingly.
• To compare the consistency of customer information on file for legal information in
the CIF module FLEXCUBE system and check the changes and update information about
customers.
- Financial Profile
• Check the adequacy of financial records (the reference lists of financial records
specified in the credit process in PG Bank).
• Check for evidence of the charter capital contribution of loan units and assess the
legality and validity of the form of capital contributions (eg for limited liability companies,
joint stock companies receiving capital contributed by property, such property shall be
transferred to the ownership of the company.)
• Check the financial capacity of borrowers through analyzing financial statements,
and check the classified assessment borrower's periodic branch, the application of
appropriate policies to customers in accordance Bank of PG.
- File loans
• Assess the adequacy and legality of the project documents, the loan (the reference
portfolio loan documents specified in the credit process in PG Bank).
• For borrowers there is a unit of business registration, check that the investment
project / business plan is within the scope of business has registered or not.