Building a risk management system at Ho Chi Minh City investment fund for urban development (HIFU)

MMVCFB PROGRAMME DE MAITRISE EN MANAGEMENT VIETNAM – COMMUNAUTE FRANCAISE DE BELGIQUE PHAN QUYNH ANH CASE STUDY: BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY INVESTMENT FUND

ECOLE DE COMMERCE SOLVAY

MMVCFB PROGRAMME DE MAITRISE EN MANAGEMENT VIETNAM-COMMUNAUTE FRANCAISE DE BELGIQUE

PHAN QUYNH ANH

BUILDING A RISK MANAGEMENT SYSTEM AT

HO CHI MINH CITY INVESTMENT FUND FOR

MMVCFB PROGRAMME DE MAITRISE EN MANAGEMENT

VIETNAM – COMMUNAUTE FRANCAISE DE BELGIQUE

PHAN QUYNH ANH

CASE STUDY:

BUILDING A RISK MANAGEMENT SYSTEM AT

HO CHI MINH CITY INVESTMENT FUND FOR

URBAN DEVELOPMENT

(HIFU)

MASTER DEGREE THESIS IN MANAGEMENT

(MMVB 6)

GUIDANCE COUNSELOR: DR VU HUU DUC

HO CHI MINH CITY

2007

After learning the two years of the Vietnam Belgium Master-In-Management Program - Intake 6 (MMVB6), I have gained knowledge on various aspects of business management which are very valuable for my application in my actual work When studying with my classmates, I have also gained the team spirit and the assistance and cooperation that help me build and develop my relationship with friends at school In preparing the thesis on “Building a risk management system at Ho Chi Minh City Investment Fund for Urban Development (HIFU)” ,

To complete this thesis, I very much appreciate the assistance received from the director in charge of my department and many colleagues at HIFU who have created convenient environment for my work, my study and provided me with advices and necessary information as valuable materials for me to write up my thesis

Last but not least, I would like to devote my mind and my heart to all my family members and my friends who have encouraged and supported me in the most positive way from the start until the completion of the MMVC 6

Ho Chi Minh City, 28 February 2006

MMVB6

ABSTRACT

Together with economic development, enterprises and financial institutions have faced with different kind of risks Consequently, risk management has become a critical issue for many organizations all over the world in recent years Currently, in Vietnam, this concept has still been a new issue to many enterprises, especially for state-owned company Apparently, risks in trading, including financial transactions of Vietnamese firms are likely to occur frequently and at more serious level In addition, those risks have more and more complicated and sophisticated and would lead to serious damages and losses for firms if those firms have not willing to face with those matters Accordingly, it is very crucial to have a tool of risk prevention for Ho Chi Minh City Investment Fund for Urban Development (HIFU) to deal with risks in its operation and development

This research aims to identify potential risks and the current situation that may cause to the Fund’s activities and suggest a risk management system for the Fund Attempts are made to propose a risk management system for the Fund in risk management and give some recommendations for State and for the Fund itself

to implement that system efficiently and effectively

The research suggests that all the Fund’s employees should keep in mind the increasing risks in the Fund’s operation due to the rise in uncertainty of the market However, knowing risk management and applying an appropriate risk management will help them in preventing and minimizing loss

WARRANT STATEMENT

I declare that this thesis is my own work and the source of information and material that I have used have been fully identified

PHAN QUYNH ANH

COMMENTS OF GUILDANCE COUNSELOR

TOPIC: Build a risk management system at Ho Chi Minh City Investment Fund

for Urban Development (HIFU)

PERFORMED BY: Phan Quynh Anh

GUIDED BY: Dr Vu Huu Duc

The thesis is necessary as it is meaningful in both argument and reality This

is a sincere and meticulous research to apply the theory of Risk management, international standards, etc in order to propose a risk management system which

is comprehensive and feasible for Ho Chi Minh City Investment Fund for Urban Development (HIFU.)

The thesis was in a good presentation, written in a clear and transparent style and reasonably structured

During time doing this thesis, student Phan Quynh Anh has learning spirit, serious research and has executed well the plan and research’s process as she proposed

As such, the work as performed by student Phan Quynh Anh has completely met requirements of the thesis of the Master-in-Management Program

As the guidance counselor, I evaluate the quality of this thesis at the level:

Great Distinction: 18/20

Ho Chi Minh City, 28 February 2006

(Signed)

Dr Vu Huu Duc Guidance Counselor

COMMENTS FROM ASSESSOR 1

TOPIC: Build a risk management system at Ho Chi Minh City Investment Fund

for Urban Development (HIFU)

COMMENTS FROM ASSESSOR 2

TOPIC: Build a risk management system at Ho Chi Minh City Investment Fund

for Urban Development (HIFU)

1.1 General concepts about risk management 4

1.2 Introduction of COSO’s Enterprise risk management 13

1.2.2 COSO – Internal Audit Framework, 1992 and Improvements to

Enterprise Risk Management Framework 14 1.2.3 Introduction of COSO’s Enterprise Risk Management Integrated

