INTRODUCTION
Introduction
This chapter provides an overview of the study, outlining the key research issues, objectives, and questions It also details the methodology employed and defines the scope of the research.
Background to the research
Understanding the concept of internal control is essential for developing an understanding of its impact on the performance of organization (Lembi, 2006)
Internal control, originally referred to as "internal check," has evolved into a definition encompassing "process activities" that assist management in navigating rapid growth Despite its importance, there were no formal regulations mandating companies to implement internal controls for risk prevention and business protection However, following numerous financial scandals in the 21st century, the Sarbanes-Oxley Act was introduced to address these issues.
The Sarbanes-Oxley Act of 2002 (SOX) mandates that management of all public companies must produce an internal control report, affirming their responsibility for maintaining effective internal controls (PCAOB, 2004) Additionally, external auditors are tasked with auditing these management assertions regarding internal control effectiveness and must provide their own independent conclusions (Ramos).
In recent years, reference groups such as suppliers, investors, and customers have increasingly prioritized the quality of a company's reporting and accountability An effective internal control system is crucial for a firm's success, as it enables management to maintain profitability, achieve organizational goals, and address business risks However, the development of an optimal internal control framework applicable to all companies remains an area for further research.
In 1994, the Committee of Sponsoring Organizations (COSO) introduced an Internal Control framework comprising five interrelated components, emphasizing that the necessity and effectiveness of control systems can differ based on a firm's characteristics Donaldson (2001) noted that the design of management control systems is influenced by the organization's context, suggesting that a proper alignment between this context and internal control components enhances effectiveness Despite this, research on the actual performance of internal controls within organizational settings remains scarce (Kitnney, 2000) Recently, scholars such as Chenhall (2003), Gerdin (2005), and Jokipii (2009) have sought to clarify internal control effectiveness by analyzing its design.
Research on internal control and its effectiveness in Vietnam is scarce This study aims to propose a framework for internal control and define its effectiveness for companies operating in Vietnam Additionally, it seeks to examine the impact of existing internal control components on overall internal control effectiveness.
Research problems
In Vietnam, financial scandals reveal that corporate governance often fails to adequately identify, assess, and address risks, leading to insufficient internal controls that jeopardize operations Despite being one of Asia's fastest-growing economies since joining the WTO in late 2006, Vietnam now faces challenges such as inflation, trade deficits, and a declining stock market, which negatively impact local enterprises Consequently, it is crucial for Vietnamese companies to innovate and restructure their operations to navigate these difficulties effectively.
2012) However, how to restructure their operation is still challenge to management in companies
This study addresses the gap in practical research on the internal control sector by focusing on the components of internal control and their effectiveness It specifically explores how these components impact the overall effectiveness of internal control systems in firms across Vietnam.
Research objectives
A research objective is the research version of a business problem
Objectives explain the purpose of the research in measurable terms and define standards of what the research should accomplish (Zikmund 1997, 89)
In solving the research problem mentioned previously, this study has the following objectives:
1) Investigate the relationships of internal control components and the efficiency and effectiveness of operation
2) Investigate the relationships of internal control components and the reliability of financial report
3) Investigate the relationships of internal control components and the compliance with laws and regulations.
Research questions
This study investigates the relationship between internal control components and their effectiveness in companies It focuses on key components such as the control environment, risk assessment, control activities, information and communication, and monitoring, assessing their impact on internal control effectiveness, which includes operational efficiency, reliability of financial reporting, and compliance with laws and regulations The research questions center on the internal control components, the assessment of internal control effectiveness, and the relationship between these elements.
Research question 1: Is the efficiency and effectiveness of operation positively related to the internal control components?
Research question 2: Is the reliability of financial report positively related to the internal control components?
Research question 3: Is compliance with laws and regulations positively related to the internal control components?
Research methodology and scope
The object of this research was external auditors who audited the operation of companies in Vietnam Sample size: 236 (See more in Chapter 3)
The author employed a qualitative method by conducting group discussions with six seasoned external auditors to refine and modify the translated questionnaire, ensuring its alignment with the study's subject and objectives.
This study employed quantitative research to investigate the connection between internal control components and their effectiveness, specifically from the viewpoint of external auditors The quantitative model utilized in this research was based on the prior work of Jokipii (2009).
The author used data analysis tools to implement the research such as: descriptive statistics, multiple regression models with SPSS version 16.
Thesis structure
Chapter 1- Introduction, mentions about research background, research objectives and research scope and approach
Chapter 2 – Literature review provides theoretical and empirical background supporting for hypothesized research model
Chapter 3 – Research methodology, is about the methodologies that author used to conduct the research
Chapter 4 – Data analysis and findings, discusses about the analysis that author conducted to test hypotheses and to answer the research questions
Chapter 5 - Conclusion and implication, is about the results, implications, and recommendations for future research.
LITERATURE REVIEW
Introduction
This part reviews the previous studies concerning about internal control components, internal control effectiveness, and the relationship between them
Based on the literature review, hypotheses are developed.
Internal control components
Internal control, originally defined in 1930 as an "internal check," involves a system of accounts and procedures where one individual independently verifies the work of another to identify and prevent fraud (Sawyer et al 2003, 61) The American Institute of Certified Public Accountants later expanded this definition to encompass a company's plans, measures, and coordinated methods aimed at ensuring the reliability of accounting data and enhancing operational efficiency However, significant failures in the United States during the 1980s necessitated a re-evaluation of the internal control definition to better address fraud detection and prevention.
In 1992, COSO defined Internal Control in the United States as a process implemented by an entity's board of directors, management, and personnel to ensure reasonable assurance in achieving three key objectives: operational effectiveness and efficiency, reliable financial reporting, and compliance with laws and regulations The COSO Internal Control framework comprises five interrelated components: Monitoring, Information and Communication, Control Activities, Risk Assessment, and Control Environment.
Source: COSO Internal Control-Integrated Framework 1992
The COSO framework, established in 1992, serves as a foundational model for developing additional frameworks in the United States that address specific objectives from various perspectives COBIT, introduced in 1996, focuses on control processes related to IT management and governance The SAC framework, released in 1994, aids internal auditors in evaluating, reporting, and enhancing control systems, while SAC 78, published in 1995, offers guidance to external auditors on the influence of internal control in organizational audits Details of these internal control frameworks are summarized in the following table.
Table 2.1: Comparison of Control frameworks in the US
Management Management, users, IT auditors
Process Set of processes: policies, procedures, practices
Set of processes, subsystems, and people
(3)Integrity & availability of information (4)Reliable financial reporting (5)Compliance with laws & regulations
(1)Control Environment (2)Risk Management (3)Control Activities
(1)Control Environment (2)Risk Assessment (3)Control Activities (4)Information &
Financial Statement Responsibility Management Management Management Management
The demand for a more sophisticated internal control framework is evident globally The Canadian Institute of Chartered Accountants has further refined the COSO (1992) framework into the Criteria of Control Framework (CoCo).
