Improving the internal credit audit system in Petrolimex Group Commercial joint stock Bank

In recent years, the trend of liberalization and globalization of economy has brought Vietnam economy both opportunities and challenges requiring the government and authorities put more efforts. In the field of Finance & Banking, we have built crucial basis for a financial monetary economy, technology modernization and bank operations to create the market mechanism. The institutions for bank operations have been improved and the operating mechanism of monetary policy has been innovated basically. Moreover, regulations and international standards of bank operations have been applied, so the credit quality has been improved significantly. However, in the period of integration, the opening of the financial market increases the number of wealthy foreign banks with high technology and management quality entering into Vietnam market, pressure of competition for commercial banks in Vietnam also increases along with the loosened regulations for foreign financial institutions. At that time, with the small size, low management quality, low technology and labor skills, the commercial banks will not catch up with foreign commercial banks and lose the game if they do not innovate. Besides, occurring risks of banks; especially the credit risks, have not been managed and controlled strictly, which can lead to a big loss. At the moment, the risk of bankruptcy of banks can appear at any time if they do not focus on enhancing the efficiency of risk management in their business activities. With the reasons above, ensuring the sustainability and consistency of the development is the most important target in management and operation of Vietnam commercial banks. One of necessary strategic solutions is to reorganize and upgrade the control system, internal audit of each commercial bank. In the small scope, among activities of bank, the credit activities need focusing on because it is the main source of finance for the banks, however, containing a lot of risks. Recognizing the importance of internal auditing of credit activities in the time working at Petrolimex, I choose the topic for the Master thesis: “Improving the internal credit audit system in Petrolimex Group Commercial joint stock Bank”

CHAPTER I: OVERVIEW OF RESEARCH 3

1.1 Necessity of research 3 1.2 Problematic of research 4 1.3 Research objectives 4 1.4 The questions are posed in the study 4 1.5 Object of research 4 1.6 Scope of research 4 1.7 Research methodology 4 1.8 Contribution of research 5 1.9 Structure of thesis 5 CHAPTER II: THEORETICAL FRAMEWORK 6

2.1 Some concepts and theories of internal audit 6 2.1.1 Internal audit definition 6

2.1.2 Some theories of internal audit in commercial bank 9

2.1.3 The function of internal audit 11

2.1.4 Basic principles of internal audit activity 12

2.1.5 Content of internal audit 13

CHAPTER 3: RESEARCH METHODS AND ORGANISATION OF INTERNAL CREDIT AUDIT AT PETROLIMEX GROUP COMMERCIAL JOINT STOCK BANK 15

3.1 Research method 17 3.1.1 Data collection method 17

3.1.2 Data analysis method 19

3.2.1 The objective of the audit credit activities 19

3.2.2 Requirements of internal audit credit activities 19

3.2.3 Scope of audit credit activities 20

3.2.4 The main audit methods 20

3.2.5 Content of audit credit activities 20

A 2 Assessing the performance of the audit statute 21

A 3 Quality assessment activities of the credit control system in the unit audited 22

A 4 Perform audit procedures, regulations 22

Part B Check to compare directly with borrowers 28

B 1 Debt validation 29

B 2 Check the use of loan 29

B3 Check the status of assets to ensure debt 29

B4 Inspection of the project and repayment of the business (clients are business loans) 30

3.2.6 Prepare and submit audit report 31

3.2.6.1 Establish an audit report 31

3.2.6.2 Send an audit report 32

3.2.7 Follow up audit 32

3.2.8 Form audit credit operations 32

CHAPTER 4: CONCLUSIONS AND RECOMMENDATIONS 33

4.1 Conclusions and recommendations 33 4.1.1 Advantages 33

4.1.2 Shortcomings 33

4.2 Suggestions to complete internal credit audit work 34 4.2.1 Completing internal audit apparatus 34

4.2.2 Examining the quality of internal audit work 36

4.2.3 Improving working conditions for internal auditors 37

4.2.4 Combination of internal and external auditing 38

4.2.5 The informatics department should be audited 38

4.3 Recommendations 38 4.3.1 For the Government 38

4.3.2 For the State Bank of Vietnam 38

APPENDIX 41

REFERENCES 58

During studying and completing this thesis, I have received guidance, greatassistance from teachers, friends and classmates With deep respect and gratitude, Iwould like to express sincere thanks to:

Faculty of International Training - Vietnam University of Commerce havecreated all favorable conditions to help me in my education background andcompleting thesis

All teachers of Vietnam University of Commerce and other foreign experts fromIAE de LYON,specialy Doctor Vu Manh Chien who were very helpful and have taught,encouraged, created favorable conditions for me during the course to date of thesis

Despite great efforts with all enthusiasm for this thesis, but my thesis stillhas mistake So I hope to receive sympathy and suggestions of all teachers in themarking council

In recent years, the trend of liberalization and globalization of economy has broughtVietnam economy both opportunities and challenges requiring the government andauthorities put more efforts In the field of Finance & Banking, we have built crucial basisfor a financial monetary economy, technology modernization and bank operations to createthe market mechanism The institutions for bank operations have been improved and theoperating mechanism of monetary policy has been innovated basically Moreover,regulations and international standards of bank operations have been applied, so the creditquality has been improved significantly

