Circular 44/2009/tt-Nhnn: Regulations On The System Of Internal Control And Internal Audit Of Credit Institutions, Branches Of Foreign Banks

Original Language Title: Thông tư 44/2011/TT-NHNN: Quy định về hệ thống kiểm soát nội bộ và kiểm toán nội bộ của tổ chức tín dụng, chi nhánh ngân hàng nước ngoài

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$20 per month, or Get a Day Pass for only USD$4.99.
The CIRCULAR regulates the system of internal control and internal audit of credit institutions, branches of foreign banks _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ pursuant to the law the State Bank of Vietnam the number 46/2010/QH12 16 June 2010;
Pursuant to the law on credit institutions the number 47/2010/QH12 16 June 2010;
Pursuant to Decree No. 96/2008/ND-CP dated 26/8/2008 of the Government functions, tasks, powers and structure of the State Bank of Vietnam;
The State Bank of Vietnam stipulates the system of internal control and internal audit of credit institutions, branches of foreign banks as follows: chapter I GENERAL PROVISIONS article 1. Scope this circular regulates the system of internal control and internal audit of credit institutions, branches of foreign banks.
Article 2. Application object 1. Credit institutions;
2. foreign bank branch;
3. organizations and individuals related to the system of internal control and internal audit of credit institutions, branches of foreign banks.
Article 3. Explanation of terms In this circular, the terms below are interpreted as follows: 1. the internal control system is the set of mechanisms, policies, processes, internal regulations, the organizational structure of credit institutions, branches of foreign banks are built accordingly as prescribed in this circular and be held to ensure the prevention , detection, timely handling of risk and achieve required.
2. Internal audit is the review, independent, objective evaluation for internal control system; independent reviews of relevancy and compliance with internal policies, regulations, procedures, processes have been set in credit institutions, branches of foreign banks; giving recommendations to enhance the effectiveness of the systems, processes, regulations, contributes to ensure credit institutions operate, efficient, lawful.
3. internal auditors who perform internal audits of the credit institution, the foreign bank branch under the provisions of this circular.
4. State Bank branch is the branch of the State Bank, the city where credit institutions, branches of foreign banks is headquartered.
Chapter II the SYSTEM of INTERNAL CONTROL article 4. The requirements and principles of operation of the system of internal control 1. The risks are at risk of adverse effect and target activities of credit institutions, branches of foreign banks must be identifiable, measurable, continuous, regular reviews to timely detect, prevent and take measures to manage risk appropriately. When there is a change in business objectives, products, services and new business activity, credit institutions, branches of foreign banks must scrutinize, identifies risks related to build, modify and supplement the process, internal control regulations accordingly.
2. The operation of the system of internal control is an integral part of the daily activities of credit institutions, branches of foreign banks. Internal control is designed, installed, made right in all business processes in all the units, parts of the credit institutions, branches of foreign banks in many forms such as: a) the authorization hierarchy clear, transparent; ensure the distinct mandates and powers of individuals, parts of credit institutions, branches of foreign banks;
b) regulations on specific risk limit for each individual, the Department in performing transactions;
c) process evaluation, approval and browse allow execute trades; ensure a business processes must have at least 2 officers involved, a person performing the transaction and a transaction control, no individual can alone make a decision and business processes, a specific transaction, except for transactions in credit are credit institutions foreign bank branches allowed in accordance with the law.
3. the authorization hierarchy must be established, make reasonable, clear, specific, avoid conflict of interest; ensure a non-officer took the same position at the mission, purpose, conflicting or overlapping interests with each other; ensure that all officers in credit institutions, branches of foreign banks do not have the condition to manipulate active, non-transparent information for personal purposes or to conceal violations of the provisions of the law and internal regulations of the credit institutions, branches of foreign banks.
4. Ensure observance of accounting, accounting mode under the provisions and must have an internal information system on financial, operational, compliance situation of credit institutions, branches of foreign banks and the economic situation, the market outside of reasonable, reliable, timely for management work , operating efficiency.
5. Information systems, information technologies of credit institutions, branches of foreign banks must be reasonable protection, monitoring, safety and management mechanism must be independent of backup to timely handling of unexpected situations, including natural disasters, fires, explosions, compromised systems ensure compliance with the rules on safety, security of information technology systems for the banking industry, ensure regular business operations, continuity of credit institutions, branches of foreign banks.
6. Ensure officers, employees of credit institutions, branches of foreign banks must understand the importance of internal control activities; the role of the individual in the process of internal control related to the functions, tasks and must make full, effective regulations, internal control processes involved.
7. Who runs business units, departments and individuals concerned must regularly review, evaluation of the validity and effectiveness of the internal control system; the inadequacies of the existing system of internal control must be reported promptly to the management level directly; the existence of large inadequacies, which can cause loss or risk must be reported immediately to the Director-General (Executive Director), the Board, the Board members, the Board of control.
8. The individual parts in the level of credit institutions, branches of foreign banks must often, constantly check and test the implementation of the regulation, the relevant internal procedures and must take responsibility for the results of business activities was delivered before the credit organization , foreign bank branch and before the law.
9. the unit leader, Division of credit institutions, branches of foreign banks must report on the results of self assessment of internal control system in the unit; proposals for the disposal measures exist, any (if any) sent direct management-level leaders periodically or irregularly, at the request of the leader of the management level directly.
