Tài liệu Determinants of an effective internal control a study of firms in vietnam

MINISTRY OF EDUCATION AND TRAINING UNIVERSITY OF ECONOMICS HO CHI MINH CITY ------
------ NONG QUANG THANH DETERMINANTS OF AN EFFECTIVE INTERNAL CONTROL: A STUDY OF FIRMS IN VIETNAM MASTER THESIS OF BUSINESS ADMINISTRATOR HO CHI MINH CITY – 2013 MINISTRY OF EDUCATION AND TRAINING UNIVERSITY OF ECONOMICS HO CHI MINH CITY ------
------ NONG QUANG THANH DETERMINANTS OF AN EFFECTIVE INTERNAL CONTROL: A STUDYOF FIRMS IN VIETNAM Subject: Master of Business Administrator Code: 06.34.01.02 MASTER THESIS OF BUSINESS ADMINISTRATOR SUPERVISOR: DR. NGUYỄN THỊ NGUYỆT QUẾ HO CHI MINH CITY – 2013 I ACKNOWLEDGEMENT I would like to take this opportunity to express my gratitude to all those who have helped and supported me during the time I conducted the study. Firstly, I would like to express my deepest sincere gratitude to my supervisor, Dr. Nguyen Thi Nguyet Que for her patient and invaluable advices to my thesis. Without her support, the thesis could not have been completed. Secondly, I would like special thanks to all instructors and lecturers in eMBA course for their teaching invaluable knowledge and experience to me. I am very great honor to introduce with my relationships that I have been participated in eMBA program of Economic University, Ho Chi Minh City. Many thanks to Mr Cao Quoc Viet, as well as the other classmates in eMBA K19 class for their sharing valuable knowledge to me to complete this research study. I also wish to thank my friends, external auditors in KPMG and A&C as well as other respondents. Without them, my thesis could not have been conducted. Lastly, I would like to send the deepest and most special thanks to my beloved parents, my wife and my family members who encourage me to overcome all difficulties to complete this course. Nong Quang Thanh Ho Chi Minh, September 2013 II COMMITMENT I hereby would like to commit that the thesis, “Determinants of an effective internal control: a study of firms in Vietnam”, was accomplished based on my independent and serious studies and researches. The data was collected in reality and it has clear origins. In addition, the data would be trust-worthily handled and it has never been released in any menu. Nong Quang Thanh III TABLE OF CONTENTS ACKNOWLEDGEMENT................................................................................... I COMMITMENT ................................................................................................ II TABLE OF CONTENTS ................................................................................. III LIST OF FIGURES............................................................................................ V LIST OF TABLES............................................................................................ VI ABBREVIATIONS ......................................................................................... VII ABSTRACT ......................................................................................................... 1 CHAPTER 1: INTRODUCTION ....................................................................... 2 1.1. Introduction ........................................................................................... 2 1.2. Background to the research ................................................................... 2 1.3. Research problems ................................................................................ 3 1.4. Research objectives ............................................................................... 4 1.5. Research questions ................................................................................ 4 1.6. 1.7. Research methodology and scope .......................................................... 5 Thesis structure ..................................................................................... 6 CHAPTER 2: LITERATURE REVIEW ........................................................... 7 2.1. Introduction ........................................................................................... 7 2.2. Internal control components .................................................................. 7 2.3. Internal control effectiveness ............................................................... 11 2.4. Gaps in the literature ........................................................................... 13 2.5. Research hypotheses and theoretical model ......................................... 14 2.6. Summary ............................................................................................. 19 CHAPTER 3: RESEARCH METHODOLOGY ............................................. 20 3.1. Introduction ......................................................................................... 20 3.2. Research process ................................................................................. 20 3.3. Questionnaires design.......................................................................... 21 3.4. Operationalisation of measures ............................................................ 22 IV 3.5. Pilot test .............................................................................................. 25 3.6. Main survey ........................................................................................ 25 3.6.1 Sample design ................................................................................... 25 3.6.2 Survey method .................................................................................. 27 3.6.3 Data analysis techniques .................................................................. 27 3.7. Summary ................................................................................................ 28 CHAPTER 4: RESEARCH RESULTS ............................................................ 29 4.1. Introduction ......................................................................................... 29 4.2. Descriptive statistic of the study .......................................................... 29 4.3. Testing measurement scale .................................................................. 31 4.4. Testing the research model and the hypotheses .................................... 39 4.5. Summary ............................................................................................. 45 CHAPTER 5: DISCUSSION AND CONCLUSIONS...................................... 47 5.1 Introduction ......................................................................................... 