However, in the period of integration, the opening of the financial market increasesthe number of wealthy foreign banks with high technology and management qualityentering into Vietnam market, pressure of competition for commercial banks in Vietnamalso increases along with the loosened regulations for foreign financial institutions At thattime, with the small size, low management quality, low technology and labor skills, thecommercial banks will not catch up with foreign commercial banks and lose the game ifthey do not innovate Besides, occurring risks of banks; especially the credit risks, have notbeen managed and controlled strictly, which can lead to a big loss At the moment, the risk

of bankruptcy of banks can appear at any time if they do not focus on enhancing theefficiency of risk management in their business activities

With the reasons above, ensuring the sustainability and consistency of thedevelopment is the most important target in management and operation of Vietnamcommercial banks

One of necessary strategic solutions is to reorganize and upgrade the controlsystem, internal audit of each commercial bank In the small scope, among activities ofbank, the credit activities need focusing on because it is the main source of finance for thebanks, however, containing a lot of risks

Recognizing the importance of internal auditing of credit activities in the time

working at Petrolimex, I choose the topic for the Master thesis: “Improving the internal

credit audit system in Petrolimex Group Commercial joint stock Bank”

CHAPTER I: OVERVIEW OF RESEARCH

1.1 Necessity of research

The increasing of society's demands day by day, with fierce competition in themarket requires commercial banks to diversify its product portfolio to increase revenue forbanks, and distributed risk But among the products that banks providing the creditoperation is the basic activity and plays a decisive role with existence of each bank Thisshows very clearly the scale of credit operations accounted for the largest proportion oftotal bank assets (about 70%) and brings 80% of revenues for banks However, credit alsocontains many business risks

Credit risk is the potential losses that banks incur when making loans to customers,the losses associated with the customer who does not repay the full credit when due Creditrisk is various and complex It depends on the customer (financial status, responsibilitywith debts) and bank (ability of management, risk prediction), and this is also the risk mostcommon in the banking activities Therefore, to deal with these risks, the requirement isthat the commercial banks have to set up a complex control system, and pay specialattention to the work of internal audit to credit operations used to monitor individual credit

as soon as it arises until the end, and the entire process of monitoring the implementation

of credit granted as consideration for loan disbursement, loan monitoring

And this also demonstrates the actual loss and disruption that the commercial bankshave to suffer from the loss of internal control systems to ensure safe and efficientoperation

Hence, the internal audit did not fully accomplish the task; the banks are faced withuncontrolled risks Especially, credit risk and consequences of these risks are veryunpredictable Thus, the perfection and development of internal audit work in general andinternal auditing credit activities in particular are essential requirements set for commercialbanks to ensure safety in the business of the bank, while improving the efficiency of capitaluse and improving the quality of bank credit

1.2 Problematic of research:

From those reasons I mentioned above, I choose the research project:

“Improving the internal credit audit sytem in Petrolimex group commercial joint stock bank”.

1.3 Research objectives:

Research objectives are to clarify the theory of internal audit work in enterprises ingeneral, banks in particular and the actual situation of internal credit audit works inPetrolimex group commercial joint stock bank

1.4 The questions are posed in the study:

What is the theory of internal audit work in banks in general and in PG Bank inparticular?

Is internal credit audit of Petrolimex group commercial joint stock bank reliable?

Is organization of internal audit work in Petrolimex group commercial joint stock bank?

In compliance with basic principles? What are shortcomings? Specifically as follows:How the internal credit audit look like?

Organizational structure of internal auditing like?

The internal credit audit process is closely organized?

Organized testing, quality control, internal credit audit?

1.7 Research methodology:

Illustration of the method mainly in research materials, surveys, interviews,observations combined with the actual method, methods of analysis, synthesis,comparison, evaluation, directly investigation as a basis to organize the internal credit audit

in Petrolimex group commercial joint stock bank

1.8 Contribution of research

The topic helps clarify the perception of internal audit work in general and internalcredit audit work organization in Petrolimex group commercial joint stock bank inparticular Assessment of the situation of internal credit audit work in Petrolimex groupcommercial joint stock bank is to synthesis and makes some proposals for improvement ofinternal credit audit work in Petrolimex group commercial joint stock bank

1.9 Structure of thesis

Besides thanks, contents, list of diagrams and references, structure of thesis includefour chapters Specifically:

Chapter 1: Overview research on internal audit

Chapter 2: Some basic theory on the organization of internal audit work

Chapter 3: Research Methodology and organisation of internal credit

audit at Petrolimex group Commercial Joint Stock bank

Chapter 4: Conclusions, discussions and recommendations to improve the

internal credit audit system at Petrolimex group Commercial Joint Stock bank.

