1

International Conference on Accounting, ICOA 2015, 22 May 2015, Danang, Vietnam

A THEORETICAL MODEL STUDYING THE IMPACT OF INTERNAL CONTROL ON

PERFORMANCE AND RISKS OF VIETNAM COMMERCIAL BANKS
Nguyen Tuana, Duong Nguyen Hungb
a
Accounting & Finance Faculty, Nha Trang University, Nha Trang city, Khanh Hoa province,
Vietnam, nguyentuandhts@[Link]
b
Accounting Faculty, University of Economics, The University of Danang, Da Nang city,
Vietnam, toolympia@[Link]
ABSTRACT
The purpose of this study is to provide a theoretical model examining impact of Internal
Control (IC) on control objectives, including performance effectiveness and risk management of
Vietnam commercial banks. The study uses the agency theory and contingency theory approach,
with literature review of empirical researches in IC. In term of result, the authors collect together
some definitions of IC; using the framework of COSO, Basel and related Vietnam regulations for
commercial banks, research builds a theoretical model on the impact of IC to the Vietnam
commercial banks’ performance effectiveness and risks. This result helps find the theoretical
relationship between IC and performance effectiveness, as well as between IC and commercial
banks’ risks. Simultaneously, the authors determine the research problems and hypotheses based on
the above model.
Keywords: Internal control; performance; risk management; commercial banks
Introduction
All enterprises aim to perform effectively, manage the business risks, comply with laws and
regulations, and prepare reliable financial statements. However, during the operations, they expose
to the potential risk of not achieving these objectives due to weaknesses of managers, staff or a third
person that cause risks and reduce their performance. Building IC is one of the solutions to evaluate
and manage risks, improve performance effectiveness and achieve business objectives.
In recent years, the commercial bank system in Vietnam has considerably developed in term of
asset size, branch-office system, products and services, and the information technology system.
However, besides growth in size and profit, the bank system is facing many limits, weaknesses and
has potential risks.
While the banking system tends to expand in size, its performance is unstable, and lots of risks
arise and need to be resolved like bad debt, potential bankruptcy of banks. One of the urging
strategic solutions is to establish and upgrade IC of commercial banks (Podpiera, R., 2006). IC
becomes an important self-defense system against risks, which enhances effectiveness of banks’
performance.
In reality, IC activities at Vietnam commercial banks has been recently mentioned in term of
theory and application, however, during implementation confusion arises due to the lack of
theoretical knowledge and practical experience. Therefore, IC is underestimated by most of
commercial banks, and is perceived and applied differently.
Besides, the State Bank has proposed the Circular no. 44/2011/TT-NHNN on 29/12/2011 about
the IC of financial institutions and foreign banks. This is the rising sign of the regularization
 2

