Improving the internal control system of the purchase and payment cycle at ngoc vien dong technology joint stock company

mfsaleKHÓA HỌC: 2018 – 2022 GRADUATION THESIS HUE UNIVERSITY HUE COLLEGE OF ECONOMICS FACULTY OF ACCOUNTING AND FINANCE IMPROVING THE INTERNAL CONTROL SYSTEM OF THE PURCHASE – PAYMENT

mfsaleKHÓA HỌC: 2018 – 2022

GRADUATION THESIS

HUE UNIVERSITY HUE COLLEGE OF ECONOMICS FACULTY OF ACCOUNTING AND FINANCE

IMPROVING THE INTERNAL CONTROL SYSTEM OF THE PURCHASE – PAYMENT CYCLE AT NGOC VIEN DONG TECHNOLOGY

JOINT STOCK COMPANY

DUONG ANH MINH

Student: Duong Anh Minh

IMPROVING THE INTERNAL CONTROL SYSTEM OF THE PURCHASE - PAYMENT CYCLE AT NGOC VIEN DONG TECHNOLOGY

JOINT STOCK COMPANY

GRADUATION THESIS

ABTRACT

Internal controls become increasingly critical after the Enron and WorldCom scandals Furthermore, internal controls are important not just in public organizations but also in private companies since they protect an organization's assets, reduce the chances of fraud, and allow errors to go unnoticed in everyday operations In this context, purchase-to-pay is the principal process, which is the procedure through which a company purchases the goods and services it needs to run its business constructively To conduct the thesis, the author implemented several method to collect the secondary data from relevant employees and accountants and ultilized some test of control methods includes inspection of documents, inquiries about internal controls and observation of controls to evaluate the internal control system of company

From this study, the author hope to build effective risk prevention system as well as suggest more solutions in order to help strengthen and improve the efficiency of internal control activities in purchase and payment cycle at Ngoc Vien Dong Technology Joint Stock Company Specifically, it investigates and evaluates whether the company lacks control over any stages of the given process

ACKNOWLEDGEMENTS

With deep respect and gratitude, first of all, I would like to express my sincere thanks to the teachers of the University of Economics - Hue University, especially the teachers in the Faculty of Accounting and Finance You have given

me a lot of valuable knowledge over the years, I would like to express my special thanks of gratitude to my instructor Dao Nguyen Phi, who gave me the golden

control system of the purchase - payment cycle at Ngoc Vien Dong Technology

to know about so many new things.

Second, I'd like to express my heartfelt gratitude to the uncles and aunts of Hue City Tax Department's Tax Inspection Team No.2 and, in particular, Mr.Nguyen Cong Thien, who directly guided and assisted me, provided support, created favorable conditions, and provided necessary documents during my internship In addition, I also want to express my gratitude to the aunts, uncles, brothers, and sisters who work at Ngoc Vien Dong Technology Joint Stock Company for their continued support and for providing me with opportunities to learn about actual labor.

Finally, despite several attempts, mistakes cannot be avoided owing to a lack

of knowledge and capacity, as well as a lack of practical experience I look forward

to receiving your valuable comments and suggestions to improve my graduation thesis.

Thank you!

TABLE OF CONTENT

ABBREVIATION i

LIST OF TABLES ii

LIST OF FLOWCHARTS iii

PART I: INTRODUCTION 1

1 Rationale 1

2 Research objectives 3

PART II: RESEARCH CONTENT 7

CHAPTER 1: THEORETICAL BASIS OF INTERNAL CONTROL SYSTEM OF THE PURCHASE AND PAYMENT CYCLE 7

1.1 Overview of internal control 7

1.1.1 The concept of internal control 7

1.1.2 Objectives and role of Internal control 9

1.1.2.1 Objectives of Internal control 9

1.1.2.2 Role of Internal Control 10

1.1.3 Components of Internal Control 10

1.1.3.1 Control Environment 13

1.1.3.2 Risk Assessment 15

1.1.3.3 Control Activities 16

1.1.3.4 Information and Communication 18

1.1.3.5 Monitoring 19

1.2 Internal control of the purchase and payment cycle 21

1.2.1 Characteristics of the purchase and payment cycle 21

1.2.2 Possible risks in the purchase and payment cycle 22

1.2.3 The purposes of internal control in the purchase and payment cycle 24

1.2.3.1 The primary purpose of internal controls 24

1.2.3.2 The purposes of internal control in the purchase and payment cycle 24

CHAPTER 2: THE SITUATION OF INTERNAL CONTROL SYSTEM OF THE PURCHASE AND PAYMENT CYCLE AT NGOC VIEN DONG TECHNOLOGY JOINT STOCK COMPANY 26

2.1 Introduction to Ngoc Vien Dong Technology Joint Stock Company 26

2.1.1 History of formation and development 26

2.1.2 Field Operations and Development Orientation 27

2.1.3 Organizational Structure 29

2.1.4 Accounting department organizational structure 31

2.1.5 The analysis of the company's resources and business performance over the three years 2018 - 2020 .36

2.1.5.1 Labor force structure of the company over 3 years from 2018 to 2020 36

2.2 The current situation of purchase-to-pay cycle at Ngoc Vien Dong Technology JSC 48

2.2.1 The current situation of control environment in the purchase-to-pay cycle 48

2.2.1.1 The entity makes a commitment to ensure integrity and ethical values 50

2.2.1.2 Employee capacity and HR policy 50

2.2.1.3 Organizational structure and supervision 50

2.2.1.4 Segregation of Duties 50

2.2.2 The current situation of risk assessment in the purchase-to-pay cycle 51

2.2.3 The current situation of control activities in the purchase-to-pay cycle 52

2.2.3.1 Control procedures 54

2.2.3.2 Control activities in purchase-to-pay cycle 55

2.2.3.3 Control over source documents 57

2.2.4 The current situation of information and communication in the purchase-to-pay cycle 58 2.2.4.1 Internal information 59