CHAPTER II: THEORETICAL FRAMEWORK

2.1 Some concepts and theories of internal audit

2.1.1 Internal audit definition

Internal audit has come a long way over the last two or three decades In the past,internal audit was seen as a mechanism to double – check the many thousands of financialtransactions that were posted to the accounts each week In the 1950s and 60s, it prettymuch consisted of basic tests of the accounts with a view to isolated errors andirregularities Huge standardized audit work programs would be prepared that determinedthe steps that had to be taken to verify figures in the main accounting ledger and feedersystems In contrast, today’s internal auditor facilitates the development of suitablecontrols as part of a wider risk strategy as well as providing assurances on the reliability ofthese controls The move from detailed low-level checks of huge volumes of mainlyfinancial transactions to high-level input into corporate risk strategies has beentremendous

Other industries also expanded their internal audit programs, and in 1941 the Institute

of Internal Auditors was born to herald a distinctive a discipline quite apart from publicaccounting

The definition of internal auditing began to evolve In Latin ‘auditor’ literally means

‘listener’ Nowadays, not that much has changed in the essential elements of auditing if wefollow the definition from Arens and Loebbecke (1997, 2): “Auditing is the accumulationand evaluation of evidence about information to determine and report on the degree ofcorrespondence between the information and established criteria Auditing should be done

by a competent independent person”

Furthermore, internal auditing in the Standards for the Professional Practice is defined

in this way: “Internal auditing is an independent appraisal function established within anorganization to examine and evaluate its activation as a service to the organization.”

Auditing Standard ASA 610 Considering the Work of Internal Audit, issued by theAuditing and Assurance Standards Board (AUASB) defines internal audit as follows:

Internal audit” means an appraisal activity established within an entity as a service to the entity Its functions include, amongst other things, monitoring internal control”.

The objective of internal audit to assist members of the organization carries out theirresponsibilities effectively It equips them how to analyze, evaluate, suggestions,recommendations and information concerning activities reviewed The objective of internalaudit framework also gives effective control at reasonable cost

- Loyal to the nature of the audit, independence in internal audit is given top priority.Internal auditors are independent when they can perform their work in a free and objectivemanner In reality, as they are members of an organization, the meeting of this requirementcan be more difficult than State auditors and independent auditors Therefore, thisindependence is only relative In fact, all cases, scope, progress and effectiveness ofinternal audit work should not be limited by any things If so, internal auditors can get thedesired results To this end, internal auditors should have equal status and necessaryindependence

 To ensure the independence, first of all, internal auditors conduct a review of anyfindings related to the organization Based on surveys, initial research, their professionalskills, they consider and assess activities of the organization Results obtained from thereview and assessment will form a basis for them to clarify and give consultations for thenext operations

 Result of internal audit is a great support for members of organizations such as theBoard of Management, Board of Directors, shareholders, and all staffs Therefore, thescope of the work is very widespread and it affects all activities of the organization It isthe reason why internal audit is established as a division of the organization

According to the professional guidance of the Institute Internal Auditors

(IIA), public sector governance encompasses the policies and procedures used todirect an organization’s activities to provide reasonable assurance that objectives are metand that operations are carried out in an ethical and accountable manner In addition, theInstitute of Internal Auditors (IIA) has developed the globally accepted definition of

‘internal auditing’ as follow: “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization It helps an agency

accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes”.

According to this definition, an internal audit function could be viewed as a first linedefense” against inadequate organizational governance and financial reporting Withappropriate support the Board of Directors’ and Audit Committee (if any), the internalaudit staff is in the best position to gather intelligence on appropriate accounting practices,inadequate internal controls, and infective corporate governance The scope of internalaudit activity embraces the wider concepts of corporate governance and risk – recognizingthat control exists in an organization to manage risk and promote effective governance.The remainder of the IIA’s definition of internal auditing covers a number ofimportant terms that apply to the profession

 The term independent is used for auditing that is free of restrictions that couldsignificant limit the scope and effectiveness of any internal auditor review or the laterreporting of resultant findings and conclusions

 The word appraisal confirms the need for an evaluation that is the thrust ofinternal auditors as they develop their conclusions

- The term established confirms that an internal audit is formal, definitive function inthe modern enterprise

 The phrase examine and evaluate describe the active roles of internal audit workthat applies to all of the activities of the modern enterprise

 The word service recalls that the help and assistance to the audit committee,management, and other members of the enterprise are the end products of all internalaudit work

 The phrase to the organization confirms that internal audit’s total service scopepertains to the entire enterprise, including all personnel, the board of directors and theiraudit committee, stockholders, and the owners

For the banking and credit institution in Vietnam, aaccording to NHNN, Decision of the governor of the State bank of Vietnam on the issuance of the

No.37/2006/QD-Regulation on internal audit of credit institutions, defined ““Internal audit” is an act of

independent, objective inspection, verification, assessment for the internal inspection,control system; independent assessment of the appropriateness and compliance with

policies, procedures and process which are set up in the credit institutions, whereby theunit performing internal audit shall provides proposals, advices for the purpose ofenhancing the operation effectiveness, efficiency of systems, processes, provisions, makingcontribution to the assurance of the prudential, efficient and lawful operation of creditinstitutions.