tendency of IC in Vietnam; in other words, the State Bank has put IC to the right place as a demand
in bank risk management.
From the above reasons, it is necessary to conduct research in IC at Vietnam commercial banks
as this will lead banks to an effective and efficient IC. Research on IC will increase the
compatibility of IC in banks, which improves the management effectiveness and compliance to IC
regulations of central bank; help Vietnam commercial banks achieve operational objectives, bring
in high performance and decent risk management.
Theoretical framework
Agency theory approach
According to articles of Coase, R.H. (1937) and Berle, A.A. & Means, G.C. (1967), agency
theory became an important framework to help researchers examine the nature of conflicts between
owners and managers of an organization, thus finding the appropriate solutions to solve these
conflicts. It is perceived as agency problems arise when the counterparties have different objectives
and work assignment (Jensen, M.C. & Meckling, W., 1976; Ross, S., 1973). Specifically, it focuses
on agency relationships; in which, one party is the owner and the other is the manager (the agent).
Jensen, M.C. & Meckling, W. (1976), Fama, E.F. (1980), Fama E.F. & Jensen, M.C. (1983a,
1983b), Jensen, M.C. & Ruback, R.S. (1983) defines an agency relationship is “a contract under
which one or many parties hire another party (the agent) to perform some service on their behalf
and authorize agent to make decisions” (delegate making-decision authorities to the agent).
According to Eisenhardt, K. (1989), agency theory focuses on resolving two problems rising in
agency relationship: agency problem and risk sharing problem. An agency problem arises when
interests of the owner and the agent lead to conflict, this will lead to difficulties and cost of
monitoring agents. On the other hand, the problem of sharing risk arises when the owner and the
agent have different risk attitude.
Based on the agency theory by Jensen, M.C. & Meckling, W. (1976), separating ownership and
control will lead to interest conflict; which often happens in most of individual activities in a
decentralization system between owner and agent.
Consequently, corporate governance is necessary to help enterprises unify interest and share
risks of all members (Hart, O., 1995). It is a system of regulations, rules and policies; to orient,
function and control operations of an enterprise (Gillan, S., 2006). It includes relationships between
various parties, not only with company insiders like shareholders, executive managers, board of
directors, but also with outsiders who have relevant interest: governmental authorities, business
partners and the environment, community and society. As a result, the mechanism of corporate
governance can be divided into internal governance mechanism and external governance
mechanism (Gillan, S., 2006; Rezaee, Z., 2007). The internal governance mechanisms originate
from members of board of directors, executive managers, IC and internal audit functions. On the
opposite, the external governance mechanisms originate from capital market, labor market,
government situation, shareholders and investment activities. The quality of internal governance
mechanism is closely relevant to the better performance effectiveness corporate governance (Aman,
H. & Nguyen, P., 2008). Among the above internal governance mechanisms, the governance
mechanism of IC is used in this study.
In conclusion, the agency theory states that the existing agency problems in the corporate are
“the separation of ownership and control, which leads to conflicts in interests”, and ‘risk sharing”.
Corporate governance helps balance the interests of company members. The corporate governance
mechanism can be divided into internal governance and external governance mechanism. IC is one
of the internal corporate governance mechanisms.
Contingency theory approach
Researchers in corporate theories believe that it is possible to determine the optimized
organizational structure for all companies ((Taylor, M., 1911; Weber, F.W, 1946; Fayol, H., 1949).
However, in reality, organizational structure has considerably changes.
 3

Researchers state that the previous theories following the viewpoint of Weber, F.W. và Taylor,
M. are failed because the governance style and structure of organizations are affected by
environmental aspects, which are random factors. Thus, there are no best way for leaders and
corporate organization. Effectiveness of a corporate depends on the suitability to structure and
organizational contexts such as environment, strategy, technology, size, organization culture
(Chenhall, R.H., 2007). The suitability theories between organizational structure and situational
variables are named contingency theory.
Contingency theory are concerned by many authors and explained in various ways: “The
management or optimized corporate organization is under pressure from internal and external
factors” (Fiedler, F.E., 1964); “The best way to organize depends on organizational environment of
company activities” (Scott, W.R., 1992); “The effectiveness of the solutions rely on the conditions
of the implemented solutions at the company” (Galbraith, J., 1973). The main research topics in
contingency, the situation and organization structure, have to be compatible in order to work well in
a company (Drazin, R. et al, 1985).
Donaldson, L. (2001) has an approach to contingency quite soon in organization theory, he
builds up three core factors of the research model applied in IC: (1) there is connection between
contingency characteristics and IC structure; (2) contingency characteristics determines IC structure;
(3) there is a fit of the level of the IC structure to each level of contingency characteristics. The
interpretations about contingency are similar documents and IC framework. The IC framework
affirms the requirement of IC is different due to organization characteristics. These differences are
company size, culture, governance philosophy, objectives, operational environment (Girinjnas L.,
2009; Lakis, V. & Girinjnas, L., 2012). This statement presented in the IC framework (COSO 1992
and Basel 1998) is analogous to contingency theory that claims that each organization has to choose
the most suitable control system by taking into account contingency characteristics (Fisher, J., 1995;
Chapman, C., 1997; Chenhall, R.H., 2003; Luft, J. & Shields, M., 2003).
For the above reasons, contingency theory approach provides an explanation of the diversity of
IC in reality (Jokipii, A., 2010). Contingency theory forms a new approach to examine IC. The
basic fundamentals of contingency theory are chosen to be the foundation of IC framework COSO
and Basel.
To conclude, IC is crucial to corporate operation, but it can change. Contingency theory
provides an approach to research IC and its effectiveness. Contingency theory is a new method to
examine IC (Jokipii, A., 2010).
Definitions of Internal Control
Until now there are two tendencies in defining IC: (1) It is a system, and (2) It is a process. The
first definition is relevant to the control mechanism within the company, thus this definition follows
the tendency of agency theory (Weber, R., 1999; Abbas, Q. & Iqbal, J., 2012). Besides, using the
second definition implies that IC has the continuous change according to corporate situation. This
definition is suitable with the contingency theory (Jokipii, A., 2010; Abbas, Q. & Iqbal, J., 2012).
The definitions suggest that IC is a system, consider it like tools and mechanism to control
include:
DiNapoli, T.P. (2007), IC is defined as a system which integrates plans, opinions, attitudes,
activities and efforts of the people of an organization working together to help the company
achieves objectives and missions. According to Lakis, V. (2008), IC is a system established by
managers to assure the operational effectiveness of the company; formation of the safety
mechanism, reasonable use of the assets; specification and accuracy of accounting information.
Pfister, A.J. (2009) suggests that IC is a system to recognize, prevent, and adjust the potential
errors during processing information. Besides, Barnabas, C. (2011) shows that IC is a set of
company components, including: resources, system, procedure, culture, structure and assignments
that help workers achieve corporate objectives.
 4

