Circular 44/2009/tt-Nhnn: Regulations On The System Of Internal Control And Internal Audit Of Credit Institutions, Branches Of Foreign Banks

Original Language Title: Thông tư 44/2011/TT-NHNN: Quy định về hệ thống kiểm soát nội bộ và kiểm toán nội bộ của tổ chức tín dụng, chi nhánh ngân hàng nước ngoài

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$20 per month, or Get a Day Pass for only USD$4.99.
THE STATE BANK OF VIETNAM
Number: 44 /2011/TT-NHNN
THE SOCIALIST REPUBLIC OF VIETNAM.
Independence-Freedom-Happiness
Hanoi, December 29, 2011

IT ' S SMART

Regulation of internal control systems and internal audits

of the credit organization, the foreign bank branch

______________________

Vietnam State Bank Law School No. 46 /2010/QH12 June 16, 2010;

The Code of Credit: 47 /2010/QH12 June 16, 2010;

Base of Protocol 96 /2008/NĐ-CP August 26, 2008 by the Government of the Government Regulation, the mandate, the powers and the organizational structure of the State Bank of Vietnam;

The State Bank of Vietnam regulates the internal control system and internal audits of the credit organization, the foreign bank branch as follows:

Chapter I

COMMON RULES

What? 1. The adjustment range

This information regulates the internal control system and internal audits of the credit organization, the foreign bank branch.

What? 2. Subject applies

1. Credit Organization;

2. Foreign Banking Branch;

3. Organization, individuals with regard to internal control systems and internal audits of credit organization, foreign bank branches.

What? 3. Explain words

In this Information, the words below are understood as follows:

1. Internal control system is the set of mechanisms, policies, processes, internal regulation, organizational structure of the credit organization, the foreign bank branch that is built in accordance with the regulation at this Smart, and is held to ensure that it will be implemented. prevention, detection, timely handling of the risk and gaining the request.

2. Internal audit is the sweeping, independent assessment, objective of the internal control system; independent assessment of the appropriate and regulatory compliance, internal policy, procedures, processes that have been established in the credit organization, the bank branch, and the banking system. Foreign goods; offer recommendations to enhance the effectiveness of systems, processes, regulations, and contribute to ensuring that the credit organization is safe, effective, legally.

3. Internal audits are the people who perform the internal audit work of the credit organization, the foreign bank branch in accordance with the regulation at this Smart.

4. The Branch State Bank is the Provincial State Bank of the provincial branch, the city where the credit organization, the foreign bank branch is headquartered.

Chapter II

INTERNAL CONTROL SYSTEM

What? 4. The requirements and the operational principles of the internal control system

1. The risks are at risk of adversely affecting the effectiveness and operational goals of the credit organization, the foreign bank branch must be identified, measured, evaluated regularly, constantly to promptly detect, prevent and have a risk management measure, and the risks of their own. Yeah. When there is a change in business goals, products, services and new business operations, credit organizations, foreign bank branches must sweep, identify the relevant risk to build, modify, add processes, process internal control over the relevant internal business, and provide the value of the business. Yeah.

2. The operation of the internal control system is an inseparable part of the daily activities of the credit organization, the foreign bank branch. Internal control is designed, installed, organized in all business processes at all units, parts of the credit organization, the foreign bank branch in many forms, such as:

a) A clear, transparent, authoritated proxy; guarantee separation of duties, the powers of individuals, parts of the credit organization, foreign bank branch;

b) Regulation of a specific risk level for individual individuals, the department in the implementation of the transaction;

c) The regulatory process, approved and browsing for the implementation of the transaction; ensure that a career process must have at least 02 participating cadres, a person who performs the transaction and one transaction control, no individual can be alone and perform the transaction. decision a specific transaction process, a specific transaction, except for those in a limited amount of credit, the foreign bank branch that allows the law to be consistent with the law.

3. The authorization hierarchy must be established, made reasonable, specific, clear, avoidance of conflict of interest; ensuring a cadre of not taking charge at the same time, the duty of purpose, the right to conflict or overlap with each other; ensure every cadre. in the credit organization, the foreign bank branch that has no conditions to manipulate operations, does not transparency information for personal purposes or cover the conduct of violations of the rule of law and the internal regulation of the credit organization, details of which. The foreign bank.

4. Make sure to accept the accounting regime, the prescribed accounting and must have the internal information system on finance, in terms of operations, on the compliance situation in the credit organization, the foreign bank branch and the economic situation, the external external market, and the economy. Trusted, timely, effective, effective.

5. The information system, information technology of the credit organization, the foreign bank branch must be monitored, legally protected, safe and must have an independent backup management mechanism aimed at timely handling of the unexpected situations, including natural disasters, fires, fire, and other conditions. Detonation, the system is breached, guaranteed to comply with safety regulations, secure the banking system's information technology system, ensure regular, continuous business operations of the credit organization, the foreign bank branch.

6. Asking of cadres, employees of the credit organization, the foreign bank branch must all understand the importance of internal control activity; the role of individual individuals in the process of internal control is related to the function, the mission is delivered and given. has to be fully implemented, effectively the regulations, the internal control process involved.

7. The operator of the department, business unit and the relevant individual must regularly review, evaluate the validity and effectiveness of the internal control system; the existence, the inadequation of the internal control system must be reported in time with the management of the internal control system. Directly; existing, large inadequate may cause damage or risk risk must be reported immediately to the Director General (Director), Board of Directors, Board of members, Board of Control.