As such, according to this definition, internal audit is conducted in the organization

by its staff and ensured by independence and objectiveness That is, it is not hindered byany divisions or objects when determining work scope, work performance and work resultreporting At the same time, internal auditors must be impartial, fair so as to not to bedependent on or dominated by others

The term “Internal Audit” itself expresses its particular characteristic and nature.Based on the origin and different forms of internal audit, we can see that internal auditappears and develops due to objective needs

From the above analysis, we can draw the nature of Internal Audit is an independentdivision of a organization performing examination, assessment work and givingrecommendations of improvements on its activities for managers’ objectives

2.1.2 Some theories of internal audit in commercial bank.

Theoretical framework for internal auditor in commercial banks is determined by theprovisions of the Institute Internal Audit (IIA), Basel Committee, Ministry of Finance, andState Bank of Vietnam

- The Institute of Internal Auditors (IIA) is the primary international professionalassociation, organized on a worldwide basis, dedicated to the promotion and development

of the practice of internal auditing The IIA is the recognized authority, chief educator, andacknowledge leaders in standards, education, certification, and research for the professionworldwide The Institute provides professional and executive development training,educations products, research studies, and guidance to more than 122,000 members inmore than 100 countries From 1941, IIA has been well equipped to help members to meetgenerally accepted professional standards by:

 Issuing ethical law

 Approving an announcement on responsibility of internal auditors

 Establishing frequent training program

 Building general knowledge content

Approval of professional standards is one of important steps in the developmentprocess of internal audit Professional standards of internal audit are the result of greatefforts made by the Committee in three years They are tools for professional activities inall business fields at various levels of the Government and organizations where internalaudit appear

Basel Committee established in 1974 by central bank governors of 10 countries, thisCommission to develop and publish standards relating to banking activities BaselCommittee in 1988 issued measurement system which consists of 25 basic principles ofbanking supervision (Basel I) However, after a period of application, the principles ofBasel I have shown some weakness Specifically provides only a single measure of riskcapital for banks operating on international scale through its own capital indicators onassets adjusted for risk (CAR ≥ 8%) without considering the different nature of the bankrisks, the loans and other factors Also, the application of Basel I cannot help countriesprevent financial and monetary crisis

Basel Committee issued the measure of risk framework (Basel II) on July 01 in 2001and takes effect in late 2006, replacing the treaty of Basel I Basel II consists of a series ofstandards aimed at improving monitoring and risk management techniques and isstructured in three levels: (i) required minimum capital ratio for credit risks and operationalrisks, (ii) give directions relating to the monitoring process, (iii) requires banks to providebasic information related to the capital, to ensure that risks encouraging the principles ofthe market

Treaty of Basel II emphasis on methods of control, internal audits in the bank itself,process monitoring and market rules, increase flexibility in the management of risk andgreater attention to risk sensitivity Treaty showed specific concepts as well as othermeasures of risk such as credit risk, market risk, and operational risks

Basel Committee encourages each bank should develop a process to monitor andmanage operational risks and specific details Should be conducted regularly to monitor alloperations, all the chains in the transaction process to make the report warned of defects,errors or omissions in any business policies, operating procedures in bank

Ministry of Finance: the main content of Decision No 832/TC-QD-CDKT dated on

28/10/1997 is the developing internal audit regulations for State enterprises Circular No52/1998-TT-BTC issued on 16/04/1998 guide apparatus internal audit in State enterprises,Circular No 171/1998-TC-BTC replace Circular 52/1998-TT-BTC.

Based on the characteristics of the sector, State Bank issued QD37/2006/QD-NHNN

on 01/08/2006 Decision guides the internal audit regulations apply to credit institutions

2.1.3 The function of internal audit

Internal audit’s function is both to verify and express opinions, control and consult.Control is the first function of internal audit which is similar to verification function ofgeneral audit It is the control function that decides to the appearance of internal audit It issaid that Internal Audit is an organized type whose function is to measure and assess theeffectiveness of other controls An organization set objectives for divisions and follow upthem The next work is to use internal audit to measure and assess other existent controls

As such, internal auditor’s role is controller to understand the nature and scope of other

controls Specifically, internal audit is to “assess and measure accurately the level of risks relating to management systems, activities and information provision system of the organization Based on results of risk evaluation, internal auditors must assess the propriety and effectiveness of activities and internal control system over these above systems”

(Campbell and Timothy, 2003) Therefore, internal auditors both perform their tasksand become experts in designing and performing other controls to get the best result Theseexperts’ skills include their understanding of controls, relation and diversified co-operation

in the internal control system Through controls, internal auditors consider and evaluateactivities of the organization In fact, their professional fluency of internal auditors cannot

be compared to that of people who directly perform these tasks However, they can helprelated people to get better results by clarifying existent control works and makingimprovements in the work

With the development of internal audit, its function is expanded from control andevaluates the internal control system to evaluate and make improvements in theorganization’s activities From an analysis of definitions of internal audit, we see thatmodern internal audit not only control but also more focus on consulting and assistingaudit division in risk management and improvement of work effectiveness Expanded

function and role have created positive changes in role of internal audit Internal auditwhich was originally coercive by managers has become voluntary work of auditeddivisions.

