Determinants of an effective internal control , a study of firms in vietnam

LIST OF FIGURESFigure 2.1 Quantitative assessment of internal control framework...12 Figure 2.2: The relationship between internal control components and the efficiency and effectiveness

-

-NONG QUANG THANH

DETERMINANTS OF AN EFFECTIVE

INTERNAL CONTROL:

A STUDY OF FIRMS IN VIETNAM

MASTER THESIS OF BUSINESS ADMINISTRATOR

HO CHI MINH CITY – 2013

-

-NONG QUANG THANH

DETERMINANTS OF AN EFFECTIVE

INTERNAL CONTROL:

A STUDYOF FIRMS IN VIETNAM

Subject: Master of Business Administrator

I would like to take this opportunity to express my gratitude to all those whohave helped and supported me during the time I conducted the study

Firstly, I would like to express my deepest sincere gratitude to my supervisor,

Dr Nguyen Thi Nguyet Que for her patient and invaluable advices to my thesis.Without her support, the thesis could not have been completed

Secondly, I would like special thanks to all instructors and lecturers in eMBAcourse for their teaching invaluable knowledge and experience to me I am very greathonor to introduce with my relationships that I have been participated in eMBAprogram of Economic University, Ho Chi Minh City

Many thanks to Mr Cao Quoc Viet, as well as the other classmates in eMBAK19 class for their sharing valuable knowledge to me to complete this research study

I also wish to thank my friends, external auditors in KPMG and A&C as well

as other respondents Without them, my thesis could not have been conducted

Lastly, I would like to send the deepest and most special thanks to my belovedparents, my wife and my family members who encourage me to overcome alldifficulties to complete this course

Nong Quang Thanh

Ho Chi Minh, September 2013

I hereby would like to commit that the thesis, “Determinants of an effectiveinternal control: a study of firms in Vietnam”, was accomplished based on myindependent and serious studies and researches The data was collected in reality and

it has clear origins In addition, the data would be trust-worthily handled and it hasnever been released in any menu

Nong Quang Thanh

TABLE OF CONTENTS ACKNOWLEDGEMENT I

COMMITMENT II TABLE OF CONTENTS III LIST OF FIGURES V

LIST OF TABLES VI ABBREVIATIONS VII

ABSTRACT 1

CHAPTER 1: INTRODUCTION 2

1.1 Introduction 2

1.2 Background to the research 2

1.3 Research problems 3

1.4 Research objectives 4

1.5 Research questions 4

1.6 Research methodology and scope 5

1.7 Thesis structure 6

CHAPTER 2: LITERATURE REVIEW 7

2.1 Introduction 7

2.2 Internal control components 7

2.3 Internal control effectiveness 11

2.4 Gaps in the literature 13

2.5 Research hypotheses and theoretical model 14

2.6 Summary 19

CHAPTER 3: RESEARCH METHODOLOGY 20

3.1 Introduction 20

3.2 Research process 20

3.3 Questionnaires design 21

3.4 Operationalisation of measures 22

3.5 Pilot test 25

3.6 Main survey 25

3.6.1 Sample design 25

3.6.2 Survey method 27

3.6.3 Data analysis techniques 27

3.7 Summary 28

CHAPTER 4: RESEARCH RESULTS 29

4.1 Introduction 29

4.2 Descriptive statistic of the study 29

4.3 Testing measurement scale 31

4.4 Testing the research model and the hypotheses 39

4.5 Summary 45

CHAPTER 5: DISCUSSION AND CONCLUSIONS 47

5.1 Introduction 47

5.2 Discussion of findings 47

5.3 Implications of the research 49

5.4 Limitations and recommendations 52

LIST OF REFERENCE 54

APPENDIX 1 60

APPENDIX 2 66

APPENDIX 3 69

APPENDIX 4 72

LIST OF FIGURES

Figure 2.1 Quantitative assessment of internal control framework 12

Figure 2.2: The relationship between internal control components and the efficiency and effectiveness of operation 18

Figure 2.3: The relationship between internal control components and the reliability of financial report 18

Figure 2.4: The relationship between internal control components and the compliance with laws and regulations 19

Figure 4.1 Respondent's age 30

Figure 4.2 Respondent's experience 31

Figure 4.3 Organization industry 31

Table 2.1: Comparison of Control frameworks in the US 8

Table 3.1: Measurement scale of internal control components 22

Table 3.2: Measurement scale of internal control effectiveness 24

Table 4.1: Sample characteristics 30

Table 4.2: Reliability of measurement scales 32

Table 4.3-4.5: The EFA result for internal control components measurement scales 36