8. Individuals, parts at the levels of the credit organization, the foreign bank branch must regularly, constantly check and check out the implementation of the regulations, the internal process is relevant and be responsible for the results of the implementation of the operation. The transaction was delivered to the credit organization, the foreign bank branch, and before the law.

9. The unit leader, part of the credit organization, the foreign bank branch must report on the self-assessment results on the internal control system at its unit; propose a treatment of existing, inadequable (if available) to the management of the management level. Directly periodically or suddenly, at the request of the direct management leadership.

What? 5. Build and maintain the operation of the internal control system.

1. The credit organization, the foreign bank branch that has to build an internal control system that helps the General Manager (Director) to run transparency, safety and the right of all business operations of the credit organization, the foreign bank branch.

2. The credit organization, the foreign bank branch must regularly control the adoption of law and internal regulations; directly control of career activities across all sectors at the headquarters, the trading department, branch offices, the university office, and the public sector. The business unit and the subsidiary of the credit organization, the foreign bank branch. Credit organizations must regularly control the adoption of law and internal regulations on the affiliated company of the credit organization under the rule of law.

3. The credit organization, the foreign bank branch when it comes to finding the mistakes, entanged in business activity has to timely the planning and implement the remedied measure.

What? 6. Self-examination, assessment of internal control system

1. The annual, General Manager (Director) of the credit organization, the foreign bank branch must conduct a sweeping, inspection, assessment of the internal control system of each unit, executive division, business, industry, and business. The case

2. The self-examination, evaluation includes the sweep and evaluation of the completething, effectiveness and effectiveness of the internal control system based on determining and evaluating the risk, aiming to determine the existing problems of the internal control system and point out the risks of the internal system. changes required to the internal control system to handle, rectify those issues.

3. The Director General (Director) of the credit organization, the foreign bank branch must report on self-checking results, evaluate the internal control system above. This report must update the risks, summarate the main activities of the credit organization, the foreign bank branch, the respective related risks and test operations, control at the level of full credit organization, the banking branch of the country ' s banking banking system. Out, unit level, department and operation.

4. The self-examination report, assessment of the internal control system sent to the Board of Directors, Board of Membership, Board of Control and the State Bank (Agency for Inspects, Supervisor Bank; State Bank of the State Branch) in the 30-day period since July 1. the end of the fiscal year; the private credit fund sends to the State Bank of the Branch State.

What? 7. Independent review of internal control system

1. The operation of the internal control system of the credit organization, the foreign bank branch must be assessed independently by regulation at paragraph 3 Article 40 The credit organizations.

2. The independent assessment content of internal audits to the internal control system covers the sweep, evaluation, and reporting of the completething, effectiveness and effectiveness of the internal control system related to operations, the field of audits through which it is used for internal control. identify and evaluate the risk, determine the existence of the internal control system and indicate the necessary changes to the internal control system to handle, rectify.

3. The annual, internal audits of the credit organization, the foreign bank branch must perform the sweep, evaluate the proper, efficient, and effectiveness of the internal control system. The independent review report is part of the annual internal audit report.

Internal audit results must be reported in time to the Board of Directors, Board of Directors, Board of Control and to the General Manager (Director) of the credit organization, foreign bank branch co-sent to the State Bank (Agency for Inspects, Supervisor). Bank, the Bank of the State Branch, and the People's Credit Fund only report to the State Bank.

4. The independent review of independent audits to the internal control system is made under the regulation of the State Bank for independent audit of the credit organization, the foreign bank branch.

Chapter III

INTERNAL AUDIT

Item 1

GENERAL REGULATION

What? 8. The basic goal and function of internal audit

1. Activity for the safety, effectiveness of the credit organization, foreign bank branch, foreign bank.

2. Runder, independent review, objectiation, fitness, efficiency, and effectiveness of internal control systems to improve, complete internal control systems. To implement this goal, the unit of internal audit implementation is encouraged to perform consulting activities, participate in the construction process, improve and finn the internal control system with conditions that do not violate independent principles, objectimeter objectively. I mean, here's the message.

3. Detout and prevent acts of violation of the law; enhance the efficiency of management, run and operation of the credit organization, the foreign bank branch.

4. Secure the security of information and the ongoing operation of the active service information system.

5. Make recommendations to enhance the effectiveness of systems, processes, regulations, contribute to the assurance of credit organization, foreign bank branches operating safely, effectively, legally.

What? 9. The basic principles of internal audit

1. Independence: The organization and operation of independent internal audits with unit, executive division, the work of credit organization, foreign bank branch, cadre as an internal audit worker not at the same time to take up the affairs of the property. Internal audits; credit organization, foreign bank branch must ensure that internal audits do not take any interference when reporting and evaluating.

2. objectiality: Internal audit department, internal auditor must ensure objectiality, honesty, fair, non-prejudice.

3. Professional: Internal auditor must be the person with the knowledge, qualifications and internal audit skills required, not dual-term capacity, other specialized work of the credit organization, foreign bank branch; there is enough knowledge to do so. determining the signs of fraud, there is knowledge of risk in banking activities and information technology control measures to carry out the work delivered. Internal audits must have at least one auditor of sufficient knowledge, qualifications, performance skills control of key information technology and high technology audit techniques.

What? 10. The requirements to ensure compliance with the basic principles of internal audit are required.

1. Internal audits must have a fair attitude, not prejudice and avoid any conflict of interest. Internal auditor has the right and the obligation to report on issues that may affect the independence and objective of internal auditor in relation to the internal audit work of the head of the internal audit machine (later known as Chief auditor). Internal math.