2.2.4.2 External information 59

2.2.5 The current situation of monitoring in the purchase-to-pay cycle 59

2.2.5.1 Regular monitoring 59

2.2.5.2 Periodic monitoring 60

2.2.6 Internal control over each stage of the purchase-to-pay cycle at the company 60

2.2.6.1 Internal control over purchase requisition and purchase approval stage 60

2.2.6.2 Supplier selection stage 62

2.2.6.3 Internal control over ordering stage 63

2.2.6.5 Internal control over the bookkeeping process and keep track of accounts payable stage 67

2.2.6.6 Internal control over the payment process 69

CHAPTER 3: SOME SOLUTIONS CONTRIBUTED TO IMPROVEING THE INTERNAL CONTROL SYSTEM OF PURCHASE AND PAYMENT AT NGOC VIEN DONG TECHNOLOGY JOINT STOCK COMPANY 72

3.1 Evaluation 72

3.1.1 Evaluation of control environment 72

3.1.2 Assessment of risk assesment 72

3.1.3 Evaluation of control activities 73

3.1.3.1 Evaluation of the internal control in the purchasing process 73

3.1.3.2 Evaluation of the internal control in the receiving stage 74

3.1.3.3 Evaluation of the internal control in the process of bookkeeping and keep track of accounts payable 75

3.1.3.4 Evaluation of the internal control in the payment stage 76

3.1.4 Evaluation of information and communication 77

3.1.5 Evaluation of monitoring 77

3.2 Some suggestions to improve the internal control system of the purchase and payment cycle at the company 78

3.2.1 Some suggestions to improve the the internal control system in general 78

3.2.2 Some suggestions to improve the internal control system in each stage of the purchase and payment cycle 80

PART III: CONCLUSION AND RECOMMENDATION 81

1 Conclusion 81

2 Recommendation and limitations 82

REFERENCES 84

ABBREVIATION

the Treadway Commission

HOD Head of Department

JSC Joint Stock Company

ROA Return on assets

ROE Return on equity

LIST OF TABLES

Page

Table 1.1: COSO Framework's 17 Principles of Effective Internal Control 12

Table 1.2: Control environment factors 14

Table 1.3: Key Internal Control Activities 17

Table 1.4: Possible risks in the purchase and payment cycle 22

Table 2.1: Analysis of labor force structure of the company 36

Table 2.2: Horizontal analysis of Balance Sheet for Ngoc Vien Dong Technology JSC 39

Table 2.3: Horizontal analysis of Income Statement for Ngoc Vien Dong Technology JSC 43

Table 2.4: Analysis of liquidity ratios in 3 years 2018 – 2020 45

Table 2.5: Analysis of profitability ratios for the 3 years 2018 - 2020 46

Table 2.6: Analysis of growth rate in 3 years 2018 - 2020 47

Table 2.7: Questionnaire to evaluate the control environment element of the internal control system in the purchase-to-pay cycle 48

Table 2.8: Questionnaire to evaluate the risk assessment element of the internal control system in the purchase-to-pay cycle 51

Table 2.9: Questionnaire to evaluate the control activities element of the internal control system in the purchase-to-pay cycle 53

Table 2.10: Questionnaire to evaluate the information and communication element of the internal control system in the purchase-to-pay cycle 58

Table 2.11: Questionnaire to evaluate the monitoring element of the internal control system in the purchase-to-pay cycle 59

Table 3.1 Control activities in the purchasing process 73

Table 3.2 Control activities in the receiving stage 74

Table 3.3 Control activities in the bookkeeping and keep track of accounts payable stage .75

Table 3.4 Control activities in the payment stage 76

LIST OF FIGURES

Page

Figure 1.1: Five Components of the COSO Framework 11

Figure 1.2: The purchase and payment cycle 21

Figure 2.1: Business orientation 28

Figure 2.2: Organizational Structure 29

Figure 2.3: Accounting department organizational structure 31

Figure 2.4: Total revenue and growth rate over 3 years 2018-2020 48

Figure 2.5: Purchase requisition form 61

Figure 2.6: Supplier Selection 63

Figure 2.7: Purchase order form 64

Figure 2.8: Receipt of delivery form 66

Figure 2.9: Goods received note form 67

Figure 2.10: VAT invoice 68

LIST OF FLOWCHARTS Page Flowchart 2.1: Document flowchart in the purchase requisition stage 60

Flowchart 2.2: Document flowchart in the ordering stage 63

Flowchart 2.3: Document Flowchart in the receiving stage 65

Flowchart 2.4: Document flowchart in the bookkeeping process and keep track of accounts payable stage 67

Flowchart 2.5: Purchase-to-pay process detailed workflow chart at Ngoc Vien Dong Technology

JSC 66

Flowchart 2.6: Document flowchart in the purchase-to-pay process at Ngoc Vien Dong Technology JSC 71