Table 4.6-4.8: The EFA result for internal control effectiveness measurement scales 38

Table 4.9: Correlation of constructs 39

Table 4.10a-c: Summary of hypotheses testing results (Model I) 41

Table 4.11a-c: Summary of hypotheses testing results (Model II) 43

Table 4.12a-c: Summary of hypotheses testing results (Model III) 44

Internal control components

Internal control effectiveness

Efficiency and effectiveness of operation

Reliability of financial report

Compliance with laws and regulations

Committee of Sponsoring Organizations

This study reports the results on the internal control components and internalcontrol effectiveness from the external auditor’s perspective by using measurementscale proposed by Annukka Jokipii (2009) The study is among the very few studies

in Vietnam empirically examines internal control effectiveness as well as suggest thereference internal control components used in practice

To assess the internal control components and internal control effectiveness, astudy of 236 external auditors who audited the operation of companies in Vietnam in

2011 was conducted Even though some unexpected outcomes have incurred,

“control environment” and “monitoring” are not supp orted in their relationship with

“the reliability of financial report”; “information and communication” is notsupported in the relationship with “the compliance with laws and regulations”, theempirical results indicate that all remaining internal control components (Controlenvironment, risk assessment, control activities, information and communication, andmonitor) have significant positive effect on internal control effectiveness which arealso considered the company objectives: efficiency and effectiveness of operation,reliability of financial report, compliance with laws and regulations

Key words: Internal control components, Internal control effectiveness

CHAPTER 1: INTRODUCTION

1.1 Introduction

This chapter represents general introduction to the study including researchissues, research objectives and research questions applied in this study In addition,this chapter also addresses the methodology to be used and the scope of the study

1.2 Background to the research

Understanding the concept of internal control is essential for developing anunderstanding of its impact on the performance of organization (Lembi, 2006)

In the world, internal control is traditionally proposed as “internal check” Itsdefinition was then developed as “process activitie s” to enable management to dealwith rapidly growth However, there was no official regulation in force to requirecompanies set up internal control to prevent risk and protect their business Aftermany scandals incurred in financial perspective 21st century, Sarbanes-Oxley Act of

2002 (SOX) requires management of all public firms to issue internal control report,take responsibility for maintaining an adequate internal control, and make concerning

to its effectiveness (PCAOB,2004) The external auditors are also responsible forauditing management assertions as to the effectiveness of the internal control andthey have to give their own, independent conclusion (Ramos 2004, 75) Meanwhile,the reference groups like suppliers, investors and customers have also focused more

on quality of company’s reporting and accountability (Rittenberg and Schwieger

2001, 172) An effective internal control system therefore has played a critical role in

a firm’s success It helps organization management to keep the company onprofitability goals, to achieve its mission, and to response to its risks of business(COSO, 1994) However, how to develop an optimal internal control framework forall companies is still further research

In 1994, Committee of Sponsoring Organizations (COSO) proposes InternalControl framework consists of five interrelated components but states that the needfor control system and control effectiveness may vary according to a firm’scharacteristics Donaldson (2001) indicates that the design of management controlsystem depends on the organization’s context, a fit between the organization’s contextand internal control components leads to better internal control effectiveness.However, the evidence of the actual performance of an internal control within theorganizational environment is almost non-existent, and the topic relativelyunexplored by researchers (Kitnney, 2000) Consequently, in recent year, manyresearchers (Chenhall 2003, Gerdin 2005, Jokipii 2009) have attempted to explaininternal control effectiveness by examining its designs.

With regard to Vietnam, there is almost non-existent research about internalcontrol and its effectiveness Thus, this study is motivated to propose an internalcontrol framework, the internal control effectiveness definition for companiesoperated in Vietnam reference as well as to explore the effect of existed internalcontrol components on internal control effectiveness

As mentioned above, there is still lack of practical research on internal controlsector The problem is therefore to be addressed This study concentrates to theinternal control components, internal control effectiveness and to explore the effect ofinternal control components on internal control effectiveness of firms in Vietnam.

1.4 Research objectives

A research objective is the research version of a business problem Objectivesexplain the purpose of the research in measurable terms and define standards of whatthe research should accomplish (Zikmund 1997, 89)

In solving the research problem mentioned previously, this study has thefollowing objectives:

1) Investigate the relationships of internal control components and the

efficiency and effectiveness of operation

2) Investigate the relationships of internal control components and the

reliability of financial report

3) Investigate the relationships of internal control components and the

compliance with laws and regulations

1.5 Research questions

The study is conducted to explore the relationship between internal controlcomponents and its observed effectiveness in companies It is examined to understandwhether internal control components such as control environment, risk assessment,control activities, information and communication, monitoring have relationship tothe internal control effectiveness which comprise the efficiency and effectiveness ofoperation, the reliability of financial report, the compliance with laws andregulations The research questions therefore concentrate on internal controlcomponents, the internal control effectiveness assessment as well as the relationshipbetween them

Research question 1: Is the efficiency and effectiveness of operation positivelyrelated to the internal control components?