2. Internal audits must hold, monitor and ensure the independence and objective of internal auditor. An independent or objective case is affected or may be affected, an internal audit chief must report to the Control Board.

3. In internal audit work, credit organization, foreign bank branch must implement the following regulations aimed at ensuring independence and objectiation, preventing lack of justice, prejudice and conflict of interest:

a) Internal auditor does not perform audits for regulation, internal policy, procedure, process by which auditor is the person responsible for the construction of regulation, internal policy, procedure, that process;

b) The internal auditor does not have the rights conflicts with the unit, the department is audits; the internal auditor is not made audits to the unit, the department that the operator unit, the department is the relevant person of the internal auditor. ministry;

c) The internal auditor is not involved in audits, the parts that the auditor is responsible for carrying out the operation or management of that department for the 3-year term since the decision does not take action or manage the department. That way.

There must be a test to ensure the independence and objective of internal audit work in the course of the execution of the audit at the unit, the department is auditable and in the set phase, send the audit report;

e) The audit records in the internal audit report must be carefully analyzed and based on the basis of data, information collected to ensure objectiation;

g) The effective implementation of the task of the internal audit chief must be checked by the Board to regularly check, review, evaluate;

h) Internal audits need to ensure independence, objectively when audits of activities, processes, parts that previously audits had advisory. In this case, internal audits have the right and obligation obligations and fully evaluate the procedures, processes, internal control systems. Responsibility for operations, processes, departments that have been auditfully auditated prior to the unit leadership are still fully operational, the department is audits.

4. Credit Organization, foreign bank branch must comply with regulation at paragraph 3 Article 9 and Article 13 This is to ensure the professionalum of internal audits.

What? 11. Make sure the quality of internal audit activity

1. The credit organization, the foreign bank branch must have the process of tracking and assessing the quality of the internal audit work. The credit organization, the foreign bank branch must conduct an internal review to the operation of internal audits to ensure the quality of internal audit activity.

Internal assessment for internal audit activity is the self-reassessment of internal audit activity at the end of the audit and the annual reassessment of the overall internal audit activity due to the internal audit itself made by the internal audit of the auditor. the quality of internal audit activity.

2. The annual internal assessment must be reported to the Board of Control and is noted in the annual internal audit report.

Item 2

ORGANIZATION AND OPERATION OF INTERNAL AUDIT

What? 12. The organization of internal audit

1. Internal audits of the credit organization (except for the specified case at paragraph 2 This) is organized into a uniform system by the vertical industry or organization of internal audits at the main meeting depending on the scale, extent, scope and operation of the operation. It's a credit organization. The internal audit was controlled by the Control Board and was under the direct direction of the Control Board.

2. For the human credit fund only 1 controls the charge without the Board of Control, the internal audit of the human credit fund due to the control of the officer in charge.

3. Base, level, scope and activity characteristics of the credit organization and on the basis of the Board's recommendation, the Board of Directors, the Board of Directors decided on the machine organization of internal audits, the salary regime, the reward, the provision of responsibility of the organization. Internal auditor, internal auditor, and internal auditor.

4. Internal audits of the foreign bank branch may be due to internal audits of the main assembly or the regional assembly, in accordance with the regulation at 1 Article 89 The credit organizations.

What? 13. Standards for internal auditor, Chief Internal auditor and Internal auditor General.

1. Internal auditor must have all the following standards:

a) A true quality, a sense of law.

b) There is knowledge, general understanding of the law, in terms of business administration and banking affairs;

c) There is a university degree that becomes appropriate, fully knowledgable, and has always been updated on the areas assigned to an internal audit; for an internal auditor of the civil credit fund that is available to the appropriate professionals.

d) There is the ability to collect, analyze, evaluate, and aggregate information;

There is knowledge, internal audit skills;

e) There is experience working in the financial sector, banking or as a minimum audit work of 3 years. The internal auditor's internal auditor must have a work experience in the financial sector, banking or as a minimum audit work of 01 years.

g) comply with the rule of career ethics in accordance with this Article 22;

h) Other standards set by the credit organization.

2. For the information technology auditor, in addition to the standards stated at 1 This must have a working experience in the field of information technology for a minimum of 3 years.

3. In addition to the regulatory standards at point a, b, d, e, g and point h 1 This Article, Internal auditor and minimum internal auditor must have a university degree in banking, finance, accounting, audits, and experience working as an asset. work in the financial sector, the minimum bank is 05 years. For the Head of Internal audits of the minimum human credit fund must have a median degree in banking, finance, accounting, audit and experience working in the financial sector, a minimum bank of 2 years.

What? 14. Appointment, dismissal of the titles of internal audit

1. Head of internal audits due to the Board of Directors, Board of Appointed Credit, exempt under the recommendation of the Head of Control; or by the competent Persons of the appointed parent bank, the dismissal of the foreign bank branch.

2. Deputy internal auditor and other titles of internal audits due to the Board of Directors, Board Member of the Appointment Credit, exempt under the recommendation of the Head of Control on the proposed basis of the Head of Internal audit; or by the President. The director (Director) of the foreign bank branch, appointed by the Chief auditor General's recommendation.

What? 15. Internal audit scope

The scope of internal audit includes:

1. Compact all activities, career processes and units, department of credit organization, foreign bank branch; and other business organizations; and more.

2. Audit of the Breakthrough and Consultated on the requirements of the Board of Directors, Board of Membership, Board of Control, General Manager (Director).