Article 5. Build and maintain the operation of the internal control system 1. Credit institutions, branches of foreign banks must develop internal control systems help the Director-General (Executive Director) operating smoothly, safe and lawful professional activities of credit institutions, branches of foreign banks.
2. Credit institutions, branches of foreign banks must regularly control the observance of the law and the internal regulations; directly control the business activities all over the field at the head office, branches, representative offices, business units and subsidiaries of credit institutions, branches of foreign banks. Credit institutions must regularly control the observance of the law and the internal rules for the affiliate company of credit institutions in accordance with the law.
3. Credit institutions, branches of foreign banks when detected violations and problems in running the business must plan and implement timely remedy.
Article 6. Self-check, evaluation of internal control systems 1. Recurring annually, Director-General (Executive Director) credit institutions, branches of foreign banks to conduct your organization, check out, reviews the internal control system of each unit, Department, business, professional and business activities.
2. The self test, reviews include the review and evaluation of the adequacy, validity and effectiveness of the internal control system based on the identification and evaluation of risks, in order to determine the existence of the problem of the internal control system and pointing out the changes needed for the internal control system to handle , fix that problem.
3. the Director-General (Executive Director) credit institutions, branches of foreign banks must report on the results of self-examination, reviews of the internal control system mentioned above. This report is updated was the mishaps, noted the summary of activities of credit institutions, branches of foreign banks, the associated risks respectively and test activities, controlling at the level of the whole credit institutions, branches of foreign banks, the level of each unit parts and each operation.
4. Report the self test, reviews of the internal control system was submitted to the Board, Board Member, Board of supervisors and the State Bank (banking supervision, inspection; State Bank of India branch) within 30 days of the end of the financial year; People's credit fund separate send State Bank branch.
Article 7. Independent reviews of the internal control system 1. Operation of the system of internal control of credit institutions, branches of foreign banks must be independent reviews as specified in paragraph 3 to article 40 of the law on credit institutions.
2. Content of independent reviews of the internal audit for internal control system, including reviewing, assessing and reporting on the adequacy, effectiveness and efficiency of the internal control system relevant to the activities audited areas, through the identification and assessment of risks , determine the existence of an internal control system and pointing out the changes needed for the internal control system to handle, overcome.

3. the annual periodical, internal audit of the credit institutions, branches of foreign banks must be done reviewing, evaluation of appropriateness, effectiveness and efficiency of the internal control system. Independent evaluation reports are part of the internal audit reports annually.
Internal audit results must be reported promptly to the Board, Board Member, Board of supervisors and submitted to the Director General (Director) credit institutions, foreign bank branch at the same time send to the State Bank (inspection bodies, banking supervision, bank branches); The people's credit funds only to send the report to the State Bank branch.
4. Assessing the independence of independent audit for internal control system is done according to the regulations of the State Bank of independent audit for credit institutions, branches of foreign banks.
Chapter III INTERNAL AUDIT section 1 GENERAL PROVISIONS article 8. Objectives and basic functions of internal audit 1. Operation for your safety, the efficiency of credit institutions, branches of foreign banks 2. Reviewing, independent, objective assessment of the level of completeness, relevancy, effectiveness and efficiency of the internal control system in order to improve, improve internal control system. To accomplish this objective, the unit performs internal audits are encouraged to perform the consulting activities, participate in the process of building, improving and perfecting the internal control system under the condition of not violating the principle of independent, objective specified in this circular.
3. Detect and prevent violations of the law; enhancing the effective management, administration and operation of credit institutions, branches of foreign banks.
4. Safety information security and continuous operation of the information systems professional activities.
5. Put out recommendations intended to improve the efficiency of the systems, processes, regulations, contributes to ensure credit institutions, branches of foreign banks operate, efficient, lawful.
Article 9. The basic principles of internal audit 1. Independence: Organization and operation of the internal audit is independent of the operating departments, units, operation of credit institutions, branches of foreign banks, officers working internal audit were not simultaneously undertake the work in the subjects of internal audit; credit institutions, branches of foreign banks must ensure that internal audit is not subject to any interference would when making the report and reviews.
2. Objectivity: internal audit, internal auditors must ensure objectivity, honesty, fairness, not prejudice.
3. Professionalism: Internal Auditors must possess the knowledge, qualifications and skills in internal audit needed, not the Chief, the work of other specialized credit institutions, branches of foreign banks; have sufficient knowledge to identify the hallmarks of fraud, have knowledge about risks in banking activities and the control measures of information technology to perform the assigned work. The Internal Audit Division must have at least one auditor sufficient knowledge, skill, level control of key information technology and high technology audit techniques.
Article 10. The requirements are intended to ensure compliance with the basic principles of internal audit 1. Internal Auditors must have a fair attitude, not prejudice and avoid any conflict of interest. The internal auditors have the right and the obligation to report on issues that can affect the independence and objectivity of the internal auditor concerning internal audit work was the head of the internal audit (hereinafter the head of internal audit).
2. The Chief internal auditor must understand, monitor and ensure the independence and objectivity of the internal auditors. The case of independence or objectivity being affected or could be affected, the head of internal audit shall report to the Supervisory Board.