(Campbell and Timothy, 2003) Therefore, internal auditors both perform their tasksand become experts in designing and performing other controls to get the best result Theseexperts’ skills include their understanding of controls, relation and diversified co-operation

in the internal control system Through controls, internal auditors consider and evaluateactivities of the organization In fact, their professional fluency of internal auditors cannot

be compared to that of people who directly perform these tasks However, they can helprelated people to get better results by clarifying existent control works and makingimprovements in the work

With the development of internal audit, its function is expanded from control andevaluates the internal control system to evaluate and make improvements in theorganization’s activities From an analysis of definitions of internal audit, we see thatmodern internal audit not only control but also more focus on consulting and assistingaudit division in risk management and improvement of work effectiveness Expandedfunction and role have created positive changes in role of internal audit Internal auditwhich was originally coercive by managers has become voluntary work of auditeddivisions

2.1.4 Basic principles of internal audit activity

According to Article 4 of Decision 37/2006/NHNN – QD, banks have to ensure thefollowing principles:

* Independence

The internal audit department shall operate independently compared with units,managing, professional operation departments of the credit institution; the internal auditactivity shall be independent of activities of management, professional operation of thecredit institution In the process of auditing or providing accounting services, auditors arenot dominated or influenced by any material or spiritual benefits which affect theirtruthfulness and objectivity and professional independence Auditors are not allowed toperform the audit work at entities where their relatives are working for In the auditprocess, if there are any factors affecting their independence, the auditors must remove

them If not removed, they must be clearly stated in the audit report.

* Objectiveness

The internal audit department, internal auditors must assure the objectiveness,truthfulness, fairness, non-prejudice when they perform the task of internal audit.Objectivity is to ensure not to leave out the mistakes, let their opinion on audit reportdepend on others’ and occur any substantial agreement on quality

* Specialty

Internal auditors shall be those who have necessary knowledge, standard and skills ofinternal audit and do not concurrently undertake other posts and specialized works of thecredit institution Internal auditors must be qualified at the working process

Three principles are in internal audit in banks of the Basel Committee, July 2000.However, under this document, banks must comply with other following principles

* Continuity

Internal audit in banks must be regularly and continuously conducted Therefore, themanagement must provide the appropriate power and support internal audit department toachieve its goals

* Principle of operation scope

Every division and operation is subject to internal audit, regardless of branch orsubsidiary

Overall, internal audit must consider and assess the appropriateness and effectiveness

of internal control activities

2.1.5 Content of internal audit

It is the work that internal auditors have to perform in the internal audit process.Organizing internal audit work includes the following: organizing internal auditapparatus, process, inspecting and controlling internal audit work

Organization of internal audit apparatus: Internal audit apparatus organized in linewith an entity’s scale will help the leaders closely and effectively control its businessactivities At the same time, it will help managers control the quality of internal auditeasily, appropriately assign tasks

Setting up an internal audit department is based on the operation scale and scope of

operation, staff qualifications and operation fields.

In Vietnam, under Article 15 of Internal Audit Regulations applicable to State-ownedenterprises issued together with Decision No 832 TC/QĐ/CĐKT dated 28 October 1997

of the Minister of Finance, internal audit is organized directly under the General Director

of the enterprise Under Article 7 – Decision No 37/206/QĐ-NHNN dated 01 August 2006

of Vietnam State Bank Governor on issuing Internal Audit Regulations, internal audit atcredit organizations and banks is consistently organized under the direct supervision ofBoard of Control As such, to ensure independence of internal audit, Internal Auditdepartment is often under the direct management of Board of Management (Board ofControl) or (General) Director

Internal audit department often includes: manager, deputy manager (if any), groupleader, internal auditors and internal auditor assistants (if any) Internal auditors oftenperform work with high pressure Their work includes:

 Examine the true and fair view of financial information, business information anduse methods to identify, evaluate, classify and report such information

- Check the compliance with the policy, plan and rules

- Check asset protection and consider whether assets are actually existent or not?

 Internal auditors must examine whether the use of resources are economical orcost-effective or not?

 Internal auditors must evaluate work or programs to confirm whether obtainedresults are consistent with set objectives or work and programs are implemented asscheduled or not?

Normally, internal audit department in enterprises in general and banks inparticular can be organized under the following models:

- Centralized model: Internal audit department is only set up at the head office, not at

units or branches… This model ensures the objectivity, independence of internal audit andhelps improve the profession of internal audit

- Decentralised model: apart from the internal audit department at the head office, it

is also set up at dependent units, subsidiaries, branches, etc The central internal auditdepartment will conduct the audit of all activities of the organization and perform complexaudit engagements This model is usually applied to multinational companies havingoperations in many geographically separated countries and territories

- Combined model: apart from the internal audit department at the head office, the

enterprise can conduct the internal audit at an area and be responsible for a certain

geographical area.

CHAPTER 3 RESEARCH METHODS AND ORGANISATION OF INTERNAL CREDIT AUDIT AT PETROLIMEX GROUP COMMERCIAL

JOINT STOCK BANK

AN OVERVIEW OF PG BANK’S HISTORY

►History

Petrolimex Group Commercial Joint Stock Bank (PG Bank) was formerly Dong ThapMuoi Rural Joint Stock Bank Dong Thap Muoi Rural Joint Stock Bank’s operation permitwas issued by the State Bank’s Governor’s License No 0045/NH – GP dated November

13, 1992 Accordingly, the bank’s initial charter capital was 700,000,000 VND (sevenhundreds million Vietnam dong) and its operating district was Dong Thap province After

10 years of operation, PG bank‘s organizational system has constantly been strengthened,achieving a steady growth rate with a low overdue debit and an annual business result thatalways brings about high profits to its shareholders The bank’s charter capital nowreaches 5,000 million VND, which is seven times higher than the initial charter capital