47 5.2 Discussion of findings ......................................................................... 47 5.3 Implications of the research ................................................................. 49 5.4 Limitations and recommendations ....................................................... 52 LIST OF REFERENCE .................................................................................... 54 APPENDIX 1 ..................................................................................................... 60 APPENDIX 2 ..................................................................................................... 66 APPENDIX 3 ..................................................................................................... 69 APPENDIX 4 ..................................................................................................... 72 V LIST OF FIGURES Figure 2.1 Quantitative assessment of internal control framework ....................... 12 Figure 2.2: The relationship between internal control components and the efficiency and effectiveness of operation ............................................................ 18 Figure 2.3: The relationship between internal control components and the reliability of financial report ................................................................................ 18 Figure 2.4: The relationship between internal control components and the compliance with laws and regulations ................................................................. 19 Figure 4.1 Respondent's age ................................................................................ 30 Figure 4.2 Respondent's experience ..................................................................... 31 Figure 4.3 Organization industry ......................................................................... 31 VI LIST OF TABLES Table 2.1: Comparison of Control frameworks in the US ...................................... 8 Table 3.1: Measurement scale of internal control components ............................ 22 Table 3.2: Measurement scale of internal control effectiveness ........................... 24 Table 4.1: Sample characteristics......................................................................... 30 Table 4.2: Reliability of measurement scales ....................................................... 32 Table 4.3-4.5: The EFA result for internal control components measurement scales .................................................................................................................. 36 Table 4.6-4.8: The EFA result for internal control effectiveness measurement scales ................................................................................................................... 38 Table 4.9: Correlation of constructs ..................................................................... 39 Table 4.10a-c: Summary of hypotheses testing results (Model I) ......................... 41 Table 4.11a-c: Summary of hypotheses testing results (Model II) ........................ 43 Table 4.12a-c: Summary of hypotheses testing results (Model III) ...................... 44 VII ABBREVIATIONS CONTROL Internal control components EFFE Internal control effectiveness COEN Control environment RISK Risk assessment COAC Control activities INFO Information and communication MONI Monitoring EFFI Efficiency and effectiveness of operation RELI Reliability of financial report LAW Compliance with laws and regulations COSO Committee of Sponsoring Organizations 1 ABSTRACT This study reports the results on the internal control components and internal control effectiveness from the external auditor’s perspective by using measurement scale proposed by Annukka Jokipii (2009). The study is among the very few studies in Vietnam empirically examines internal control effectiveness as well as suggest the reference internal control components used in practice. To assess the internal control components and internal control effectiveness, a study of 236 external auditors who audited the operation of companies in Vietnam in 2011 was conducted. Even though some unexpected outcomes have incurred, “control environment” and “monitoring” are not supported in their relationship with “the reliability of financial report”; “information and communication” is not supported in the relationship with “the compliance with laws and regulations”, the empirical results indicate that all remaining internal control components (Control environment, risk assessment, control activities, information and communication, and monitor) have significant positive effect on internal control effectiveness which are also considered the company objectives: efficiency and effectiveness of operation, reliability of financial report, compliance with laws and regulations. Key words: Internal control components, Internal control effectiveness. 2 CHAPTER 1: INTRODUCTION 1.1. Introduction This chapter represents general introduction to the study including research issues, research objectives and research questions applied in this study. In addition, this chapter also addresses the methodology to be used and the scope of the study. 1.2. Background to the research Understanding the concept of internal control is essential for developing an understanding of its impact on the performance of organization (Lembi, 2006). In the world, internal control is traditionally proposed as “internal check”. Its definition was then developed as “process activities” to enable management to deal with rapidly growth. However, there was no official regulation in force to require companies set up internal control to prevent risk and protect their business. After many scandals incurred in financial perspective 21st century, Sarbanes-Oxley Act of 2002 (SOX) requires management of all public firms to issue internal control report, take responsibility for maintaining an adequate internal control, and make concerning to its effectiveness (PCAOB,2004). The external auditors are also responsible for auditing management assertions as to the effectiveness of the internal control and they have to give their own, independent conclusion (Ramos 2004, 75). Meanwhile, the reference groups like suppliers, investors and customers have also focused more on quality of company’s reporting and accountability (Rittenberg and Schwieger 2001, 172). An effective internal control system therefore has played a critical role in a firm’s success. It helps organization management to keep the company on profitability goals, to achieve its mission, and to response to its risks of business (COSO, 1994). However, how to develop an optimal internal control framework for all companies is still further research. 