What? 16. Internal audit of internal audit

1. The main content of internal audit activity is to assess the full, effectiveness and effectiveness of the internal control system.

2. Depending on the scale, the level of risk as well as the specific requirements of each credit organization, the foreign bank branch, audit internal audits, evaluate the following content:

a) The full extent, validity and effectiveness of the internal control system;

b) The application, effectiveness, effectiveness of the implementation of policies and the risk management process of the credit organization, the foreign bank branch including the processes implemented by the information technology system;

c) Full, accurate and secure of the management information system and financial information systems, including electronic information systems and electronic banking services;

d) In full, timely, honest, reasonable, and accurate level of accounting accounting and financial statements by law.

Compliance with the laws of law, regulation of safety guarantees in the operation of the credit organization, foreign bank branch, internal regulation, process, business rule, career ethics rules;

e) The mechanisms, policies, processes, internal regulation, organizational structure of the credit organization, the foreign bank branch;

g) The measures to ensure the safety of the property. Offering recommendations to improve the efficiency of systems, processes, regulations, contribute to the assurance of credit organization, foreign bank branches operating safe, effective, legal;

h) Assessment of the economics and effectiveness of the activities, of the use of resources, thereby determine the level of the right level between the operational results achieved and the target activity objective;

i) Perform other content that is relevant to the function, the task of internal audit at the request of the Board of Control and of the Board of Directors, Council Member;

n) In addition to the regulations stating at points a, b, c, d, e, e, g, h, i paragraph 2 This, the foreign bank branch does an audit by the regulation of the parent bank, which is consistent with the regulation at this Smart.

What? 17. Internal audit execution method

1. Internal audit implementation method is the "risk-driven" audit method, which priorititiates resources to audit units, parts, and processes that are evaluated to have a high level of risk.

2. Internal audit must identify, analyze, evaluate the risks and build risk profile for each operation of the credit organization, the foreign bank branch. Risk profiles include the entire potential risk, the possible impact of those risks to the operation of the credit organization, the foreign bank branch, and the possibility of those risks. Based on the assessment of the impact, the likelihood of the risks; each risk is classified as high, medium or low risk. Evaluation, classification of risk must be performed at least once a year.

3. The risk assessment result will be the base for Chief auditor to work with the Board of Control, General Manager (Director) and Board of Directors, Council Member in the process of an annual internal audit planning. The risk activities will be ranked in the order from high to low, in which activities that are considered highly risky will be prioritiled to focus more resources, more time for audit, pre-audits and audits more frequently than the other. activity has a lower risk.

4. The internal audit plan must be built based on the risk assessment results and must be updated, changed, adjusted in accordance with the acting, changes in the operation of the credit organization, the foreign bank branch and the change of the changes, and the changes. The risk comes with it.

Section 3

TASKS, POWERS AND RESPONSIBILITIES OF THE INTERNAL AUDIT DEPARTMENT

What? 18. Internal audit division.

1. Build an internal audit career process at the review of the review control board, approved after reports of the Board of Directors, Board of members.

2. The annual internal audit planning or the breakthrough and implementation of an internal audit operation under the plan or audit of a breakthrough at the request of the Board of Directors, Board of Member, Board of Control; implementation of policies, processes and procedures. Internal audit was approved, quality assurance and efficiency.

3. Check, review, assessment independently, objectively for all units, departments, activities of the credit organization, foreign bank branch (policy, procedures, processes, or problems in operation) based on the level of risk (high, credit, etc.). medium or low) and the level of influence on the operation of the credit organization, the foreign bank branch. For all the problems that could adversely affect the operation of the credit organization, the foreign bank branch outside of internal audits needs timely notice of the nature and influence on the operation of the credit organization, the foreign bank branch and the foreign bank branch. to make practical recommendations to prevent, overcome these problems.

4. Recommendations for correctmaking, error remediation; petitions for handling violations; proposals for improvement, to improve efficiency, effectiveness of internal control systems.

5. Assessment of the suitable level of activities to prevent, rectify weaknesses that have been reported; activities aimed at fining internal control systems; and tracking until these problems are dealt with.

6. Set up an audit report; inform and submit timely internal audit results as specified at Article 26, 27, and 28.

7. Development, edit, supplement, complete internal audit methods and range of internal audit activities to be able to update, keep up with the development of bank activity.

8. Make the process of ensuring the quality of internal audit work.

9. Set up the profile of competence and requirements required for an internal auditor to serve as a recruitment basis, promotion, cadet rotation, and fostering professional expertise; recruitment planning and full personnel layout to ensure the work of the company. Continuous monitoring is ongoing; the continuous training organization aims to enhance and ensure professional capacity for internal auditor.

10. Maintenance of consultation, regular exchange with independent audit organization, State Bank (Inspector Inspector, Banking Supervisor, Bank of the State Branch) aims to ensure effective cooperation; as the coordinating unit, in coordination with the agencies on the basis of the operation. In addition to the work-related work, the task of internal audit.

11. Consultates for the Executive, Board of Directors, Council Member Council Credit, foreign bank branch and business departments implementing construction projects, new application or modification of important business processes; governance mechanisms, and other issues of governance, and more. Operating; process identification, measurement, risk assessment, risk management, capital assessment methods; information systems, accounting, accounting, new products, new products with conditions that do not affect the independence of internal audits.

12. perform other duties provided by the Board of Directors, Council of Membership, Board of Control.

What? 19. Internal audit division powers

1. equipped with adequate resources (manpower, finance, and other means) needed.