In an effort to restructure its operation, in July 2005, Dong Thap Muoi Bank decided toinvite new shareholders to participate, making an increase of the charter capital to 90 billionVND Among the new shareholders were financially potential and banking-business experiencedVietnam National Petroleum Corporation (Petrolimex) and Sai Gon Security INC (SSI)

With the contribution of big shareholders, the bank has made a significant progress

In September 2006, the bank increased its capital to 200 billion VND Its total asset as ofDecember 31st, 2006 was 1,187 billion VND, the outstanding loan was 801 billion VND,the total revenue in 2006 was 69 billion VND and its profit before tax was 17.49 billionVND The bank, in cooperation with a foreign consultant, was able to create a long-termdevelopment strategy It was also successful in the selection and deployment of the corebanking software by IFLEX, one of the most modern banking software presently

In March 2007, PG Bank was authorized to be transformed into an urban joint stockbank by State Bank Decision No 125/QD-NHNN dated January 12, 2007 and to change itsname to Petrolimex Group Commercial Joint Stock Bank (PG Bank) by Decision No 368/QD- NHNN dated February 8, 2007 Accordingly, PG bank was licensed to expand itsnetwork nation-wide and to perform full banking services including international payment

and foreign currency trading.

► PG Bank’s Development Milestones

In May 2007, it was decided at PG Bank Annual Shareholder Conference to increasethe Bank’s capital to 500 billion VND in 2007 with a plan to increase the capital to at least1,000 billion VND in 2008 and at least 3,000 billion in the period from 2008 to 2010 As

of May 31, 2007, PG Bank’s total asset was 1,632 billion VND, its outstanding loan was

900 billion VND and the profit before tax was 17,49 billion VND

On June 26, 2007, PG Bank Hanoi Branch was officially inaugurated Thissignificant event did not only denote the emergence of PG Bank in the active bankingmarket of economically imperative Hanoi, but also represented the commencement of PGBank’s development strategy of branch and transaction offices expansion nationwide

Organization structure of PG Bank

3.1 Research method

3.1.1 Data collection method

Data collection method is a very important stage To obtain the necessary data for thewriting of the topic, I used the following methods: investigation, interviews,

 Investigation process:

 The first step is to issue questionnaire votes The investigation process isimplemented within 1 month The number of questionnaire votes is 24

 The second step is to collect questionnaire votes The obtained votes are 23,equipment to the response rate of 90.9%

 The third step is to summarize results and give conclusions Summarization ofresults and necessary conclusions after the end of the investigation process is shown in thedata summarization table

Table 3.1: Summing up of investigation data

investigation

Number of people to investigate

Number of investigation card

Knowledge of bank Knowledge of internal audit

work Excellent Good Average Excellent Good Average

5 Credit Policy and Product

 Interviewing method:

Interviewing was conducted through direct interviews or through phone interviews

of some managers as well as those directly conducting the internal credit audit work at PGBank and some concerned departments

The content of the interview is prepared, not overlapped among the interviewed andfocused on internal audit In addition, during project implementation, if questions arise out

of the interviewed content, the interviews will be conducted via phone

Table 3.2: List of interviewee

1 Đỗ Văn Thắng Internal audit management

2 Vũ Quỳnh Nga Internal audit deputy management

3 Nguyễn Thị Minh Đức Internal auditor menber

4 Hà Tiến Hùng Internal auditor menber

5 Nguyễn Thị Vân Khánh Internal auditor menber

3.1.2 Data analysis method:

After interviewing and studying materials, I synthesize and analyze information Themethod focuses on the information obtained from Petrolimex group commercial joint stockbank , then referring to the situation and giving conclusion on internal credit audit Afterall, I study proposals for completion of internal credit audit work in line with the generaland particular regulations of Petrolimex group commercial joint stock bank This method

is used when I write chapter 3 and 4 for this thesis

3.2 Internal audit credit activities at PG Bank

3.2.1 The objective of the audit credit activities

Audit activities are to assess the true credit status, credit quality, detect loopholes incredit operations, potential risks and operational risks of the bank credit, from which topropose, and consult the Board, General Director, and Directors of the member units aboutsolutions to reduce risks in the credit activities of bank

3.2.2 Requirements of internal audit credit activities

1 Assess compliance with policies, regulations, operating procedures current credit

2 Assessing risks in credit operations

3 Assess the appropriateness, effectiveness of control procedures in credit activities.

4 Assess the truthfulness and reliability of the information on credit activities

5 Assess compliance with the objectives of the program credit activities

6 Check the security measures for credit operations

7 Evaluation of loan classification and provisioning risks under the currentregulations

8 Recommendations on the editing issues identified through audit work

3.2.3 Scope of audit credit activities

1 The whole loan sales, debt collection, outstanding time of the audit or the timespecified in the audit decision

2 The entire credit file is available at the office or at branches of Bank System PGScope of audit credit operations

3.2.4 The main audit methods

1 Analysis methods: on the basis of analysis of a general indicator of the creditactivities such as: total loans, bad debt, debt structure by industry, the structure of debt inthe form of credit … auditors conduct reviews and evaluate the volatilities in each item intwo aspects of nature and thereby determining the focus of the audit credit operations,identify types of loans and lines focused audit, the audit selected number of samples,record the number of audit sampling