In 1995, an organization was defined by elements such as resources, systems, processes, culture, and tasks that aid individuals in achieving the organization's objectives The Turnbull Report (1999) in the United Kingdom offers guidance on implementing a risk-based approach to establish and assess the effectiveness of internal control components These components are streamlined into three key areas: control activities, information and communication processes, and monitoring processes to ensure the ongoing effectiveness of internal controls.
The analysis of internal control frameworks reveals that they share parallel components, despite differing terminology The COSO framework, established in 1992, is the original and most widely used framework, proposing five key internal control components Consequently, this study adopts these five components from the COSO framework as independent variables.
The Control Environment establishes the essential framework for internal control components, significantly impacting the control awareness of an organization's personnel At its core, this aspect revolves around the individuals within the entity, encompassing their personal qualities such as integrity, ethical values, and competence, as well as the surrounding environment in which they function.
Risk assessment is a critical process that entails identifying and analyzing potential risks that could hinder the achievement of management's predetermined objectives This process includes procedures designed to help organizations recognize and effectively manage the risks they encounter.
(3) Control Activities, which covers policies, procedures and practices established and executed to ensure that management objectives are achieved and risk mitigation strategies are carried out
Information and communication systems are essential for supporting all control components within an organization They empower personnel to effectively capture and exchange the information necessary for managing and controlling operations.
Monitoring involves an external assessment of internal controls by independent individuals, such as management This process encompasses regular management and supervisory activities, along with various actions taken by personnel in the execution of their responsibilities.
The entire internal control components should be monitored, and modified as necessary to ensure they can react dynamically.
Internal control effectiveness
According to COSO (1992), effective internal control is determined by evaluators' reasonable assurance of understanding the entity's operational objectives, the reliability of financial statements, and compliance with applicable laws and regulations However, the report lacks guidance on conducting assessments Dai et al (2008) emphasize a comprehensive quantitative evaluation method for internal control effectiveness from a risk-based perspective, proposing a risk-oriented mathematical evaluation model Nonetheless, they note that the complexity of factors involved necessitates further research and improvement of the quantitative evaluation model for internal control effectiveness.
Perry and Warner (2005) have proposed five-step model for quantitative assessment of internal control effectiveness, which is describeb in Figure 2.1
Figure2.1: Quantitative assessment of internal control framework
Compiled by Perry et al (2005)
In this model, the key focus is on evaluating individual control objectives within a selected internal control framework Examiners assess the maximum score for each control objective, ultimately calculating a comprehensive quantitative score for internal control effectiveness It is essential for examiners to leverage their expertise and understanding of internal controls alongside the framework guidance to effectively evaluate internal control effectiveness.
Jokipii (2009) builds upon Perry’s quantitative model to create a measurement scale for assessing internal control effectiveness His research defines internal control effectiveness based on established frameworks, indicating that it is deemed effective when an entity meets its operational objectives, prepares reliable financial statements, and complies with relevant laws and regulations.
Choose the right internal control framework
Document controls against the selected model
Score the internal control application Develop a quantitative scoring process
This study examines the effectiveness of internal control using a quantitative assessment model developed by Jokipii (2009) External auditors evaluated three key objectives of internal control, enabling a quantitative analysis of its effectiveness The model considers internal control effectiveness as a dependent variable, encompassing operational efficiency and effectiveness, reliability of financial reporting, and compliance with laws and regulations.
Gaps in the literature
This study incorporates the five components outlined in the COSO internal control framework (1992) Previous research predominantly emphasizes specific control components, including the control environment (D’Aquila, 1998), communication (Hooks et al., 1994), and risk assessment (Mills).
In 1997, Lembi conducted a study that evaluates the effectiveness of internal control over financial reporting by examining all five components, utilizing a qualitative approach Building on this, Jokipii (2009) enhances the understanding of internal control by demonstrating that all control components positively influence internal control effectiveness.
He suggests that further research is needed to assess the measures for internal control components and their observed effectiveness to ensure reliability and validity Additionally, he recommends exploring studies involving other reference groups, such as external auditors Most importantly, there is a significant lack of practical research on internal controls in Vietnam, highlighting the necessity for studies that enhance knowledge in this area for companies operating in the country.
Research hypotheses and theoretical model
The control environment is crucial for the effectiveness of internal controls, serving as its foundation As highlighted by Schmidt and Posner (1983), the board of directors plays a pivotal role in establishing the organization's tone through governance, policies, and behaviors This leadership guides numerous daily decisions across all organizational levels, fostering efficiency and effectiveness while leading to significant cost savings.
The control environment, which reflects the tone of an organization, is significantly influenced by the perceived integrity of management, as highlighted by research from 1998 that links it to the accuracy of financial reporting This importance is further underscored by a COSO study in 1999, which revealed that 83% of financial fraud cases investigated by the SEC from 1987 to 1997 involved top management Additionally, Cohen's 2002 study reinforces the critical role of the control environment, supported by findings from a survey of auditors.
“tone at the top and its implication for the behavior of employees” are the most importance ingredients for an effective internal control Author therefore hypothesizes that
H1a: Control environment is positively related to the efficiency and effectiveness of operation
H1b: Control environment is positively related to the reliability of financial report
H1c: Control environment is positively related to the compliance with laws and regulations
Implementing an effective Enterprise Risk Management (ERM) system enhances firm performance and positively impacts the reliability of financial reporting Research indicates that robust risk management practices are crucial for achieving these benefits.
In 2010, it was found that there is no evidence supporting the notion that the application of Enterprise Risk Management (ERM) enhances its effectiveness across an entity's strategic, operational, reporting, and compliance objectives Based on these findings, the author hypothesizes that
H2a: Risk assessment is positively related to the efficiency and effectiveness of operation
H2b: Risk assessment is positively related to the reliability of financial report
H2c: Risk assessment is positively related to the compliance with laws and regulations
Control activities are essential policies and procedures designed to mitigate risks and help organizations achieve their objectives (COSO, 1994) Research by Hans Mjoen and Stephen Tallman (1997) indicates a strong positive correlation between control activities and organizational performance, highlighting that specialized control measures enhance both protection and the strategic use of key resources by increasing bargaining power Pyria (2013) further affirms the statistical significance of control activities in influencing performance Additionally, these activities play a crucial role in supporting performance management directives (Ana Morariu, SA, 2008:75), and are developed and implemented to effectively manage identified performance risks.