PART I: INTRODUCTION

1 Rationale

In recent years, Vietnam's official membership and accession to world economic organizations such as the World Trade Organization (WTO), the Association of Southeast Asian Nations (FTA), the Asia-Europe Economic Cooperation Forum (ASEM), the Association of Southeast Asian Nations (ASEAN), etc have assisted Vietnam form a strong and growing link with other economies, through trade and investment More than 50% of Vietnam's export value targets markets: the United States, China, the European Union, and the United Kingdom As a result, in today's competitive environment, Vietnamese enterprises must build a solid company with an effective and efficient internal control system to contribute to preventing and limiting the risk of fraud, detecting errors, and ensuring transparent financial reporting to improve customer confidence while improving the quality of business operations to meet the needs of current customers and expanding opportunities to find many potential customers

In addition, the 3-year COVID-19 outbreak in the period of the end of 2019 and the end of 2021 has brought unprecedented challenges and had an extremely significant impact on Vietnam's economic development, not only affecting the way

it operates but also the production and business activities of not only large corporations and enterprises but also small and medium enterprises and business households During the global outbreak according to the General Statistics Office of Vietnam, in the first nine months of 2021, the Covid-19 epidemic negatively affected the Vietnamese economy, accordingly, GDP in the third quarter of 2021 had the deepest decrease since the calculation and publication of GDP by a quarter

in Vietnam The Covid-19 pandemic from the beginning of 2020 to now has affected the production capacity, market, and demand of consumers

According to World Bank (2020), there are about 50% of small businesses and more than 40% of medium-sized businesses are temporarily or permanently

closed due to the impact of the Covid-19 pandemic In particular, the number of enterprises registered to suspend business is mostly concentrated in the capital scale

of less than 10 billion VND with 25,919 enterprises (accounting for 91.4%, up 24.1% compared to the same period in 2020) At the scale of 10–20 billion VND, there are 1,366 enterprises (accounting for 4.8%, up 39.2% compared to the same period in 2020); from 20– 0 billion VND, there are 664 enterprises (accounting for 2.3%, up 29.2% compared to the same period in 2020); from 50–100 billion VND, there are 230 enterprises (accounting for 0.8%, up 13.9% compared to the same period in 2020) Therefore, in the era of strong changes in the way the company operates, the faster, more accurate, and appropriate information, as well as the company, must build an internal control system that is not only effective and efficient but also responsive to the changes in the world is moving into the digital era, which can help the company adapt and overcome these difficult times

Moreover, the internal control system plays an important role in the internal auditing practices since the internal auditors might be considered as being specialists in management control (Chambers, Selim&Vinten, 1987) It is also one

of the most important content when auditors perform audit activities such as operational audits, financial reporting audits, and compliance audits Understanding the internal control system of the enterprise assists auditors understand the specific working methods of different departments and divisions in the enterprise as well as the interaction between these departments and divisions Therefore, there is a need

to gain relatively general view of the overall operation of an enterprise, especially each cycle and each part of the enterprise

Furthermore, purchase and payment cycle is one of the most important activities in the business of the enterprise Hence, in the event of errors and the purchase of goods and payment activities have not yet achieved their effectiveness,

it will lead to serious damages affecting the business such as high cost of input goods, poor quality of goods, etc especially for Ngoc Vien Dong Technology Joint Stock Company, which operates in the field of machinery and technological

equipment installation, the internal control system of the purchase and payment cycle if not built effectively and effectively will affect the quality and safety of the product after assembling

Therefore, for the above reasons, the author decided to select the topic

"Improving the internal control system of the purchase and payment cycle at Ngoc Vien Dong Technology Joint Stock Company" as the principal content for the thesis This topic will provide not only Ngoc Vien Dong Technology Joint Stock Company but also similar enterprises with information and reference materials to build the process of internal control of the purchase process and pay to achieve the objectives such as reducing the cost of purchasing raw materials and inputs, thereby improving profitability and the core competitiveness of the company

Finally, provide some recommendations to improve the effectiveness of the company's internal control system in the purchase-to-pay cycle in order to avoid potential risks and frauds

3 Subjects and scope of study

a Subjects

The subjects of the study is the theoretical basis and practice of organizing the internal control system of the purchase and payment cycle at Ngoc Vien Dong Technology Joint Stock Company

b Scope

The study focuses on the internal control situation through the 5 components constituting the internal control system and evaluates the current state of internal control system over each stage in the purchase and payment cycle at Ngoc Vien Dong Technology Joint Stock Company The secondary data related to the financial and labor information of the company are used and studied in the period 2018 -

 Observation method: the author obseved if the original documents, related documents are marked with ―R‖ and numbered or not In addition, during the course of conducting the graduation thesis, the author observed the activities

of employees as well as departments in the company to see if employees comply with the regulations shall be issued by the Company

 Interview method: The inquiry method is used to discuss directly with employees of departments related to the system of internal control in the purchase and payment cycle, including: user department, planning

department, purchasing department, warehouse department and accounting department in order to answer questions when conducting research projects

b Data analysis

 Financial and ratio analysis method: Based on the company's financial statements through the three years of 2018, 2019 and 2020, the author analyze and evaluate the company's business performance

 Comparative and financial analysis method: Conduct a comparison between the theoretical basis and what is learned during the internship at the company In order to be able to make objective comments, give advantages and disadvantages to improve the internal control system of the purchase-to- pay cycle at Ngoc Vien Dong Technology Joint Stock Company This method is also used to analyse the company’s resources and business performance

 Diagram method: Based on the accounting information and original accounting vouchers collected by taking pictures of the vouchers, the author used them to describe the purchase and payment cycle of the business as well

as the flow of vouchers

5 Structure of the study

Structure of the study includes 3 parts

Part I: Introdiction

Part II: Research content

Chapter 1: Theoretical basis of internal control system of the purchase and payment cycle

