MINISTRY OF EDUCATION AND TRAINING
UNIVERSITY OF ECONOMICS HO CHI MINH CITY
------------
NONG QUANG THANH
DETERMINANTS OF AN EFFECTIVE
INTERNAL CONTROL:
A STUDY OF FIRMS IN VIETNAM
MASTER THESIS OF BUSINESS ADMINISTRATOR
HO CHI MINH CITY – 2013
MINISTRY OF EDUCATION AND TRAINING
UNIVERSITY OF ECONOMICS HO CHI MINH CITY
------------
NONG QUANG THANH
DETERMINANTS OF AN EFFECTIVE
INTERNAL CONTROL:
A STUDYOF FIRMS IN VIETNAM
Subject: Master of Business Administrator
Code: 06.34.01.02
MASTER THESIS OF BUSINESS ADMINISTRATOR
SUPERVISOR:
DR. NGUYỄN THỊ NGUYỆT QUẾ
HO CHI MINH CITY – 2013
I
ACKNOWLEDGEMENT
I would like to take this opportunity to express my gratitude to all those who
have helped and supported me during the time I conducted the study.
Firstly, I would like to express my deepest sincere gratitude to my
supervisor, Dr. Nguyen Thi Nguyet Que for her patient and invaluable advices to
my thesis. Without her support, the thesis could not have been completed.
Secondly, I would like special thanks to all instructors and lecturers in
eMBA course for their teaching invaluable knowledge and experience to me. I am
very great honor to introduce with my relationships that I have been participated in
eMBA program of Economic University, Ho Chi Minh City.
Many thanks to Mr Cao Quoc Viet, as well as the other classmates in eMBA
K19 class for their sharing valuable knowledge to me to complete this research
study.
I also wish to thank my friends, external auditors in KPMG and A&C as well
as other respondents. Without them, my thesis could not have been conducted.
Lastly, I would like to send the deepest and most special thanks to my
beloved parents, my wife and my family members who encourage me to overcome
all difficulties to complete this course.
Nong Quang Thanh
Ho Chi Minh, September 2013
II
COMMITMENT
I hereby would like to commit that the thesis, “Determinants of an effective
internal control: a study of firms in Vietnam”, was accomplished based on my
independent and serious studies and researches. The data was collected in reality
and it has clear origins. In addition, the data would be trust-worthily handled and it
has never been released in any menu.
Nong Quang Thanh
III
TABLE OF CONTENTS
ACKNOWLEDGEMENT................................................................................... I
COMMITMENT ................................................................................................ II
TABLE OF CONTENTS ................................................................................. III
LIST OF FIGURES............................................................................................ V
LIST OF TABLES............................................................................................ VI
ABBREVIATIONS ......................................................................................... VII
ABSTRACT ......................................................................................................... 1
CHAPTER 1: INTRODUCTION ....................................................................... 2
1.1.
Introduction ........................................................................................... 2
1.2.
Background to the research ................................................................... 2
1.3.
Research problems ................................................................................ 3
1.4.
Research objectives ............................................................................... 4
1.5.
Research questions ................................................................................ 4
1.6.
1.7.
Research methodology and scope .......................................................... 5
Thesis structure ..................................................................................... 6
CHAPTER 2: LITERATURE REVIEW ........................................................... 7
2.1.
Introduction ........................................................................................... 7
2.2.
Internal control components .................................................................. 7
2.3.
Internal control effectiveness ............................................................... 11
2.4.
Gaps in the literature ........................................................................... 13
2.5.
Research hypotheses and theoretical model ......................................... 14
2.6.
Summary ............................................................................................. 19
CHAPTER 3: RESEARCH METHODOLOGY ............................................. 20
3.1.
Introduction ......................................................................................... 20
3.2.
Research process ................................................................................. 20
3.3.
Questionnaires design.......................................................................... 21
3.4.
Operationalisation of measures ............................................................ 22
IV
3.5.