Shim, J.K. (2011) suggests that IC is part of the corporate governance system. It is an IC
scheme to achieve corporate objectives, including: means and methods to protect assets; to inspect
the righteousness in performing tasks; assure the prudence and operational effectiveness; to prevent,
seek and correct mistakes.
The definitions, which propose IC is a control procedure, continuously changing control
activities according to specific corporate situation, include:
Simmons, M.R (1995), Simmons, M.R (1997) and Lakis, V. & Girinjnas, L. (2012) explain
that IC is a necessary process which is broadly established in aiming for: economic effectiveness
and efficiency, reliable financial reporting, compliance with laws and regulations. King, A.M.
(2011) also agrees that IC is a process, by which the corporate achieves its objectives, results,
operational plan of executives; organize, monitor the whole operation of the company or each
activity. Abbas, Q. & Iqbal, J. (2012) define IC is a process, specifically designed for companies to
provide a reasonable assurance of corporate objectives achievement.
COSO report, published in 1992 and updated in 2006, 2009, 2013, provides a broadly accepted
definition of IC and gives support to managers performing better their control. COSO report as the
heading is “Internal Control - Integrated Framework”, defines “An IC is a process, affected by an
entity’s board of directors, management and other personnel, designed to provide reasonable
assurance regarding the achievement of objectives in (1) effectiveness and efficiency of operations
(2) Reliability of financial reporting and (3) compliance with applicable laws and regulations”.
To have more documents on bank operational control and increase control through instructing
and encouraging risk management practice, in September 1998, Basel Committee issued
Framework for Internal Control Systems in Banking Organizations. IC in those documents is
designed for international banks. The content of this document is consistent with COSO report
applied by large American banks.
According to Basel 1998, framework for internal control systems in banking organisations, IC
is defined as a process effected by the board of directors, senior management and all levels of
personnel. It is not solely a procedure or policy that is performed at a certain point in time, but
rather it is continually operating at all levels within the bank. The board of directors and senior
management are responsible for establishing the appropriate culture to facilitate an effective IC
process and for monitoring its effectiveness on an ongoing basis; however, each individual within
an organisation must participate in the process. The main objectives of the IC process can be
categorised as follows: (1) efficiency and effectiveness of activities (performance objectives); (2)
reliability, completeness and timeliness of financial and management information (information
objectives); and (3) compliance with applicable laws and regulations (compliance objectives) (Basel
Report, 1998).
Although IC is defined in different ways, emphasizing the different aspects and objectives, but
there are two basic terms similar to author’s definitions: IC is a system and IC is a process. This
accords to the stance that IC is maintained in two foundation parts: (1) The needed proceedings to
perform business activities is called operation system, (2) The proceedings assures the corporate is
performing as expectation is called control procedure (Abbas, Q. & Iqbal, J., 2012); suitable to the
agency theory approach and contingency theory approach.
The objectives of IC are to assure corporate operations are economically effective; effectively
control risks; protect assests, documents and accounting records; assure the information is reliable
and comprehensive; comply with accounting regulations and report financial statements reliably;
comply with laws, regulations and corporate policies.
Internal control