Chapter 2: The current situation of internal control system of the purchase and payment cycle at Ngoc Vien dong Technology Joint Stock Company

Chapter 3: Some recommendations contributed to improve the internal control system of purchase and payment at Ngoc Vien dong Technology Joint Stock Company

Part III: Conclusion and recommendation

PART II: RESEARCH CONTENT

CHAPTER 1: THEORETICAL BASIS OF INTERNAL CONTROL SYSTEM

OF THE PURCHASE AND PAYMENT CYCLE

1.1 Overview of internal control

1.1.1 The concept of internal control

The Financial Accounting Standards Board's generally accepted accounting principles, GAAP, defined that: "Internal controls are designed to prevent fraud and clerical errors that may compromise the accuracy of a company's financial statements Solid internal controls can also reduce losses from theft of company assets and identify underperforming employees These controls should be implemented by the company" before any financial information is given to external auditors, lenders or investors

Internal control was defined in terms of an entity's overall control structure, which consisted of three elements: (1) the control environment, (2) the accounting system, and (3) control procedures, by the AICPA (1988)

The definition by ISA 400: ―Internal control system‖ means all the policies and processes (i.e., internal controls) accepted by the management of an entity to assist in attaining management’s objective of making sure, as far as feasible, the orderly and proficient conduct of its business, involving adherence to management policies, the safeguarding of property, the prevention and detection of scam and error, the correctness and totality of the accounting records, and the timely preparation of consistent financial information The internal control system expands beyond those matters that associate directly to the functions of the accounting system and includes: the control environment and control procedures

Vietnamese Standards on Auditing (VSA) 400 defined internal control as:

―The rules and control procedures developed and applied by the auditee to ensure compliance with laws and regulations, and to examine, control, prevent and detect fraud, errors; to prepare true and fair financial statements; to protect, manage and

effectively use the assets of the entity The internal control system includes the control environment, accounting system and control procedures.‖

Institute of Chartered Accountants in England and Wales, UK (1999) cited:

―Internal control is a system which encompasses the policies, processes, tasks, behaviors and other aspects of a company that, taken together: Facilitate its effective and efficient operation by enabling it to respond appropriately to significant business, operational, financial, compliance and other risks to achieving the company’s objectives; Help ensure the quality of internal and external reporting; and Help ensure compliance with applicable laws and regulations, as well as internal policies with respect to the conduct of business.‖

Internal control over financial reporting by PCAOB (2004) is defined as: ―A process designed by, or under the supervision of, the company's principal executive and principal financial officers, or persons performing similar functions, and effected by the company's board of directors, management, and other personnel, to provide reasonable assurance regarding the reliability of financial reporting‖

There are many definitions of the Internal Control system, but the most widely accepted definition is still that of COSO (Committee of Sponsoring Organizations

of the Treadway Commission) - the Committee of the National Council on Combating Fraud fraud when preparing financial statements COSO 2013:

―Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.‖

Based on the above concepts we can understand: An internal control system is

a set of processes, policies, and procedures that control all activities of an organization designed and operated by people to ensure efficient and effective business operations

1.1.2 Objectives and role of Internal control

1.1.2.1 Objectives of Internal control

The objective of the internal control system is very broad, it covers all activities and is important for the survival of the business Each business itself needs to set specific goals that it needs to achieve, including common goals and objectives of each part of the business

Based on the definition of Internal control according to COSO 2013, we can identify three principal target groups that the unit aims at, including:

 Operations Objectives – related to the effectiveness and efficiency of the entity’s operations, including operational and financial performance goals, and safeguarding assets against loss In the 1992 Framework, the operations objective was limited to ―effective and efficient use of the entity’s resources.‖

 Reporting Objectives – related to internal and external financial and non- financial reporting to stakeholders, which would encompass reliability, timeliness, transparency, or other terms as established by regulators, standard setters, or the entity’s policies In the 1992 Framework, the reporting objective was called the financial reporting objective and it was described as

―relating to the preparation of reliable financial statements.‖

 Compliance Objectives – related to adhering to laws and regulations that the entity must follow In the 1992 Framework, the compliance objective was described as ―relating to the entity’s compliance with applicable laws and regulations.‖ The 2013 Framework considers the increased demands and complexities in laws, regulations, and accounting standards that have occurred since 1992

Furthermore, the division of target groups as above is only relative because a particular target can be related to 2 or 3 groups above This division is primarily based on the interest of different target groups for the internal control system of the unit: the target group on activities derived from the requirements of the unit is the

fundamental; the target group on financial reporting is mostly derived from the requirements of shareholders, investors and creditors; the target group on compliance is derived from the requirements of management agencies

1.1.2.2 Role of Internal Control

Internal controls are designed to assist an organization protect itself and achieve its goals Internal controls assist to reduce risks and safeguard assets, as well as maintain record accuracy, improve operational efficiency, and encourage adherence to policies, rules, regulations, and laws The paper confirmed by IFAC (2006) explored the purpose of internal control is to help manage and control risk appropriately rather than to eliminate it

Basically, the internal control system plays an important role in the business management process, helping managers make appropriate decisions in company management Besides, internal control is also one of the five functions of management including (defining objectives, planning, organizing and implementing, coordinating and controlling) Thanks to the establishment of an internal control system, managers can recognize deficiencies in the organizational system so that they can take timely remedial measures

1.1.3 Components of Internal Control

Stakeholders are increasingly involved in the twenty-first century, requesting greater transparency and responsibility for the integrity of internal control systems that enable better performance, decision-making, and governance The problem of long-term viability and the prevention of fraud and corruption is also gaining traction, with stakeholders seeking more responsibility Those in charge of governance have no option but to guarantee that suitable procedures are in place to ensure that what has to be done is done within the acceptable bounds, necessitating the need for an effective controls structure