Research question 2: Is the reliability of financial report positively related tothe internal control components?

Research question 3: Is compliance with laws and regulations positivelyrelated to the internal control components?

1.6 Research methodology and scope

The object of this research was external auditors who audited the operation ofcompanies in Vietnam Sample size: 236 (See more in Chapter 3)

Qualitative method: The author used the qualitative method to carry out groupdiscussions with six experienced external auditors The purpose of this step is toadjust and amend the translated questionnaire suitable with the subject and purposes

of the study

Quantitative research was used to explore the relationship between internalcontrol components and internal control effectiveness from the external auditor’sperspective The quantitative model was adopted from the previous research ofJokipii (2009)

The author used data analysis tools to implement the research such as:descriptive statistics, multiple regression models with SPSS version 16

1.7 Thesis structure

This study includes 5 chapters:

Chapter 1- Introduction, mentions about research background, research

objectives and research scope and approach

Chapter 2 – Literature review provides theoretical and empirical background supporting for hypothesized research model

Chapter 3 – Research methodology, is about the meth odologies that author used

to conduct the research

Chapter 4 – Data analysis and findings, discusses a bout the analysis that author conducted to test hypotheses and to answer the research questions

Chapter 5 - Conclusion and implication, is about the results, implications, and recommendations for future research

CHAPTER 2: LITERATURE REVIEW

2.1 Introduction

This part reviews the previous studies concerning about internal controlcomponents, internal control effectiveness, and the relationship between them Based

on the literature review, hypotheses are developed

2.2 Internal control components

The internal control is initially defined in 1930 as “internal check” comprisingsystem of accounts and procedures that one person performs independently checks tothe work of another to detect and prevent fraud (Sawyer et al 2003, 61) Thisdefinition was then developed by American Institute of Certified Public Accountant

in broadened meaning as plan of company, measures and all of coordinate method toensure the reliability of its accounting data, promote operational efficiency However,after big failures incurred in United State in 1980s, there is a need for re-evaluation ofinternal control definition in more proper ways to detect and prevent fraud

In the United State 1992, COSO states a report that defines Internal Control as

a process, effected by an entity’s board of directors, management and other personnel,which is designed to provide reasonable assurance to achieve three objectives:effectiveness and efficiency of operations; reliability of financial reporting;compliance with applicable laws and regulations The COSO Internal Controlframework consists of five interrelated components: Monitoring, Information andCommunication, Control Activities, Risk Assessment, and Control Environment

Source: COSO Internal Control-Integrated Framework 1992.

Shortly after COSO framework 1992 issued, it is considered a basicframework to develop additional frameworks in United State which focus more onspecific objectives from other perspectives COBIT (1996) provides controlprocesses about information technologies (IT) management and IT governance, SAC(1994) offers assistance to internal auditors on how to evaluate, report, and improvecontrol system, and SAC 78 (1995) provides guidance to external auditors regardingthe impact of internal control on performing audit of an organization The details ofthese internal control frameworks are described in table as following:

Table 2.1: Comparison of Control frameworks in the US

auditors

policies, subsystems,procedures, and peoplepractices

Internal control (1) Effective & (1) Effective & (1) Effective (1) Effective &Objectives efficient efficient & efficient efficient

operations operations operations operations

(2) Reliable (2)Confidential (2) Reliable (2) Reliable

reporting (3)Integrity & reporting reporting(3) Compliance availability of (3) (3) Compliancewith laws & information Compliance with laws&regulations (4)Reliable with laws & regulations

financial regulationsreporting

(5)Compliancewith laws &

regulationsComponents or Components: Domains: Components: Components:domain (1)Control (1)Planning & (1)Control (1)Control

Environment organization Environment Environment(2)Risk (2)Acquisition (2)Manual & (2)Risk

(3)Control implementation Systems (3)ControlActivities (3)Delivery & (3)Control Activities(4) Information support Procedures (4)Information &

(5)MonitoringInternal control At a point For a period For a period For a period

evaluation

Technology Technology StatementResponsibility Management Management Management Management

Source: Cobert et al (2005)

The need for more advanced and appropriate internal control framework isalso appeared in other countries Canadian Institute of Chartered Accountant furtherdevelops COSO (1992) framework to the Criteria of Control Framework (CoCo,1995) comprising elements of an organization like resources, systems, processes,culture and task that support people in the achievement of the organization’sobjectives In United Kingdom (UK), The Turnbull report (1999) provides guidance

in adopting a risk based approach in establishing components of internal control andits effectiveness The internal control components are reduced to three internalcontrol components: control activities, information and communication processes,

monitor processes for the continuing effectiveness of the internal controlcomponents.