3 In 1994, Committee of Sponsoring Organizations (COSO) proposes Internal Control framework consists of five interrelated components but states that the need for control system and control effectiveness may vary according to a firm’s characteristics. Donaldson (2001) indicates that the design of management control system depends on the organization’s context, a fit between the organization’s context and internal control components leads to better internal control effectiveness. However, the evidence of the actual performance of an internal control within the organizational environment is almost non-existent, and the topic relatively unexplored by researchers (Kitnney, 2000). Consequently, in recent year, many researchers (Chenhall 2003, Gerdin 2005, Jokipii 2009) have attempted to explain internal control effectiveness by examining its designs. With regard to Vietnam, there is almost non-existent research about internal control and its effectiveness. Thus, this study is motivated to propose an internal control framework, the internal control effectiveness definition for companies operated in Vietnam reference as well as to explore the effect of existed internal control components on internal control effectiveness. 1.3. Research problems In Vietnam, learning lessons from financial scandals highlight that those charged with governance in companies do not properly identify, evaluate and respond to the firm risks. They do not set up strong internal control enough to protect their operation. Even though Vietnam is now one of the most strongly developing of economic growth in Asia after had joined in WTO at the end of 2006, it has recently been beset by inflation, a trade deficit, the stock market slump and affect the negative results to enterprises in Vietnam. Thus, this is necessary time for companies in Vietnam to renew and restructure their operation (Vietnam News, 2012). However, how to restructure their operation is still challenge to management in companies. 4 As mentioned above, there is still lack of practical research on internal control sector. The problem is therefore to be addressed. This study concentrates to the internal control components, internal control effectiveness and to explore the effect of internal control components on internal control effectiveness of firms in Vietnam. 1.4. Research objectives A research objective is the research version of a business problem. Objectives explain the purpose of the research in measurable terms and define standards of what the research should accomplish (Zikmund 1997, 89). In solving the research problem mentioned previously, this study has the following objectives: 1) Investigate the relationships of internal control components and the efficiency and effectiveness of operation. 2) Investigate the relationships of internal control components and the reliability of financial report. 3) Investigate the relationships of internal control components and the compliance with laws and regulations. 1.5. Research questions The study is conducted to explore the relationship between internal control components and its observed effectiveness in companies. It is examined to understand whether internal control components such as control environment, risk assessment, control activities, information and communication, monitoring have relationship to the internal control effectiveness which comprise the efficiency and effectiveness of operation, the reliability of financial report, the compliance with laws and regulations. The research questions therefore concentrate on internal control components, the internal control effectiveness assessment as well as the relationship between them. 5 Research question 1: Is the efficiency and effectiveness of operation positively related to the internal control components? Research question 2: Is the reliability of financial report positively related to the internal control components? Research question 3: Is compliance with laws and regulations positively related to the internal control components? 1.6. Research methodology and scope The object of this research was external auditors who audited the operation of companies in Vietnam. Sample size: 236 (See more in Chapter 3). Qualitative method: The author used the qualitative method to carry out group discussions with six experienced external auditors. The purpose of this step is to adjust and amend the translated questionnaire suitable with the subject and purposes of the study. Quantitative research was used to explore the relationship between internal control components and internal control effectiveness from the external auditor’s perspective. The quantitative model was adopted from the previous research of Jokipii (2009). The author used data analysis tools to implement the research such as: descriptive statistics, multiple regression models with SPSS version 16. 6 1.7. Thesis structure This study includes 5 chapters: Chapter 1- Introduction, mentions about research background, research objectives and research scope and approach. Chapter 2 – Literature review provides theoretical and empirical background supporting for hypothesized research model. Chapter 3 – Research methodology, is about the methodologies that author used to conduct the research. Chapter 4 – Data analysis and findings, discusses about the analysis that author conducted to test hypotheses and to answer the research questions. Chapter 5 - Conclusion and implication, is about the results, implications, and recommendations for future research. 7 CHAPTER 2: LITERATURE REVIEW 2.1. Introduction This part reviews the previous studies concerning about internal control components, internal control effectiveness, and the relationship between them. Based on the literature review, hypotheses are developed. 2.2. Internal control components The internal control is initially defined in 1930 as “internal check” comprising system of accounts and procedures that one person performs independently checks to the work of another to detect and prevent fraud (Sawyer et al. 2003, 61). This definition was then developed by American Institute of Certified Public Accountant in broadened meaning as plan of company, measures and all of coordinate method to ensure the reliability of its accounting data, promote operational efficiency. However, after big failures incurred in United State in 1980s, there is a need for re-evaluation of internal control definition in more proper ways to detect and prevent fraud. In the United State 1992, COSO states a report that defines Internal Control as a process, effected by an entity’s board of directors, management and other personnel, which is designed to provide reasonable assurance to achieve three objectives: effectiveness and efficiency of operations; reliability of financial reporting; compliance with applicable laws and regulations. The COSO Internal Control framework consists of five interrelated components: Monitoring, Information and Communication, Control Activities, Risk Assessment, and Control Environment. 