As control activities are taken to address risks to achieve the entity’s objectives, the author therefore hypothesizes that:
H3a: Control activities are positively related to the efficiency and effectiveness of operation
H3b: Control activities are positively related to the reliability of financial report
H3c: Control activities are positively related to the compliance with laws and regulations
Effective information and communication systems are essential for organizations to identify, capture, process, and report relevant information promptly, enabling individuals to fulfill their responsibilities efficiently (COSO 1994, 59) Research indicates that well-defined communication channels within the organization and with customers significantly enhance firm performance (Carr, Amelia S.).
Organizations integrate information systems into their operations to boost competitiveness and drive business growth (Kaynak, Hale, 2007; Fisher and Kenny, 2000) Despite the diversity of these systems, the common goal remains achieving competitive advantage through ongoing improvements and reassessing the effectiveness and efficiency of their business information systems (Chaffey and Wood, 2005) Information and communication systems generate essential reports—operational, financial, and compliance-related—that enable effective business management and control (Sawyer, 2003) Based on these insights, the author hypothesizes that:
H4a: Information and communication are positively related to the efficiency and effectiveness of operation
H4b: Information and communication are positively related to the reliability of financial report
H4c: Information and communication are positively related to the compliance with laws and regulations
Monitoring is the ongoing assessment of a system's performance quality over time, ensuring that it operates as intended It is crucial for evaluating the effectiveness of internal control systems in meeting financial reporting objectives Continuous monitoring allows management to consistently review business processes, identifying both adherence to and deviations from desired performance levels.
Because of the important role played by monitoring, COSO originally includes ongoing monitoring in its first Integrated Framework released in 1992
The COSO Enterprise Risk Management framework (2004) highlights the importance of ongoing monitoring to comply with the Sarbanes-Oxley Act of 2002, which mandates that public companies enhance their internal controls over financial reporting Given the critical role of monitoring in ensuring the effectiveness of internal controls, the author proposes a hypothesis regarding its impact.
H5a: Monitoring is positively related to the efficiency and effectiveness of operation
H5b: Monitoring is positively related to the reliability of financial report
H5c: Monitoring is positively related to the compliance with laws and regulations
Figure 2.2: The relationship between internal control components and the efficiency & effectiveness of operation (Model I)
Figure 2.3: The relationship between internal control components and the reliability of financial report (Model II)
Control activities Efficiency and effectiveness of operation
Figure 2.4: The relationship between internal control components and the compliance with laws and regulations (Model III).
Summary
This chapter reviews the literature on internal control components and their effectiveness, while also examining the relationship between these aspects The author formulates hypotheses and clearly defines the dependent and independent variables for the study.
Compliance with laws and regulations
Information and communication Monitoring Risk assessment
RESEARCH METHODOLOGY
Introduction
This chapter aims to outline the methodology employed to test the hypotheses established in Chapter 2, focusing on the questionnaires, samples, tools, and overall approach utilized in this study.
Research process
(Internal control components, internal control effectiveness)
Descriptive statistic, EFA, Cronbach alpha’s analysis, Regression analysis
The first draft of questionnaire
Questionnaires design
The design of the questionnaires was based on a thorough literature review and initially created in English To ensure objectivity, two independent translators with expertise in internal control translated the English version into Vietnamese Subsequently, the Vietnamese version was reviewed by six external auditors to confirm its clarity and comprehensibility, resulting in the first draft of the questionnaires.
The draft questionnaires are divided into three sections: the first section gathers demographic information such as respondent title, age, and experience The second section addresses the components of internal control, featuring questions on the five key elements: control environment, risk assessment, control activities, information and communication, and monitoring Lastly, the third section evaluates the effectiveness of internal controls, including inquiries about operational efficiency, financial report reliability, and compliance with relevant laws and regulations.
Operationalisation of measures
The constructs of the internal control components and internal control effectiveness were adopted from the existing instruments in earlier studies
3.4.1 Measurement scale of internal control components
Internal control components was measured with five-point Likert scale based on questions recommended by COSO (1992) and adapted in practice by Jokipii
In 2009, chapter two outlined five key components of internal control: control environment (COEN), risk assessment (RISK), control activities (COAC), information and communication (INFO), and monitoring (MONI) The measurement scale for these internal control components was detailed as follows.
Table 3.1: Measurement scale of internal control components
Dimension Item wording Item code
The governing board genuinely called management’s decisions into question and evinced realizable alternatives
Managers and management have not been overworked
There has been a great deal of variation in control and management tasks
The personal understand the content and responsibility of their tasks
The personnel have demonstrated commitment to honesty and ethical value of the company through their conduct
Risk Assessment The goals for the company’s operations had credible and in my opinion reasonable measures
Management actively evaluated both internal and external risks likely to prevent the achievement of goals
A risk analysis covering the entire company was carried out during the last year
Those in managerial functions were aware of the risks of their areas of responsibility and knew how risk management was implemented
In my opinion the company’s risk analysis and means of protection could have been more efficient
Control activities There was functioning controls in the company’s processes which gave warning whenever something exceptional occurred
As soon as something exceptional and undesired was noticed it was promptly and appropriately dealt with
In the definition of task special attention was paid to authorization and the special demands of tasks
In my opinion the internal control measures should have been stepped up still further
The entire personnel had updated job descriptions
The personal had no problems in obtaining information pertaining to their work tasks
The report are forwarded to management were sufficiently clear and contained relevant information from the management perspective
Sufficient information moved between the different divisions of the organization so that the smooth uninterrupted running of operation could be ensured
Our company’s information and communications system was not quite up to date with respect to functions
The work was efficiently coordinated within the function and also with other functions
Monitoring The operative information used in management was specified to the systems information of financial management
Line managers take excellent care of day-to-day control
There is active control of how the personnel obey the operating instructions issued
We conducted analyses based (customer satisfaction, job satisfaction, efficiency) changes during the last year
Management has not in the last year requested accounts of the accomplishment of control measures
3.4.2 Measurement scale of internal control effectiveness
The effectiveness of internal control was assessed using a measurement scale similar to that of internal control components This evaluation employed a five-point Likert scale, grounded in questions suggested by COSO (1992) and adapted for practical use by Jokipii.
In 2009, the effectiveness of internal control (EFFE) was assessed through three key components: the efficiency and effectiveness of operations (EFFI), the reliability of financial reporting (RELI), and compliance with relevant laws and regulations (LAW) The measurement scale for these components was detailed as follows.
Table 3.2: Measurement scale of internal control effectiveness
Dimension Item wording Item code
Effectiveness and efficiency of operations
With a reasonable effort the efficiency of operations could have been further improved
There are possibly in operations problems which, if removed, would have resulted in a better input - output ratio
There are no stages in the processes where I have any doubts about efficiency
In some functions resources might have been more efficiently deployed
I did not completely trust the reports by financial management and sometimes had to check the information I received
There were sometimes errors in the reports which had to be corrected later when the information had been confirmed
We sometimes received information about errors in reports sent out for external use
There have been problems with the accounting programs used by financial management
Compliance with applicable laws and regulations
It was difficult in practice to apply the regulations governing our company
Changes in the legislation frequently came as a surprise to the company
I have observed that the personnel had problems with the laws and regulations in force
There is no individual in our company whose area of responsibility it is to monitor forthcoming legislative changes and new regulations
The pilot test aimed to customize the questionnaire, ensuring that respondents could answer questions without difficulties, ultimately enhancing the quality of data collected for the main survey.