3. In the work of internal audit, credit institutions, branches of foreign banks must make provisions below aim to ensure the independence and objectivity, to prevent the inequity, prejudice and conflict of interest: a) Internal Auditors do not perform audits for regulations internal policies, procedures, and processes that the auditor is the person responsible in the construction regulations, internal policies, procedures, processes;
b) Internal Auditors do not have the conflicts of interest with the unit, the Division audited; Internal Auditors are not made for the audit unit, that unit operator, that Department is a relevant person of the internal auditor;
c) Internal Auditors not involved audit activities, the Department that that auditor is responsible for implementation of the operation or management of that Department within a period of 3 years from when have decided not to perform the operation or management of that Department;
DD) To take measures to check to ensure the independence and objectivity of the work of internal audit during the audit performed in units, audited and parts in the period, the audit report;
e) The audit record in the internal audit report should be carefully and analysis based on the data, the information collected to ensure objectivity;
g) the results of the Mission of the Chief internal auditor must be Control Board regularly examine, scrutinize, reviews;
h) internal audit should ensure the independence, objectivity when auditing the activities, processes, parts that were previously internal audit has consulted. In this case, the internal auditor has the right and obligation to the full review and analysis about the procedure, process, system of internal control. Responsibility for the activities, processes, parts have been internal audit previous advice about still leader of the unit, the audited departments.
4. Credit institutions, branches of foreign banks must comply with the provisions in paragraph 3 article 9 and article 13 this circular aims to ensure the professionalism of the internal audit.
Article 11. Ensure the quality of the internal audit activity 1. Credit institutions, branches of foreign banks must have processes to monitor and evaluate the quality of the work of internal audit. Credit institutions, branches of foreign banks must conduct an internal assessment for the operation of internal audit to ensure the quality of the internal audit activity.
Internal assessment for internal audit activity is the review self assessment internal audit activities at the end of the audit and the annual review self assessment overall internal audit activity by the Internal Audit Division to ensure the quality of the internal audit activity.
2. internal evaluation results must be reported annually to the Board of control and is recorded in the internal audit report.
Item 2 ORGANIZATION and ACTIVITIES of the INTERNAL AUDITOR article 12. The Organization of internal audit 1. Internal audit of credit institutions (except in the case specified in clause 2 of this) is organized into vertical unified system or organization internal audit division at Headquarters according to the scale, the degree, the scope and the specific activities of the credit institution. Internal Audit Board directly under the control and subject to the direction of the Control Board.
2. for the people's credit funds have only 1 dedicated controllers that do not have the Control Board, the internal audit of the people's credit funds by the dedicated staff control implementation.
3. The base of the scale, the degree, the scope and characteristics of activities of credit institutions and on the basis of the proposal of the Supervisory Board, Board of Trustees, Council members decided on the Organization of internal audit, salary, bonus, allowance for the responsibilities of Internal Auditors , Head of internal audit and the Deputy Head of internal audit.
4. the internal audit of the foreign bank branch can do internal audit of headquarters or regional headquarters, consistent with the provisions of paragraph 1 to article 89 of the law on credit institutions.
Article 13. Standards for internal auditors, internal audit Head and Deputy Head of the internal audit 1. Internal Auditors must have the following standard: a) honest, quality conscious observance of law;
b) have the knowledge, the general understanding of the law, business administration and banking services;
c) to College over the appropriate disciplines, have full knowledge and always updated about the assigned field implementation of internal audit; for internal auditors of people's credit funds have intermediate level back up to the majors.
d) have the ability to collect, analyze, assess and synthesize information;
DD) have the knowledge, the skills of internal audit;
e) Have experience working in the financial sector, the Bank or the audit work a minimum of 3 years. Internal auditor the people's credit funds must have experience working in the financial sector, the Bank or the audit work a minimum of 12 years.
g) comply with the rules of professional ethics under the provisions in article 22 of this circular;
h) other criteria stipulated by the credit institutions.
2. for the information technology auditor, in addition to the standards mentioned in paragraph 1 of this article must have experience working in the field of information technology, a minimum of 3 years.
3. In addition to the criteria specified in point a, b, d, e, g and h clause 1 of this article, the head of internal audit and the Deputy Head of internal audit at a minimum must have university degree in banking, finance, accounting, auditing and have experience working in the financial sector the Bank, a minimum of 5 years. For the head of internal audit of the people's credit funds must have the minimum level in banking, finance, accounting, auditing and have experience working in the financial sector, the Bank is minimum 2 years.
Article 14. Appointed, dismissed the position of internal audit

1. the head of internal audit by the Board, the Board members appointed by the credit organization, dismissed the proposal of head of Supervisory Board; or by the authorized person of the Bank appointed by the mother, dismissed for foreign bank branches.
2. Deputy Head of internal audit and the other titles of internal audit by the Board, the Board members appointed by the credit organization, dismissed the proposal of head of Supervisory Board on the basis of the proposal of the head of internal audit; or by the Director-General (Executive Director) foreign bank branch appointed, dismissed the proposal of head of internal audit.
Article 15. Internal audit scope the scope of the internal audit include: 1. all audit activities, the business processes and the unit, Division of credit institutions, branches of foreign banks;
2. irregular audit and advice at the request of the Board, the Board members, supervisory board, General Director (Director).
