Determinants of an Effective Internal Control : A Study of Firms in Vietnam

ABBREVIATIONS CONTROL Internal control components EFFE Internal control effectiveness COEN Control environment RISK Risk assessment COAC Control activities INFO Information and com

MINISTRY OF EDUCATION AND TRAINING UNIVERSITY OF ECONOMICS HO CHI MINH CITY

-
 -

NONG QUANG THANH

DETERMINANTS OF AN EFFECTIVE

INTERNAL CONTROL:

A STUDY OF FIRMS IN VIETNAM

MASTER THESIS OF BUSINESS ADMINISTRATOR

HO CHI MINH CITY – 2013

UNIVERSITY OF ECONOMICS HO CHI MINH CITY

-
 -

NONG QUANG THANH

DETERMINANTS OF AN EFFECTIVE

INTERNAL CONTROL:

A STUDYOF FIRMS IN VIETNAM

Subject: Master of Business Administrator Code: 06.34.01.02

MASTER THESIS OF BUSINESS ADMINISTRATOR

SUPERVISOR:

DR NGUYỄN THỊ NGUYỆT QUẾ

HO CHI MINH CITY – 2013

I would like to take this opportunity to express my gratitude to all those who have helped and supported me during the time I conducted the study

Firstly, I would like to express my deepest sincere gratitude to my supervisor, Dr Nguyen Thi Nguyet Que for her patient and invaluable advices to

my thesis Without her support, the thesis could not have been completed

Secondly, I would like special thanks to all instructors and lecturers in eMBA course for their teaching invaluable knowledge and experience to me I am very great honor to introduce with my relationships that I have been participated in eMBA program of Economic University, Ho Chi Minh City

Many thanks to Mr Cao Quoc Viet, as well as the other classmates in eMBA K19 class for their sharing valuable knowledge to me to complete this research study

I also wish to thank my friends, external auditors in KPMG and A&C as well

as other respondents Without them, my thesis could not have been conducted

Lastly, I would like to send the deepest and most special thanks to my beloved parents, my wife and my family members who encourage me to overcome all difficulties to complete this course

Nong Quang Thanh

Ho Chi Minh, September 2013

COMMITMENT

I hereby would like to commit that the thesis, “Determinants of an effective internal control: a study of firms in Vietnam”, was accomplished based on my independent and serious studies and researches The data was collected in reality and it has clear origins In addition, the data would be trust-worthily handled and it has never been released in any menu

Nong Quang Thanh

ACKNOWLEDGEMENT I COMMITMENT II TABLE OF CONTENTS III LIST OF FIGURES V LIST OF TABLES VI ABBREVIATIONS VII

ABSTRACT 1

CHAPTER 1: INTRODUCTION 2

1.1 Introduction 2

1.2 Background to the research 2

1.3 Research problems 3

1.4 Research objectives 4

1.5 Research questions 4

1.6 Research methodology and scope 5

1.7 Thesis structure 6

CHAPTER 2: LITERATURE REVIEW 7

2.1 Introduction 7

2.2 Internal control components 7

2.3 Internal control effectiveness 11

2.4 Gaps in the literature 13

2.5 Research hypotheses and theoretical model 14

2.6 Summary 19

CHAPTER 3: RESEARCH METHODOLOGY 20

3.1 Introduction 20

3.2 Research process 20

3.3 Questionnaires design 21

3.4 Operationalisation of measures 22

3.6 Main survey 25

3.6.1 Sample design 25

3.6.2 Survey method 27

3.6.3 Data analysis techniques 27

3.7 Summary 28

CHAPTER 4: RESEARCH RESULTS 29

4.1 Introduction 29

4.2 Descriptive statistic of the study 29

4.3 Testing measurement scale 31

4.4 Testing the research model and the hypotheses 39

4.5 Summary 45

CHAPTER 5: DISCUSSION AND CONCLUSIONS 47

5.1 Introduction 47

5.2 Discussion of findings 47

5.3 Implications of the research 49

5.4 Limitations and recommendations 52

LIST OF REFERENCE 54

APPENDIX 1 60

APPENDIX 2 66

APPENDIX 3 69

APPENDIX 4 72

Figure 2.1 Quantitative assessment of internal control framework 12

Figure 2.2: The relationship between internal control components and the efficiency and effectiveness of operation 18

Figure 2.3: The relationship between internal control components and the reliability of financial report 18

Figure 2.4: The relationship between internal control components and the compliance with laws and regulations 19