After 20 years since the COSO report (1992) was first issued, in May 2013, the COSO Committee issued a new report Internal Control-Integrated Framework (2013) in response to globalization, the development of the world as well as

adaptation to regulations, decrees and the advancement of science and technology that requires changes, adjustments and additions in the principles that COSO (1992) has issued

The addition of 17 principles and 77 focus areas to the 2013 framework from the 1992 framework was the most major change The five principal areas – Control Environment, Risk Assessment, Control Activities, Information & Communication, and Monitoring Activities – are further defined by these additional components

to achieve the highest efficiency Depending on the type of enterprise and business characteristics, enterprises can use COSO 2013 flexibly and appropriately to design and operate the internal control system effectively

Furthermore, based on the fundamental aspects that have been adjusted, COSO 2013 has introduced 17 principles of expansion according to the structural model by 5 departments, closely related to each other, constituting the internal control system The Principle is as follows:

Table 1.1: COSO Framework's 17 Principles of Effective Internal Control

3 Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities

in the pursuit of objectives

4 The entity demonstrates a commitment to attract , develop, and retain competent individuals in alignment with objectives

5 The entity holds individuals accountable for their internal control responsibilities in the pursuit of objectives

8 The entity considers the potential for fraud in assessing risks to the achievement of objectives

9 The entity identifies and assesses changes that could significantly impact the system of internal control

Control Activities

10 The entity selects and develops control activities that contribute

to the mitigation of risks to the achievement of objectives to acceptable levels

11 The entity also selects and develops general control activities over technology to support the achievement of objectives

12 The entity deploys control activities through policies that establish what is expected and in procedures that put policies into action

15 The entity communicates with external parties regarding matters affecting the functioning of internal control

Monitoring

Activities

16 The entity selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning

17 The entity evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate

(Source: COSO – Integrated Framework, May 2013)

1.1.3.1 Control Environment

The Control Environment is defined by COSO (2013) as the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization The board of directors and senior management establish the tone at the top regarding the importance of internal control including expected standards of conduct Management reinforces expectations at the various levels of the organization The control environment comprises the integrity and ethical values

of the organization; the parameters enabling the board of directors to carry out its governance oversight responsibilities; the organizational structure and assignment

of authority and responsibility; the process for attracting, developing, and retaining competent individuals; and the rigor around performance measures, incentives, and rewards to drive accountability for performance The resulting control environment has a pervasive impact on the overall system of internal control

The control environment represents the set of general controls that are the basis of the organization and that outline the procedures and policies reflecting the attitude of the economic entity Through the provision on one hand of self- regulatory codes and the other hand internal codes and regulations regarding ethical

values, management should try to convey the organizational climate necessary for the pursuit of vast and complex business goals This is achieved with the implementation of procedures that include high standards of ethical conduct In general terms, an effective control environment is characterized by an organizational climate in which, competent people, aware of their responsibilities and their authority limits, show motivation and commitment to comply with the policies and organizational procedures for the pursuit of business goals

Table 1.2: Control environment factors

Commitment to competence

The Board of Management's interest in competency standards for specific jobs, and the knowledge and skills required for those competency levels

Participation by those

charged with governance

These include the independence of the Board of Directors, the experience and influence of the Board of Directors, the extent of the Board's involvement in its activities, and the reasonableness of its actions with internal and external audit

Management’s philosophy

and operating style

Includes the approach to the management and acceptance

of business risks, attitudes and actions towards the preparation and presentation of financial statements, and attitudes towards segments of the business

Organisational structure How business activities are planned, carried out and

controlled to achieve set goals

Assignment of authority

and responsibility

How to assign powers and responsibilities in business operations and the order of reporting between levels

Human resource policies

1.1.3.2 Risk Assessment

According to COSO (2013), risk assessment involves a dynamic and iterative process for identifying and analyzing risks to achieving the entity’s objectives, forming a basis for determining how risks should be managed Management considers possible changes in the external environment and within its own business model that may impede its ability to achieve its objectives

The risk assessment component is important because every entity is faced with risks both internal and external that threaten the achievement of their objectives Risks continue to change as the environment and other factors change

As such, identifying and assessing risk to the achievement of the entity’s objectives

is a dynamic and iterative process Evaluating the severity of the risk event is based upon the likelihood of occurrence and impact to the business The potential for fraud and vendor risks should be considered within the risk assessment

Specify relevant (suitable) targets: Prior to identify risks, it is necessary to

clearly identify management goals Goals can be associated with different risks depending on their nature

Identify and analyze the risks: Once the targets have been identified, related

risks must be considered and mechanisms by which they can be mitigated have to

be identified

Assess the risk of fraud: Fraud is an intentional act that leads to an error, in

order to achieve an unfair or illegal advantage An error, in fact, may be intentional

or unintentional When it is intentional, we deal with premeditated crimes and we need to say that the risk of fraud is high

Identify and evaluate significant changes: The internal control system must

be updated from time to time regarding the significant changes that may affect the economic performance of a company In order to tackle this issue, the COSO has suggested a list of different circumstances that should be monitored with special attention

Risk assessment is the identification and analysis of risks that threaten its objectives On the basis of risk identification and analysis, the manager will determine how the risk should be detected Moreover, these risks can be caused by the business itself or by the external economic, political and social environment Risk is an inevitable part thus each company needs to set general goals and separate goals for each activity of the business To avoid misstatements, businesses need to regularly identify existing and potential risks Analyze their effects including frequency of occurrence and identify measures to manage and minimize their harm