Article 16. The content of the internal audit activity 1. The main content of the internal audit activity is evaluated the adequacy, effectiveness and efficiency of the internal control system.
2. Depending on the scale, level of risk as well as the specific requirements of individual credit institutions, foreign bank branch, internal audit review, reviews of the following: a) the adequacy, validity and effectiveness of the internal control system;
b) adoption, validity, effectiveness of implementation of policy and risk management process of the credit institutions, branches of foreign banks including the processes are done by information technology systems;
c) adequacy, accuracy and security of information systems of management and financial information systems, including electronic information systems and electronic banking services;
d) sex full, timely, honest, reasonable and accurate level of accounting systems and financial reporting in accordance with the law.
DD) in compliance with the provisions of the law, the regulations on the ratio of safety in the operation of credit institutions, branches of foreign banks, internal regulations, processes, rules, rules of professional ethics;
e) mechanisms, policies, processes, internal regulations, the organizational structure of credit institutions, branches of foreign banks;
g) measures to ensure the security of the property. Given the recommendations aimed at improving the efficiency of the systems, processes, regulations, contributes to ensure credit institutions, branches of foreign banks operate, efficient, lawful;
h) reviews the economics and efficiency of these activities, of the use of resources, thereby determining the degree of fit between the results achieved and the objectives proposed;
I) perform other related functions, the Mission of internal audit at the request of the Supervisory Board and of the Board, Board Member;
k) in addition to the provisions referred to in points a, b, c, d, e, f, g, h, i paragraph 2 of this article, foreign bank branch audit performed in accordance with the parent bank, in accordance with the provisions of this circular.
Article 17. The method of implementation of internal audit 1. The method of implementation of internal audit's audit methodology "oriented risks", the priority focus of resources to audit units, parts, processes are judged to have a high level of risk.
2. Internal Auditors should identify, analyze, evaluate and build risks risk profile for each of the activities of credit institutions, branches of foreign banks. Risk profile including the whole of the potential risk, the possible impact of the risks for the activities of credit institutions, branches of foreign banks and the possibility of these risks. Based on the evaluation of the impact, the possibility of the risk; each risk is classified as high risk, medium or low. The assessment and classification of risk must be made at least once a year.
3. Results of risk assessment will be the base to the head of internal audit work with the Control Board, the Director-General (Executive Director) and the Board, the Board members in the process of planning internal audit annually. The activities that risk will be ranked in order from high to low, in that the activity is considered to be high risk will be priority focuses more resources, more time to audit, audited in advance and audited more often than the lower risk activities.
4. the internal audit plan should be built based on the results of risk assessment and must be updated, changed, adapted with the happenings, changes in activities of credit institutions, branches of foreign banks and the change of the risk comes in.
Item 3 the DUTIES, powers and RESPONSIBILITIES of the INTERNAL AUDIT DIVISION to article 18. The Mission of the Internal Audit Division 1. Build business processes internal audit in institutions and the Control Board review, approved after the report of the Board, Board member.
2. Plan internal audit annually or extraordinarily and perform internal audit activities as planned or unscheduled audit at the request of the Board, Board Member, Board of control; implement the policies, processes and procedures for internal audit has been approved, ensure quality and effectiveness.
3. Examine, scrutinize, reviews independently, impartially for all units, parts, operations of credit institutions, branches of foreign banks (policies, procedures, processes or issues in performance) based on the risk level (high, medium or low) and the level of influence the activities of credit institutions foreign bank branches. For all the problems that can adversely affect operation of the credit institution, the foreign bank branch internal audit need timely notification of the nature and impact of activities of credit institutions, branches of foreign banks and give practical recommendations aimed at preventing , to overcome the problem.
4. Propose measures to repair, fix errors; Petitions handled the offense; proposed measures to improve, enhance, the effectiveness of the internal control system.
5. Evaluate the relevance of the activities to prevent, remedy the weaknesses have been reported; the activities aimed to improve the internal control system; and watched until the matter was handled satisfactorily.
6. the establishment of the audit reports; announcements and submit timely results internal audit under the provisions of Articles 26, 27 and 28 of this circular.
7. Develop, edit, Supplement, improve internal audit methodology and scope of internal audit activities to update, keep up the development of banking operations.
8. Implement processes to ensure the quality of the work of internal audit.
9. Set the record of the level of competence and the necessary requirements for internal auditors to do the recruitment base, promote, rotation of officers and professional training; recruitment and planning the layout to make sure remote monitoring work is ongoing; continuous training organizations in order to enhance and ensure the capacity for internal auditors.
10. Maintain frequent exchanges, consultations with independent audit institutions, State Bank (surveillance, Inspection Agency Bank, the State Bank branch) in order to ensure effective cooperation; as Coordinator, in collaboration with external agencies for the work related to the functions and duties of the internal auditor.
11. Advice for executives, Board, Board member credit institutions, branches of foreign banks and the Business Division made the project to build, apply new or modified these critical business processes; the operating management mechanism; the process of identification, measurement, risk assessment, risk management, evaluation method of capital; information systems, accounting, accounting; implementation of the new product, the condition does not affect the independence of the internal audit.
12. Perform other duties by the Board, the Board members, the Board of control.
Article 19. The powers of the Internal Audit Division 1. Are sufficient resources (financial, human resources and other media) needed.