The previous analysis of internal control frameworks shows that there areparallel components across internal control frameworks Although these componentsare also described in different terms in the various frameworks, but as a summary,five internal control components proposed by COSO framework 1992, the originaland the most popular framework used, are mostly adopted Therefore, these fivecomponents proposed by COSO (1992) are also adopted as independent variables inthis study with details as following:

(1) Control Environment, which sets the foundation for the internal control

components influencing the control consciousness of the entity’s people The core ofthis part is its people composed of their individual attributes, including integrity,ethical values and competence and the environment in which they operate

(2) Risk Assessment, which involves the identification and analysis of relevant

risk in achieving predetermined objectives by management This part includesprocedures help the entity aware of and deal with the risks it faces

(3) Control Activities, which covers policies, procedures and practices

established and executed to ensure that management objectives are achieved and riskmitigation strategies are carried out

(4) Information and communication, which supports all other control

components through information and communication systems It enables the entity’speople to capture and exchange the information needed to conduct, manage andcontrol its operations

(5) Monitoring, which covers the external overview of internal controls by

independent people likes the management It includes regular management andsupervisory activities, and other actions personnel take in performing their duties

The entire internal control components should be monitored, and modified asnecessary to ensure they can react dynamically.

2.3 Internal control effectiveness

COSO (1992) shows that internal control can be judged to be effective whenthe evaluators have reasonable assurances that they understand the entity’soperational objectives, the reliability of published financial statements, and theapplicable laws and regulations compliance However, its report does not discloseany guidance on how to perform the assessment Dai et al (2008) focus on thecomprehensive quantitative evaluation method of internal control effectiveness from

a risk-based perspective to construct a risk-oriented mathematical evaluation modelfor internal control However, due to too many and complex factors involved in theevaluation, they propose that quantitative evaluation model of internal control based

on risk should be further studied and improved The assessment of internal controleffectiveness therefore need to further research

Perry and Warner (2005) have proposed five-step model for quantitativeassessment of internal control effectiveness, which is describeb in Figure 2.1

Choose the right internal control framework

(COSO, COCO, Turnbull…)

Document controls against the selected model

Develop a quantitative scoring process

Assemble a group of examiners

Score the internal control application

Figure2.1: Quantitative assessment of internal control framework.

Compiled by Perry et al (2005)

The most important aspect to note in this model is scoring individual controlobjectives against the chosen internal control framework Examiners use the selectedmodel to determine the maximum score available for each control objective underreview and continue this process until they have scored all of the control objectivesand accumulated an overall quantitative score for internal control effectiveness Theynote that examiners should apply their own experience with and knowledge ofinternal controls in conjunction with internal control framework guidance inexamining the effectiveness of an internal control

Based on Perry’s quantitative model, Jokipii (2009) develops the measurementscale for the internal control effectiveness The definition of internal controleffectiveness in his research is taken from the internal control frameworks which statethat the internal control can be judged to be effective when the entity’s operationobjectives are being achieved, published financial statements are being preparedreliably, and the applicable laws and regulations are being complied with

In this study, the focus was on internal control effectiveness based onquantitative assessment model proposed by Jokipii (2009) The external auditors wereasked to assess about the three objectives of internal control so that the quantitativetest for internal control effectiveness could be performed The internal controleffectiveness composed of the efficiency and effectiveness of operation, reliability offinancial report, and the compliance with laws and regulations were used as adependent variable in this model.