Operation system Control procedure

Procedures and control mechanisms exist within The process for controlling and The set of processes to achieve the
the enterprise to manage and control risks managing risks in the enterprise overall and specific business objectives

Internal control is the process of implementing procedures, control mechanisms to achieve business objectives
including: effective and efficient operations, managing and preventable risks, the reliability of financial reporting,
compliance with laws and regulations.
 5

Figure 1. Internal control diagrams

Literature review
Investigating the components of IC, the efficiency of IC and the impact of IC on firms and
banks performance
Amudo, A. & Indiana, A. (2009) based on the IC framework of COSO and COBIT to build
theoretical models of the independent variables that are the components of internal control
(additional variables according COBIT IT), affect the dependent variables which are the objectives
of IC. In 2010, Jokipii, A. indicate that to ensure the effectiveness and performance, reliability of
information and compliance with the laws, firms need to have the good internal control. The author
considered that the IC framework of COSO and CoCo (Canadian Criteria of Control Committee)
showed that IC should be adjusted, depending on the particular enterprises, this comply with the
contingency theory. In addition, the study examined the characteristics of contingency theory,
which organisations chose to adapt the IC structure, could advantageously influence the
effectiveness of IC.
The research of Mawanda, S.P. (2011) suggested that IC plays an important role in the
enterprises to achieve management targets. The author relied on the IC framework in accordance
with COSO standards to explore the established relationship between IC and financial performance
in an Institution of higher learning in Uganda-A case of Uganda Martyrs University. The study used
an approach of the agency theory to explain the relationship between IC and financial performance.
At the same time, to examine the quality of IC affect the accounting profits of the M&A (Mergers
and Acquisitions) firms when the China SOX law enacted, the study of Leng, J. & Zhao, P. (2013)
examined the relationship between the IC quality and performance of organisations which had been
M&A by using the multivariate regression analysis. Independent variable is the IC quality variable
and some other control variables, dependent variables used in the model is ROE and EPS.
Karagiorgos, T. et al (2008) had stressed the importance of IC, which was organized to ensure
the safety and accuracy of the activities of credit institutions, support the maintenance of the
stability in the banking system. The authors generalised the theoretical and empirical studies and
indicated that the composition of IC is important to the banks, so that it will decide the survival and
success of the bank's business. In 2011, Njanike, K. et al evaluated the factors affecting IC to ensure
good corporate governance in banks in Zimbabwe. The author asked two research questions: (1)
How has IC been effective in the Zimbabwean banking sector?; (2) How can efficient IC be
implemented to promote corporate governance?. Besides, Charles, E.I. (2011) had evaluated IC in
commercial banks in Nigeria that based on the five elements according to the COSO report and
exposed six questions, namely: (1) Can reliance be placed on the IC of banks Nigeria?; (2) Can the
presence of IC leads to the effectiveness in the management of banks in Nigeria?; (3) Is IC
responsible for the efficiency of operations of banks in Nigeria?; (4) Is there a positive correlation
between IC and the reliance placed on the financial and management reporting?; (5) Is there a
positive correlation between IC and Banks compliance with applicable laws and regulations?; (6) Is
there is a significance relationship between IC, profitability and liquidity of the banks in Nigeria?.
The study results showed that the research questions and hypotheses are accepted.
Sultana, R. et al (2011) study asserted that assessing the structure of IC in a firm is necessary to
determine the ability to ensure business activities implemented in accordance with its objectives.
The study was carried out on 6 private banks in Bangladesh. They build models developed from the
IC framework of COSO reports. The research model evaluated 5 components of IC affecting 3
control objectives, including: the performance of banks, reliability of financial reports, compliance
with legal requirements and other relevant regulations. The model achieves the higher meaning
 6