2. Be actively perform tasks according to the audit plan was approved.
3. provide adequate, timely all the information, documents and records necessary for the work of internal audit.
4. Access, review all business processes, property when perform internal audits.
5. Access, interview all officials and employees of credit institutions, branches of foreign banks on issues related to the content of the audit.
6. Get your documents, documents, minutes of meetings of the Board, Board Member, Board of supervisors, managers, executives are relevant to the work of internal audit.
7. Attend internal meetings according to the provisions of the law, or under the provisions of the Charter, the internal regulations of the credit institutions, branches of foreign banks.
8. Monitoring, assessment and follow-up activities to repair, remedy, perfected by the leader of the unit, Department for the issue where internal audit has noted and is recommended.
9. Be safe guard action before any cooperation of the audited units.
10. Internal Auditors are trained regularly on the profession to have sufficient levels of expertise, perform the task assigned.
11. The other rights prescribed by law.
Article 20. The responsibilities of the Internal Audit Division 1. Document security, information in accordance with current legal provisions, the provisions of this circular, the Charter and internal regulations on the internal audit of the credit institutions, branches of foreign banks.
2. Responsible to the Control Board on the results of internal audit work, about the reviews, conclusions, recommendations, proposed in the internal audit report.

3. track the results of the following recommendations of the internal audit unit, Division of credit institutions, branches of foreign banks.
Section 4 POLICY and INTERNAL AUDIT PLAN article 21. Internal audit policy 1. The internal audit policy as a base, the base and the official guide for the work of the internal auditors and the internal auditors for each. Internal audit policy include internal rules on internal audit, the business conduct rules, internal regulations on the Organization and operation of internal audit, the internal audit process and relevant regulations.
2. the internal regulation on the internal audit of essential needs be philosophy, purpose, operating range, position, powers, functions and duties of the internal auditor within institutions, foreign bank branch and the relationship with the unit, other parts; including the requirements of objectivity, independence, basic principles, requirements on professional level and ensuring the quality of the internal audit. The internal regulation on the internal audit of the credit institutions, branches of foreign banks are built on the basis of conformity with the provisions of this circular and the provisions of relevant laws.
3. internal auditing process regulatory process and detailed instructions on the method of risk assessment, planning, internal audit annual plan audit, how to audit work, establish and submit audit reports, records, documents and internal audit. Internal audit procedures can be defined in the internal regulations of internal audit.
4. On the basis of the provisions of this circular, credit institutions, branches of foreign banks must develop policies and internal audit processes consistent with the particularities of the activities of credit institutions, branches of foreign banks. Credit institutions, branches of foreign banks be encouraged to apply the international practice of internal audit without conflicting with the provisions of this circular.
Article 22. The business conduct rule 1. Credit institutions, branches of foreign banks must build the business conduct rules and ensure the maintenance of professional ethical rules intended to promote culture and professional ethics in institutions in General, and in performing the work of internal audit. The internal auditor should ensure the proper implementation of rules of professional ethics in the process of implementation of the work of internal audit and consulting.
2. the internal auditor must make and maintain the rules of professional ethics of the following minimum: a) honesty: the internal auditor must perform the work delivered an honest, careful and responsible; compliance with the law and make the contents public work under the provisions of the law and the profession; unwittingly involved in any illegal activities, or participate in activities of prestige for the internal audit profession or for credit institutions, branches of foreign banks; always respect and strive to contribute effectively to the legitimate and legal targets of credit institutions, branches of foreign banks;
b) objective: Internal Auditors must show objectivity of career in the highest degree in the process to collect, assess and convey information on the activities or processes, or systems that are being audited. Internal Auditors should give a fair assessment of all the relevant issues and not dominated by private interests or goals by anyone else when making comments, reviews;
c) security: internal auditors respect the value and ownership of information received, not to reveal the information when there is a valid power of Attorney unless there is an obligation to disclose information under the provisions of the laws and regulations of the internal credit institutions, branches of foreign banks;
d) responsibilities: the internal auditor must always have a high sense of responsibility, striving to learn, constantly develop professional capacity, apply the knowledge, skills and experience to perform the work internal audit results;
DD) caution: Internal Auditors must have the interest and skills required of an auditor by careful attention to the following factors:-the amount of work needed to complete objectives;
-The level of complexity, the need or the respective importance of the problem to apply the process to ensure consistent;
-Fit and the effectiveness of management processes, control and administration;
-The possibility of serious flaws, the work rules;
-Costs for operation in comparison to the potential benefits.
3. the head of internal audit in addition to ensure the business conduct rules stipulated in paragraph 2 of this Article must also take measures to monitor, assess, manage, to ensure that the internal auditor comply with ethics rules.
Article 23. Internal audit plan annually 1. The base of the scale, the growth, the risk level of the activities and resources that we have, the head of internal audit plan internal audit annually, including the audit scope, object auditing, the audit objectives, audit time and the allocation of resources.
2. internal audit plan annually by credit institutions, branches of foreign banks must meet the following requirements: a) orientation according to the level of risk: the profession and the unit, the operating parts, high-risk operation to be audited at least once a year;
b) ensure inclusiveness: all the business processes, the unit, the operating division, operation of credit institutions, branches of foreign banks are to be audited; the process, the unit, the Department was rated as having the lowest risk must also be audited for at least 3 years;
c) Must reserve fund enough time to perform the audit of the Bank immediately upon request of the Board of control, or when the information about the wrong sign, marks a high risk in the audit object;
d) can be adjusted when there is fundamental change on the scale of activities, happenings or existing resources risks.