2.4 Gaps in the literature

In this study, five components defined in the internal control framework(COSO 1992) are included Most of the research done in this field focuses onexamining particular control components, such as the control environment (D’Aquila1998), communication (Hooks et al 1994) or risk assessment (Mills 1997) Lembi(2006) examines all five components to evaluate the effectiveness of internal controlover financial reporting However, he uses a qualitative approach in his study Jokipii(2009) adds value to internal control section by indicating that control componentshave all positively effect on internal control effectiveness However, he proposes thatthe measures for internal control components and its observed effectiveness should beconducted in further research to ensure the reliability and validity of the measures Healso recommends that it would be interesting to examine if studies of other referencegroups, for example external auditors The final but is the most important, asmentioned above there is lack of practical research about internal controls inVietnam, this increase a requirement in conduction a research to develop theknowledge in this section for companies in Vietnam

2.5 Research hypotheses and theoretical model

Control environment: Many studies have stressed the importance of control

environment to internal control effectiveness as a foundation of the internal control.According to Schmidt and Posner (1983), control environment starts with the board

of director, who set the tone of an organization through policies, behaviors andeffective governance, gives direction to the hundreds of decisions made at all levels

of the organization every day This enables the organization to become efficient andeffective, and achieve associated cost savings D’Aquila (1998) supports the position

of control environment as the tone of an organization by indicating that the perceivedintegrity of management has positively correlated with fairly reported financialinformation Its important role also supported from the result of COSO study (1999)

on 200 companies which has shown that 83% of the financial fraud cases address bythe SEC between 1987 and 1997 involved top management In addition, Cohen(2002) in his study continues to confirm the important of the control environmentwith the finding from a survey of auditors that “tone at the top and its implication forthe behavi or of employees” are the most importance ingredients for an effectiveinternal control Author therefore hypothesizes that

H1a: Control environment is positively related to the efficiency and effectiveness of

operation

H1b: Control environment is positively related to the reliability of financial report H1c: Control environment is positively related to the compliance with laws and

regulations

Risk assessment: The implementation of an effective Enterprise Risk

Management “ERM” will improve firm performance (Hoy t et al, 2006; Nocco andStulz, 2006; Chih, 2007) In addition, risk management has positive related to thereliability of financial reporting (Lembi, 2006; Jokipii, 2009) However, Leen et at(2010) find that there is no evidence about the application of the ERM improvesERM effectiveness which includes entity’s strategic, operational, reporting, andcompliance objectives From the above discussions, author hypothesizes that:

H2a: Risk assessment is positively related to the efficiency and effectiveness of

operation

H2b: Risk assessment is positively related to the reliability of financial report.

H2c: Risk assessment is positively related to the compliance with laws and

regulations

Control activities: are policies, procedures and necessary activities that are

taken to address risks to achieve the entity’s objectives (COSO, 1994) Hans Mjoenand Stephen Tallman (1997) in their research suggest that entity’s performance isstrongly and positively related to control activities Their results show that specializedcontrol activities provides both protection and exploitation of key resource inputsthrough increasing bargaining power Pyria (2013) confirms that control activities arestatistically significant in determining performance In addition, the control activitiessupport performance management instructions (Ana Morariu, SA, 2008:75) Controlactivities are developed and implemented for the effective management of theidentified risks performance

As control activities are taken to address risks to achieve the entity’s

objectives, the author therefore hypothesizes that:

H3a: Control activities are positively related to the efficiency and effectiveness of

operation

H3b: Control activities are positively related to the reliability of financial report H3c: Control activities are positively related to the compliance with laws and

regulations

Information and communication: refer to the system put in place by an

organization to identify, capture, process and report relevant and reliable information

in a timely manner so that people can carry out their responsibilities effectively(COSO1994, 59) Previous studies show that clear communication channels withinthe organisation and between the organisation and its customers have a positive effect

on firm performance, see for example (Carr, Amelia S Kaynak, Hale, 2007).Organisations infuse information systems into their operations so as to enhancecompetitiveness and facilitate business growth and success (Fisher and Kenny, 2000).Even though organisations have different information systems, they all strive forcompetitive advantage through continuous improvement; re-evaluation of theeffectiveness and efficiency of their business information system (Chaffey and Wood,2005) Information and communication system produces reports includingoperational, financial and compliance related information that make it possible to runand control the business effectively (Sawyer, 2003) From the above discussions,author hypothesizes that:

H4a: Information and communication are positively related to the efficiency and

effectiveness of operation

H4b: Information and communication are positively related to the reliability of

financial report

H4c: Information and communication are positively related to the compliance with

laws and regulations

Monitoring refers to the process of assessing the quality of a system’s

performance over time (Jones, 2008) Monitoring ensure systems are performing asintended (Henle, 2005) According to Coffin (2003), monitoring is designed to assessthe effectiveness of the internal control system in achieving the entity’s financialreporting objectives Meanwhile, continuous monitoring enables management tocontinually review business processes for adherence to and deviations from theirintended levels of performance and effectiveness (Sumit, 2010)

Because of the important role played by monitoring, COSO originallyincludes ongoing monitoring in its first Integrated Framework released in 1992.Ongoing monitoring is again emphasized in COSO Enterprise Risk Managementframework (2004) to meet requirements of the Sarbanes Oxley Act of 2002 whichforces public companies to renew their focus on internal controls over financialreporting As monitoring is very important to the internal control effectiveness, authorhypothesizes that:

H5a: Monitoring is positively related to the efficiency and effectiveness of

operation

H5b: Monitoring is positively related to the reliability of financial report.