Framework 17 1.2.4 Enterprise Risk Management defined by COSO 17

1.2.5 Components of COSO’s Enterprise Risk Management

Framework 19 1.2.6 Benefits of Enterprise Risk Management 20

1.2.7 Limitation of Enterprise Risk Management 21

CHAPTER II - CURRENT SITUATION AT THE FUND 23

2.1 Overview of local investment funds in Vietnam 23

2.2 Overview of the Fund 24

2.2.4 Nine years of operation (1997 – 2005) 29

2.2.5 Oriented development for period 2006-2010 30

2.3.2 The process of trusted fund management 33

2.4 Current situation of risk management at the Fund 36

CHAPTER III - PROPOSAL RISK MANAGEMENT SYSTEM AT THE

FUND 43 3.1 Propose to build a risk management system at the Fund 43

3.1.1 Establishing the internal environment 43

3.1.2 Setting the objectives and event identification 44

3.1.3 Setting the risk assessment and risk prevention 45

3.2 Proposed risk management procedures in specific activities 47

3.3.2 Recommendations for the Authority – State 71

3.3.3 Recommendation for the Fund’s Board of Directors and Board

CONCLUSION 78 REFERENCE

ABBREVIATIONS

AMLIC Anti-Money Laundering Information Center

ADB Asian Development Bank

AFD Agence Française de Développement

BOD Board of Director

FATF Financial Action Task Force

HIFU Ho Chi Minh City Investment Fund for Urban Development

HCMC Ho Chi Minh City

IFC International Finance Corporation

KYC Know Your Customer

LDIFs Local Development Investment Funds

MLRO Money Laundering Representative Officer

OFAC Office of Foreign Asset Control

PCs The People’s Committee

USTDA United States Trade and Development Agency

INTRODUCTION

1 BACKGROUND

In the process of integration with the international economy, Vietnam government has had efforts to achieve the progress on many areas of economy, politics and society

By 2005, Vietnam has established commercial relations with over 220 countries and territories among the total number of 250 countries and territories in the world1 Although obtaining remarkable improvement in turnover and expanding market in trading, Vietnamese firms still have faced a number of problems in their activities The reasons are that they have not got accustomed with the international custom, practices, regulations and law systems, lacking of information and knowledge of risk management Therefore, risks in trading as well as in business activities are inevitable

As a result, managing the risks to sustainable development and competition enhancement is the essential strategy of the each country as well as each enterprise In fact, risk management has received much more attention from enterprises and they have recognized that enhancing risk management and internal control will help them to increase their value as well as to be vital in a full hapless environment From that, being a key financial institution of the City Government, Ho Chi Minh City Investment Fund for Urban Development (HIFU) (hereinafter referred to as “the Fund”) really need to have a risk management system, not least at the present time its activities and international collaboration are much more increasing gradually

This research aims to identify risks that the Fund may face during its operation, and suggest to build a risk management system From that, some recommendations for the improvement in risk management are given

1 Source: The Ministry of Planning and Investment, The Five Year Socio-Economic Development Plan

2006-2010, Hanoi March 2006

2 OBJECTIVES AND SCOPE OF THE RESEARCH

ϖ The objectives of this research are:

• Identify potential risks and inherent risks may impact on the Fund based upon the Fund’s functions and characteristics

• Introduction a risk management framework for the Fund’s implementation which has issued by COSO (Committee of Sponsoring Organizations)

• Give concluding remarks and recommend solutions to State and the Fund

for better risk management at the Fund

ϖ The scope of the research:

The thesis will first guide an introduction of concepts of risks, risk management and comprehensive introduction of COSO and its enterprise risk management framework that is used popularly all over the world

The main part of this thesis focuses on the Fund’s current situation and the need

of risk management system With the above objectives, this research focus only on a proposal of risk management system and proposes two processes as two specific examples in managing two among of various risks which are probably occurred at the Fund In conclusion, this research gives some recommendations for the State and the Fund’s Board of Management on better building risk management system for the Fund

3 METHODOLOGY

This research is conducted in 2 stages:

1 Review literature on:

- Concepts of risk and risk management in finance and banking field

- COSO – Enterprise risk management framework

- Some official documents, analysis, reports of the Fund

2 Conclusions and recommendations:

Following a new kind of risk management framework, the literature of risk management as well as a comparison with the current situation of the Fund and current situation of Vietnam as well, some conclusions and suggestions are given to help the

in the better way

- Current situation in Risk management of HIFU

- Propose a risk management system at HIFU

CHAPTER I LITERATURE REVIEW

1.1 General concepts on risk management

1.1.1 Concepts of risk

There are many definitions of risk depending on the specific application and situational contexts Generally, risk is a concept that denotes a potential negative impact to an asset or some characteristic of value that may arise from some present process or future event (Wikipedia) However, there are some more specific concepts

of risk such as:

+ Williams, JR, Smith and Young (1998) stated that ’’risk is potential variation in outcomes When risk is present, outcomes cannot be forecasted with certainty’’

+ Frank Knight (1921) defined that “Risks are uncertainties that are able to be measured” His approach related to the determinable or undeterminable abilities of uncertainties

+ Allan Willett (1901) said that “Risk is a specific uncertainty related to an unexpected experience” Therefore, his approach related to the people’s attitudes The unforeseen incidents are risks; the expected one is not called risk

+ Hertz & Thomas (1984) have suggested that “ risk means uncertainty and the results of uncertainty… risk refers to a lack of predictability about problem structure, outcomes or consequences in a decision or planning situation.”