Pilot test .............................................................................................. 25
3.6.
Main survey ........................................................................................ 25
3.6.1 Sample design ................................................................................... 25
3.6.2 Survey method .................................................................................. 27
3.6.3 Data analysis techniques .................................................................. 27
3.7. Summary ................................................................................................ 28
CHAPTER 4: RESEARCH RESULTS ............................................................ 29
4.1.
Introduction ......................................................................................... 29
4.2.
Descriptive statistic of the study .......................................................... 29
4.3.
Testing measurement scale .................................................................. 31
4.4.
Testing the research model and the hypotheses .................................... 39
4.5.
Summary ............................................................................................. 45
CHAPTER 5: DISCUSSION AND CONCLUSIONS...................................... 47
5.1
Introduction ......................................................................................... 47
5.2
Discussion of findings ......................................................................... 47
5.3
Implications of the research ................................................................. 49
5.4
Limitations and recommendations ....................................................... 52
LIST OF REFERENCE .................................................................................... 54
APPENDIX 1 ..................................................................................................... 60
APPENDIX 2 ..................................................................................................... 66
APPENDIX 3 ..................................................................................................... 69
APPENDIX 4 ..................................................................................................... 72
V
LIST OF FIGURES
Figure 2.1 Quantitative assessment of internal control framework ....................... 12
Figure 2.2: The relationship between internal control components and the
efficiency and effectiveness of operation ............................................................ 18
Figure 2.3: The relationship between internal control components and the
reliability of financial report ................................................................................ 18
Figure 2.4: The relationship between internal control components and the
compliance with laws and regulations ................................................................. 19
Figure 4.1 Respondent's age ................................................................................ 30
Figure 4.2 Respondent's experience ..................................................................... 31
Figure 4.3 Organization industry ......................................................................... 31
VI
LIST OF TABLES
Table 2.1: Comparison of Control frameworks in the US ...................................... 8
Table 3.1: Measurement scale of internal control components ............................ 22
Table 3.2: Measurement scale of internal control effectiveness ........................... 24
Table 4.1: Sample characteristics......................................................................... 30
Table 4.2: Reliability of measurement scales ....................................................... 32
Table 4.3-4.5: The EFA result for internal control components measurement
scales .................................................................................................................. 36
Table 4.6-4.8: The EFA result for internal control effectiveness measurement
scales ................................................................................................................... 38
Table 4.9: Correlation of constructs ..................................................................... 39
Table 4.10a-c: Summary of hypotheses testing results (Model I) ......................... 41
Table 4.11a-c: Summary of hypotheses testing results (Model II) ........................ 43
Table 4.12a-c: Summary of hypotheses testing results (Model III) ...................... 44
VII
ABBREVIATIONS
CONTROL
Internal control components
EFFE
Internal control effectiveness
COEN
Control environment
RISK
Risk assessment
COAC
Control activities
INFO
Information and communication
MONI
Monitoring
EFFI
Efficiency and effectiveness of operation
RELI
Reliability of financial report
LAW
Compliance with laws and regulations
COSO
Committee of Sponsoring Organizations
1
ABSTRACT
This study reports the results on the internal control components and internal
control effectiveness from the external auditor’s perspective by using measurement
scale proposed by Annukka Jokipii (2009). The study is among the very few studies
in Vietnam empirically examines internal control effectiveness as well as suggest
the reference internal control components used in practice.
To assess the internal control components and internal control effectiveness, a
study of 236 external auditors who audited the operation of companies in Vietnam
in 2011 was conducted. Even though some unexpected outcomes have incurred,
“control environment” and “monitoring” are not supported in their relationship with
“the reliability of financial report”; “information and communication” is not
supported in the relationship with “the compliance with laws and regulations”, the
empirical results indicate that all remaining internal control components (Control
environment, risk assessment, control activities, information and communication,
and monitor) have significant positive effect on internal control effectiveness which
are also considered the company objectives: efficiency and effectiveness of
operation, reliability of financial report, compliance with laws and regulations.