3. Before 30 November each year, the internal audit plan for the coming year must be submitted to the Board, the Board members, supervisory board, General Director (Manager) of the credit institutions; Before 31 December each year, foreign bank branch, the Control Board of the credit organization must be submitted to the plan this audit for the State Bank (surveillance, Inspection Agency Bank, the State Bank branch). The people's credit funds must only submit internal audit plan for the State Bank branch.
Article 24. Approval of the policy on internal audit, the internal audit plan 1. The internal audit policy (except internal regulations on the Organization and operation of internal audit) are Control Board discussed with General Manager (Director) and by the head of Supervisory Board approval and registration issued on the basis of unity with the Chair of the Board, the President of the Council members.
2. internal rules of organization and functioning of internal audit by the Chair of the Board, the Chairman of the Board of Directors for approval and registration issued on the basis of recommendations of the Board of control.
3. internal audit plan are Supervisory Board discussed with General Manager (Director) and by the head of Supervisory Board for approval on the basis of unity with the Chair of the Board, the President of the Council members.
4. within 10 working days from the date of approval, internal audit policy, the audit plan of the internal credit institutions, branches of foreign banks (except internal audit plan prescribed in paragraph 3 Article 23 this circular) must be sent to the State Bank (inspection bodies monitoring, Bank, State Bank of India branch) to know and monitor; The people's credit funds only must send the State Bank branch. The State Bank has the right to have comments or requests to modify content of the internal audit policy if not meet the provisions of this circular.
Article 25. Implemented internal audit plan 1. Head of internal audit implementation plan internal audit annually and the audit of special irregularly at the request of the Board, the Board members, supervisory board, General Director (Director).
2. The scope, cycle and audit methods, audit processes to ensure the results reflect the true status of the content to be audited.
Section 5-REPORTING MODE and SAVE the PROFILE, INTERNAL AUDIT DOCUMENTS Article 26. Audit report 1. The internal audit division of the credit organization must promptly set up, complete and submit the audit report to the Board, the Board members, supervisory board, General Director (Director) and the unit audited departments, within the time limit must not exceed 12 months from the date of the end of each audit.
2. the audit report must clearly: content audits, the audit scope; These reviews, conclusions about the content has to be audited and the base give this opinion; the weak, exists, errors, breach, exposition of the opinion the audit object; propose measures to repair, fix errors and process violations; proposed measures for rationalization, improvement of business processes; perfecting risk management policy, the organizational structure of credit institutions, branches of foreign banks (if any).
3. the audit report is the opinion of the Board of Directors of units, parts are audited. In case the unit is not consistent with the audit results audit, internal audit reports should state clearly the opinion of the unit and not the reason.
Article 27. Irregular reports 1. Head of internal audit to report irregular as specified below: a) to immediately report to the Supervisory Board, Board of management, Board members, the Director-General (Executive Director), State Bank (surveillance, Inspection Agency Bank, the State Bank branch) if the serious breach detection or when there is a high risk that can adversely affect the operation of credit organization.

b) timely notification to the person operating the unit audited operations if the exist stated in the audit report are not fix and fix promptly after a specified period of time.
c) after notifying the person operating the unit audited activities as defined in point b of this clause if the exists yet to be rectified and remedied, must promptly report in writing to the Board, the Board, the Board members and the ceo (Director) of the credit institutions.
2. where the internal audit branch of foreign banks due to the internal audit of headquarters or regional headquarters, mother Bank of foreign bank branch must report immediately to the State Bank (surveillance, Inspection Agency Bank, the State Bank branch) if the serious breach detection or when there is the risk can adversely affect the operations of a foreign bank branch.
Article 28. Annual audit report 1. At the latest 45 days after the end of the financial year, the head of internal audit should send the report synthesized the results of internal audit plans of previous years for the Control Board, the Board, the Board members, the Director-General (Executive Director). Report the results of the internal audit plan of the previous year are stated: the audit plan proposed; the audit work was performed; exist, major violations have been discovered; measures internal audit has recommended; evaluation of the internal control system relevant to the activity to be audited and to perfect the internal control system; the implementation of measures, recommendations, proposed by the internal auditor.
2. At the latest within 60 days from the end of the financial year, credit institutions, branches of foreign banks must submit a report on the results of the internal audit plan of the year before with the content as prescribed in paragraph 1 of this article for the State Bank (inspection bodies monitoring, the Bank, the State Bank branch). The people's credit funds must submit a report on the results of the internal audit plan of the year before for the State Bank branch.
Article 29. Records, documents and internal audit 1. Audit reports and records, audit documents must be saved in the internal audit division in accordance with the law.
2. Records, documents in each audit should be recorded into the text, save the sequence to the individual, the Organization (with the expertise and knowledge of Bank operations) mining authority can understand the work, the results of the audit.