The procedure was conducted by two steps In the first step, an exploratory study was made with the purpose of assessing the first draft of measurement scale
The initial draft of the questionnaire was developed in English and subsequently translated into Vietnamese, with validation from six external auditors to ensure clarity A focused group discussion involving four senior auditors and two manager auditors from KPMG Vietnam was conducted to assess the clarity and relevance of the survey questions in relation to the research topic from an audit perspective Based on participant feedback, several questions were revised for better understanding and to adopt a more positive tone, such as changing “thường xuyên thay ủổi hoạt ủộng kiểm soỏt” to “ủa dạng nhiều hoạt ủộng kiểm soỏt.”
“Tôi hoàn toàn không tin tưởng” was revised to “Tôi không hoàn toàn tin tưởng”,
“cú nhiều vấn ủề” was revised to “cũn tồn tại nhiều vấn ủề” After the revision finished, the author had the final questionnaire
The final version of questionnaire was made in Vietnamese (Appendix 1) and was translated back into English (Observed variables).
Main survey
The initial phase of the sampling process involved defining the study's population, which aimed to examine the impact of internal control components on the effectiveness of internal controls in Vietnamese companies The target population consisted of external auditors who assessed various sectors, including manufacturing, trading, construction, and services, in 2011 These auditors were selected for interviews due to their extensive expertise in internal control, as they are tasked with reviewing, evaluating, and reporting on the effectiveness of internal controls to the management boards during audits.
The second step in the sampling process is to choose the sampling frame
Sampling frame is the list of elements from which a sample may be drawn In this study, the sampling frame was external auditors of companies in the south of Vietnam
The third step involves selecting the appropriate sampling method for the study, which can be categorized into probability and non-probability sampling (Tho, 2011) Given the constraints of time, budget, and expertise, this study opts for a non-probability sampling technique, specifically convenience sampling While this method is among the least reliable, it is the most cost-effective and practical choice for the research at hand.
The crucial final step in the sampling process is the collection of samples With over six years of experience in auditing companies and established relationships with external auditors in Vietnam, the author possesses the necessary expertise to gather an adequate sample size for this study.
A reliable and valid sample is essential for generalizing findings to the broader population (Canava, 2001) The determination of sample size hinges on the desired precision and confidence in estimating population parameters, as well as the inherent variability within the population While the optimal sample size remains a debated topic, it is influenced by the statistical methods employed, such as maximum likelihood and generalized least squares (Tho, 2011, p 231) Some researchers recommend a minimum sample size of at least 100 to ensure robust results.
The Maximum Likelihood (ML) method requires a minimum of 150 responses, while some experts recommend a sample size of at least five observations for each estimated parameter (Hair et al., 2006, cited in Tho, 2011).
The study involved 37 observed variables, resulting in a total of 185 observation samples (37 variables x 5) This sample size meets the requirement of having at least five observations for each variable.
Consequently, this research was conducted with sample sizes of 236 external auditors of companies in Vietnam
The literature on research methodology has identified a number of survey methods such as face-to-face interview, telephone interview, and mail survey etc
The study utilized a combination of email surveys and direct distribution of questionnaires to efficiently gather statistical data from various companies and establish direct communication with external auditors Initial emails were sent to participants to ensure visibility, followed by reminders to non-responders after one week, and a third follow-up after another week Additionally, the author personally reached out to interviewees to distribute questionnaires, ensuring an adequate response rate.
The Statistical Package for the Social Sciences (SPSS) version 16.0 was used for all statistical calculations Descriptive and inferential statistics includes:
Cronbach alpha, exploratory factor analysis, correlation, multiple regression analysis The analysis process was implemented as follow:
After completing data collection, descriptive statistics were performed to summarize the sample Subsequently, Cronbach's alpha coefficients were used to refine the measures of each construct, aiming to evaluate and enhance the measurement scales.
Reliability analysis, as introduced by Nunnally (1978), involves removing items with low item-total correlations (less than 0.3) to ensure data quality Scales achieving a Cronbach alpha coefficient of 0.6 or higher are deemed acceptable in certain contexts (Nunnally, 1978; Peterson, 1994) Following this, exploratory factor analysis (EFA) is employed to identify the actual dimensions of each construct, eliminating items with factor loadings below 0.4 The significance of linear relationships between independent and dependent variables is then assessed using Pearson correlation, which ranges from 0 (no relationship) to 1 (perfect positive relationship) or -1 (perfect negative relationship) (Sakaran, 2006) Finally, the retained measures undergo multiple linear regression (MLR) analysis to evaluate the research model and hypotheses.
Summary
This chapter discussed about the research methodology used in this study
Questionnaires serve as effective tools for data collection in research This study aims to provide insights that will assist companies in Vietnam in establishing internal control components and enhancing the effectiveness of their internal control systems.
RESEARCH RESULTS
Introduction
This chapter analyzes the results from the main study, which involved 236 respondents to assess the reliability and validity of the construct measurement scale through reliability and exploratory factor analysis The qualified variables for each construct will be examined using multiple linear regression (MLR) and t-tests to evaluate the research hypotheses.
Descriptive statistic of the study
The main survey utilized a combination of direct distribution and mail methods to reach external auditors in Vietnam, distributing 300 self-administered questionnaires Out of these, 269 were returned, but 33 were discarded due to numerous unanswered questions or identical scores Consequently, 236 valid questionnaires were analyzed for reliability and exploratory factor analysis (EFA) to assess measurement validity The majority of respondents were young, primarily under 30 years of age, with most having less than 5 years of experience.
This audit is particularly relevant for industries with high staff turnover, with the manufacturing sector comprising the largest portion at 54.2% Other sectors include services at 22.9%, trading at 18.2%, construction at 1.7%, and various others at 2.5% Detailed sample information can be found in Table 4.1.
Testing measurement scale
Before conducting further analysis and testing the research model, all scales were assessed for reliability using Cronbach's alpha coefficients This step aims to evaluate the internal consistency of each scale According to Nunnally (1988, cited in Spiros, 2003), an alpha value of 0.60 is the threshold for new scales, while established scales require a value of 0.70 or higher In this study, a benchmark of 0.6 was utilized, and a cut-off value of 0.3 for item-total correlation was applied to eliminate any items that did not meet this criterion.