when the independent variables are defined to be relevant to each control objective of the banks,
specifically good activities of the control components (independent variables) verify the
reasonableness of control targets (dependent variables).
Study of Fanta, A.B. et al (2013) also based on the agency theory approach to investigate the
structure of corporate governance and its impact on the performance of commercial banks in
Ethiopia. The study evaluated the relationship between the IC structure and outside administration
tools of the banks affects bank’s performance using ROE and ROA variables. Meanwhile, Magara,
C.N. (2013) study explored the impacts of IC on financial performance in the SACCOs in Kenya.
The author argued that SACCOs have to face challenges, such as management problems which
mainly are caused by the weakness of IC. Financial Activities of SACCO institutions are critically
affected by the consequences of IC weakness, this will lead to the inefficiencies in the financial
operations of SACCOs. The research based on the approach of agency theory and contingency
theory to explain IC is a component of the system of internal governance mechanism and a control
process according to the firms’ context. Regressive analysis method was ulitised to test whether IC
established by managers, affects the financial performance of SACCOs in Kenya. Results of the
study showed that there are 2 components of IC (control and supervise activities) which positively
influence the financial performance (ROA) of SACCOs in Kenya.
Researching the impact of internal control on risks of enterprises and banks
As regard the theoretic aspect, Ashbaugh-Skaife, H. (2009) suggested that quality of IC relates
to the cost of capital consumption through its impact on the individual risk and operational risk. The
law of Sarbanes-Oxley (SOX) delegated an independent audit to assess the effects and pointed out
the weaknesses of IC. The implementing these requirements will arise costs to firms but they can
benefit through decreasing risks for firms thereby reducing the cost of mobilising owners’ equity.
Ashbaugh-Skaife, H. et al (2009) study investigated whether firms lacking the IC have more
separate risks and systemic risks, the higher cost of using owners’ equity than firms having
effectively internal control. The study used a linear regression model to analysis the impact of the
IC variables on individual risks and systemic risks. In the model, the authors used the Z-score index
of Altman in 1980 to measure firms’ risk as one of the components reflecting the IC’s weakness
which affects both individual and systemic risks. In 2010, Siayor, A.D. classified the framework of
IC and risk management of the COSO, Basel. The author used the questionnaire based on the results
of a number of researchers to collect information about IC and risk management from staff in the
Norway’s financial services corporation. The research results showed that the existence of IC,
specifically risk management department, is especially important in the Norway’s financial services
corporation. The author pointed out that IC is a tool in the prevention and treatment of risks in order
to achieve corporate goals.

Following that, the study of Jin, J.Y. et al (2013), founded on improvements to the Federal
Deposit Insurance Corporation Improvement Act (FDICIA) in 1991, introduced the deposit
insurance based on risks, increase of capital requirements and banks’ IC improvement. An interest
in research is requiring an annual audit reported about the effectiveness of the bank’s IC in the
United States. The study found that the impact of the banks’ IC requirements according to FDICIA
on the risk rate of the banks before and during the financial crisis (2007-2010). In addition, the
study investigated whether the banks that complied with the IC requirements under FDICIA in the
pre-crisis period, are less likely to collapse and meet with difficulties during the financial crisis. The
research used the multivariate linear regression model with the dependent variable which is the
level of incurring risks, is measured by three indicators: the standard deviation of the net profit’s
ratio; standard deviation of earnings before interest and taxes; the Z-score index of Boyd & Runkle
(1993) evaluating bankruptive risks that was calculated by log[(ROA + CAP)/r(ROA)]). The
independent variables are the IC requirements under FDICIA. The results provided evidence that
the banks which complied with the IC requirements under FDICIA had the lower risk than banks
which satisfied the IC requirements in the period before the financial crisis (2000 -2006).
 7