2 Audit sampling methods: selecting representative samples for each customergroup / group credit products, industry groups make sure the records are sufficientlyrepresentative samples for the overall basis for testing evaluation to draw generalconclusions for the overall

3 Survey methodology: collecting confirmation of balance from the borrower,ensuring the consistency of data stored on file at the bank and borrowers

3.2.5 Content of audit credit activities

Part A Audit at the audited units

A 1 Risk assessment related to credit activities

According to 3 levels (high, medium and low) When analyzing and evaluating risks

in credit operations it needs going into the following key risks:

a) Client records are incomplete.

b) The evaluation of information about customers and the loan is not fully andaccurately

c) Failure to comply with the decentralization process authorized in lending tocustomers

d) The information in the credit contract, mortgage contract, pledge not match withthe decision to approve loans and information on FLEXCUBE system

e) The registration of security transactions and making inventories of original papers

of related properties securing loans are not made according to regulations

f) Based on incomplete and disbursement regulations

g) The following customers to check loan is not timely, quality assurance and maynot be strictly controlled

h) The management of debt collection has not been close

i) The debt structure (extending term debt and adjusted) is not sufficient grounds.j) The classification of liabilities is carried out strictly according to regulations The risk ofprovision is not factually correct classification of debt

k) The customer reviews have not been conducted periodically in time and fully.l) The management and distribution module access to credit in the system of regulationsPLEXCUBE

A 2 Assessing the performance of the audit statute

Overall evaluation of the implementation of the credit limit of the audited unit andoverall assessment of the operation, the credit quality of the unit

Auditors conducting counter reporting system to collect, examine and analyze theoverall targets through a number of times, including:

- Total outstanding debt:

+ The proportion of short-term debt, medium and long term total outstanding loanscompared to planned targets

+ The proportion of outstanding loans under the economic component of totaloutstanding loans compared to planned targets

- Credit quality:

+ Delinquency rate, loans over total loans outstanding at the time of inspection.The rate of loan interest income in the comparable period real interest loan receivables inthe period

A 3 Quality assessment activities of the credit control system in the unit audited

a) Consider the division of the Board of Directors, Sales, Support Credit and otherdepartments involved in the process of credit in the branch (in writing) on the credit hasnot used reasonable? the assignment of a right is not defined?

b) Review and assess the organizational model of the unit, the proportion of staff oncustomer relations personnel in total units, the number of records and have outstandingmanagement of a Customer Relations Officer , changes in personnel in the organizationalstructure, particularly in management positions

c) The implementation of the lending regulations, the provisions relating to creditoperations of PG Bank, Bank of Agriculture at the branch have been no adequate andtimely?

d) The implementation amend the shortcomings of the first test, inspection andauditing have timely and complete?

e) Measures to improve unit operations and growth in credit outstanding

A 4 Perform audit procedures, regulations

a Checking system data on FLEXCUBE

Check the consistency of the outstanding loans (including loans and debt qualifyunqualified) report on balancing G / L and balance statement detailing each customer.Inspect and analyze the data and parameters to detect credit customer datairregularities, errors and violations on the system:

(I) A borrower may borrow money or time in excess of the credit authorizationdecision of the branch

(II) has a level of interest rates is not normal, ceiling or floor rates prescribed head office.(III) Term loans are not appropriate for the type loan

(IV) Do not overdue in the following cases:

- Timeout rescheduling maximum prescribed but continue to extend

- Never pay interest on time or a long time no see interest arising under theregulations.

- Other cases are subject to overdue but not overdue

(V) Identify potential risks to customers:

- There overdue debts or outstanding loans overdue rate on total outstanding debt

- A long time is not incurred debt principal and interest

- Has been overdue for too long

- Customer is overdue but worth little or no guarantee of security assets

- Customers have been paid interest for big loans

- Customers have more than one of CIF

- Customers frequently change organizations, managers apparatus

- The expression can lead to risk: As the rapid credit growth, credit growth exceededthe average system

(VI) Accounting for the wrong loan product code of the customer

(VII) The data value of the property to ensure there is unreasonable

(VIII) Classification of the debt is incorrect

(IX) Identify the access code (USER ID) transactions and the inspectors whoconducted the transaction is flawed

(X) The data and parameters show abnormal screen to check on FLEXCUBE systemand credit record

b Check details of credit records

(I) Check credit record details of a customer:

Based on data analysis through detailed files on the system FLEXCUBE, the auditorwill determine the object to be inspected in detail by credit profile:

 These clients have unreasonable data, they need to complete verification Customers have the potential risks and delinquency

Customers can check the balance of debt

 Check representative sampling of each customer group / product group credit Customers who have credit relations with many branches For a borrower:

 Check the total outstanding debt of clients at the time of inspection included in theterm debt, overdue and check account status of each loan contract.