Key words: Internal control components, Internal control effectiveness.
2
CHAPTER 1: INTRODUCTION
1.1.
Introduction
This chapter represents general introduction to the study including research
issues, research objectives and research questions applied in this study. In addition,
this chapter also addresses the methodology to be used and the scope of the study.
1.2.
Background to the research
Understanding the concept of internal control is essential for developing an
understanding of its impact on the performance of organization (Lembi, 2006).
In the world, internal control is traditionally proposed as “internal check”. Its
definition was then developed as “process activities” to enable management to deal
with rapidly growth. However, there was no official regulation in force to require
companies set up internal control to prevent risk and protect their business. After
many scandals incurred in financial perspective 21st century, Sarbanes-Oxley Act of
2002 (SOX) requires management of all public firms to issue internal control report,
take responsibility for maintaining an adequate internal control, and make
concerning to its effectiveness (PCAOB,2004). The external auditors are also
responsible for auditing management assertions as to the effectiveness of the
internal control and they have to give their own, independent conclusion (Ramos
2004, 75). Meanwhile, the reference groups like suppliers, investors and customers
have also focused more on quality of company’s reporting and accountability
(Rittenberg and Schwieger 2001, 172). An effective internal control system
therefore has played a critical role in a firm’s success. It helps organization
management to keep the company on profitability goals, to achieve its mission, and
to response to its risks of business (COSO, 1994). However, how to develop an
optimal internal control framework for all companies is still further research.
3
In 1994, Committee of Sponsoring Organizations (COSO) proposes Internal
Control framework consists of five interrelated components but states that the need
for control system and control effectiveness may vary according to a firm’s
characteristics. Donaldson (2001) indicates that the design of management control
system depends on the organization’s context, a fit between the organization’s
context and internal control components leads to better internal control
effectiveness. However, the evidence of the actual performance of an internal
control within the organizational environment is almost non-existent, and the topic
relatively unexplored by researchers (Kitnney, 2000). Consequently, in recent year,
many researchers (Chenhall 2003, Gerdin 2005, Jokipii 2009) have attempted to
explain internal control effectiveness by examining its designs.
With regard to Vietnam, there is almost non-existent research about internal
control and its effectiveness. Thus, this study is motivated to propose an internal
control framework, the internal control effectiveness definition for companies
operated in Vietnam reference as well as to explore the effect of existed internal
control components on internal control effectiveness.
1.3.
Research problems
In Vietnam, learning lessons from financial scandals highlight that those
charged with governance in companies do not properly identify, evaluate and
respond to the firm risks. They do not set up strong internal control enough to
protect their operation. Even though Vietnam is now one of the most strongly
developing of economic growth in Asia after had joined in WTO at the end of 2006,
it has recently been beset by inflation, a trade deficit, the stock market slump and
affect the negative results to enterprises in Vietnam. Thus, this is necessary time for
companies in Vietnam to renew and restructure their operation (Vietnam News,
2012). However, how to restructure their operation is still challenge to management
in companies.
4
As mentioned above, there is still lack of practical research on internal
control sector. The problem is therefore to be addressed. This study concentrates to
the internal control components, internal control effectiveness and to explore the
effect of internal control components on internal control effectiveness of firms in
Vietnam.
1.4.
Research objectives
A research objective is the research version of a business problem.
Objectives explain the purpose of the research in measurable terms and define
standards of what the research should accomplish (Zikmund 1997, 89).
In solving the research problem mentioned previously, this study has the
following objectives:
1) Investigate the relationships of internal control components and the
efficiency and effectiveness of operation.
2) Investigate the relationships of internal control components and the
reliability of financial report.
3) Investigate the relationships of internal control components and the
compliance with laws and regulations.
1.5.