+ Irving Pferffer (1956) claimed that “Risk was measurable in terms of probability and that uncertainty was a state of mind measured by degree of belief”

+ Holton (2004) defined that “if people don’t know what will happened, the outcome is uncertain It seems that risk entails two essential components such as exposure and uncertainty Then, risk is exposure to a proposition of which one is uncertain”

According all above risk concepts, risks can be understood as below:

• Risks are uncertain events which happen suddenly

They happen without ability to know in advance the exact They can occur at any time in future

• Risks cause losses

When risks happened, they will damage the life, spirit, assets of the people which can lead to material or immaterial consequences

• Risks are unexpectable events

The uncertainties happened without expectation will be referred as risk, otherwise, with expected one is not called a risk

Finally, if event occurs intentionally or is known in advance, or happened without leaving any consequences, those events are not seen as risks Alternatively, if

an event occurred that lead to losses in the plan will not be seen as risk

1.1.2 Concepts of risk management

Nowadays, the world economy has faced a lot of many criminals or business corruptions due to lack of management, especially lack of risk management So that the enterprise risk management is now become a critical issue in business that all companies must deal with Generally, enterprise risk management is so-called a tool which enables management to identify, assess and manage risks in the face of uncertainty

Similarly, risk management is a general management function that seeks to assess and address the causes and effects of uncertainty and risk on an organization The purpose of risk management is to enable an organization to progress toward its goals and objectives (its mission) [Williams, JR, Smith and Young, 1998]

Moreover, James Lam (2003) stated that ‘‘Risk Management is the process of measuring, or assessing risk and then developing strategies to manage the risk’’ In general, the strategies include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences

of a particular risk Traditional risk management focuses on risks stemming from physical or legal causes (e.g natural disasters or fires, accidents, death, and lawsuits)

Financial risk management, on the other hand, focuses on risks that can be managed using traded financial instruments Regardless of the type of risk management, having risk management teams is more and more necessary for all corporations

In sum, risk management is known as a tool in helping the management to achieve the entity’s performance and profitability targets and prevent loss of resources

1.1.3 Objectives of risk management

Nowadays, every enterprise faces a myriad of risks affecting different parts of the organization and it is important for the management is how much uncertainty and risks

to be accepted Consequently, the enterprise risk management helps the management better deal with risks in achieving an entity’s objectives

These objectives are set in four categories as below:

ϖ Strategic: risk management supports the management achieve the entity’s

high –level goals and its mission

ϖ Operations: based on risk management, the entity can use effectively and

efficiently of its resource

ϖ Reporting: the reports of risk management have more reliable information

ϖ Compliance: risk management provides reasonable assurance of compliance

with laws and regulations

Besides helping in achieving an entity’s objectives, risk management also assists the management in enhancing risk response decisions Based on this system, the management can identify and select among different risk responses as risk avoidance, reduction, sharing and acceptance Alternatively, risk management is a discipline for dealing with the possibility that future events may cause adverse effects by providing methodologies and techniques for making the decisions Last but not least, the risk management can help an entity in reducing operational surprises and losses, and in avoiding damages to its reputation and associated consequences In other word, enterprise risk management helps an entity get to where it wants to go and avoid obstacles and surprises along the way

1.1.4 Cause and factor of influences

b Causes arise from the business environment: the business environment contains many potential risks to those not either able to recognize and apply economic rules, nor to take business opportunities, or not being adaptive with the environment change, etc These are indirect causes of risks and damages to companies The causes of risks arise from the business environment include:

• Economic crisis: a fundamental factor causes bankruptcy to several businesses

• Economic policy of the government: changes in economic and public policy represent a potential source of risk to the business environment that businesses are facing

• Changes in monetary policy, exchange rates: is an important risk factor to businesses, especially to business relying on international trade

Therefore, objective causes are uncontrollable The solution against this type of risks largely is depended on the forecasting and the adaptive capability of the businesses Risks come from these objective causes although does not occur so often but they cost severe and widespread damages to the business environment

ϖ Subjective causes:

These causes of risks arise from both direct and indirect human or institute actions

in doing their business Some major subjective causes as follows:

a Human mistakes in selecting business strategy

b Human mistakes in selection management structure and policy

c Lack of information

d Lack of competence in profession as well as management

e Due to negligence, imprudence, subjectiveness of all members in enterprise

f Due to lack of work experience, sense of responsibility and moral

g Smuggling, swindle and unfair competition

h Corruption and bureaucracy

In sum, those causes even if it be objectivity or subjectiveness which are to cause risks damages or losses to human as well as the entity However, regarding to objective causes, it is very difficult for the human to control or eliminate those risks because they depend on outside externalities The people mainly focus on the methods

of reduction, avoidance or sharing the risks In the other hand, regarding to subjective causes, although they are so complicated, they are caused by human activities; therefore; they can be controlled by various solutions such as reduction, sharing, control, dispersing, and transferring the risks

1.1.5 Risk management’s keystones

Risk is an indispensable to business environment As a result, risk management is

a critical and important task for an existence and stable growth of an entity To run risk management system effectively, the entities should thoroughly understand of some keystones as below:

• Impact: important or non-important

• Probability: likelihood of its happening

• No risk, no profit

• Separate a person who accepts risks with a person who controls risks

• Public and transparent

• Actively response risks

• Control: what methods are in place to protect or deal with that situation

1.1.6 The major risks in finance industry

Basically, there are three types of fundamental risks that all enterprises have to

face during their operation such as Business risk, Financial risk and Operational risk However, depend on business type; enterprise’s characteristic that each above

risks will include many different concrete risks

HIFU is a financial institution, i.e its operation mainly is in finance industry According to Bank Training Center (2006), they define each type of fundamental above risks will include following concrete risks:

ϖ Business risk:

This risk is the uncertainty associated with operating cash flows of a business In other word, it is the risk that a company will not have adequate cash flow to meet its operating

It includes some risks as above:

o Political risk, Policy risks: the risk that regulators will change the current

rules or impose new rules They may negatively impact to entity’s position

o Credit risk: this risk is identified when a business partner is not being able

to fulfill the agreements in the contract

o Environment risk: generally refers to the increased chance that biological

or ecological damages could occur as a result of exposure to hazardous substances present in the environment Any living organism can be affected

ϖ Operational risk:

This risk is identified when an entity indirectly or directly suffer a loss as a consequences of failures in technologies, processing, human resources and other similar risks

It includes some risks as below:

o Reputation risks: this risk is identified when an entity’s performance or its

methods does not meet the creditors’ expectations

o Technology risk: the risks are influence to technology information system

Any uncertainties, vulnerabilities impact to security of information system

o Personnel risk: any intentional frauds, mistakes can be referred as

personnel risks of an entity

o Money Laundering and Fraud risk: the risk is considered as a conduct of

individual or organization seeking a way to legalize money or assets

obtained as a result of crime

ϖ Financial risk:

The uncertainty associated with how a firm finances its business (that is, debt vs equity)

It includes some risks as below:

o Bankruptcy risk: the risk is identified when a counterparty, which owes an

entity’s money, goes bankrupt

o Market risk: it is the risk that the value of an investment will decrease due

to moves in market factors (including interest risk, foreign exchange risk, and liquidity risk)

+ Interest risk: the sensitivity of a security's price to the change in market

yields The longer the maturity of a bond (all other features the same), the

more the interest rate risk The greater the coupon rate of a bond (all other features the same), the less the interest rate risk

+ Liquidity risk: this risk is identified when a debtor is not being able to

pay off their liabilities when they come due

+ Foreign Exchange risk: the risk of an investment's value changing due

to changes in currency exchange rates

1.1.7 Summary of some typical cases

(a) Typical examples on international banks suffered from losses in 1990 2

• The case of Barings, Plc

On 26 February 1995, Barings Plc (UK) announced bankruptcy after 233 years of existence Direct cause that led to this case was due to Mr Leeson who was an officer

in charge of the Bank’s operations in Singapore He self-managed to decide to invest USD 7 billion in term exchange contracts on the index of Nikkei on the stock exchange of Japan Due to wrong anticipation of the exchange rate, Barings suffered a loss of USD 1.3 billion The mistake of Barings was due to the fact that Leeson took at the same time 2 functions: operation and post-operation (examine, supervise the Bank’s operation, absolute compliance to guidelines and policies of the Bank) while in principle, those 2 functions shall be totally independent to each other Leeson was over confident in his business skills and made use of over-centralization of power on him that led to the above-mentioned losses The lesson on the bankruptcy of Barings was

an alert to all the banks in the world about losses that may occur due to the loop holes

in monitoring, supervision, management and assigning of functions per job

• The case of Daiwa Bank Limited, Japan and Daiwa Bank Trust in New York:

This bank was one of the 12th largest banks in Japan On 26 January 1995, the Bank advised Mr Igushu, Executive Office of the Bank in New York that the Bank