2. Being actively performed by the task under the audit plan was approved.

3. Provided fully, in time of all the information, documents, files needed for internal audit work.

4. Be approached, review all of the business processes, the property when performing an internal audit.

5. Get access, interview all the cadres, employees of the credit organization, the foreign bank branch on matters related to the audit content.

6. Get the document, text, committee meeting of the Board, Board of Membership, Board of Control, The Manager, The Executive is relevant to the work of internal audit.

7. Be attended by internal meetings under the rule of law, or by regulation at the Charter, the internal regulation of the credit organization, the foreign bank branch.

8. To be monitored, evaluated and monitored for the repair, corrects, finishing of the leadership of the units, the department for matters that internal audits has noted and has recommended.

9. Safe protection against the uncooperative action of the unit audits.

10. Internal auditor trained regularly for a career in order to have sufficient qualifications, professional capacity to perform tasks assigned.

11. Other powers according to the rule of law.

What? 20. Internal audit division

1. Document security, the correct information regulation of the existing law, the regulation of this Privacy, the Rules and Internal Regulation of the internal audit of the credit organization, the foreign bank branch.

2. Responses to the Board of Control for the results of internal audit work, in terms of reviews, conclusions, petitions, proposals in internal audit reports.

3. Trace the results of the following petitions following internal audit of the units, the credit organization division, the foreign bank branch.

Section 4

POLICY AND INTERNAL AUDIT PLANS

What? 21. Internal audit policy

1. Internal audit policy is the base, base, and formal guidance for internal audit work and for each internal auditor. Internal audit policies include internal regulation of internal audits, occupational ethics code, internal regulation of organization and internal audit activities, internal audit processes, and related regulations.

2. Internal Regulation of internal audits needs to be generalized, the purpose, the scope of activities, positions, permissions, functions, tasks of internal audits in credit organization, foreign bank branches and relationships with units, other departments; There are requirements for independence, objectiation, basic principles, requirements for expertise and the quality assurance of internal audits. Internal regulation on internal audits of the credit organization, the foreign bank branch is built on the basis in accordance with the provisions of this Information and the provisions of the relevant law.

3. Internal audit procedure rules processes and detailed guidelines on risk assessment methods, annual internal audit planning, audit of each audit, how to perform audit work, establish and submit audit reporting, storage, and audit reporting. Preliminary, internal audit document. Internal audit processes can be regulated at internal regulation of internal audit.

4. On the basis of the regulations at this Smart, credit organization, foreign bank branches must build policies and internal audit processes in line with the operating characteristics of the credit organization, the foreign bank branch. The credit organization, the foreign bank branch, is encouraged to apply international regulations on internal audits if there is no conflict with the regulations at this level.

What? 22. Career ethics rules

1. The credit organization, the foreign bank branch that must build a career ethical code and ensure maintaining the ethical code of ethics aimed at promoting career ethics culture in credit organization in general, and in the implementation of the work ethic, he said. Internal audit. Internal auditor must ensure the correct execution of a career ethic in the implementation of internal audit and consultation.

2. Internal auditor must implement and maintain the following minimum career ethics rules:

a) honesty: an internal auditor must perform the job delivered in an honest, careful and accountable manner; comply with the law and carry out public work content under the regulation of law and profession; not subject to intervening in law. to any illegal activity, or to participate in a discredancy activity on an internal audit profession or for credit organization, foreign bank branch; always respecting and striving to contribute effectively to the goals of the United States. The legitimate and legitimate organization of the credit organization, the foreign bank branch;

b) objectively: internal auditor must show the career objective at the highest level during the collection, evaluation, and transmission of information about the operation or processes, the system has or is being audable. Internal auditor must give a fair assessment of all the relevant issues and not be governed by the goal of their own rights or by anyone else when making comments, reviews of its own;

c) Security: internal auditor must respect the value and ownership of the information received, not to disclose information when a valid authorization unless an obligation to disclose information in accordance with the rules of the law and the internal regulation of the credit organization. And the branch of the foreign bank;

d) Accountability: internal auditor must always be highly responsible, strive to learn, continually develop professional competability, apply knowledge, skills, and experience to perform the most effective internal audit work;

Caution: internal auditor must have the necessary interest and skills of a careful auditor by paying attention to the following factors:

-The amount of work required to complete the proposed target;

-The level of complexity, the necessity or importance of the corresponding importance of the problem to apply the appropriate assurance process;

-The suitcase and effectiveness of management processes, control and control processes;

-The possibility of severe errors, the left-of-the-rule.

-Cost of activity in comparison with potential benefits.

3. Head of internal audits in addition to ensuring career ethics rules stipulated at paragraph 2 This also has to take on track, assessment, management to ensure internal audits compliance with career ethics rules.

What? 23. The annual internal audit plan

1. Base-scale, growth rate, the risk level of existing operations and resources, the Chief auditor of the internal audit builds an internal audit plan annually, including the scope of audit, audit subject, audit goals, audit timers, and audits. The allocation of resources.

2. The annual internal audit plan of the credit organization, the foreign bank branch must meet the following requirements:

a) The orientation of the degree of risk: tasks and units, operating departments, high-risk tasks must be audits at least once a year;

b) Comprehensive assurance: all business processes, units, operating departments, the work of the credit organization, the foreign bank branch are all audits; processes, units, and department are judged to have the lowest risk as well. audits at least every 03 years;

c) A sufficient time fund must be required to make a sudden audit of the mutation immediately upon the request of the Control Board, or when there is information on the error signs, the high risk sign in the audit subjects;

d) Can be adjusted when there is a fundamental change in activity scale, risk acting or existing resources.