Moreover, these banks were less likely to collapse and had less financial difficulties during the
crisis (Jin, J.Y. et al, 2013).
In conclusion, examining IC’s compositions and efficiency primarily assessed the effectiveness
(existence) and the efficiency of each IC’s component, as well as the impact of IC on the IC’s
general target in the enterprises and banks. The authors relied on concepts and IC’s components in
accordance with the framework of the reports: COSO, COBIT, CoCo, SOX Act and some other
frameworks, to build models evaluating each IC’s components and its impact on the general
objective of the control, including: performance, reliable financial reporting, the compliance with
the laws. Results of studies have evaluated the applicative ability of IC in firms, especially in
banks’s application. Moreover, a number of studies identified the influence of IC on the
performance of enterprises and banks, this is the premise for authors performed the study on IC at
the Vietnamese commercial banks.
As regards exploring the impact of IC on risks of firms and banks, the authors primarily used
model of the impact of IC’s components according to the framework of COSO, Basel, SOX Act that
affected firms and banks’ risks. The risks were mainly measured by the risk of bankruptcy
(Altman’s Z-score in 1980 for non-financial businesses and the Z-score of Boyd & Runkle in 1993
for the banks). These results have shown a number of impacts of IC’s components on enterprises
and banks’s risks.
Theoretical model studying the effect of internal control on the performance and risks of
commercial banks in Vietnam
Commercial banks have become important financial institutions in the economy, with a
practical role in promoting economic development. The commercial bank is a special type of an
enterprise that is a financial intermediary and commercial banks’ activities have the business nature.
As far as business operations in general and monetary operations in particular, their features require
to have a system of organization, management and control in order to achieve the objectives of the
business activities in commercial banks. The objective of commercial banks’ activities mainly
focuses on profitability and risk prevention in business. In such conditions, the inquiry into IC in
commercial banks have an important implications, not only for commercial banks but also for a
whole system of commercial banks in Vietnam.
Some studies on IC of commercial banks in Vietnam were initially successful in separately
applying the IC’s components according to the report of COSO and Basel for each bank, but there
have not had quantitative studies building models which IC impacts on banks’ control objectives.
Besides, those studies do not have a theoretical approach underlying the research as such as agency
theory, contingency theory and some other theories.
Through a review of previous research related to IC’s impacts on the banks and enterprises’
objectives, it is able to indicate some theoretical and empirical gaps in this researching field in
Vietnam, as follows: (1) The studies mainly used to the framework from the COSO report to
analyze the IC’s components of firms and banks, and they have less accessibility to the framework
in Basel’s report about a private IC for banks; (2) There is no research based on approach of agency
theory, contingency theory and other theoretical studies of IC in firms and commercial banks in
Vietnam; (3) The exploring of IC at commercial banks in the Vietnamese research are only
implemented in case studies for a particular bank, this is a limitation when suggesting applied
policies for many commercial banks in Vietnam.
According to the IC’s framework of COSO in 1992 and its update in 2006, 2009, 2013, units’
IC consists of 5 components: Control Environment, Risk Assessment, Control Activities,
Information and Communication, Supervision. A report of Basel (1998) of the Basel Committee
about the banking supervision released a statement about the "Framework of IC in the Bank". The
report did not provide new arguments that only applied the basic framework of COSO in 1992 to
the banking sector. Basel outlined 13 principles of designing and evaluating IC in banks. Basically,
the principle is the same as 5 IC’s components of COSO’s report.
 8

Based on approach of agency theory, contingency theory, the IC’s concept, the IC’s
components of COSO’s report, the control principles of the Basel report and other experimental
studies, this research builds theoretical models of 5 IC’s components affecting the performance and
risks of Vietnamese commercial banks as follows:
 9

Internal Control
Control Environment

Risk Assessment
Control Objectives
(Performance and Risks Management of
Control Activities Vietnamese commercial banks)