2-3 years 4-5 years 6-7years 8-9years Over 10 years
The sectors of manufacturing, trading, service, construction, and others meet the established criteria However, the reliability test results indicate significant variation in control and management tasks, suggesting that COEN3 should be eliminated.
Cronbach's Alpha if Item Deleted CONTROL ENVIRONMENT (αααα=.874)
COEN1- The governing board genuinely called management’s decisions into question and evinced realizable alternatives
COEN2- Managers and management have not been overworked .724 590
COEN4- The personnel understand the content and responsibilities of their tasks .727 591
COEN5- The personnel have demonstrated commitment to honesty and the ethical values of the company through their conduct
RISK1- The goals for the company’s operations had credible and in my opinion reasonable measures .712 875
Management conducted a thorough evaluation of both internal and external risks that could hinder goal achievement Additionally, a comprehensive risk analysis encompassing the entire company was performed in the past year.
RISK4- Those in managerial functions were aware of the risks of their areas of responsibility and knew how risk management was implemented
RISK5- In my opinion the company’s risk analysis and means of protection could have been more efficient .689 881
COAC1- There were functioning controls in the company’s processes which gave warning whenever something exceptional occurred
In addressing exceptional and undesired situations, prompt and appropriate actions were taken Special attention was given to task definitions, focusing on authorization and the specific requirements of each task.
COAC4- In my opinion the internal control measures should have been stepped up still further .656 856
COAC5- The entire personnel had updated job descriptions .616 869
INFO1- The personnel had no problems in obtaining information pertaining to their own work tasks .668 816
INFO2- The reports forwarded to management were sufficiently clear and contained relevant information from the management perspective
INFO3- Sufficient information moved between the different divisions of the company so that the smooth uninterrupted running of operation could be ensured
INFO4- Our company’s information and communications system was not quite up to date with respect to functions .632 827
INFO5- The work was efficiently coordinated within the function and also with other functions .701 808
MONI1- The operative information used in management was specified to the systems information of financial management
MONI2- Line managers take excellent care of day-to-day control .720 853
MONI3- There is active control of how the personnel obey the operating instructions issued .632 873
MONI4- We conducted analyses based changes during the last year .834 828
MONI5- Management has not in the last year requested accounts of the accomplishment of control measures .643 873
EFFI1- With a reasonable effort the efficiency of operations could have been further improved .781 812
EFFI2- There are possibly in operations problems which, if removed, would have resulted in a better input - output ratio .670 856
EFFI3- There are no stages in the processes where I have any doubts about efficiency .700 845
EFFI4- In some functions resources might have been more 748 826 efficiently deployed
RELI1- I did not completely trust the reports by financial management and sometimes had to check the information I received
RELI2- There were sometimes errors in the reports which had to be corrected later when the information had been confirmed
RELI3- We sometimes received information about errors in reports sent out for external use .615 845
RELI4- There have been problems with the accounting programs used by financial management .750 787
LAW1- It was difficult in practice to apply the regulations governing our company .630 798
LAW2- Changes in the legislation frequently came as a surprise to the company .771 731
LAW3- I have observed that the personnel had problems with the laws and regulations in force .582 818
LAW4- There is no individual in our company whose area of responsibility it is to monitor forthcoming legislative changes and new regulations
All retained variables were then put into exploratory factor analysis (EFA) to identify dimensions of scales together with factor loadings for each scale item
Items with factor loadings below 0.4 were removed, and the scale was deemed acceptable when the total variance extracted was 50% or higher (Gerbing & Anderson 1988, cited in Tho & Trang 2008) This process aimed to refine the instrument and identify the components that account for the correlations among variables or sets of variables.
In exploratory factor analysis (EFA), two prevalent techniques for factor extraction are principal components analysis and principal factors analysis While both methods typically produce comparable outcomes, principal components analysis is generally favored for data reduction purposes, whereas principal factors analysis is preferred for identifying underlying structures.
This study utilized principal components analysis (PCA) with varimax rotation to effectively reduce variables for subsequent linear regression testing PCA is preferred as it maximizes variance on new axes, minimizing the number of variables with high factor loading within the same factor, which facilitates easier interpretation (Trong & Ngoc, 2005).
The results of the EFA test, as presented in Tables 4.3 to 4.5, indicate that all factor loadings exceeded the cut-off value of 0.4 Notably, the RISK5 and MONI2 factors were extracted due to their loadings being higher than 0.5 across two distinct factors Additionally, the KMO and Bartlett's test yielded a high value of 0.891 (p=0.00), confirming the instrument's suitability for subsequent analysis.
The EFA test results for the internal control effectiveness instrument, as presented in tables 4.6 to 4.8, indicate that all factor loadings exceed the cut-off value of 0.4 Additionally, the KMO and Bartlett's test yielded a high value of 0.847 (p=0.00), confirming the instrument's suitability for further analysis.
Table 4.3-4.5: The EFA result for internal control component measurement scales Table 4.3.Total Variance Explained
Initial Eigenvalues Extraction Sums of Squared
Extraction Method: Principal Component Analysis
Table 4.4.KMO and Bartlett's Test Kaiser-Meyer-Olkin Measure of Sampling Adequacy .891
Table 4.6-4.8: The EFA result for internal control effectiveness measurement scales
Initial Eigenvalues Extraction Sums of Squared
Extraction Method: Principal Component Analysis
Table 4.7 KMO and Bartlett's Test Kaiser-Meyer-Olkin Measure of Sampling Adequacy .847
Testing the research model and the hypotheses
The initial phase of multiple linear regression analysis (MLR) involves examining the linear correlation among all variables Correlation analysis results, as shown in Table 4.9, indicate that three dependent variables related to internal control effectiveness exhibit strong linear correlations with five independent variables at a significance level of 000 (p < 05) The correlation coefficients range from a minimum of 542 between EFFI and INFO to a maximum of 731 between LAW and COAC, suggesting that these independent variables can effectively explain internal control effectiveness Furthermore, the correlations among the independent variables, ranging from 0.491 to 0.632, meet the condition of being less than 0.7 (Pallant, 2011), indicating that multicollinearity is not present in this analysis.
COEN RISK COAC INFO MONI EFFI RELI LAW
LAW Pearson Correlation 638 ** 680 ** 731 ** 563 ** 638 ** 496 ** 580 ** 1 Sig (2-tailed) 000 000 000 000 000 000 000
** Correlation is significant at the 0.01 level (2-tailed)
4.4.1.2 Testing residuals of dependent variables
Before implementing regression analysis, residual analysis was implemented to test the assumptions of dependent variables
- Assumption 1: normality Standardized residual values of dependent variable have normal distribution
- Assumption 2: linearity between residuals of independent variable and dependent variable
- Assumption 3: equal variance, scatter plot of residuals should be in form of rectangle
The results of residual analysis (Histogram, Normal P-P plot and scatter plot) in Appendix 4 show that all the above-mentioned assumptions were all satisfied
4.4.2.1 The relationship between internal control components and the efficiency and effectiveness of operation
In this section, linear regression analysis was conducted to evaluate hypotheses H1a, H2a, H3a, H4a, and H5a, with results detailed in tables 4.10a, 4.10b, and summarized in table 4.10c The adjusted R square value was found to be 459, and the ANOVA results indicated an F value of 40.894 with a significance level of 000 These findings enable the rejection of the null hypothesis, which posits that all regression coefficients are equal to zero (β1=β2=β3=βκ=0).