Research questions
The study is conducted to explore the relationship between internal control
components and its observed effectiveness in companies. It is examined to
understand whether internal control components such as control environment, risk
assessment, control activities, information and communication, monitoring have
relationship to the internal control effectiveness which comprise the efficiency and
effectiveness of operation, the reliability of financial report, the compliance with
laws and regulations. The research questions therefore concentrate on internal
control components, the internal control effectiveness assessment as well as the
relationship between them.
5
Research question 1: Is the efficiency and effectiveness of operation
positively related to the internal control components?
Research question 2: Is the reliability of financial report positively related to
the internal control components?
Research question 3: Is compliance with laws and regulations positively
related to the internal control components?
1.6.
Research methodology and scope
The object of this research was external auditors who audited the operation
of companies in Vietnam. Sample size: 236 (See more in Chapter 3).
Qualitative method: The author used the qualitative method to carry out
group discussions with six experienced external auditors. The purpose of this step is
to adjust and amend the translated questionnaire suitable with the subject and
purposes of the study.
Quantitative research was used to explore the relationship between internal
control components and internal control effectiveness from the external auditor’s
perspective. The quantitative model was adopted from the previous research of
Jokipii (2009).
The author used data analysis tools to implement the research such as:
descriptive statistics, multiple regression models with SPSS version 16.
6
1.7.
Thesis structure
This study includes 5 chapters:
Chapter 1- Introduction, mentions about research background, research
objectives and research scope and approach.
Chapter 2 – Literature review provides theoretical and empirical background
supporting for hypothesized research model.
Chapter 3 – Research methodology, is about the methodologies that author
used to conduct the research.
Chapter 4 – Data analysis and findings, discusses about the analysis that author
conducted to test hypotheses and to answer the research questions.
Chapter 5 - Conclusion and implication, is about the results, implications, and
recommendations for future research.
7
CHAPTER 2: LITERATURE REVIEW
2.1.
Introduction
This part reviews the previous studies concerning about internal control
components, internal control effectiveness, and the relationship between them.
Based on the literature review, hypotheses are developed.
2.2.
Internal control components
The internal control is initially defined in 1930 as “internal check”
comprising system of accounts and procedures that one person performs
independently checks to the work of another to detect and prevent fraud (Sawyer et
al. 2003, 61). This definition was then developed by American Institute of Certified
Public Accountant in broadened meaning as plan of company, measures and all of
coordinate method to ensure the reliability of its accounting data, promote
operational efficiency. However, after big failures incurred in United State in 1980s,
there is a need for re-evaluation of internal control definition in more proper ways
to detect and prevent fraud.
In the United State 1992, COSO states a report that defines Internal Control
as a process, effected by an entity’s board of directors, management and other
personnel, which is designed to provide reasonable assurance to achieve three
objectives: effectiveness and efficiency of operations; reliability of financial
reporting; compliance with applicable laws and regulations. The COSO Internal
Control framework consists of five interrelated components: Monitoring,
Information and Communication, Control Activities, Risk Assessment, and Control
Environment.
8
Source: COSO Internal Control-Integrated Framework 1992.
Shortly after COSO framework 1992 issued, it is considered a basic
framework to develop additional frameworks in United State which focus more on
specific objectives from other perspectives. COBIT (1996) provides control
processes about information technologies (IT) management and IT governance,
SAC (1994) offers assistance to internal auditors on how to evaluate, report, and
improve control system, and SAC 78 (1995) provides guidance to external auditors
regarding the impact of internal control on performing audit of an organization. The
details of these internal control frameworks are described in table as following:
Table 2.1: Comparison of Control frameworks in the US
COSO
COBIT
SAC
Primary
audience
Management
Internal Control Process
viewed as a
Management,
users,
IT
auditors
Set
of
processes:
policies,
procedures,
practices.