Figure 4.1 Respondent's age 30

Figure 4.2 Respondent's experience 31

Figure 4.3 Organization industry 31

Table 2.1: Comparison of Control frameworks in the US 8

Table 3.1: Measurement scale of internal control components 22

Table 3.2: Measurement scale of internal control effectiveness 24

Table 4.1: Sample characteristics 30

Table 4.2: Reliability of measurement scales 32

Table 4.3-4.5: The EFA result for internal control components measurement scales 36

Table 4.6-4.8: The EFA result for internal control effectiveness measurement scales 38

Table 4.9: Correlation of constructs 39

Table 4.10a-c: Summary of hypotheses testing results (Model I) 41

Table 4.11a-c: Summary of hypotheses testing results (Model II) 43

Table 4.12a-c: Summary of hypotheses testing results (Model III) 44

ABBREVIATIONS CONTROL Internal control components

EFFE Internal control effectiveness

COEN Control environment

RISK Risk assessment

COAC Control activities

INFO Information and communication

EFFI Efficiency and effectiveness of operation

RELI Reliability of financial report

LAW Compliance with laws and regulations

COSO Committee of Sponsoring Organizations

ABSTRACT

This study reports the results on the internal control components and internal control effectiveness from the external auditor’s perspective by using measurement scale proposed by Annukka Jokipii (2009) The study is among the very few studies

in Vietnam empirically examines internal control effectiveness as well as suggest the reference internal control components used in practice

To assess the internal control components and internal control effectiveness, a study of 236 external auditors who audited the operation of companies in Vietnam

in 2011 was conducted Even though some unexpected outcomes have incurred,

“control environment” and “monitoring” are not supported in their relationship with

“the reliability of financial report”; “information and communication” is not supported in the relationship with “the compliance with laws and regulations”, the empirical results indicate that all remaining internal control components (Control environment, risk assessment, control activities, information and communication, and monitor) have significant positive effect on internal control effectiveness which are also considered the company objectives: efficiency and effectiveness of operation, reliability of financial report, compliance with laws and regulations Key words: Internal control components, Internal control effectiveness

CHAPTER 1: INTRODUCTION 1.1 Introduction

This chapter represents general introduction to the study including research issues, research objectives and research questions applied in this study In addition, this chapter also addresses the methodology to be used and the scope of the study

1.2 Background to the research

Understanding the concept of internal control is essential for developing an understanding of its impact on the performance of organization (Lembi, 2006)

In the world, internal control is traditionally proposed as “internal check” Its definition was then developed as “process activities” to enable management to deal with rapidly growth However, there was no official regulation in force to require companies set up internal control to prevent risk and protect their business After many scandals incurred in financial perspective 21st century, Sarbanes-Oxley Act of

2002 (SOX) requires management of all public firms to issue internal control report, take responsibility for maintaining an adequate internal control, and make concerning to its effectiveness (PCAOB,2004) The external auditors are also responsible for auditing management assertions as to the effectiveness of the internal control and they have to give their own, independent conclusion (Ramos

2004, 75) Meanwhile, the reference groups like suppliers, investors and customers have also focused more on quality of company’s reporting and accountability (Rittenberg and Schwieger 2001, 172) An effective internal control system therefore has played a critical role in a firm’s success It helps organization management to keep the company on profitability goals, to achieve its mission, and

to response to its risks of business (COSO, 1994) However, how to develop an optimal internal control framework for all companies is still further research

In 1994, Committee of Sponsoring Organizations (COSO) proposes Internal Control framework consists of five interrelated components but states that the need for control system and control effectiveness may vary according to a firm’s characteristics Donaldson (2001) indicates that the design of management control system depends on the organization’s context, a fit between the organization’s context and internal control components leads to better internal control effectiveness However, the evidence of the actual performance of an internal control within the organizational environment is almost non-existent, and the topic relatively unexplored by researchers (Kitnney, 2000) Consequently, in recent year, many researchers (Chenhall 2003, Gerdin 2005, Jokipii 2009) have attempted to explain internal control effectiveness by examining its designs

With regard to Vietnam, there is almost non-existent research about internal control and its effectiveness Thus, this study is motivated to propose an internal control framework, the internal control effectiveness definition for companies operated in Vietnam reference as well as to explore the effect of existed internal control components on internal control effectiveness