Table 4.10a Model Summary Model R R Square Adjusted R Square Std Error of the Estimate
1 686(a) 471 459 59132 a Predictors: (Constant), MONI, INFO, COEN, COAC, RISK
The statistical significance of the hypotheses was determined by testing the partial regression coefficients using t values As indicated in Table 4.10b, all five hypotheses received support from the data, confirming a positive relationship between internal control components and the efficiency and effectiveness of operations.
Implementing effective internal control components enhances a company's operational efficiency and effectiveness The variance inflation factors (VIF) presented in table 4.10b were analyzed and found to range from 1.855 to 2.444, indicating that multicollinearity remains within acceptable limits (Hair & ctg).
2006) The results will be discussed further in chapter 5
Table 4.10c- Summary of hypotheses testing results (Model I)
H1a: Control environment is positively related to the efficiency and effectiveness of operation
H2a: Risk assessment is positively related to the efficiency and effectiveness of operation
H3a: Control activities are positively related to the efficiency and effectiveness of operation
H4a: Information and communication are positively related to the efficiency and effectiveness of operation
H5a: Monitoring is positively related to the efficiency and effectiveness of operation
4.4.2.2 The relationship between internal control components and the reliability of financial report
The second regression model (model II) was conducted to examine the relationship between five internal control components and the reliability of financial reports The adjusted R square for this model is 0.617, with an F value of 76.356 and a significance level of 0.000, indicating a strong fit between the model and the data (see Table 4.11a).
Table 4.11a Model Summary Model R R Square Adjusted R Square Std Error of the Estimate
2 791(a) 625 617 47325 a Predictors: (Constant), MONI, INFO, COEN, COAC, RISK
The hypotheses H1b to H5b were evaluated, with results presented in Table 4.11b and summarized in Table 4.11c The findings indicate that H2b, H3b, and H4b are supported, demonstrating that risk management, control activities, and information and communication positively influence the reliability of financial reports, while H1b and H5b do not show such effects Additionally, the variance inflation factors (VIF) ranged from 1.854 to 2.454, indicating that multicollinearity remains within acceptable limits Further discussion of these results will be provided in Chapter 5.
Table 4.11c – Summary of hypotheses testing results (Model II)
H1b: Control environment is positively related to the reliability of financial report
H2b: Risk assessment is positively related to the reliability of financial report
H3b: Control activities are positively related to the reliability of financial report
H4b: Information and communication are positively related to the reliability of financial report
H5b: Monitoring is positively related to the reliability of financial report
4.4.2.3 The relationship between internal control components and the compliance with laws and regulations
The third regression model (model III) was conducted to examine the relationship between five internal control components and compliance with laws and regulations The adjusted R-squared value for this model is 0.662, with an F value of 92.578 and a significance level of 0.000, indicating a strong fit with the data (Table 4.12a).
Model R R Square Adjusted R Square Std Error of the Estimate
3 818(a) 669 662 44423 a Predictors: (Constant), MONI, INFO, COEN, COAC, RISK
The hypotheses H1c, H2c, H3c, and H5c were supported by the data, indicating that the control environment, risk management, control activities, and monitoring positively influence firms' compliance with laws and regulations, while the information and communication component did not show a significant effect Additionally, the variance inflation factors (VIF) ranged from 1.854 to 2.454, confirming that multicollinearity remains within acceptable limits Further discussion of these results will be provided in Chapter 5.
Table 4.12c – Summary of hypotheses testing results (Model III)
H1c: Control environment is positively related to the compliance with laws and regulations
H2c: Risk assessment is positively related to the compliance with laws and regulations
H3c: Control activities are positively related to the compliance with laws and regulations
H4c: Information and communication are positively related to the compliance with laws and regulations
H5c: Monitoring is positively related to the compliance with laws and regulations
Summary
This chapter presented the processes and results of data analysis in this study
The collected data was analyzed by SPSS software The Cronbach alpha coefficients indicated that the measurement scales are reliable The EFA analysis results indicated that the scales have validity
The findings from multiple linear regressions indicate that three components of internal control effectiveness are significantly influenced by five internal control components However, the relationships between the "control environment" (H1b) and "monitoring" (H5b) with the reliability of financial reports are not supported Additionally, model III reveals that the "information and communication" component does not have a significant relationship with compliance to applicable laws and regulations.
DISCUSSION AND CONCLUSIONS
Introduction
Chapter 4 presented main findings of the study This chapter summarizes the research findings that will be used to answer for the research questions in this study
Some implications are suggested for academics and practitioners as well
Limitations of this study and some suggestions for further research are also presented in this chapter.
Discussion of findings
The study empirically results showed that almost internal control components have positively effect on its observed effectiveness
The research investigates the impact of five internal control components—control environment, risk assessment, control activities, information and communication, and monitoring—on operational efficiency and effectiveness Findings indicate a positive relationship between all five components and operational performance, aligning with the original model proposed by Jokipii (2009) and supported by studies from Chih (2007) and Hook (2006) Notably, the control environment emerged as the most critical component, followed by monitoring, risk assessment, and information and communication, which ranked second, third, and fourth, respectively Control activities were identified as the least significant component in influencing operational efficiency and effectiveness.
The second research question examines how internal control components—namely the control environment, risk assessment, control activities, information and communication, and monitoring—impact the reliability of financial reports.
The findings in Table 4.11c indicate that only three components—risk assessment, control activities, and communication and information—are positively correlated with the reliability of financial reports, contrary to the original model proposed by Jokipii (2009), which suggested that all five internal control components positively impact financial reporting reliability Additionally, this result is not aligned with the studies conducted by other researchers, including Lembi (2006) and COSO.
In 1999, D’Aquila (1998) found that the control environment and monitoring significantly enhance the reliability of financial reports This finding suggests that the effectiveness of controls may be influenced by the subjective judgments of external auditors during their evaluations These evaluations are often constrained by time, available information, and the pressures of the working environment, which can lead to suboptimal outcomes Among the three components assessed, control activities emerged as the most critical factor affecting financial reporting reliability, followed by risk assessment and information and communication in second and third place, respectively.