H5c: Monitoring is positively related to the compliance with laws and regulations.

Figure 2.2: The relationship between internal control components and the

efficiency & effectiveness of operation (Model I).

Figure 2.3: The relationship between internal control components and the

reliability of financial report (Model II).

Risk assessment

H2c

laws and regulations

Figure 2.4: The relationship between internal control components and the

compliance with laws and regulations (Model III).

2.6 Summary

This chapter has presented the literature review relevant to internal controlcomponents, internal control effectiveness perspective, and the exploration of therelationship between these perspectives By developing the hypotheses, the authordefined the dependent and independent variables in this study

CHAPTER 3: RESEARCH METHODOLOGY

3.1 Introduction

The purpose of this chapter is to provide the brief description about themethodology used to test the hypotheses developed in chapter 2 In this part, wediscuss about the questionnaires, samples, tools and the methodology used in thisstudy

3.2 Research process

Literature review

(Internal control components,internal control effectiveness)

The first draft of questionnaire

Pilot test Item modifications

The final questionnaire

Data Collection

236 samples

Quantitative research:

Descriptive statistic,EFA, Cronbach alpha’s analysis,Regression analysis

Writing report

3.3 Questionnaires design

The questionnaires design was achieved through a literature search Thequestionnaire was originally designed in English The original English version wasthen translated into Vietnamese by two independent translators who expertise ininternal control section and English to assure the objectiveness The Vietnamesequestionnaires version was then checked with 6 external auditors to ensure theunderstandability of the measurement This was the first draft of the questionnaires.The draft questionnaires consist of three parts The first part comprises demographicquestions about respondent title, age and experience The second part focuses on theinternal control components which includes questions on the five components ofinternal control; that are, the control environment, risks assessment, control activities,information and communication, and monitoring The third part examines theevaluations of internal control effectiveness which includes questions on theefficiency and effectiveness of operation, reliability of financial report, andcompliance with applicable laws and regulations

3.4 Operationalisation of measures

The constructs of the internal control components and internal controleffectiveness were adopted from the existing instruments in earlier studies

3.4.1 Measurement scale of internal control components

Internal control components was measured with five-point Likert scale based

on questions recommended by COSO (1992) and adapted in practice by Jokipii(2009) As discussed in chapter two, five internal control components was definedincluding control environment (COEN), risk assessment (RISK), control activities(COAC), information and communication (INFO) and monitoring (MONI) Details

of measurement scale of internal control components were as following:

Table 3.1: Measurement scale of internal control components

Environment management’s decisions into question and

evinced realizable alternatives

Managers and management have not been COEN_2overworked

There has been a great deal of variation in control COEN_3and management tasks

The personal understand the content and COEN_4responsibility of their tasks

The personnel have demonstrated commitment to COEN_5honesty and ethical value of the company through

their conduct

Risk Assessment The goals for the company’s operations had RISK_1

credible and in my opinion reasonable measures

Management actively evaluated both internal and RISK_2external risks likely to prevent the achievement of

how risk management was implemented

In my opinion the company’s risk analysis and RISK_5means of protection could have been more

efficient

Control activities There was functioning controls in the company’s COAC_1

processes which gave warning wheneversomething exceptional occurred

As soon as something exceptional and undesired COAC_2was noticed it was promptly and appropriately

dealt with

In the definition of task special attention was paid COAC_3

to authorization and the special demands of tasks

In my opinion the internal control measures COAC_4should have been stepped up still further

The entire personnel had updated job COAC_5descriptions

Informationand The personal had no problems in obtaining INFO_1communication information pertaining to their work tasks

The report are forwarded to management were INFO_2sufficiently clear and contained relevant

information from the management perspective

Sufficient information moved between the INFO_3different divisions of the organization so that the

smooth uninterrupted running of operation could

Monitoring The operative information used in management MONI_1

was specified to the systems information offinancial management

Line managers take excellent care of day-to-day MONI_2control

There is active control of how the personnel obey MONI_3the operating instructions issued

We conducted analyses based (customer MONI_4satisfaction, job satisfaction, efficiency) changes

during the last year

Management has not in the last year requested MONI_5accounts of the accomplishment of control

measures

3.4.2 Measurement scale of internal control effectiveness

Measurement scale of internal control effectiveness was measured in a similarway with internal control component measures Five-point Likert scale was based onquestions recommended COSO (1992) and adapted in practice by Jokipii