3. Before November 30, an internal audit plan for the next year must be submitted to the Board of Directors, Board Member, Board of Control, General Manager (Director) of the credit organization; Prior to December 31 each year, the branch of the state bank. In addition, the Control Board of the credit organization must be submitted this audit plan to the State Bank (the Ombudstation, the bank oversight, the Branch State Bank). The People ' s Credit Fund only has to submit an internal audit plan to the Branch State Bank.

What? 24. Internal audit policy approx, internal audit plan

1. Internal audit policy (except internal regulation on the organization and operation of internal audits) is discussed by the Board of Control with the General Manager (Director) and by the Head of Appropriation Control and Board on a uniform basis with the Chairman of the Council. governance, Chairman of the Board of members.

2. Internal regulation on the organization and operation of internal audits due to the Chairman of the Board of Directors, Chairman of the Board of Appropriers and the Board on the basis of the Board's recommendation.

3. The internal audit plan is discussed by the Board of Control with the General Manager (Director) and by the Head of the Approving Control Board on a unified basis with the Chairman of the Board of Directors, Chairman of the Board of members.

4. In the 10-day period of work since approval, internal audit policy, internal audit plan of the credit organization, foreign bank branch (excluding internal audit planning stipulated at paragraph 3 Article 23 of this Information) must be sent to the bank. for the State Bank (Agency for Inspects, Bank oversight, State Bank of the Branch State) to know and follow; the Human Credit Fund only has to send to the State Bank of the Branch State. The State Bank has the right to have an opinion or a request for a revision of the internal audit policy if it has not met its provisions.

What? 25. Make an internal audit plan

1. Internal auditor organizes implementing an annual internal audit plan and special breakthrough audits at the requirements of the Board of Directors, Board of Members, Board of Control, General Manager (Director).

2. The scope, cycle, and method of audit, the audit process must ensure that the audit results reflect the correct state of auditable content.

Section 5

REPORT MODE AND FILE STORAGE, INTERNAL AUDIT DOCUMENTATION

What? 26. audit report

1. The internal audit department of the credit organization must be timely, complete and submit audit reports to the Board, Board of Membership, Board of Control, General Manager (Director) and unit, the auditor of the audit in the maximum deadline is not too late. 1 month, since the end of every audit.

2. The audit report must present a clear presentation: audit content, audit scope; reviews, conclusions about the audits that have been audits and the basis of these opinions; the weaknesses, the existence, the errors, the breach, the process opinions of the test object. accounting; petition for correcalization measures, error remediation and breach of violation; proposals for rationalization, process improvements; complete risk management policy, organizational structure of credit organization, foreign bank branch (if available).

3. The audit report must have the opinion of the unit leadership team, the department is audits. In the case of an audit unit that is not consistent with audit results, the internal audit report needs to specify the ununified opinion of the unit and the reason.

What? 27. Breakthrough Report

1. Head of internal audit reported in the following regulation:

a) Report immediately to the Board of Control, Board of Directors, Board of Directors, General Manager (Director), State Bank (Agency for Inspects, Banking oversight, State Bank of the State Branch) if there are serious errors or when it is found. High risk risk may adversely affect the operation of the credit organization.

b) The timely notice for the Operator Operator can be audable if the existing existence in the audit report is not corrected and remedied in time after a specified period of time.

c) After having informed the unit operator whose activities are audable under the regulation at this b point, if the existence remains uncorrected and remedied, it must be reported in time by text to the Board of Control, Board of Directors, Council of the City. And the Director General of the credit organization.

2. The case of internal audit of the foreign bank branch due to internal audits of the main meeting or the regional assembly of operations, the parent Bank of the foreign bank branch must report immediately to the State Bank (the inspection agency, overseeing the bank). A branch of the state, the Bank of the State, if there are serious mishaps or threats that may adversely affect the activities of the foreign bank branch.

What? 28. Annual audit report

1. At least 45 days from the end of the fiscal year, the Chief auditor must submit a combined report that results in an internal audit plan of the previous year to the Board of Control, Board of Directors, Council of Membership, General Manager (Director). The report aggreging results of the internal audit plan of the previous year must be specified: the audit plan has already been proposed; the audit work has been made; existing, large misconduct has been discovered; the measure that internal audits has petied; reviews of Internal control systems involve audits and proposed activities aimed at fining internal control systems; the situation implementing measures, petitions, suggestions of internal audits.

2. At least 60 days from the end of the fiscal year ending, the credit organization, the foreign bank branch must send a combined report on the results of the implementation of the internal audit plan of the previous year with the same content as regulation at 1 Article to the Bank. It ' s the State Department, the banking watchdog, the Bank of the State Bank. The People ' s Credit Fund must submit a joint report on the results of the implementation of the internal audit plan of the previous year to the Branch State Bank.

What? 29. Save file, internal audit documents

1. The audit and filing report, audit documents must be saved at the internal audit department as defined by the law.

2. Records, documents in each audit must be written to text, save on the sequence for individuals, organizations (whose expertise and understanding of banking activities) have the exploitation authority that can understand the work, the results that carry out the results of their work. The audit.

Chapter IV

THE RESPONSIBILITY OF THE UNITS INVOLVED

Item 1

THE RESPONSIBILITY OF THE CREDIT ORGANIZATION, THE FOREIGN BANK BRANCH.