 Detailed examination of credit files include legal documents and financial records,loan records, property records to ensure process credit before lending, while lending andafter lending

(II) The appraisal before the loan:

- Legal documents

• Check the completeness, validity and legality of the records (the reference list oflegal documents stipulated in the credit process in PG Bank) The documents areconsidered valid when the photo has been authenticated The documents provided to banksunder the control of the units issued loans must be originals or copies certified by the sealunit Inspection process to note the amendment of current legislation and internalregulations for the application accordingly

• To compare the consistency of customer information on file for legal information inthe CIF module FLEXCUBE system and check the changes and update information aboutcustomers

• Check the financial capacity of borrowers through analyzing financial statements,and check the classified assessment borrower's periodic branch, the application ofappropriate policies to customers in accordance Bank of PG

• Assess business plans / investment projects established by the customer about theaspects: the level of detail of plans and projects, the ability to calculate reasonable profit /loss, the feasibility of the project, which own participation, input and output markets

- Measures to secure loans

• Consider the process of checking security properties, assess the value of collateralassets before lending through the minutes of content, detailed assessment of the inspectionstaff prior to loan Dossiers debt secured assets in terms validity, legality, the ability totrade

• Check if the loan meets the conditions prescribed by PG Bank to apply measures toensure that asset or not

- Loan approval process

• Check the contents of the submission on lending and appraisal reports, evaluate theadequacy, accuracy and detail for the opinions of loan officers / evaluation mentioned inthe reports / report aspects: evaluation of loan officers / evaluation of the financialsituation, plans and projects for a loan, the risk level of the plan / project

• Check the loan value, beyond authority has approved the decision of approval ornot, paying special attention to the case of loans, but many different customers with aproject investment, loans and more customers are ties related to each other (groups ofrelated clients.)

• Check the percentage of equity involved, the determination of debt maturity (III) While lending:

• Check the contents of the terms of the contract at the record store credit, interestrate applied in accordance with the provisions of PG BANK from time to time

• Check the detailed information of the credit agreement in the FLEXCUBE system: Loan amount, repayment amount and the current principal balance (including the debt hasbeen processed output tracking sheet)

Type of loan, the lender and approved

Lending interest rate (if applicable floating rate compared with current interest rates

at the branch; times change, time change interest rates applied against the creditagreement), the method of interest calculation, rate penalty interest rate

Principal repayment schedule, interest and repayment schedule of theimplementation under the credit agreement.

• Check the disbursement process is strictly for the purpose of the original loan andare fully air base (economic contracts, invoices .), paying special attention to thedisbursement of cash, disbursed into account deposit of the borrower or deposit accounts ofthose who have a close relationship with the borrower; evaluate the reasonableness of theallocation of functions between staff and customer relations staff Support Credit and staffinvolved in the process of credit as prescribed

(IV) After the loan:

• Check the monitor payment of principal, ensure timely payment of interest on timecommitted on signed contracts, interest accrued (expected revenue or balance sheet)including interest penalties to the time of check in FLEXCUBE system

• Test and evaluate the test's use of the loan credit officers, paying special attention toexamining the use of loans for cash disbursements; assess the level of detail andcompleteness the contents of the inspection report the use of loans

• Check the records lending examination (according to form PG Bank has issued),date of inspection and examination contents

• Compare the repayment schedule on a credit agreement with the repaymentschedule and the entry of principal repayment, interest payment tracking system to ensureconsistency FLEXCUBE, the changes in time to match the profile structure it in fact

• Check your records and debt restructuring overdue:

+ Check the performance of restructured debt repayment period, interest rate changesthrough the viewing screen system is suitable for FLEXCUBE credit record is not(compare with the submission extension of repayment period adjustments , on the basis ofchanges in interest rates when the extension )

+ Evaluation process of checking borrower loan officers when an application for debtrestructuring, the causes have yet to be concrete evidence (Example: the case of notpaying debts on time by customers who have not paid for the sale, there must becomparison / validation of debts )

+ To consider the report of the debt restructuring loan officers: analysis, assessment

of reasonable cause customers not pay debts on time

+ Evaluate the reasonableness of the time adjustment period or extension of debtrepayment, timely assessment of the overdue

• For customers who have overdue debts and repayment capability assessment ofcustomers, analyze the causes and propose treatment

• Check the end of the credit agreement and clearance procedures to ensure contractassets (bills to ensure the signature authority, minutes of delivery )

(V) Inspection of Collateral Debt:

• Check the parameters and data security properties on the system compared withFLEXCUBE credit file:

+ Ensure total client assets mortgaged, pledged, in PG Bank Guarantee

+ Status of the security property

+ Asset value guarantee against the security contract, valuation minutes

+ Security property is used for credit contracts, warranties

+ The owner of the security property, who guaranteed

+ Check other changes related to security property

+ Determine the access code of dealers who perform data entry or data changesrelated to security property (if necessary)

• Check the text-based documents filed at the Branch:

+ Check the legality and validity of the secured assets, the original filing of proof ofownership and use rights of Collateral; for the pledged assets, the preservation of propertywas close or not, capable of experiencing what the risks (which may require production ofcollateral assets in stock to test) Where the loan security with properties formed from loanafter the certificate of ownership and use rights must be set up annexes to ensure the loancontract

+ Check the revaluation of assets to ensure a regular and reasonably consistent withregulations or not, the lending rate on the value of assets to ensure policy is appropriate forcustomers of PG or BANK

+ Check the insurance guarantee for the property (for property to buy insurance),the reasonable value of the insured and the insurance terms, the transfer of beneficiaries tothe bank insurance