(2009) Internal control effectiveness (EFFE) was measured by three components:efficiency and effectiveness of operation (EFFI), reliability of financial report(RELI), and compliance with applicable laws and regulations (LAW) The details ofmeasurement scale were as following:

Table 3.2: Measurement scale of internal control effectiveness

Effectiveness and With a reasonable effort the efficiency of EFFI_1efficiency of operations could have been further improved

operations There are possibly in operations problems EFFI_2

which, if removed, would have resulted in abetter input - output ratio

There are no stages in the processes where I EFFI_3have any doubts about efficiency

In some functions resources might have been EFFI_4more efficiently deployed

Reliability of I did not completely trust the reports by RELI_1financial financial management and sometimes had to

reporting check the information I received

There were sometimes errors in the reports RELI_2which had to be corrected later when the

information had been confirmed

We sometimes received information about errors RELI_3

in reports sent out for external use

There have been problems with the accounting RELI_4programs used by financial management

Compliance with It was difficult in practice to apply the LAW_1applicable laws regulations governing our company

and regulations Changes in the legislation frequently came as a LAW_2

surprise to the company

I have observed that the personnel had problems LAW_3with the laws and regulations in force

There is no individual in our company whose LAW_4area of responsibility it is to monitor

forthcoming legislative changes and newregulations

3.5 Pilot Test

The purpose of pilot test was to tailor the questionnaire to help respondents toavoid problems in answering questions and to increase the quality of data recordedfor the main survey

The procedure was conducted by two steps In the first step, an exploratory study was made with the purpose of assessing the first draft of measurement scale Thefirst draft of questionnaire initially developed in English was then translated into Vietnamese and checked with 6 external auditors to ensure the understandable

meaning In the second step, focused group discussion was conducted with four senior auditors and two manager auditors from KPMG Vietnam The purpose of this step was

to examine the instrument to be sure that all survey questions were clear in meaning and sufficient to cover the research matter in reality, from the audit perspectives Somequestions were adjusted on the recommendation of the participants to make the terms

in the questionnaire more understandable, less negative and more suitable for

measurement in Vietnam such as “th ư ng xuyên thay ñ i ho t ñ ng ki m soát” was revised to “ña d ng nhi u ho t ñ ng ki m soát”, “Tôi hoàn toàn không tin t ư ng” was revised to “Tôi không hoàn toàn tin t ư ng”, “có nhi u v n ñ ” was revised to “còn t n t inhi u v n ñ ” After the revision finished, the author had the final questionnaire

The final version of questionnaire was made in Vietnamese (Appendix 1) and was translated back into English (Observed variables)

internal control effectiveness of companies in Vietnam The population of the studywas therefore external auditors who audited the operation of companies in Vietnamincluding manufacturing, trading, construct and service companies in 2011 Theexternal auditors were chosen to be interviewed as they have strong knowledge ininternal control section They are responsible for review, evaluate, and report theeffectiveness of internal control to board of management when auditing the operation

of companies

The second step in the sampling process is to choose the sampling frame.Sampling frame is the list of elements from which a sample may be drawn In thisstudy, the sampling frame was external auditors of companies in the south ofVietnam

The third step is to identify the sampling method to be used to select thesample for the study According to the methodology literature, there are two mainsampling methods, probability and non-probability sampling (Tho, 2011) Due to thetremendous limitations of time, budget and knowledge; this study uses a non-probability sampling technique, specifically, convenience sampling This is one of theleast reliable sampling techniques, but it is the cheapest and easiest, and is the mostfeasible for this study

The final but most important step of the sampling process is the ability tocollect samples The author of this study has been working in auditing companiesmore than six years and has long relationship with external auditors in Vietnam thatenable to the author has enough capacity to collect enough sample size to conductthis sturdy

Sample size

A reliable and valid sample could enable us to generalize the findings from thesample to the population under investigation Canava (2001) The sample size isdetermined by the level of precision and confidence desired in estimating the

population parameters, as well as the variability in the population itself Tho (2011, p.231) suggest that the issue of ‘how large’ a sam ple size should be, has not beenentirely resolved, but does depend on the statistical methods used (e.g Maximumlikelihood, generalized least squares and asymptotically distribution free) However,some researchers suggested that the minimum sample size should be from 100 to 150responses if using the Maximum Likelihood (ML) method Some others suggestedthe minimum sample size should be at least five observations per estimates parameter(Hair et al 2006- cited in Tho, 2011).