The research examined the relationship between internal control components and compliance with laws and regulations, revealing that four out of five components—control environment, risk assessment, control activities, and monitoring—positively correlate with compliance, while information and communication do not This finding contrasts with previous studies (Sawyer 2003, Jokipii 2009) that identified a positive effect of information and communication on compliance The discrepancy may stem from the measurement scale used in this study, which was applied for the first time in a developing country context like Vietnam, suggesting potential limitations Therefore, the measurement scale may require further refinement and research Among the positively correlated components, control activities emerged as the most significant, followed by control environment, risk assessment, and monitoring in order of importance.
Implications of the research
Despite the study's limitations, it offers significant academic and practical insights The empirical findings indicate that internal control components positively influence the effectiveness of internal controls in Vietnamese companies Consequently, these models can be utilized by organizations aiming to enhance their internal control systems.
On the practical side, based on the discussion of the findings, the study recognizes critical issues regarding to the internal control components to ensure internal control effectiveness
To enhance operational effectiveness and efficiency, companies must develop all five internal control components, with the control environment being the most crucial The governing board plays a vital role in shaping the control consciousness and must understand their responsibilities while remaining actively involved in management decisions without becoming overwhelmed Their commitment to honesty and ethics should be evident in their actions, promoting a culture that aligns with operational objectives Monitoring, the second key component, ensures the quality of other internal controls through ongoing evaluations and timely reporting of deficiencies Management should specify the operative information needed for effective control activities Risk assessment, the third component, is essential for identifying and analyzing internal and external risks that could hinder the achievement of operational goals Each management function should regularly evaluate these risks The fourth component, information and communication, supports the other controls by facilitating effective communication within and outside the organization Regular updates to the communication system are necessary to ensure that all personnel can access and exchange vital information for managing operations Finally, control activities, the fifth component, should be integrated into operational processes to provide alerts for any exceptional occurrences, thereby addressing risks related to operational objectives.
To enhance the reliability of financial reports, companies must prioritize the development of three key internal control components: control activities, risk assessment, and information and communication Among these, control activities are crucial as they address risks that could compromise the reliability of financial reporting, ensuring that financial objectives are met These activities should be integrated into financial reporting processes to provide timely alerts for any anomalies and facilitate prompt corrective actions It is essential that these processes are clearly communicated to all personnel to ensure awareness and effective implementation.
Risk assessment is the second important internal component should be attended to
Effective management of the financial function requires a proactive evaluation of both internal and external risks associated with financial objectives It is essential for management to be aware of the risks within their areas of responsibility and to understand the implementation of risk assessment Additionally, robust information and communication systems are vital for the smooth operation of financial processes These systems should facilitate the sharing of information not only within the financial function but also across other departments Regular updates are necessary to encourage personnel to capture and exchange critical information for managing and controlling financial processes Clear communication channels must be established, allowing staff to report significant information to higher management while ensuring they receive clear directives and understand their roles in executing their tasks effectively.
To enhance compliance with laws and regulations, companies should prioritize the development of four key internal control components: control activities, control environment, risk assessment, and monitoring Control activities are essential for addressing compliance-related risks and must be integrated across all functions to promptly respond to changes in laws and regulations This ensures that all personnel are informed and aware of compliance requirements The control environment is crucial as it shapes the compliance culture; the governing board must demonstrate a commitment to legal compliance and communicate their ethical philosophy to staff, actively participating in management decisions to achieve compliance objectives Risk assessment is vital due to the evolving nature of Vietnamese laws, necessitating comprehensive risk analysis to identify and mitigate associated risks Finally, monitoring is essential for organizations to conduct ongoing evaluations and reviews of internal control components, ensuring effective supervision of compliance efforts.
To enhance the reliability of financial reports and ensure compliance with laws, companies must prioritize control activities as a key internal control component However, for improving operational effectiveness and efficiency, the control environment takes precedence Additionally, risk assessment plays a crucial role across all internal control components, enabling management to identify relevant risks and achieve their goals It is essential for management to evaluate both internal and external risks, ensuring awareness of their responsibilities and the implementation of risk assessment Given the ever-changing economic, industry, regulatory, and operational conditions, a comprehensive risk analysis is necessary to effectively address associated risks.
Limitations and recommendations
This study acknowledges its limitations, particularly in the sampling method used The convenience sampling approach, deemed the least reliable form of non-probability sampling, was employed The respondents consisted of external auditors who assessed the operations of companies in Vietnam.
The survey employed a combination of mail and direct distribution methods for questionnaires However, the mail survey method raises concerns about the authenticity of participants, as it cannot be confirmed that the individuals completing the questionnaires are indeed the intended respondents.
The study aims to gather the opinions of external auditors solely for research purposes, ensuring that there are no incentives for providing inaccurate ratings Additionally, the survey is distributed via personal email to limit access to only those individuals who received the email, allowing for better monitoring of responses.
The measurement scale for internal control components and effectiveness used in this study may require further customization due to existing limitations The complexity of internal control components and their effectiveness suggests the need for additional research This study primarily relied on self-assessments from external auditors regarding internal control effectiveness, indicating that the outcome variables are influenced by their perceptions To enhance accuracy, more objective measures should be considered.
Future research should address the significant challenges posed by current limitations, focusing on the impact of internal control on measurable aspects of firm performance, including operational and profitability metrics Additionally, reports on internal control and compliance with laws and regulations can serve as a valuable scale for assessing the effectiveness of internal control systems.