What? 30. Board of Directors, Board of Directors

1. Internal Control Systems Unit

a) periodically, review, reassessment of internal control systems; in which need to be mindful of the identification system, measurement, evaluation, and risk management, capital evaluation methods, financial reporting information systems, and management information;

b) Board and periodically review, reassess the business strategy and the objectives, the large policy of the credit organization, the foreign bank branch;

c) Ensure that the General Manager (Director) establishes and maintains a reasonable and effective internal control system; which ensures that there must be a system of identification, measurement, evaluation, and risk management; the capital evaluation system; the financial reporting information system. and information on honesty management, reasonable, full and timely;

d) Surveillance and foreman timely implementation of the direction of the directive, the State Bank requirements for internal control systems at credit organization, foreign bank branches, supervising and managing the implementation.

2. For internal audit

a) The organization of internal regulation on the organization and operation of internal audits, which must have the regulation of objectives, duties, status, authority, liability, reporting modes, relationships with other parts of the credit organization; responsibility, the powers of the organization, and the organization. Internal audit chief, principles, the basic requirement of internal audit by regulation at this Smart;

b) The decision on the machine organization of internal audit; appointment, exempt from the Chief of Internal audit and other titles of internal audit on the basis of the Board's recommendation.

c) Tranquated sufficient resources (manpower, finance and other means) and facilitates the internal audit department to complete the prescribed tasks at this Smart;

d) Decided the implementation of the petitions of internal audit; the governor, which tracks the task units that implement the petition of internal audits, measures timely processing when there are reports stated at Article 26, Article 27 and Article 28 of this information or when possible. the petitions, the proposal of the Head of Control, Head of Internal audits;

) Deciding the financial regime, the wage mechanism, the reward, the qualifications for the internal audit department and the cadres of this department according to the jurisdiction.

What? 31. Director General Manager (Director)

1. For internal control system

a) Responde to the Board of Directors, Council of members, the parent bank of the foreign bank branch in the implementation of the implementation of business strategy and objectives, the large policy has been under the Board of Directors, Council Member, budget. the mother of the foreign bank branch through;

b) The general manager (Director) of the credit organization, the foreign bank branch of which is the first responsible person to conduct the test organization, evaluate the internal control system and must be ultimately responsible for the rationing, effect, and effectiveness of the organization. of the internal control system;

c) Setting, maintaining and developing rational internal control systems and responsive activity is required for identification, measurement, evaluation, and risk management, rational capital evaluation, assurance of credit organization, water bank branch, and bank management. In addition to safe, effective, and lawfully functioning;

d) Build, enact specific career processes for all business operations of the credit organization, foreign bank branch; ensure that there is control policy, risk management policy tied to each specific business process;

) Maintain and implement organizational structure, devolve authorization, business management in a clear and efficient manner;

e) Make sure to maintain the financial information system and honest, reasonable, full and timely management information;

g) Ensure compliance of the compliance of law and the statutes, processes, internal regulation;

h) The annual periodic review of the Board of Directors, Council of members, the Credit Organization Control Board, the parent bank of the foreign bank branch of the foreign bank branch results self-assessment of the internal control system and petition, proposed to edit, replenish, complete. Internal control system;

2. For internal audit

a) Create a favorable condition for internal audit execution of tasks assigned and directing units, operating parts, the task of performing coordination of work with the internal audit department under the rules of internal regulation of internal audits or in accordance with the internal audit. the direction of the Board of Directors, Council of Membership.

b) Chief of units, executive parts, the task of carrying out petitions that united with the internal audit department or under the direction of the Board of Directors, Council of the Member; inform the internal audit department the situation implementation of these tasks. petition has unified with internal audit division;

c) The notification for internal audit of the internal meetings;

d) timely notice to the internal audit department on all cases of significant losses, losses or significant fraud, cases of risk of risk, loss of loss, loss, fraud;

d) Make sure that the internal audit department is fully informed of the changes, new birth problems in the operation of the credit organization, initiatives, new products aimed at early determining the risks involved.

What? 32. Board of Control

1. For internal control system

a) Command, which runs the internal audit department that performs the sweep, independently evaluate, objectively to the internal control system, which includes the risk identification and management system; capital evaluation methods; the information system reporting the financial and financial reporting system. the primary and the management information; the processes, the internal regulation of the credit organization, the foreign bank branch;

b) periodically announcing the Board of Directors, Council of Membership, General Manager (Director) on the internal control system; recommendations, proposals to modify, complete internal control systems.

2. For internal audit

a) Direct conduct, operating, monitoring operations of the Internal Audit Department;

b) Runder, evaluation to ensure the effectiveness of internal audit work; the primary responsibility for ensuring the quality of internal audit activity;

c) Ensure that internal audit work has a proper position in the credit organization and there are no adverse obstacles to internal audit activity;

d) Build, modify, replenelate and regularly complete the internal regulation of the organization and operation of the internal audit of the Board of Directors, the Board Member decided;

The Internal Audit Policy (except for the specified case at this d-point); approval, which regulates the annual internal audit plan at the recommendation of the Chief auditor General, which ensures internal audit planning is oriented at risk;

e) Enabling effective coordination with independent audits, State audits, State Bank (Inspector, Banking and Banking Administration);

g) Consider, recommend the Board of Directors, the appointed Member Council, exempt the Chief of Internal audits and other titles of internal audit; the apparatus organization of internal audit;

h) Make a direct report on every agency, every level in the credit organization and outside the credit organization by the rule of the law and the provisions of the credit organization; the implementation of reports to the State Bank by regulation in this Information.