1.1.3.3 Control Activities

COSO (2013) defines the Control activities as the policies, procedures, techniques, and mechanisms that help ensure that management's response to reduce risks identified during the risk assessment process is carried out In other words, control activities are actions taken to minimize risk The need for a control activity

is established in the risk assessment process When the assessment identifies a significant risk to the achievement of an agency's objective, a corresponding control activity or activities is determined and implemented What’s more, control activities are also linked to the risk management concept They are essentially internal controls put in place to ensure that business processes are carried out in a way that assists a company in meeting its business objectives without adding extra risks into the process

Control activities take place across the agency's levels and functions Effective and efficient control activities should be established by management Enterprises need to design control activities suitable for each stage and each part of the company Control activities are divided into two fundamental categories: preventive activities and detection activities

 Preventive activities is are intended to prevent an undesired outcome from occurring Predicting possible issues and creating methods to avoid them are all part

of the process of developing these controls Moreover they are expressed in the establishment of standardized policies and procedures, the proper assignment of responsibilities, and authorization and approval

 Detection activities are intended to detect and notify management of any undesired occurrences that occur This allows management to take immediate corrective action Furthermore, they are expressed in the form of special reporting, reconciliation or periodic inspection

The following are descriptions of some commonly used control activities:

Table 1.3: Key Internal Control Activities

Authorization &

Approval

Authorization is the power granted to an employee to perform a task It is a delegation of duties Management defines the terms of the authorization and ensures that those terms are documented and clearly communicated

For example, transactions under 100 million are approved by the head of the department, transactions from 100 million to less than

300 million are approved by the director, etc

Approval is the confirmation or sanction of employee decisions, events or transactions, based on an independent review It signifies that the approver has reviewed the supporting documentation and is satisfied the transaction is accurate and complies with applicable laws and regulations

For example, a manager reviews a purchase request and signs it, indicating that the purchase is valid and necessary

Performance reviews

Use of physical precautions is the most effective measure to safeguard assets and records

For example, the senior salesperson prepares the daily sales report

at the end of each day Then, the sales department supervisor checks the accuracy and completeness of the daily sales report by comparing the report to copies of sales invoices for the same day

Operational responsibilities should be separated from recording- keeping responsibility to ensure unbiased information

For example, when there is no such control, the sales department, not the accounting department, prepares sales reports The sales department may choose to include the next period’s sales in the current period so that their performance can be just above the benchmark to get a bonus

1.1.3.4 Information and Communication

Information and communication produces reports, containing the information necessary for the management and control of the unit Information and communication should be done throughout the top-down and bottom-up directions,

so that all employees receive the necessary information and understand the message from senior managers

Communication is an iterative process that goes both ways to share information internally and externally as appropriate Communication is the process

of providing, sharing and exchanging information Communication to expand the exchange of information between inside and outside the unit, enterprises need to set

up information channels to recognize the limitations or weaknesses in operation and always monitor information feedback

 Internal communication shares information up, down, and across the entity to help carry out responsibilities, guide direction, and set expectations

 External communication provides valuable information, establishes boundaries, responsibilities, requirements, and expectations

Information is essential for the implementation of control responsibilities in the unit to support the achievement of objectives Information may be collected from outside and inside the business, inside information such as information about the employees of the unit, financial statements, outside information such as market situation The organization of information and communication is effective when all employees in the unit understand the rules and standards of the unit

The importance of having the right information communicated to managers at the right time has become a key to successful business operations and effective internal control as organizations have become more complex in their structure and global operations and become more dependent on technology

1.1.3.5 Monitoring

Monitoring component is specified by COSO (2013) as: ―Ongoing evaluations, separate evaluations, or some combination of the two are used to ascertain whether each of the five components of internal control, including controls

to effect the principles within each component, are present and functioning Findings are evaluated and deficiencies are communicated in a timely manner, with serious matters reported to senior management and to the board.‖

Monitoring is an important part of the COSO internal control framework

Monitoring activities are periodic or continuous assessments to ensure that all five components of internal control, including the controls that impact the principles within each component, are present and operating The principal objective of the monitoring is to ensure that the internal control system always works effectively If regular monitoring is effective, periodic monitoring will be reduced Regular monitoring is done even in routine activities and is repeated, thus it is more effective than routine monitoring

Through supervision, the defects of the internal control system should be reported to the upper level and if they are more important issues, they will be reported to the Board of Directors or the Board of Members Enterprises need to have policies to check financial supervision, and timely remedy the shortcomings of managers

1.1.4 The correlation between internal control system and business performance

Several international studies have demonstrated that there is a positive correlation between the internal control system and business performance In other words, effective internal control assists the unit to achieve the objectives of efficiency and performance

According to KPMG (2016) in the study: "Assessing the system of internal control" clearly stated that: An effective internal control system provides assurance that the policies, processes, tasks, behaviors, and other aspects of an organization, are consolidated, facilitating its effective and efficient operation, helping to ensure the quality of internal and external reporting, and helping to ensure compliance with applicable laws and regulations

Qiang Cheng et al (2018) in the study: "Internal Control and Operational Efficiency" considered whether the effectiveness of internal control affects the performance of the enterprise The results found some evidence that the effect of internal control on the performance of enterprises varies according to the size of the enterprise, with smaller enterprises benefiting more from internal controls than

other enterprises

According to Nyakundi et al (2014) in the study: ―Effect of internal control systems on the financial performance of small and medium scale business enterprises in Kisumu city, Kenya‖ The final conclusion of this study is that there

is a significant positive relationship between internal control systems and financial performance Moreover, the study also recommends regular audit reports, as well as regular review reports on the functionality of internal controls so as to address the current business environment