2

Extracted from the article on ‘Risks and financial loss: some typical lessons to learn published on the Financial and Monetary Market – Serial No 4 – Year 2002 (pages 17, 18, 19)

has suffered from 1.1 billion dollars worth 1/7 of the Bank’s total resources More seriously, Igushu had hidden and provided totally wrong reports on the Bank’s operation over 11 years from 1984 Even though there are warnings on loop holes in the Bank’s internal control but this fact was not cared by the Bank’s Executive Board

As a result, the Bank’s branch in New York had to be closed as a warning that the Bank’s operations were not secured nor healthy and breaking the laws

(b) Typical examples in Vietnam in recent years

• The case of La Thi Kim Oanh:

This is a typical example of outcome of work style without a principle that many joint stock banks (JSB) Only with introduction letters from 2 vice-ministers at Ministry of Agriculture and Rural Development, La Thi Kim Oanh obtained total loans of VND 77 billion but only invested for those projects with a total amount of VND 12 billion, the balance was drawn down for herself expenditures At the court, when being asked why the Bank did not perform any project appraisal before disbursing the loan, but disbursed the loans immediately The Bank’s representatives explained that they only examined briefly the loan documents and they relied too much on the managers swimming skills (Extracted from Lao dong – Issue No 81, dated 21/03/2004, page 7)

• The case of Nguyen Trong Quy and his team

Due to opening accounts with Branch No 5 (the Branch) of Incombank (the Bank) from 2001, Director and Chief Accountant at MK Construction & Trade Co., Ltd (MK) created close relationship with Director of the Branch, Credit Manager and Credit Officer at the Branch From that, MK was granted loans without fulfilling procedures required by the Bank Moreover, the Director and Chief Accountant at MK regularly cooperated with officers at the Branch to misappropriate in lending transactions

Knowing the above problems, at beginning 2002, Nguyen Trong Quy actively proposed MK Chief Accountant to create chances for Hoang Dinh Co., Ltd., Dai Phat Co., Ltd to approach credit officers of the Bank to obtain loans with promises that

they would share commissions if successful With cheating knowledge and techniques, Nguyen Trong Quy had helped the above accomplices to falsify dossiers, documentations relative to loan projects, etc to formalize loan documentation After drawing the loans, those people fled away leaving the huge loss to the Branch (Extracted from People’s Police News – Issue dated 28 February 2004, page 5)

Lesson learnt: Based on the above-mentioned typical cases both on international and local levels, though the seriousness and circumstance of each case may be different but overall lessons learnt can be summarized as below:

• Some high level management executives of the banks have ignored compliance to operating principles and legal regulations on banking activities;

• Executives at lower levels, officers directly handling transactions were not educated in professional ethics and became of low level of accountabilities, their quality became easy to be changed or deteriorated, thus being easy to

be lured by customers

• Procedures at companies were not clear in authorization of rights, leading case of executing in exceed of allotted rights Reviews, supervision for process of granting loans, use of loans were considered as weak

• Internal control as well as risk management tools at the banks were inefficient in timely finding out errors and frauds to stop them from happening After actual losses have occurred, the banks started to find measures to rectify the errors and frauds, but could not avoid serious results that they could not recover the banks assets and loans

1.2 Introduction of COSO’s Enterprise risk management

1.2.1 Introduction of COSO

Due to questionable corporate political campaign finance practices and foreign corrupt practices in the mid-1970s, the Securities and Exchange Commission (SEC)

and the U.S Congress enacted campaign finance law reforms and the 1977 Foreign Corrupt Practices Act (FCPA) which criminalized transnational bribery and required companies to implement internal control programs In response, a private-sector initiative, called the National Commission on Fraudulent Financial Reporting (commonly known as the Treadway Commission) was formed in October 1985 As a result, COSO was originally formed in 1985 to sponsor the Treadway Commission studied the causal factors that can lead to fraudulent financial reporting and developed recommendations for public companies and their independent auditors, for the Securities and Exchange Commission (SEC) and other regulators, and for educational institutions

COSO - The Committee of Sponsoring Organizations of the Treadway Commission - is a voluntary private sector organization dedicated to improving the quality of financial report through business ethics, effective internal controls, and corporate governance

The National Commission was jointly sponsored by five major professional associations in the United States as below:

• The American Accounting Association – AAA

• The American Institute of Certified Public Accountants - AICPA

• Financial Executives International - FEI

• The Institute of Internal Auditors - IIA

• Institute of Management Accountants – IMA

The Commission was wholly independent of each of the sponsoring organizations, and contained representatives from industry, public accounting, investment firms, and the New York Stock Exchange

1.2.2 COSO – Internal Audit Framework, 1992 and Improvements to

Enterprise Risk Management Framework

Traditional Internal Audit COSO - Internal Control

Risk focus: 3 more additional components:

- objective setting

- event identification

- risk response

Testing control activities Focus on process improvement

and risk challenge – financial risk focus

Focus not only on financial risk, but also operational risks and business risks

Compliance objective Risk identification, process

different kind of risks Career auditors Opportunities for other

management positions

Involve to everyone in the entity, from low to higher level

Methodology: focus on policies,

transactions and compliance

Methodology: focus on goals, strategies, and risk management processes

Methodology: focus on objectives, strategies setting, risk management processes

In 1992, from traditional theory had been paid attention to only control activities

by internal auditors, COSO had improved that theory to new definition which has concerned more to the way management runs a business as below:

By focus on more risk identification, how well dealing with risks and how the objectives are achieved, the COSO – Enterprise risk management was added three components as Objectives setting, Event identification and Risk responses Accordingly, ERM has helped move the scope of internal audit from financial area to higher risk areas such as business risks and operational risks as well as helped internal audit having a better understanding of organization risks, thereby affecting internal auditing planning and testing

1.2.3 Introduction of COSO’s Enterprise Risk Management Integrated

Framework

As a result of the highly publicized business failures, scandals, and frauds over the past several years, senior managers realized that they must now comply with a series of laws, regulations, and listing standards calling for strengthened corporate governance and risk management To help them comply, the COSO issued its

framework for enterprise-wide risk management, “Enterprise Risk Management—

Integrated Framework”, in September 2004 The goal of the framework is to enable

organizations to standardize enterprise risk management (ERM) so that organizations can more easily benchmark, establish best practices, and have more meaningful dialogue about the critically important issue of risk management

In addition, the Enterprise Risk Management – Integrated Framework expands

on internal control, providing a more robust and extensive focus on the broader subject

of enterprise risk management It is not intended to replace the internal control framework, but incorporates the internal control framework within the business activities Companies may decide to look to the framework both to satisfy their internal control needs and to move toward a fuller risk management process

1.2.4 Enterprise Risk Management defined by COSO

“Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives”

The fundamental concepts outlined above are detailed in the following paragraphs:

A Process

Enterprise risk management is not one event or circumstance, but a series of actions that permeate an entity's activities It is believed that enterprise risk management is most effective when enterprise risk management mechanisms are built into the entity's infrastructure and are part of the essence of the enterprise By building

in enterprise risk management, an entity can directly affect its ability to implement its strategy and achieve its vision or mission

Effected by People

Enterprise risk management is effected by a board of directors, management and other personnel Similarly, enterprise risk management affects people's actions In addition, enterprise risk management provides the mechanisms which help people to understand risks in the context of the entity’s objectives People must know their responsibilities and limits of authority

Applied in Setting Strategy

An entity sets out its mission or vision and establishes strategic objectives Besides, an entity also establishes a strategy for achieving its strategic objectives In setting strategy, the management must consider risks relative to alternative strategies

Applied Across the Enterprise

To successfully apply enterprise risk management, an entity must consider its entire scope of activities Enterprise risk management must apply at all levels of the organization as well as in all activities and in all processes

Risk Appetite

Risk appetite is the amount of risk an entity is willing to accept in pursuit of value Risk appetite is directly related to an entity’s strategy

Provides Reasonable Assurance

Well-designed and operated enterprise risk management can provide management and the board of directors reasonable assurance regarding achievement of

an entity's objectives

Achievement of Objectives

Effective enterprise risk management can be expected to provide reasonable assurance of achieving objectives relating to the reliability of reporting and to compliance with laws and regulations

1.2.5 Components of COSO’s Enterprise Risk Management

Framework

Enterprise risk management consists of eight interrelated components These are derived from the way management runs a business, and are integrated with the management process The components are:

• Event Identification

Event identification involves focusing those incidents occurring internally or externally that could affect strategy and the achievement of objectives Potentially, events have a negative impact, a positive impact or both Obviously, events that have a

potentially negative impact represent risks, which require management’s assessment and response

• Risk Assessment

Risk assessment allows an entity to consider how potential events might affect the achievement of objectives Actually, there is usually a range of possible results associated with potential events, and management is responsible to consider them as a basis for developing a risk response

• Information and Communication

Relevant information is identified, captured, and communicated in a form and time frame that enable people to carry out their responsibilities Information is needed

at all levels of an entity for identifying, assessing, and responding to risk Personnel receive clear communications regarding their role and responsibilities

• Monitoring

Monitoring can be done in two ways: through ongoing activities or separate evaluations Ongoing and separate monitoring ensures that enterprise risk management continues to be applied at all levels and across the entity

1.2.6 Benefits of Enterprise Risk Management

Enterprise risk management provides enhanced capability to:

• Align risk appetite and strategy

• Link growth, risk and return

• Enhance risk response decisions

• Minimize operational surprises and losses

• Identify and manage cross-enterprise risks

• Provide integrated responses to multiple risks

• Seize opportunities

• Rationalize capital

In general, enterprise risk management is an important means It cannot and does not operate in isolation in an entity, but rather is an enabler of the management process Enterprise risk management is interrelated with corporate governance by providing information to the board of directors on the most significant risks and how they are being managed And, it interrelates with performance management by providing risk-adjusted measures, and with internal control, which is an integral part of enterprise risk management