1.3 Research problems

In Vietnam, learning lessons from financial scandals highlight that those charged with governance in companies do not properly identify, evaluate and respond to the firm risks They do not set up strong internal control enough to protect their operation Even though Vietnam is now one of the most strongly developing of economic growth in Asia after had joined in WTO at the end of 2006,

it has recently been beset by inflation, a trade deficit, the stock market slump and affect the negative results to enterprises in Vietnam Thus, this is necessary time for companies in Vietnam to renew and restructure their operation (Vietnam News, 2012) However, how to restructure their operation is still challenge to management

in companies

As mentioned above, there is still lack of practical research on internal control sector The problem is therefore to be addressed This study concentrates to the internal control components, internal control effectiveness and to explore the effect of internal control components on internal control effectiveness of firms in Vietnam

1.4 Research objectives

A research objective is the research version of a business problem Objectives explain the purpose of the research in measurable terms and define standards of what the research should accomplish (Zikmund 1997, 89)

In solving the research problem mentioned previously, this study has the following objectives:

1) Investigate the relationships of internal control components and the efficiency and effectiveness of operation

2) Investigate the relationships of internal control components and the reliability of financial report

3) Investigate the relationships of internal control components and the compliance with laws and regulations

1.5 Research questions

The study is conducted to explore the relationship between internal control components and its observed effectiveness in companies It is examined to understand whether internal control components such as control environment, risk assessment, control activities, information and communication, monitoring have relationship to the internal control effectiveness which comprise the efficiency and effectiveness of operation, the reliability of financial report, the compliance with laws and regulations The research questions therefore concentrate on internal control components, the internal control effectiveness assessment as well as the relationship between them

Research question 1: Is the efficiency and effectiveness of operation positively related to the internal control components?

Research question 2: Is the reliability of financial report positively related to the internal control components?

Research question 3: Is compliance with laws and regulations positively related to the internal control components?

1.6 Research methodology and scope

The object of this research was external auditors who audited the operation

of companies in Vietnam Sample size: 236 (See more in Chapter 3)

Qualitative method: The author used the qualitative method to carry out group discussions with six experienced external auditors The purpose of this step is

to adjust and amend the translated questionnaire suitable with the subject and purposes of the study

Quantitative research was used to explore the relationship between internal control components and internal control effectiveness from the external auditor’s perspective The quantitative model was adopted from the previous research of Jokipii (2009)

The author used data analysis tools to implement the research such as: descriptive statistics, multiple regression models with SPSS version 16

1.7 Thesis structure

This study includes 5 chapters:

Chapter 1- Introduction, mentions about research background, research objectives and research scope and approach

Chapter 2 – Literature review provides theoretical and empirical background supporting for hypothesized research model

Chapter 3 – Research methodology, is about the methodologies that author used to conduct the research

Chapter 4 – Data analysis and findings, discusses about the analysis that author conducted to test hypotheses and to answer the research questions

Chapter 5 - Conclusion and implication, is about the results, implications, and recommendations for future research

CHAPTER 2: LITERATURE REVIEW 2.1 Introduction

This part reviews the previous studies concerning about internal control components, internal control effectiveness, and the relationship between them Based on the literature review, hypotheses are developed

2.2 Internal control components

The internal control is initially defined in 1930 as “internal check” comprising system of accounts and procedures that one person performs independently checks to the work of another to detect and prevent fraud (Sawyer et

al 2003, 61) This definition was then developed by American Institute of Certified Public Accountant in broadened meaning as plan of company, measures and all of coordinate method to ensure the reliability of its accounting data, promote operational efficiency However, after big failures incurred in United State in 1980s, there is a need for re-evaluation of internal control definition in more proper ways

to detect and prevent fraud

In the United State 1992, COSO states a report that defines Internal Control

as a process, effected by an entity’s board of directors, management and other personnel, which is designed to provide reasonable assurance to achieve three objectives: effectiveness and efficiency of operations; reliability of financial reporting; compliance with applicable laws and regulations The COSO Internal Control framework consists of five interrelated components: Monitoring, Information and Communication, Control Activities, Risk Assessment, and Control Environment

Source: COSO Internal Control-Integrated Framework 1992

Shortly after COSO framework 1992 issued, it is considered a basic framework to develop additional frameworks in United State which focus more on specific objectives from other perspectives COBIT (1996) provides control processes about information technologies (IT) management and IT governance, SAC (1994) offers assistance to internal auditors on how to evaluate, report, and improve control system, and SAC 78 (1995) provides guidance to external auditors regarding the impact of internal control on performing audit of an organization The details of these internal control frameworks are described in table as following:

Table 2.1: Comparison of Control frameworks in the US

Primary

audience

Management Management,

users, IT auditors

Internal Auditors

External Auditors

processes, subsystems, and people

(1) Effective &

efficient operations

(1) Effective

& efficient operations

(1) Effective & efficient

operations

(2) Reliable financial reporting (3) Compliance with laws &

regulations

(2)Confidentiality

(3)Integrity &

availability of information (4)Reliable financial reporting (5)Compliance with laws &

regulations

(2) Reliable financial reporting (3) Compliance with laws &

regulations

(2) Reliable financial

reporting (3) Compliance with laws & regulations

Components or

domain

Components:

(1)Control Environment (2)Risk Management (3)Control Activities (4) Information

&Communicati

on (5)Monitoring

Domains:

(1)Planning &

organization (2)Acquisition

&

implementation (3)Delivery &

support (4)Monitoring

Components:

(1)Control Environment (2)Manual &

Automated Systems (3)Control Procedures

Components: (1)Control Environment (2)Risk Assessment (3)Control Activities (4)Information & Communication (5)Monitoring

Financial Statement Responsibility Management Management Management Management

Source: Cobert et al (2005)

The need for more advanced and appropriate internal control framework is also appeared in other countries Canadian Institute of Chartered Accountant further develops COSO (1992) framework to the Criteria of Control Framework (CoCo, 1995) comprising elements of an organization like resources, systems, processes, culture and task that support people in the achievement of the organization’s objectives In United Kingdom (UK), The Turnbull report (1999) provides guidance

in adopting a risk based approach in establishing components of internal control and its effectiveness The internal control components are reduced to three internal control components: control activities, information and communication processes,

monitor processes for the continuing effectiveness of the internal control components

The previous analysis of internal control frameworks shows that there are parallel components across internal control frameworks Although these components are also described in different terms in the various frameworks, but as a summary, five internal control components proposed by COSO framework 1992, the original and the most popular framework used, are mostly adopted Therefore, these five components proposed by COSO (1992) are also adopted as independent variables in this study with details as following:

(1) Control Environment, which sets the foundation for the internal control

components influencing the control consciousness of the entity’s people The core

of this part is its people composed of their individual attributes, including integrity, ethical values and competence and the environment in which they operate

(2) Risk Assessment, which involves the identification and analysis of relevant

risk in achieving predetermined objectives by management This part includes procedures help the entity aware of and deal with the risks it faces

(3) Control Activities, which covers policies, procedures and practices

established and executed to ensure that management objectives are achieved and risk mitigation strategies are carried out

(4) Information and communication, which supports all other control

components through information and communication systems It enables the entity’s people to capture and exchange the information needed to conduct, manage and control its operations

(5) Monitoring, which covers the external overview of internal controls by

independent people likes the management It includes regular management and supervisory activities, and other actions personnel take in performing their duties

The entire internal control components should be monitored, and modified as necessary to ensure they can react dynamically

2.3 Internal control effectiveness

COSO (1992) shows that internal control can be judged to be effective when the evaluators have reasonable assurances that they understand the entity’s operational objectives, the reliability of published financial statements, and the applicable laws and regulations compliance However, its report does not disclose any guidance on how to perform the assessment Dai et al (2008) focus on the comprehensive quantitative evaluation method of internal control effectiveness from a risk-based perspective to construct a risk-oriented mathematical evaluation model for internal control However, due to too many and complex factors involved

in the evaluation, they propose that quantitative evaluation model of internal control based on risk should be further studied and improved The assessment of internal control effectiveness therefore need to further research

Perry and Warner (2005) have proposed five-step model for quantitative assessment of internal control effectiveness, which is describeb in Figure 2.1

Figure2.1: Quantitative assessment of internal control framework

Compiled by Perry et al (2005)

The most important aspect to note in this model is scoring individual control objectives against the chosen internal control framework Examiners use the selected model to determine the maximum score available for each control objective under review and continue this process until they have scored all of the control objectives and accumulated an overall quantitative score for internal control effectiveness They note that examiners should apply their own experience with and knowledge of internal controls in conjunction with internal control framework guidance in examining the effectiveness of an internal control