1.2 Internal control of the purchase and payment cycle

1.2.1 Characteristics of the purchase and payment cycle

(Source: Curriculum Internal Control 2016)

Figure 1.2: The purchase and payment cycle

Purchasing and paying is an important cycle for most businesses, especially commercial and manufacturing businesses The purchase-to-payment cycle includes the decisions and processes necessary to obtain goods and services for the operation

of the business The cycle usually begins with the preparation of a purchase order

by the responsible person in the department that needs the goods or services received Besides, the purchase-to-payment cycle is an important cycle that needs to

be audited in audits, because the cost of purchasing services often accounts for a large proportion of total production and business costs and directly affects the profitability of the business Therefore, the effectiveness and efficiency of this cycle will have a great impact on the performance of the unit and therefore the concerns

of the internal subjects such as managers, management boards and also the top concerns of the external auditors

The purchase and payment cycle plays an extremely fundamental role in the production and business activities of the enterprise because it has an important influence on other cycles and many assets of the enterprise, such as:

 The purchase and payment cycle goes through many stages, it not only related to most other cycles and operations but also associated with many sensitive assets such as cash, inventories, tools and instruments, etc., thus it is easy to embezzle and take over In addition, purchasing is the beginning of the production and business process of an enterprise, it provides raw materials and inputs for the enterprise, so it must ensure both quality and quantity to conduct the next activities and cycles of the enterprise

 Goods and raw materials are items that account for a large proportion of the unit's assets, including many types, abundance in large quantities related to many suppliers, payment methods, etc This increases the risk of misstatements due to purchasing goods exceeding the company’s need, which led to a bottleneck in its capital or inventories could turn obsolete and slow-moving

1.2.2 Possible risks in the purchase and payment cycle

Table 1.4: Possible risks in the purchase and payment cycle

1 Purchase requisition

1 Ordering unnecessary or unsuitable goods or ordering duplicates leads to waste because these goods are often unusable

2 Ordering more than needed will also lead to waste because the excess will have to be stored, both causing capital stagnation, costly storage costs, and can also lead to poor quality goods

3 Ordering too late or too early: If ordering late, it will lead to a shortage of materials for production or lack of goods for sale, while ordering too early can cause wasted inventory costs or worse which may reduce the quality of the goods

4 Ordering with poor quality and/or high price, colluding with the delivery person: will cause serious damage to the business operation of the unit if

prolonged

5 The ordering staff erases any trace of the order placed in order to recommend a second purchase of the item received

2 Suppliers selection

1 Purchasing staff may collude with suppliers to select them even though this supplier does not have the most suitable goods/services or does not have the most reasonable prices

2 Staff colluding with suppliers should withhold price quotations from other suppliers whose prices are more reasonable than those of the supplier supported by this employee

1 Make fake or invalid vouchers to get paid

2 Pay more than the value of the goods received

3 Wrongly recorded information about suppliers such

as name, payment term, discount period

4 Recording purchases and payables in the incorrect

year, incorrect amount, duplicate, incorrect invoices

5 Paying suppliers without approval

6 Late-deadline payment

7 Failure to promptly track supplier returns or discounts

1.2.3 The purposes of internal control in the purchase and payment cycle

1.2.3.1 The primary purpose of internal controls

1 Collect and process fully and properly approved business data

2 These approved activities actually happen

3 All activities that actually occur are fully recorded

4 All activities that actually occur must be accurately recorded

5 Safe for all assets, information

6 Provide complete and accurate information for managers to control functional department activities and ensure efficient and effective business operations

1.2.3.2 The purposes of internal control in the purchase and payment cycle

According to the COSO report (2013), good control of this cycle will assist the unit in achieving all three goals: operational effectiveness and efficiency, reliable reporting, and legal compliance with regulations

 Operational effectiveness and efficiency:

Effectiveness is the purchasing activity that helps the entity achieve its goals in terms of output, sales, market share, or growth The existence and growth of an entity is significantly affected by its goals effective consumption Therefore, the unit needs to buy the right goods, use it at the right time, with the most reasonable price, as well as receive the right quantity, quality and specification of the ordered goods

Meanwhile, the efficiency goal is understood as a comparison between the results achieved with the costs to be spent, such as purchasing costs, transportation costs, storage costs To achieve this, the unit needs to buy good quality products at the most reasonable cost

 Reliable reporting

This objective is first understood as the items affected by the purchase and payment cycle such as: inventory, payable, cash, cost of goods sold, etc., which are presented honestly and reasonably in the newspaper financial statements and other accounting reports The organization of a complete and reasonable system of books, vouchers and reports to track purchased goods and payables, record complete and accurate purchase transactions in a timely manner, and fully collect related expenses Besides, other reports on the purchasing cycle also need to ensure reliability such as inventory import and export reports, reports on the quantity of goods purchased by each item and each business location

 Legal compliance with regulations

Purchasing activities are always governed by laws such as contract signing, purchase invoice management, payment of goods, etc In addition, it is also necessary to comply with internal regulations of the unit in placing orders, receiving goods, making goods received notes, and complying