Following the discussion above, the study was conducted with 37 observedvariables (37 variables x 5 = 185 observation samples) The sample size must be atleast 185 complied with criteria at least 5 times of observed variables Consequently,this research was conducted with sample sizes of 236 external auditors of companies

in Vietnam

3.6.2 Survey method

The literature on research methodology has identified a number of surveymethods such as face-to-face interview, telephone interview, and mail survey etc.Among these methods, the email survey method combined with directly distributequestionnaires to interviewees were chosen because these two methods can ensure toefficiently collect statistical information from numerous companies and make directcontact with external auditors Questionnaires were sent to the participants via email.The first e-mail was sent directly to participants to ensure that the receivers can seethe email After 7 days a reminder was sent to non-responders to remind them Again,after 7 days a third contact was made At the same time, the author also directlycontacted interviewees to distribute questionnaires to ensure collect enough thequantity of responses

3.6.3 Data Analysis Techniques

The Statistical Package for the Social Sciences (SPSS) version 16.0 was usedfor all statistical calculations Descriptive and inferential statistics includes:

Cronbach alpha, exploratory factor analysis, correlation, multiple regression analysis.The analysis process was implemented as follow:

When data collection was completed, descriptive statistics were initiallyconducted to provide an overview of the sample Secondly, the measures of eachconstructs were refined by cronbach alpha coefficients The purpose of this test was

to provide a preliminary evaluation and refinement of the measurement scales.Reliability analysis was first used to remove items with low item-total correlations(<0.3) (Nunnally 1978 - cited in Quan, 2004) Scales with a Cronbach alphacoefficient equal to or greater than 0.6 are acceptable in some cases (Nunnally, 1978;Peterson, 1994 – quoted in Trong & Ngoc, 2005 ) Items those passed the test thenwere analyzed using an exploratory factor analysis (EFA) method to determine theactual dimensions of each construct In this step, items with factor loadings less than0.4 were deleted Thirdly, The Pearson correlation was used to measure thesignificance of linear bivariate between the independent variables and dependentvariables thereby achieving the objective of this study (Sakaran, 2006) Correlation is

a bivariate measure of association (strength of the relationship) of the relationshipbetween two variables It varies from 0 (random relationship) to 1 (perfect linearrelationship) or -1 (perfect negative linear relationship) Finally, the measuresretained were run with multiple linear regressions (MLR) and the results were used totest the research model and hypotheses

3.7 Summary

This chapter discussed about the research methodology used in this study.Questionnaires have been used as data collection research instruments It is intentionthat the finding of this research paper will be used by companies in Vietnam in setting

up internal control components and control the internal control effectiveness

CHAPTER 4 RESEARCH RESULTS

4.1 Introduction

The previous chapter discussed the research methodology including theoperational measures of the theoretical model constructs developed in Chapter 2, theresearch design of the main study This chapter presents the analysis of results fromthe main study The study of 236 respondents was used to test the reliability andvalidity of the construct measurement scale by reliability and exploratory factoranalysis The final qualified variables of each construct will be then be analyzed withMLR and t-test to test the research hypotheses

4.2 Descriptive statistic of the study

The main survey was conducted by directly distribute combined with mailsurvey method to external auditors of companies in Vietnam 300 self-administeredquestionnaires were distributed to the respondents Of these questionnaires, 269samples were returned but 33 questionnaires were discarded because there were manyquestions unanswered or scored with the same mark The remained samples consisted

of 236 questionnaires are used to run reliability and EFA to test the reliability andvalidity of the measurements The age of respondents is young and mostly under 30years The respondent’s experience is mostly less than 5 years This is suitable toaudit characteristic where staff turnover is often high The largest sector representedwas manufacturing (54.2%), followed by service (22.9%), trading (18.2%),construction (1.7%) and other (2.5%) The sample details are in table 4.1

Table 4.1- Sample characteristics

Percent Percent Respondent’s age

Figure 4.2 Respondent's experience

2-3 years 4-5 years 6-7years 8-9years Over 10 years

Figure 4.3 Organization industry

Manufacturing Trading Service Construction Other

4.3 Testing measurement scale

4.3.1 Reliability testing

Before being subjected to further analysis, testing the research model, allscales were first checked for reliability by using Cronbach alpha coefficients Thepurpose of this step is testing the internal consistency within a scale An alpha value

of 0.60 and 0.70 or above is considered to be the threshold indicating internalconsistency of new scales and established scales respectively (Nunnally, 1988 – cited

in Spiros, 2003) This study uses the value of 0.6 as the benchmark The cut-off value

of 0.3 for item-total correlation was applied to delete item(s) that did not