Internal
Auditors
SAC 78
External
Auditors
Set
of Process
processes,
subsystems,
and people
Internal control (1) Effective & (1) Effective & (1) Effective (1) Effective &
Objectives
efficient
efficient
&
efficient efficient
operations
operations
operations
operations
9
(2)
Reliable
financial
reporting
(3) Compliance
with laws &
regulations
(2)Confidential
ity
(3)Integrity &
availability of
information
(4)Reliable
financial
reporting
(5)Compliance
with laws &
regulations
Domains:
Components or Components:
domain
(1)Control
(1)Planning &
organization
Environment
(2)Acquisition
(2)Risk
Management
&
implementation
(3)Control
(3)Delivery &
Activities
(4) Information support
&Communicati (4)Monitoring
on
(5)Monitoring
Internal control At a point
For a period
effectiveness
in time
of time
evaluation
Focus
Overall Entity
Information
Technology
Responsibility Management
Management
(2) Reliable
financial
reporting
(3)
Compliance
with laws &
regulations
(2)
Reliable
financial
reporting
(3) Compliance
with laws &
regulations
Components:
(1)Control
Environment
(2)Manual &
Automated
Systems
(3)Control
Procedures
Components:
(1)Control
Environment
(2)Risk
Assessment
(3)Control
Activities
(4)Information &
Communication
(5)Monitoring
For a period
of time
For a period
of time
Information
Technology
Management
Financial
Statement
Management
Source: Cobert et al. (2005)
The need for more advanced and appropriate internal control framework is
also appeared in other countries. Canadian Institute of Chartered Accountant further
develops COSO (1992) framework to the Criteria of Control Framework (CoCo,
1995) comprising elements of an organization like resources, systems, processes,
culture and task that support people in the achievement of the organization’s
objectives. In United Kingdom (UK), The Turnbull report (1999) provides guidance
in adopting a risk based approach in establishing components of internal control and
its effectiveness. The internal control components are reduced to three internal
control components: control activities, information and communication processes,
10
monitor processes for the continuing effectiveness of the internal control
components.
The previous analysis of internal control frameworks shows that there are
parallel components across internal control frameworks. Although these
components are also described in different terms in the various frameworks, but as a
summary, five internal control components proposed by COSO framework 1992,
the original and the most popular framework used, are mostly adopted. Therefore,
these five components proposed by COSO (1992) are also adopted as independent
variables in this study with details as following:
(1) Control Environment, which sets the foundation for the internal control
components influencing the control consciousness of the entity’s people. The core
of this part is its people composed of their individual attributes, including integrity,
ethical values and competence and the environment in which they operate.
(2) Risk Assessment, which involves the identification and analysis of relevant
risk in achieving predetermined objectives by management. This part includes
procedures help the entity aware of and deal with the risks it faces.
(3) Control Activities, which covers policies, procedures and practices
established and executed to ensure that management objectives are achieved and
risk mitigation strategies are carried out.
(4) Information and communication, which supports all other control
components through information and communication systems. It enables the
entity’s people to capture and exchange the information needed to conduct, manage
and control its operations.
(5) Monitoring, which covers the external overview of internal controls by
independent people likes the management. It includes regular management and
supervisory activities, and other actions personnel take in performing their duties.
11
The entire internal control components should be monitored, and modified as
necessary to ensure they can react dynamically.
2.3.
Internal control effectiveness
COSO (1992) shows that internal control can be judged to be effective when
the evaluators have reasonable assurances that they understand the entity’s
operational objectives, the reliability of published financial statements, and the
applicable laws and regulations compliance. However, its report does not disclose
any guidance on how to perform the assessment. Dai et al (2008) focus on the
comprehensive quantitative evaluation method of internal control effectiveness
from a risk-based perspective to construct a risk-oriented mathematical evaluation
model for internal control. However, due to too many and complex factors involved
in the evaluation, they propose that quantitative evaluation model of internal control
based on risk should be further studied and improved. The assessment of internal
control effectiveness therefore need to further research.
Perry and Warner (2005) have proposed five-step model for quantitative
assessment of internal control effectiveness, which is describeb in Figure 2.1.
- Xem thêm -