Based on Perry’s quantitative model, Jokipii (2009) develops the measurement scale for the internal control effectiveness The definition of internal control effectiveness in his research is taken from the internal control frameworks which state that the internal control can be judged to be effective when the entity’s operation objectives are being achieved, published financial statements are being prepared reliably, and the applicable laws and regulations are being complied with

Choose the right internal control framework

(COSO, COCO, Turnbull…)

Document controls against the selected model

Assemble a group of examiners

Score the internal control application Develop a quantitative scoring process

In this study, the focus was on internal control effectiveness based on quantitative assessment model proposed by Jokipii (2009) The external auditors were asked to assess about the three objectives of internal control so that the quantitative test for internal control effectiveness could be performed The internal control effectiveness composed of the efficiency and effectiveness of operation, reliability of financial report, and the compliance with laws and regulations were used as a dependent variable in this model

2.4 Gaps in the literature

In this study, five components defined in the internal control framework (COSO 1992) are included Most of the research done in this field focuses on examining particular control components, such as the control environment (D’Aquila 1998), communication (Hooks et al 1994) or risk assessment (Mills 1997) Lembi (2006) examines all five components to evaluate the effectiveness of internal control over financial reporting However, he uses a qualitative approach in his study Jokipii (2009) adds value to internal control section by indicating that control components have all positively effect on internal control effectiveness However, he proposes that the measures for internal control components and its observed effectiveness should be conducted in further research to ensure the reliability and validity of the measures He also recommends that it would be interesting to examine if studies of other reference groups, for example external auditors The final but is the most important, as mentioned above there is lack of practical research about internal controls in Vietnam, this increase a requirement in conduction a research to develop the knowledge in this section for companies in Vietnam

2.5 Research hypotheses and theoretical model

Control environment: Many studies have stressed the importance of

control environment to internal control effectiveness as a foundation of the internal control According to Schmidt and Posner (1983), control environment starts with the board of director, who set the tone of an organization through policies, behaviors and effective governance, gives direction to the hundreds of decisions made at all levels of the organization every day This enables the organization to become efficient and effective, and achieve associated cost savings D’Aquila (1998) supports the position of control environment as the tone of an organization

by indicating that the perceived integrity of management has positively correlated with fairly reported financial information Its important role also supported from the result of COSO study (1999) on 200 companies which has shown that 83% of the financial fraud cases address by the SEC between 1987 and 1997 involved top management In addition, Cohen (2002) in his study continues to confirm the important of the control environment with the finding from a survey of auditors that

“tone at the top and its implication for the behavior of employees” are the most importance ingredients for an effective internal control Author therefore hypothesizes that

H1a: Control environment is positively related to the efficiency and effectiveness of

operation

H1b: Control environment is positively related to the reliability of financial report H1c: Control environment is positively related to the compliance with laws and

regulations

Risk assessment: The implementation of an effective Enterprise Risk

Management “ERM” will improve firm performance (Hoyt et al, 2006; Nocco and Stulz, 2006; Chih, 2007) In addition, risk management has positive related to the reliability of financial reporting (Lembi, 2006; Jokipii, 2009) However, Leen et at (2010) find that there is no evidence about the application of the ERM improves ERM effectiveness which includes entity’s strategic, operational, reporting, and compliance objectives From the above discussions, author hypothesizes that:

H2a: Risk assessment is positively related to the efficiency and effectiveness of

operation

H2b: Risk assessment is positively related to the reliability of financial report H2c: Risk assessment is positively related to the compliance with laws and

regulations

Control activities: are policies, procedures and necessary activities that are

taken to address risks to achieve the entity’s objectives (COSO, 1994) Hans Mjoen and Stephen Tallman (1997) in their research suggest that entity’s performance is strongly and positively related to control activities Their results show that specialized control activities provides both protection and exploitation of key resource inputs through increasing bargaining power Pyria (2013) confirms that control activities are statistically significant in determining performance In addition, the control activities support performance management instructions (Ana Morariu, SA, 2008:75) Control activities are developed and implemented for the effective management of the identified risks performance

As control activities are taken to address risks to achieve the entity’s objectives, the author therefore hypothesizes that:

H3a: Control activities are positively related to the efficiency and effectiveness of

operation

H3b: Control activities are positively related to the reliability of financial report H3c: Control activities are positively related to the compliance with laws and

regulations

Information and communication: refer to the system put in place by an

organization to identify, capture, process and report relevant and reliable information in a timely manner so that people can carry out their responsibilities effectively (COSO1994, 59) Previous studies show that clear communication channels within the organisation and between the organisation and its customers have a positive effect on firm performance, see for example (Carr, Amelia S Kaynak, Hale, 2007) Organisations infuse information systems into their operations

so as to enhance competitiveness and facilitate business growth and success (Fisher and Kenny, 2000) Even though organisations have different information systems, they all strive for competitive advantage through continuous improvement; re-evaluation of the effectiveness and efficiency of their business information system (Chaffey and Wood, 2005) Information and communication system produces reports including operational, financial and compliance related information that make it possible to run and control the business effectively (Sawyer, 2003) From the above discussions, author hypothesizes that:

H4a: Information and communication are positively related to the efficiency and

effectiveness of operation

H4b: Information and communication are positively related to the reliability of

financial report

H4c: Information and communication are positively related to the compliance with

laws and regulations

Monitoring refers to the process of assessing the quality of a system’s

performance over time (Jones, 2008) Monitoring ensure systems are performing as intended (Henle, 2005) According to Coffin (2003), monitoring is designed to assess the effectiveness of the internal control system in achieving the entity’s financial reporting objectives Meanwhile, continuous monitoring enables management to continually review business processes for adherence to and deviations from their intended levels of performance and effectiveness (Sumit, 2010)

Because of the important role played by monitoring, COSO originally includes ongoing monitoring in its first Integrated Framework released in 1992 Ongoing monitoring is again emphasized in COSO Enterprise Risk Management framework (2004) to meet requirements of the Sarbanes Oxley Act of 2002 which forces public companies to renew their focus on internal controls over financial reporting As monitoring is very important to the internal control effectiveness, author hypothesizes that:

H5a: Monitoring is positively related to the efficiency and effectiveness of

operation

H5b: Monitoring is positively related to the reliability of financial report

H5c: Monitoring is positively related to the compliance with laws and regulations

H1a

H3a H2a

H5a H4a

Figure 2.2: The relationship between internal control components and the

efficiency & effectiveness of operation (Model I)

Figure 2.3: The relationship between internal control components and the

reliability of financial report (Model II)

Figure 2.4: The relationship between internal control components and the

compliance with laws and regulations (Model III)

2.6 Summary

This chapter has presented the literature review relevant to internal control components, internal control effectiveness perspective, and the exploration of the relationship between these perspectives By developing the hypotheses, the author defined the dependent and independent variables in this study

Compliance with laws and regulations

CHAPTER 3: RESEARCH METHODOLOGY 3.1 Introduction

The purpose of this chapter is to provide the brief description about the methodology used to test the hypotheses developed in chapter 2 In this part, we discuss about the questionnaires, samples, tools and the methodology used in this study

The first draft of questionnaire

Pilot test

The final questionnaire

Item modifications

3.3 Questionnaires design

The questionnaires design was achieved through a literature search The questionnaire was originally designed in English The original English version was then translated into Vietnamese by two independent translators who expertise in internal control section and English to assure the objectiveness The Vietnamese questionnaires version was then checked with 6 external auditors to ensure the understandability of the measurement This was the first draft of the questionnaires The draft questionnaires consist of three parts The first part comprises demographic questions about respondent title, age and experience The second part focuses on the internal control components which includes questions on the five components of internal control; that are, the control environment, risks assessment, control activities, information and communication, and monitoring The third part examines the evaluations of internal control effectiveness which includes questions on the efficiency and effectiveness of operation, reliability of financial report, and compliance with applicable laws and regulations

3.4 Operationalisation of measures

The constructs of the internal control components and internal control effectiveness were adopted from the existing instruments in earlier studies

3.4.1 Measurement scale of internal control components

Internal control components was measured with five-point Likert scale based

on questions recommended by COSO (1992) and adapted in practice by Jokipii (2009) As discussed in chapter two, five internal control components was defined including control environment (COEN), risk assessment (RISK), control activities (COAC), information and communication (INFO) and monitoring (MONI) Details

of measurement scale of internal control components were as following:

Table 3.1: Measurement scale of internal control components

There has been a great deal of variation in control

and management tasks

Risk Assessment The goals for the company’s operations had

credible and in my opinion reasonable measures

RISK_4

In my opinion the company’s risk analysis and means of protection could have been more efficient

RISK_5

Control activities There was functioning controls in the company’s

processes which gave warning whenever something exceptional occurred

COAC_1

As soon as something exceptional and undesired was noticed it was promptly and appropriately dealt with