8 Source: COSO Internal Control-Integrated Framework 1992. Shortly after COSO framework 1992 issued, it is considered a basic framework to develop additional frameworks in United State which focus more on specific objectives from other perspectives. COBIT (1996) provides control processes about information technologies (IT) management and IT governance, SAC (1994) offers assistance to internal auditors on how to evaluate, report, and improve control system, and SAC 78 (1995) provides guidance to external auditors regarding the impact of internal control on performing audit of an organization. The details of these internal control frameworks are described in table as following: Table 2.1: Comparison of Control frameworks in the US COSO COBIT SAC Primary audience Management Internal Control Process viewed as a Management, users, IT auditors Set of processes: policies, procedures, practices. Internal Auditors SAC 78 External Auditors Set of Process processes, subsystems, and people Internal control (1) Effective & (1) Effective & (1) Effective (1) Effective & Objectives efficient efficient & efficient efficient operations operations operations operations 9 (2) Reliable financial reporting (3) Compliance with laws & regulations (2)Confidential ity (3)Integrity & availability of information (4)Reliable financial reporting (5)Compliance with laws & regulations Domains: Components or Components: domain (1)Control (1)Planning & organization Environment (2)Acquisition (2)Risk Management & implementation (3)Control (3)Delivery & Activities (4) Information support &Communicati (4)Monitoring on (5)Monitoring Internal control At a point For a period effectiveness in time of time evaluation Focus Overall Entity Information Technology Responsibility Management Management (2) Reliable financial reporting (3) Compliance with laws & regulations (2) Reliable financial reporting (3) Compliance with laws & regulations Components: (1)Control Environment (2)Manual & Automated Systems (3)Control Procedures Components: (1)Control Environment (2)Risk Assessment (3)Control Activities (4)Information & Communication (5)Monitoring For a period of time For a period of time Information Technology Management Financial Statement Management Source: Cobert et al. (2005) The need for more advanced and appropriate internal control framework is also appeared in other countries. Canadian Institute of Chartered Accountant further develops COSO (1992) framework to the Criteria of Control Framework (CoCo, 1995) comprising elements of an organization like resources, systems, processes, culture and task that support people in the achievement of the organization’s objectives. In United Kingdom (UK), The Turnbull report (1999) provides guidance in adopting a risk based approach in establishing components of internal control and its effectiveness. The internal control components are reduced to three internal control components: control activities, information and communication processes, 10 monitor processes for the continuing effectiveness of the internal control components. The previous analysis of internal control frameworks shows that there are parallel components across internal control frameworks. Although these components are also described in different terms in the various frameworks, but as a summary, five internal control components proposed by COSO framework 1992, the original and the most popular framework used, are mostly adopted. Therefore, these five components proposed by COSO (1992) are also adopted as independent variables in this study with details as following: (1) Control Environment, which sets the foundation for the internal control components influencing the control consciousness of the entity’s people. The core of this part is its people composed of their individual attributes, including integrity, ethical values and competence and the environment in which they operate. (2) Risk Assessment, which involves the identification and analysis of relevant risk in achieving predetermined objectives by management. This part includes procedures help the entity aware of and deal with the risks it faces. (3) Control Activities, which covers policies, procedures and practices established and executed to ensure that management objectives are achieved and risk mitigation strategies are carried out. (4) Information and communication, which supports all other control components through information and communication systems. It enables the entity’s people to capture and exchange the information needed to conduct, manage and control its operations. (5) Monitoring, which covers the external overview of internal controls by independent people likes the management. It includes regular management and supervisory activities, and other actions personnel take in performing their duties. 11 The entire internal control components should be monitored, and modified as necessary to ensure they can react dynamically. 2.3. Internal control effectiveness COSO (1992) shows that internal control can be judged to be effective when the evaluators have reasonable assurances that they understand the entity’s operational objectives, the reliability of published financial statements, and the applicable laws and regulations compliance. However, its report does not disclose any guidance on how to perform the assessment. Dai et al (2008) focus on the comprehensive quantitative evaluation method of internal control effectiveness from a risk-based perspective to construct a risk-oriented mathematical evaluation model for internal control. However, due to too many and complex factors involved in the evaluation, they propose that quantitative evaluation model of internal control based on risk should be further studied and improved. The assessment of internal control effectiveness therefore need to further research. Perry and Warner (2005) have proposed five-step model for quantitative assessment of internal control effectiveness, which is describeb in Figure 2.1.