In sum, enterprise risk management helps an entity achieve its performance and profitability targets, and prevent loss of resources It helps ensure effective reporting And, it helps ensure that the entity complies with laws and regulations, avoiding damage to its reputation and other consequences As well as, it helps the entity get to where it wants to go and avoid unexpected barriers along the way

1.2.7 Limitation of Enterprise Risk Management

As we known, effective enterprise risk management can help management achieve objectives But enterprise risk management, no matter how well designed and operated, does not ensure an entity's success

Basically, the achievement of objectives is affected by limitations inherent in all management processes as well as enterprise risk management cannot change an inherently poor manager into a good one For instance, shifts in government policy or programs, competitors' actions or economic conditions can be beyond management's

control Alternatively, human decision making can be faulty, and breakdowns can occur because of such human failures as simple error or mistake Additionally, controls can be circumvented by the collusion of two or more people, and management has the ability to override the enterprise risk management process, including risk responses and controls

The design of enterprise risk management must reflect the reality of resource constraints, and the risk management benefits must be considered relative to their costs Thus, while enterprise risk management can help management achieve its objectives, it is not a perfect method

CHAPTER II CURRENT SITUATION AT THE FUND

2.1 Overview of local investment funds in Vietnam

Over last decade, the renovation ("doi moi’’) has made some significant changes

for the Vietnamese economy Municipal infrastructure demand is increasing rapidly as

Vietnam copes with rapid urbanization, decentralization, high rates of economic

growth, and globalization Moreover, there has been a rapid increase in capital demand

for infrastructure investment in particular as well as for the whole economic in general

This demand has become critical for the City’s local Government and related

Departments

As we known, in current situation, the State Budget could not meet the capital

demand for the urban infrastructure development As a result, the Government has

suggested some models to mobilize funds for urban development investment outside

of the State budget To diversify the form and the tools of mobilization is mainly

considered by the Government In such circumstance, approved by the Prime Minister,

in 9/1996, the Ministry of Finance applied the pilot model of ‘‘Local Development

Investment Fund’’ in Ho Chi Minh City, then applied for many cities or provinces as

Ha Noi, Binh Dinh, Hai Phong, Binh Duong, Dong Nai, and Dong Thap, etc These

funds are state-owned financial institutions directly under provincial Governments

After ten years, the operation of local investment development funds (LDIFs) has

achieved many significant results Ho Chi Minh, Ha Noi, Binh Duong and Dong Nai

have become the most active LDIFs which are financially sound and display high

standards of corporate governance Depend on nature of each province, size and

operational nature of each fund, the operation of each fund is different, however, in

general, the basic functions of LDIFs are to mobilize spare-fund from all economic

sectors or economic organizations and to receive the trusted funds from state budget,

other financial institutions in order to invest in the projects which are in the City’s

master plan, of importance and urgent, with potential cost-recovery and economic

efficiency Moreover, LDIFs also have joined into the privatization of state-owned

companies, co-financed with other banks, provided financial services and investment

consulting services, and participated in financial market in accordance with Law.Last

but not least, an important aspect of LDIFs is that they operate as a profit making

commercial entity While assisting in the acceleration of the municipal government’s

socio-economic development, LDIFs need to generate a positive return on their

portfolio of investments to ensure their long-term sustainability as a municipal

infrastructure financing institutions

In conclusion, recognizing the increasing demands for municipal infrastructure,

the Government of Vietnam (GoV) has encouraged the provincial governments to take

greater responsibility for financing municipal infrastructure Consequently, LDIFs

have increased significantly and have developed in many cities and provinces in

Vietnam The model of those funds has more and more become an important

municipal financial tool because they offer an operational and legal structure for the

provincial governments to focus on infrastructure, including the ability to mobilize

capital and enter into contracts with the private sector in socio-economy development

in Vietnam

2.2 Overview of the Fund

2.2.1 History and development

• Initial objective for establishing of the Fund:

First of all, Ho Chi Minh City is not only one of the main, largest and most

crowded economic centers of Vietnam, but it also the main and most important trading

area/location of Southern Vietnam Along with the dramatically socio-economic

development as well as population, HCMC has had such a steady increasing in

demand for the infrastructure investments which are worth billions dollars in expert

predictions

As the other cities and provinces in Vietnam, most of infrastructure investment

projects for urban development are invested by the government’s budget However, it

is not only very limited but also is used for other urgent other demands, so that it can

not fully afford for all of the demands for developing municipal infrastructure In the

past few years, due to the financial market in Vietnam still has been in beginning stage

and the lack of funding-raising mechanism, most of the mid-term and long term

capitals were raised from commercial banks However this way has some limitations

due to some restriction of credit laws and regulations, particular in gathering and the

use of funds

In such situation, the need a form of financial institution which its objective is to

improve the efficiency of the usage of the city’s budget and to attract all potential

usable sources of capital in order to support the infrastructure development projects