CHAPTER 2: THE SITUATION OF INTERNAL CONTROL SYSTEM OF THE PURCHASE AND PAYMENT CYCLE AT NGOC VIEN

DONG TECHNOLOGY JOINT STOCK COMPANY

2.1 Introduction to Ngoc Vien Dong Technology Joint Stock Company

2.1.1 History of formation and development

Ngoc Vien Dong Technology Joint Stock Company was one production and trade-oriented development company established in January 2008 It is used to be a small company owned by a young man who has just graduated from the Da Nang University of Technology After more than 15 years, the company has developed and has a stable customer system; the company has gradually expanded and become

a reliable partner of many domestic and provincial customers

Always with the slogan: "Sincerity Lead to Success" as the foundation, company leaders understand that customer trust in cost, quality and warranty is the sustainable development of a company Therefore, all business activities of the company always aim to ensure customers' rights and conquer customers with optimal product and service quality Thanks to its youthful and sharp business employees and professional service staff, the company not only has created credibility and trust of customers, assisting the company to grow and develop in the fields of operation, but also delivers the freshness and excitement to meet the highest demands of client needs with excellent product quality and committed service Furthermore, Ngoc Vien Dong Technology Joint Stock Company offers its workers a comfortable, professional working environment as well as a stable salary All firm members have good professional abilities, are enthusiastic about their job, and take responsibility for it

Improving the working environment, creating harmonious relationships between the company and its members as well as relations between the members of the company with each other, connecting the members of the company, creating conditions for the members of the company to be friendly and cohesive with each other, Ngoc Vien Dong Technology JSC has built a staff with professional style,

prestige with customers, always promoting creativity, willingness to listen and receive all feedback from customers and promptly adjust the existence to the quality

of service more and better

During the operation, there were periods when the company encountered many difficulties due to the impact of the market economy, especially the competition in commercial activities between competitors of the same industry However, with the striving of the Board of Directors and the collective of employees and with many solutions to promote production and business activities, the company gradually developed and expanded the production of water filters The business market was extended across the province

The company always ensures jobs for employees and performs well the obligations to the situation Focusing on production and business activities, the company also actively participates in social activities and charity activities, such as actively supporting Covid Ngoc Vien Dong Technology Joint Stock Company has been awarded certificates of merit by the Tax Department and Hue City People's Committee over the years

2.1.2 Field Operations and Development Orientation

a Field Operations

1 Informatics: Electronic and informatic systems for schools, administrative

agencies, businesses, system design, construction of LAN, WAN )

2 Telecommunications equipment: Installation of radio and audio equipment

3 Installing pure water purifiers: Installing water filtration systems in schools

and agencies

b Development orientation

On the basis of utilizing and rationally using resources, building Ngoc Vien Dong Technology Joint Stock Company will be stronger and more effective; improve corporate governance capacity and achieve higher linkages in finance, technology and market Build a team of courageous and professional leadership and

build a team of managers, salespeople, and other departmental staff to get the job done

Furthermore, the company's focus on developing business orientation in the

next 10 years is to focus on three key aspects to focus resources: Market, Product and Sale

Figure 2.1: Business orientation

 Market orientation: Consumer preferences come first in market-oriented

development, which revolves on their expressed requirements and wishes Ngoc Vien Dong Technology Joint Stock Company, an SME, still focus on developing the market in Thua Thien Hue province, at the same time expanding and approaching other potential markets in the Central region such as Da Nang, Quang Nam, Quang Binh, Quang Tri,

 Product orientation: Ngoc Vien Dong Technology Joint Stock Company

focuses its efforts on manufacturing high-quality items and pricing them appropriately so that customers can distinguish the company's products and purchase them Diversifying the products provided to consumers, expanding more services in the company's portfolio of activities

Market orientation

Company

Sale orientation

Product orientation

Accounting dept

Sale dept Director

Planning dept Administration dept

Marketing dept Purchasing dept Warehouse dept Business dept

 Sale orientation: Sales orientation is a business strategy that prioritizes

delivering the best products and services while concentrating on client wants and requirements Due to the competitive nature of the market, Ngoc Vien Dong Technology Joint Stock Company has implemented an insurance strategy and after-sales service, with policies based on providing the best coverage compared to competitors

Administration department: The administrative department provides vital

services that allow work processes to run smoothly and decision-makers to concentrate on higher-value activities and responsibilities Day-to-day chores that keep an organization running smoothly and effectively are included in administrative jobs It is also responsible for discovering, screening, recruiting, and training job candidates and managing employee benefit programs

Sales department: consists of 4 specific departments

 Business department: Responsible for receiving customer orders, thereby

providing goods and services to customers quickly, ensuring the right quality and quantity, welcoming customers, responsible for customer care and nurturing the market

 Warehouse department: Have the task of ensuring that the inventory level of

the company is sufficient, protect the warehouse and storage to ensure that the company's goods are not damaged and perform operations such as warehouse release and warehousing

 Makerting department: Responsible for proposing effective marketing

strategies on social media platforms as well as the market to promote the company's products to the right consumers

 Purchasing department: Monitor and synthesize the demand for raw

materials, products, goods and other resources at the best price, in order to ensure the smooth running of production and business activities and daily activities of the enterprise Besides, the purchasing department also handles the documents and accounting procedures related to the purchase, as well as ensuring that the purchase process is carried out in accordance with the regulations of the business

Planning department: Assist the director devise appropriate business strategies

and coordinate with the sales department to monitor the consumption level on each customer segment and each consumer market in and outside Hue city to promptly update the number of goods to supply goods to satisfy customers' needs In addition, the research plan always updates the demand for raw materials, equipments, instrument and tools needed for production to ensure the supply of sufficient inputs for the production process to be continuous but at the same time