Hoàng Trọng & Chu Nguyễn Mộng Ngọc (2005), Phân tích dữ liệu nghiên cứu với
Nguyễn đình Thọ (2011) Phương pháp nghiên cứu khoa học trong kinh doanh
NXB Lao ðộng Xã Hội
Nguyễn đình Thọ & Nguyễn Thị Mai Trang (2008) Nghiên cứu thị trường NXB ðại học quốc gia TPHCM
Adamec, B., Rexroad, M., Leinicke, L., & Ostrosky, J (2002), Internal reflection, The Internal Auditor, 59(6), 56–63
Amour, M (2000) Internal control: Governance Framework and business risk assessment at Reed Elsevier Auditing: A journal of Practice & Theory, 19, Supplement 75-81
Barber, B M., & Lyon, J D (1996) Detecting abnormal operating performance:
The empirical power and specification of test statistics Journal of Financial Economics, 41 (3)
Beasley, M.S., R Clune, and D.R Hermanson (2005), “Enterprise Risk Management: An Empirical Analysis of Factors Associated with the Extent of Implementation”, Journal of Accounting and Public Policy, 24, 521-531
Burns, T & G Stalker (1961) The Management of Innovation London: Tavistock
Canava, R.Y., Delahaye, B L., & Sekaran, U (2001) Applied business research:
Qualitative and quantitative methods John Wiley & Sons Australia, Ltd
Chandler, A.D (1962), Strategy and Structure, MIT Press, Cambridge, MA
Carr, A and Kaynak, H (2007) “Communication methods, information sharing, supplier development and performance: An empirical study of their relationships”, International Journal of Operations & Production Management, 27(4), 346 – 370
Chenhall, R (2003) Management control systems design within its organizational context: Findings from contingency-based research and directions for the future Accounting, Organizations and Society, 28, 127-168
Chih, Y.T (2007) Internal control, enterprise risk management and firm performance Unpublished PhD Thesis, The university of Maryland, United States
CoCo (1995) Canadian Institute of Chartered Accountants: Guidance on Control
Canada: The Canadian Institute of Chartered Accountants
Cohen, J., Krishnamoorty, G., Wright, A.M Corporate Governance and the audit process Contemporary Accounting research, 2002, 19(4), 573-594
Colbert, J.L., Bowen, P.L A comparison of Internal Controls: COBIT, SAC, COSO and SAS 55/78 Available at http://www.irma- international.org/viewtitle/8323
COSO (1992) Committee of Sponsoring Organization of Treadway Commission
Internal Control – Integrated Framework New York: AICPA
COSO (1994) Committee of Sponsoring Organization of Treadway Commission
Internal Control – Integrated Framework New York: AICPA
Dai, C., Jie, H., &Peng, Q (2008) Research on Comprehensive Quantitative
Method of Internal Control Evaluation Based on Risk Proceedings of the 7th
International Conference on Innovation & Management
D’Aquila, J (1998) Is the control environment related to financial reporting decisions? Managerial Auditing Journal, 13(8), 472–478
Donaldson, L (2001) The contingency theory of organizations USA: Sage Publications
Fisher, J (1995) Contingency-based research on management control systems:
Categorization by level of complexity Journal of Accounting Literature, 14, 24–53
Fisher, J (1998) Contingency theory, management control systems and firm outcomes:
Past results and future directions Behavioral Research in Accounting, 10, 47–
Fisher, B and Kenny, R (2000) Introducing a business information system into an engineering company Journal of Information, Knowledge and Systems
Gerdin, J (2005) Management accounting system design in manufacturing departments: An empirical investigation using a multiple contingencies approach Accounting, Organizations and Society, 30(2), 99–126
Guilding, C (1999) Competitor-focused accounting: An exploratory note
Gosselin, M (1997) The effect of strategy and organizational structure on the adoption and implementation activity-based costing Accounting,
Hans Mjoen; Stephen Tallman (1997) Control and Performance in International Joint Ventures Organization Science (8)
Henle, C.A (2005), “Predicting workplace deviance from the interaction between organizational justice and personality”, Journal of Managerial Issues, 17 (2), 247-263
Hooks, K., Kaplan, S., & Schultz, J (1994) Enchaining communication to assist in fraud prevention and detection Auditing: Journal of Practice and Theory 13, 86–117
Hoque, Z., & James, W (2000) Linking Balanced Scorecard measures to size and market factors: Impact on organizational performance Journal of Management Accounting Research 12, 1–17
Hoyt, R.E., D.L Moore, and A.P Liebenberg (2006), “The Value of Enterprise
Risk Management: Evidence from the U.S Insurance Industry,” Working Paper
Jeffrey Doylea, Weili Geb, Sarah McVayc, J (2006) Determinants of weaknesses in internal control over financial reporting, Journal of Accounting and Economics.1, 5-8
Jokipii, A (2009) Determinants and consequences of internal control in firms: a contingency theory based analysis Journal of Management and Governance.14, 115-144
Jones, M.J (2008), “Dialogus de Scaccario (c.1179): the first Western book on accounting?” Journal of complication 2008 Accounting Foundation 44(4), 443-474
Kim, W C and Mauborgne, R (2005) Blue Ocean Strategy Boston: Havard Business School Press
Kinney, W (2000) Research opportunities in internal control quality and quality assurance Auditing: A Journal of Practice and Theory, 19, 83–90
Krishnan, J (2005) Audit committee quality and internal control: An empirical analysis The Accounting Review, 80(2), 649–675
Leen, P., & Roland, F (2010) The adoption and design of Enterprise Risk
Management practices: An empirical study Electronic copy available at: http://ssrn.com/abstract58200
Lembi, N (2006) Evaluation of the effectiveness of internal control over financial reporting Unpublished Master Thesis, The University of TarTu, Estonia
Luscombe, N (1995) Coco’s control framework CA Magazine, p.3
Miles, R., & Snow, C (1978) Organizational strategy, structure and process New York: McGraw Hill
Miller, D., & Droge, C (1986) Psychological and traditional determinants of structure Administrative Science Quarterly, 31, 539–560
Mills, R (1997) Internal control practices within large UK companies In K
Keasey & M Wright (Eds.), Corporate, governance, responsibilities, risks and remuneration Chichester: Wiley
Nocco, B.W., and R.M Stulz (2006), “Enterprise Risk Management: Theory and Practice,” Journal of Applied Corporate Finance, 18(4), 8–20
Otley, D (1980) The contingency theory of management accounting: Achievement and prognosis Accounting, Organization and Society, 5(4), 428–431
Otley, D (1999) Performance management: A framework for management control system research Management Accounting Research, 10, 363–382
PCAOB (2004), Auditing Standard No 2-An Audit of Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial
Perry, W E., Warner,H.C (2005) A quantitative assessment of internal controls, p51-55
Piriya, M (2013) Control activities and performance of organizations
International Journal of Marketing, Financial Services & Management
Porter, M (1980) Competitive Strategy New York: The Free Press
Ramos, M (2004) Evaluate the control environment Journal of Accountancy
Rittenberg, L., & Schwieger, B (2001) Auditing concepts for a changing environment Harcourt College Publishers
Shelton, S.W and Whittington, O.R (2008), “The influence of the auditor’s report on investors’ evaluations after the Sarbanes-Oxley Act”, Managerial Auditing Journal 23(2),142-60
Sawyer, L.B., Dittenhofer, M.A., Scheiner,J.H Sawyer’s Internal auditing, 5 th
Edition USA: The Institute of Internal Auditor, 2003, 1402
Schmidt, W.H and B.Z Posner (1983) ‘Managerial Values in Perspective’
American Management Association, New York
Schminke, M., Cropanzano, R., & Rupp, D (2002) Organization structure and fairness perception: The moderating effects of organizational level
Organizational Behavior and Human Decision Processes, 89, 881–905
Stringer, C., Carey, P Internal Re-design: An Exploratory of Australia Organizations Accounting, Accountability & Performance, 8(2), 61-86
Vietnam News (2012), Businesses cut costs, restructure to survive global economic recession A vailable at: http://vietnamnews.vn/Economy/224478/businesses- cut-costs-restructure-to-survive-global-economic-recession.html on dated
Zikmund, W.G (1997) Business Research Methodology Fort Worth, TX: The