COAC_2

In the definition of task special attention was paid

to authorization and the special demands of tasks

The report are forwarded to management were sufficiently clear and contained relevant information from the management perspective

INFO_2

Sufficient information moved between the different divisions of the organization so that the smooth uninterrupted running of operation could

be ensured

INFO_3

Our company’s information and communications system was not quite up to date with respect to functions

INFO_4

The work was efficiently coordinated within the function and also with other functions

INFO_5

Monitoring The operative information used in management

was specified to the systems information of financial management

MONI_4

Management has not in the last year requested accounts of the accomplishment of control measures

MONI_5

3.4.2 Measurement scale of internal control effectiveness

Measurement scale of internal control effectiveness was measured in a similar way with internal control component measures Five-point Likert scale was based on questions recommended COSO (1992) and adapted in practice by Jokipii (2009) Internal control effectiveness (EFFE) was measured by three components: efficiency and effectiveness of operation (EFFI), reliability of financial report (RELI), and compliance with applicable laws and regulations (LAW) The details of measurement scale were as following:

Table 3.2: Measurement scale of internal control effectiveness

RELI_1

There were sometimes errors in the reports which had to be corrected later when the information had been confirmed

RELI_2

We sometimes received information about errors

in reports sent out for external use

LAW_4

3.5 Pilot Test

The purpose of pilot test was to tailor the questionnaire to help respondents

to avoid problems in answering questions and to increase the quality of data recorded for the main survey

The procedure was conducted by two steps In the first step, an exploratory study was made with the purpose of assessing the first draft of measurement scale The first draft of questionnaire initially developed in English was then translated into Vietnamese and checked with 6 external auditors to ensure the understandable meaning In the second step, focused group discussion was conducted with four senior auditors and two manager auditors from KPMG Vietnam The purpose of this step was to examine the instrument to be sure that all survey questions were clear in meaning and sufficient to cover the research matter in reality, from the audit perspectives Some questions were adjusted on the recommendation of the participants to make the terms in the questionnaire more understandable, less negative and more suitable for measurement in Vietnam such as “thường xuyên thay ñổi hoạt ñộng kiểm soát” was revised to “ña dạng nhiều hoạt ñộng kiểm soát”,

“Tôi hoàn toàn không tin tưởng” was revised to “Tôi không hoàn toàn tin tưởng”,

“có nhiều vấn ñề” was revised to “còn tồn tại nhiều vấn ñề” After the revision finished, the author had the final questionnaire

The final version of questionnaire was made in Vietnamese (Appendix 1) and was translated back into English (Observed variables)

internal control effectiveness of companies in Vietnam The population of the study was therefore external auditors who audited the operation of companies in Vietnam including manufacturing, trading, construct and service companies in 2011 The external auditors were chosen to be interviewed as they have strong knowledge in internal control section They are responsible for review, evaluate, and report the effectiveness of internal control to board of management when auditing the operation of companies

The second step in the sampling process is to choose the sampling frame Sampling frame is the list of elements from which a sample may be drawn In this study, the sampling frame was external auditors of companies in the south of Vietnam

The third step is to identify the sampling method to be used to select the sample for the study According to the methodology literature, there are two main sampling methods, probability and non-probability sampling (Tho, 2011) Due to the tremendous limitations of time, budget and knowledge; this study uses a non-probability sampling technique, specifically, convenience sampling This is one of the least reliable sampling techniques, but it is the cheapest and easiest, and is the most feasible for this study

The final but most important step of the sampling process is the ability to collect samples The author of this study has been working in auditing companies more than six years and has long relationship with external auditors in Vietnam that enable to the author has enough capacity to collect enough sample size to conduct this sturdy

Sample size

A reliable and valid sample could enable us to generalize the findings from the sample to the population under investigation Canava (2001) The sample size is determined by the level of precision and confidence desired in estimating the

population parameters, as well as the variability in the population itself Tho (2011,

p 231) suggest that the issue of ‘how large’ a sample size should be, has not been entirely resolved, but does depend on the statistical methods used (e.g Maximum likelihood, generalized least squares and asymptotically distribution free) However, some researchers suggested that the minimum sample size should be from 100 to

150 responses if using the Maximum Likelihood (ML) method Some others suggested the minimum sample size should be at least five observations per estimates parameter (Hair et al 2006- cited in Tho, 2011)