Chapter IV LIABILITY of the RELEVANT UNITS section 1 RESPONSIBILITIES of CREDIT INSTITUTIONS, BRANCHES of FOREIGN BANKS article 30. The responsibilities of the Board, Board member 1. The unit of internal control system a) annual recurring, consider, evaluate the system of internal control; in which to note to identify, measure, assess and manage risk, capital assessment methodology, information systems in financial reporting and management information;
b) issued and periodically review and reassess business strategy and goals, major policies of credit institutions, branches of foreign banks;
c) ensures the General Manager (the Director) to establish and maintain an internal control system effective and reasonable; in which guarantees are systematically identify, measure, assess and manage risks; evaluation system of capital; the information system of financial reporting and management information, honest, reasonable, adequate and timely;
d) supervise and urge the timely implementation of the guidance, the State Bank's requirements on internal control system in credit institutions, branches of foreign banks, supervision and urge implementation.
2. for internal audit a) issued an internal regulation on the Organization and operation of the internal audit, which must contain provisions on the objective, mission, position, authority, responsibilities, reporting relationships, with other parts of the credit organization; the responsibilities and powers of the head of internal audit, the principles, the basic requirements of the internal audit under the provisions of this circular;
b) decide on the Organization of internal audit; appointment, dismissal of the Chief Internal Auditor and the other titles of the internal audit on the basis of recommendations of the Board of control.
c) equipped with sufficient resources (financial, human resources and other means) and create favorable conditions to ensure internal audit Division completed the tasks specified in this circular;
d) decided the implementation of the recommendations of internal audit; the urge, tracking the business units implement recommendations of the internal audit, take measures promptly when the report referred to in Article 26, article 27 and article 28 this circular or when the recommendations, proposed by the head of controlling, head of internal audit;
DD) decided the financial regime, the mechanism of salary, bonus, allowances for the internal audit division and the officers of this Department according to the authority.
Article 31. The responsibility of the Director-General (Executive Director) 1. As for the internal control system a) is responsible to the Board, the Board members, parent bank of foreign bank branches in implementing the business strategy and goals, major policies have been the Board, Board member of the parent bank, foreign bank branch through;
b) General Manager (Director) credit institutions, foreign bank branch is responsible for conducting the first test organization, reviews of the internal control system and to be responsible in the end for the rational, the validity and effectiveness of the internal control system;
c) establish, maintain and develop the internal control system and effective activities to meet the requirements for the identification, measurement, assessment and management of risk, methods of assessing reasonable capital, ensure credit institutions, branches of foreign banks operate safely , effective and correct law;
d) building, issued the specific business processes for all business activities of credit institutions, branches of foreign banks; make sure you have control policies, risk management policy associated with each specific business processes;
DD) maintain and implement decentralization, organizational structure, business management in a clear and effective;
e) ensure the maintenance of the system of financial information and management information is honest, reasonable, adequate and timely;
g) ensure compliance with the law and the bylaws, internal regulations, process;
h) annual periodic reports the Board, Board Member, Supervisory Board of credit institutions, the parent bank of foreign bank branch results in self evaluation of the internal control systems and make recommendations, propose to modify, Supplement, improve the internal control system;
2. for internal audit a) create conditions conducive to internal audit performs the tasks assigned and directed the unit, the operating parts, professional made in collaboration with the internal audit division in accordance with the internal regulations of internal audit or by direction of the Board , Board member.
b) urging the unit, the operating parts, professional implementation of the recommendations agreed with the internal audit department or under the direction of the Board, Board Member; notify the internal audit implementation of the recommendations agreed with the internal audit division;
c) to notify the internal audit attend meetings of internal meetings;
d) timely notification for an internal audit of all cases with losses or significant fraud, the case of the risk occurring risks, losses, loss, fraud;
d) ensure internal audit division was fully informed about the change, the new problems arising in the operation of credit institutions, initiatives, new products in order to determine soon the risks involved.
Article 32. The responsibilities of the Supervisory Board 1. As for the internal control system a) direction, operating the Internal Audit Division conducted review, reviews independently, impartially with regard to internal control systems, including identification systems and risk management; evaluation method of capital; the information system of financial reporting and management information; the process, the internal regulations of the credit institutions, branches of foreign banks;
b) periodically inform the Board, Board Member, ceo (Director) about the internal control system; given the recommendations, to edit, to perfect the internal control system.
2. for internal audit a) directed, Executive, overseeing the operation of the internal audit division;
b) scrutinize, reviews to ensure the effectiveness of the work of internal audit; the primary responsibility of ensuring the quality of the internal audit activity;
c) to ensure the work of internal auditors have appropriate position in credit institutions and no unreasonable obstacles to internal audit activities;
d) build, modify, Supplement and perfect the regular internal regulations on the Organization and operation of the internal audit process of the Board, Board members decided;
DD) approved the internal audit policy (except in cases specified in point d of this paragraph); approval, adjust the internal audit plan annually, according to the proposal of the head of internal audit, to ensure internal audit plans are oriented risks;
e) ensure effective coordination with the independent auditors, the State Auditor, State Bank (inspection bodies, monitoring Bank and State Bank of India branch);
g) review, the recommendations of the Board, Board members appointed, dismissed the Chief Internal Auditor and the other titles of internal audit; Organization of internal audit;
h) make reports directly to every agency, every level of credit institutions and in addition to credit institutions in accordance with the laws and regulations of the credit organization; Done sending the report to the State Bank as prescribed in this circular.