What? 33. Internal audit chief

1. For internal control system

Ensuring full performance of all functions, duties, powers associated with audit work on the internal control system by regulation at this Smart and relevant internal regulations of the credit organization.

2. For internal audit

a) Building a yearly internal audit plan to approve approval;

b) The organization of the implementation of an internal audit plan has been approved by the Board and the groundbreaking audits due to the Board of Directors, Board of Membership, Board of Control, General Manager (Director);

c) Build, modify, replenelate and regularly complete the methodology, policy, internal audit process of the Control Board;

d) Ensure that the internal auditor is trained regularly, with sufficient qualifications, expertise to perform internal audit duties;

) Regulating Internal Audit Planning, Approval Control Board;

e) Proposal to display people in other parts of the credit organization participate in internal audits when necessary, with the condition ensuring the independence of internal audits;

g) attend the internal regulatory meeting of the credit organization and regulation at this Smart;

h) Report of the Board of Control, Board of Directors, Council of Membership, General Manager (Director) upon the discovery of weak, existing issues, the errors of the control system and of the Executive;

i) Watch the implementation of post-audit petitions; set up and submit reports as prescribed at this Smart.

l) Review, proposes the Board to recommend the Board of Directors, the Board of appointed Member, dismissal of the Deputy Chief Audit Officer and other titles of internal audit; the apparatus organization of internal audit;

l) is responsible to the Board of Directors, Board of Member, Board of Control on the results of audit results performed by the internal audit department.

What? 34. Internal auditor

1. Define the full, reliable, and useful information for the implementation of audit goals.

2. Based on the appropriate analysis and evaluation to make the conclusion and the audit results independently, objectively.

3. Save the relevant information to support the conclusions and give the audit results.

4. Accountable to the law and before the Chief of Internal audit of the results of the audit is delivered.

What? 35. The responsibility of the units, the operating division, the impact on internal audit.

1. Provide full information, documents, documents necessary for the work of internal audit at the request of the internal audit department in an honest, accurate manner, are not covered with information.

2. Notice immediately for internal audits when detection of weak, existing, mishaps, risks, large losses of property (or risk of asset failure), or when changes in the internal control system at its unit.

3. Do the petitions that have united with the internal audit department and/or at the direction of the Board of Directors, the Board of members.

4. Create all the most favorable conditions for the internal audit department to work on the highest efficiency.

Item 2

THE RESPONSIBILITY OF THE STATE BANK

What? 36. The responsibility of the Inspector Agency, bank oversight

1. Make an inspection, oversee compliance with the internal control system regulations and internal audit of the credit organization, the foreign bank branch in accordance with this Information.

2. The annual periodic assessment of quality, effective internal audits of credit organizations, foreign bank branches, increased consultation, coordination with the internal audit department of credit organizations to enhance the efficiency of the company ' s business, and to improve efficiency and efficiency. Internal audits and inspection, monitoring of credit organizations, foreign bank branches.

3. Handled by the authority or the Governor of the State Bank to handle cases of violation of the regulations at this level and the regulation of the relevant law.

4. Guide to the credit organizations, the foreign bank branch, the State Bank branch of the Branch State in the implementation of this Information.

What? 37. State Bank of Branch State Bank

1. Make the inspection, monitor or coordinate with the Ombudgetary Authority, monitor the bank in the inspection, monitor compliance with regulations on the internal control system, the internal audit of the credit organization, the foreign bank branch headquartered in the United States. It ' s the main place on the table in the United States.

2. Procnotified by the authority or the Governor of the State Bank to handle cases of violation of the regulations at this level and the regulation of the relevant law.

3. Make the inspector, oversee compliance with the internal control system regulations, internal audit of the human trust fund by regulation at this Smart; periodically evaluating the quality, efficiency of the internal audit operation of the credit fund, and an internal audit. the people.

4. Receive the report, the plan to deploy the internal audit of the people ' s credit fund.

Chapter V.

EXECUTION CLAUSE

What? 38. transition regulation

1. For the 06-month period from this date of this private day that the enforcement effect, credit organizations, foreign bank branches must self-control, adjust, ensure the right implementation of principles, requirements, regulation of internal control systems, internal audits, and security. ministry at this Smart and send an internal statute of internal audit to the State Bank (the Ombudgt, the banking watchdog, the State Bank of the Branch State). The People's Fund is only sent to the State Bank.

2. Slow down to December 31, 2012, credit organization, foreign bank branch must complete the regulation of internal audit organizational structure under the provisions of the Law of Credit Organizations and Regulations at this Smart.

What? 39.

1. This message has been in effect since 12 February 2012.

2. Number Decision 36 /2006/QD-NHNN August 1, 2006 of the Governor of the State Bank of the State of the State of the State of the State of the State of the State Board of Regulation, Internal Control of Credit Organization and Number Decision 37 /2006/QD-NHNN August 1, 2006 of the Governor of the State Bank of the State Bank of the State Bank of the United States enacted the internal audit of the credit organization expires since this date is valid.

What? 40.

Chief of Staff, Chief Inspector, bank supervisor, Head of Units of the State Bank of Vietnam, Director of the State Bank of the State Branch of the Provincial Branch, City, President and Board members, Board Member, Head of Board and Member of the Council. The Board of Directors, the Director General (Director) of the credit organization, foreign bank branch and organizations, the relevant individual is responsible for this information ./.

KT. GOVERNOR.
Vice Governor.

(signed)

Chen Ming Tuan