Following the discussion above, the study was conducted with 37 observed variables (37 variables x 5 = 185 observation samples) The sample size must be at least 185 complied with criteria at least 5 times of observed variables Consequently, this research was conducted with sample sizes of 236 external auditors of companies in Vietnam

3.6.2 Survey method

The literature on research methodology has identified a number of survey methods such as face-to-face interview, telephone interview, and mail survey etc Among these methods, the email survey method combined with directly distribute questionnaires to interviewees were chosen because these two methods can ensure

to efficiently collect statistical information from numerous companies and make direct contact with external auditors Questionnaires were sent to the participants via email The first e-mail was sent directly to participants to ensure that the receivers can see the email After 7 days a reminder was sent to non-responders to remind them Again, after 7 days a third contact was made At the same time, the author also directly contacted interviewees to distribute questionnaires to ensure collect enough the quantity of responses

3.6.3 Data Analysis Techniques

The Statistical Package for the Social Sciences (SPSS) version 16.0 was used for all statistical calculations Descriptive and inferential statistics includes:

Cronbach alpha, exploratory factor analysis, correlation, multiple regression analysis The analysis process was implemented as follow:

When data collection was completed, descriptive statistics were initially conducted to provide an overview of the sample Secondly, the measures of each constructs were refined by cronbach alpha coefficients The purpose of this test was

to provide a preliminary evaluation and refinement of the measurement scales Reliability analysis was first used to remove items with low item-total correlations (<0.3) (Nunnally 1978 - cited in Quan, 2004) Scales with a Cronbach alpha coefficient equal to or greater than 0.6 are acceptable in some cases (Nunnally, 1978; Peterson, 1994 – quoted in Trong & Ngoc, 2005) Items those passed the test then were analyzed using an exploratory factor analysis (EFA) method to determine the actual dimensions of each construct In this step, items with factor loadings less than 0.4 were deleted Thirdly, The Pearson correlation was used to measure the significance of linear bivariate between the independent variables and dependent variables thereby achieving the objective of this study (Sakaran, 2006) Correlation

is a bivariate measure of association (strength of the relationship) of the relationship between two variables It varies from 0 (random relationship) to 1 (perfect linear relationship) or -1 (perfect negative linear relationship) Finally, the measures retained were run with multiple linear regressions (MLR) and the results were used

to test the research model and hypotheses

3.7 Summary

This chapter discussed about the research methodology used in this study Questionnaires have been used as data collection research instruments It is intention that the finding of this research paper will be used by companies in Vietnam in setting up internal control components and control the internal control effectiveness

CHAPTER 4 RESEARCH RESULTS 4.1 Introduction

The previous chapter discussed the research methodology including the operational measures of the theoretical model constructs developed in Chapter 2, the research design of the main study This chapter presents the analysis of results from the main study The study of 236 respondents was used to test the reliability and validity of the construct measurement scale by reliability and exploratory factor analysis The final qualified variables of each construct will be then be analyzed with MLR and t-test to test the research hypotheses

4.2 Descriptive statistic of the study

The main survey was conducted by directly distribute combined with mail survey method to external auditors of companies in Vietnam 300 self-administered questionnaires were distributed to the respondents Of these questionnaires, 269 samples were returned but 33 questionnaires were discarded because there were many questions unanswered or scored with the same mark The remained samples consisted of 236 questionnaires are used to run reliability and EFA to test the reliability and validity of the measurements The age of respondents is young and mostly under 30 years The respondent’s experience is mostly less than 5 years This is suitable to audit characteristic where staff turnover is often high The largest sector represented was manufacturing (54.2%), followed by service (22.9%), trading (18.2%), construction (1.7%) and other (2.5%) The sample details are in table 4.1

Table 4.1- Sample characteristics

Frequency Percent Valid

Percent

Cumulative Percent Respondent’s age

4.3 Testing measurement scale

4.3.1 Reliability testing

Before being subjected to further analysis, testing the research model, all scales were first checked for reliability by using Cronbach alpha coefficients The purpose of this step is testing the internal consistency within a scale An alpha value

of 0.60 and 0.70 or above is considered to be the threshold indicating internal consistency of new scales and established scales respectively (Nunnally, 1988 – cited in Spiros, 2003) This study uses the value of 0.6 as the benchmark The cut-off value of 0.3 for item-total correlation was applied to delete item(s) that did not

Figure 4.2 Respondent's experience

2-3 years 4-5 years 6-7years 8-9years Over 10 years

Figure 4.3 Organization industry

Manufacturing Trading Service Construction Other