Article 33. The responsibilities of the Chief Internal Auditor 1. As for the internal control system to ensure the full implementation of all the functions, duties, and powers related to the audit work for the internal control system under the provisions of this circular and the internal regulations of the relevant credit institution.
2. for internal audit a) building internal audit plan yearly process of Control Board for approval;
b) organized the implementation of internal audit plan has been approved by the Supervisory Board and the audit of irregularly by the Board, the Board members, supervisory board, General Director (Director);
c) build, modify, Supplement and perfect the regular methods, policies, and processes internal audit process control board;
d) ensure internal auditors are trained regularly, having qualified, professional competence to perform the task of internal audit;
DD) adjust the internal audit plan, the Control Board for approval;
e) suggest people gather in various parts of the credit organization engaged in internal audit when necessary, with the condition to ensure independence of internal audit;
g) Attend the meetings of the internal regulations of the credit institution and the provisions of this circular;
h) report the Supervisory Board, Board of management, Board members, the Director-General (Executive Director) when it discovered the problems, weaknesses exist, the breach of the system and control of The operator;
I) tracking the implementation of recommendations following the audit; prepare and submit the reports as prescribed in this circular.
k) consider the proposed Control Board, the proposal of the Management Board, appoint the members of the Council, Deputy Head of internal audit and the other titles of internal audit; Organization of internal audit;
l) responsible to the Board, Board Member, Committee on audit results by the internal audit department performs.
Article 34. The responsibilities of internal auditors 1. Determine the full, reliable information, appropriate and helpful for the implementation of the audit objectives.
2. Based on the analysis and evaluation of the match to give the conclusions and results of audit independently, impartially.
3. save the relevant information to support the conclusions and results of the audit.
4. Be responsible before the law and before the Chief Internal Auditor on the audit results are delivered implementation.
Article 35. The responsibilities of the unit, the operating parts, for the operation of internal audit 1. Provide full information, documents and records necessary for the work of internal audit at the request of the Department of internal audit an honest, correct, not hide information.
2. Immediately notify the internal audit division when detecting the weak, exists, the wrong date, risk, large losses on the property (or the risk of loss of assets), or when there are changes in the system of internal control in his unit.
3. implementation of the recommendations agreed with the internal audit department and/or under the direction of the Board, Board member.
4. Create all favorable conditions for the Internal Audit Division to work most effectively.
Section 2 RESPONSIBILITIES of the STATE BANK of Article 36. The Agency's responsibility to inspect, monitor Bank 1. Perform inspections, monitoring compliance with the rules of the system of internal control and internal audit of credit institutions, branches of foreign banks under the provisions of this circular.
2. Annual periodic reviews of quality, efficient internal audit activities of the credit institutions, branches of foreign banks, strengthening consultation, coordination with the internal audit departments of credit organizations in order to enhance the effectiveness of the work of internal audit and inspection monitoring the credit institutions, branches of foreign banks.
3. Processed under the authority or the Governor of the State Bank to handle the cases of violation of the provisions of this circular and the provisions of relevant laws.
4. Guide the credit institutions, branches of foreign banks, the State Bank branch in the implementation of this circular.
Article 37. The responsibility of the State Bank branch 1. Perform inspection, monitoring or inspection agency coordinate with the monitoring, the Bank in the inspection, monitoring compliance with the rules of the system of internal control, internal audit of the credit institutions, branches of foreign banks have local headquarters under the provisions of this circular.
2. Processed under the authority or the Governor of the State Bank to handle the cases of violation of the provisions of this circular and the provisions of relevant laws.
3. Perform inspections, monitoring compliance with the rules of the system of internal control, internal audit of the people's credit fund as prescribed in this circular; Annual periodic reviews of quality, efficient internal audit activities of the people's credit funds.
4. receiving reports, the deployment plan internal audit of people's credit funds.
Chapter V ENFORCEMENT PROVISIONS Article 38. Transitional provisions 1. Within a period of 6 months from the date of this circular effect enforcement, credit institutions, branches of foreign banks must scrutinize, adapt, to ensure proper implementation of the guidelines, requirements, and regulations on the system of internal control, internal audit in this circular and send to the internal regulation of internal audit for the State Bank (inspection bodies monitoring, the Bank, the State Bank branch). Just send the people's credit funds for State Bank branch.
2. At the latest until 31 December 2012, credit institutions, branches of foreign banks must complete the adjustment organization internal audit under the provisions of the law on credit institutions and regulation in this circular.
Article 39. Effect 1. This circular effect since December 12, 2012.
2. Decision No. 36/2006/QĐ-NHNN dated Jan. 12/8/2006 by the Governor of the State Bank issued check regulation, internal control of credit institutions and decision No. 37/2006/QĐ-NHNN dated Jan. 12/8/2006 State Bank Governor's issued internal audit regulations of the credit organization expired from the date of this circular effect.
Article 40. Organizing Chief, Chief Inspector, bank supervision, heads of units of the State Bank of Vietnam, the Director of State Bank branch in the province, the city, the President and the members of the Board, Board Member, Chairman and members of the Board, General Director (Director) credit institutions foreign bank branches, and other organizations, the individual concerned is responsible for the implementation of this circular.
 

Related Laws