Ho Chi Minh City Committee Board made the proposal of establishing the Ho Chi

Minh City Investment Fund for Urban Development (the Fund) to the Government

with the strong supports from most Departments and Ministries

Based on the Decision 644/TTg dated 10 September 1996, the Prime Ministers

has approved for establish Ho Chi Minh City Investment Fund for Urban Development

(the Fund) as a trial model The Fund is financial state-owned institution, and belongs

to HCMC People’s Committee The Fund has full autonomy to organize and manage

its business activities and can decide the professional activities by itself, within its

mission and the state policy framework in accordance with the law Besides, the Fund

is responsible for managing risk itself and being financially solvent Basically, the

Fund’s main goal is to mobilize the spare capital for developing socio-economic

infrastructure and key industrial fields of Ho Chi Minh City With successful operation

of the Fund, there have been other twelve investment funds in other cities and

provinces

• Development Process: this is divided into 2 main periods

From 1997 to 2000:

This was the first period where the main goal was planning the process The

investment and the capital mobilization were slowly and carefully implemented Also

the management systems, the human resources as well as the work plan and legal

procedures for the Fund were step by step well-formed

The key operation of this period:

+ Supporting Credit/Loan is main key operation of the Fund Direct

investment was not a main process of this period because of low in

confidences of HCMC PCs in the Fund’s experiences and operations

+ Result of raising capital was still limited as the Fund was the new

organization in capital market of city

Although, the Fund has reached its manual goals and targets, however the basic

income (receiving from interest rate and direct investment) was still low One of the

reason was that the Fund invested in mid-term and long term investment so that the

investment return and interest income in few first years was low

From 2001 till present:

Together with gaining experiences in management, operations and planning

process, as well as the control from HCMC the People’s Committee, the Fund has

made a strong and good move in period from 2001-2005, which has showed its

succeed in various areas as follow:

+ To focus on the disbursement for targeted programs and key projects, which

need the huge fund as it progress

+ Direct investment has become stronger and growth: the value and the ratio

of direct investment has higher and higher

+ To diversify the mechanism of mobilizing capital: along together utilizing

the Fund’s capital or syndicated loans with other financial institution; the

Fund has been authorized to issue successfully VND 8,000 billions over

2003-2006

+ Trusted Fund management: this activity becomes more efficient and

effective directly under the Fund

+ Extend its trading partnership in national and international wide : build up

the strong trading partnership with national wide as well as searching and

build up the trading between Ho Chi Minh City and other international

financial organizations

Finally, in this period, the Fund has provided its best operations in compliance

with its function and regulations Based on the past results, the Fund has also provided

the outstanding operations with was highly innovative and effective

2.2.2 The Fund’s missions

The Fund performs the following functions and has the following missions:

a To mobilize medium and long – term capital of domestic and foreign

organizations and individuals as stipulated by law

b To operate direct and indirect investments

c To provide financial services, investment consulting service, trust and

investment management services and other advisory services

d To participate in capital market activities as securities trading, providing

securities intermediary services, and other services as stipulated by Law on

Security and Stock Exchange

e To construct its investment strategy, five-years plans and annual plans, to

implement these strategies and plans in conformity with the Master Plan

and the Development Strategy of Ho Chi Minh city in each period and long

time

f To manage and utilize the sources of capital entrusted by the government

and mobilize to invest in projects with a particular socio-economic benefit

in mind as approved by the City People’s Committee

g To use capital entrusted given by the government as financial tool to attract

savings and other capital for investment in socio-economic development as

well as contributing to the country’s industrialization and modernization

2.2.3 Organization chart

2.2.4 Nine years of operation (1997 – 2005)

The Fund has achieved the following milestones after 9 years of operations:

a The Fund has helped the City’s local government to sufficiently manage the

city budget through out the Fund’s functions in monitoring and controlling

regularly of capital’s using by investors The Fund has also helped the City

to recover most of the loans in order to reinvest on upcoming projects

b Although the quantity of the loan syndications are not significantly

enormous, the Fund has helped the City’s local government to create a new

effective channel in order to mobilize funds for investment by co-financing

with other banks and other financial institutions

c The Fund has been actively and strategically suggested various methods of

mobilizing funds Those methods have been proven successful when they

appear to be applicable with the current situation of the City The Fund has

also expanded its networks by contributing the seed capital and investing

into new start-out companies By doing so, the Fund has created different

mobilized channels and successful business models One example of this

kind of achievement is the “Ho Chi Minh City Infrastructure Investment

Joint-Stock Company” This company is the first fund which was founded

and managed on the first model in socializing investments of the City

d From 2003 to 2006, authorized by the City’s local government, the Fund

has successfully issued VND 8,000 billion (USD 500 million) of municipal

bonds to raise fund for local budget This issuance has opened up a new

fund – raising channel for the City’s infrastructure investment in coming

years

e Together with fulfilling the mandatory duties assigned by the City’s local

government, the Fund has also performed as financial counselors for

investors, especially to whom want to invest into the ‘‘Investment

stimulated program’’ of the City