Information and Communication

Monitoring Activities

Figure 2. Models of the internal control’s impact on performance and risks of Vietnamese
commercial banks
The compositions of IC in Vietnamese commercial banks are the independent variable which
are determined by the questions based on the content of 5 IC’s components in the COSO’s
framework in 1992 and its update in 2006, 2009, 2013 and 13 principles of the Basel report in 1998
(Jokipii, A., 2010; Leng, J. & Zhao, P., 2013).
For the target of achieving the firms’ performance in general and banking sector in particular, it
could be assessed through the financial performance (Rose, PS, 1998). Financial performance in the
study of IC’s impact on the performance is often measured by profitability indicators: return on
assets (ROA), return on equity (ROE) ( Leng, J. & Zhao, P., 2013, Fanta, A.B. et al., 2013).
Therefore, in this study, the author based on the study of Fanta, AB et al (2013) to use ROA as the
scale of a dependent variable which is the financial performance representing the performance of
commercial banks in Vietnam.
The banks’ managers can have more interest in enhancing firms’ value by boosting the
profitability in order to increase their performance, but managers do not underestimate the risk
assessment that they take responsibility. A volatile economy with the recently emerged problems
related to the energy sector, real estate, finance and especially the banking sector; this led to the
globally economic crisis, the boom of real estate bubble, the rising bad debts of banks, the lost
liquidity that cause bankruptcy of banks. Due to above fluctuations, the banks more focus on
measuring, assessing and managing risks. Banks often interest in the six following risk: credit risk,
liquidity risk, market risk, interest rate risk, income risk, the risk of bankruptcy (Rose, P.S., 1998).
Studies of the effect of IC on banks’ risk often use the above risks to measure, assess and manage
risks. (Jin, J.Y. et al, 2013).
In the above risks, the risk to the long-term viability of the bank, is known as the risk of
bankruptcy, is concerned by many bank’s managers (Rose, P.S., 1998). In the world, there have
been studies on the risk of bankruptcy of banks using Z-score index of Boyd & Runkle in 1993 to
quantify the stability and measure the health of the commercial banks; including that Jin, J.Y. et al
(2013) study which explored the impact of IC on bank’s risks, used the Z-score index of Boyd &
Runkle. In the model, the author also used the risk indicators of bankruptcy called default risk in
order to measure the dependent variable risks of commercial banks in Vietnam. The Z-score index
in Boyd and Runkle (1993) which was used to determine the risk of bankruptcy of banks, is
calculated (ROA + E/A)/σROA with ROA: Return on Assets; E/A: Proportion of average owners’
equity on average total assets; σ(ROA): The standard deviation of ROA of the bank. The higher
value of Z-score is, the lower risk of bankruptcy is.
The model examines the impact of IC (according to the report of COSO and Basel) on the
performance and risks of commercial banks that applied in Vietnamese environmental conditions
and laws. Therefore, the research should consider the legislation about IC and the level of applying
regulations in Vietnamese commercial banks. Circular no. 44/2011/TT-NHNN regulates 9
requirements and operating principles of IC in credit institutions and foreign bank branches in
 10

Vietnam. Therefore, the author used evaluation of IC according to Circular no. 44/2011/TT-NHNN
as a control variable in the researching model.
From the analysis of the variables used in the model, the author gives two theoretical models
investigating the influence of IC to the performance and risks of commercial banks in Vietnam,
specifically including: the independent variables are 5 IC’s components of banks reported in COSO
and Basel; a control variable is the level of applying IC in accordance with Vietnamese laws;
dependent variables are including ROA and Z-score.

Control variables
Independent variables The level of applying IC in
accordance with Vietnamese laws
Control Environment

Risk Assessment
Dependent Variables
Control Activities ROA

Information and Communication

Monitoring Activities

Figure 3. Model (1) The impact of internal control on the financial performance in commercial
banks in Vietnam

Control Variables
Independent variables The level of applying IC in
accordance with Vietnamese laws
Controlled Environment

Risk Evaluation
Dependent Variables
Control Activities Z-score

Information and Communication

Monitoring Activities

Figure 4. Model (2) The impact of internal control on bankruptcy risk in commercial banks in
Vietnam
Conclusion
The study utilized an approach of novel theory to be the foundation for studies of IC in firms.
The contingency theory was used to towards IC’s framework in the COSO and Basel reports.
Simultaneously, the author combined the IC’s framework reported in Coso and Basel to construct
theoretical models investigating the impact of IC on results of operations of commercial banks in
Vietnam. From the theoretical model, it can provide some orientations of research questions and
hypotheses for further research.
Some suggested questions from models: Question (1): How is the internal control’s situation
according to the framework reported in COSO, Basel and Vietnamese laws in commercial banks in
Vietnam?; Question (2): Which components of the internal control’s model impact on the
performance of commercial banks in Vietnam?; Question (3): Which components of the internal
 11

control’s model affect the risk of commercial banks in Vietnam?; Question (4): What implications
are suggested to improve IC of Vietnamese commercial banks?.
Some hypotheses based on the research question: Hypothesis H1: There is correlation between
internal control’s components according to the report of COSO and Basel in Vietnamese
commercial banks; Hypothesis H2: There is a difference of internal control according to COSO and
Basel’s report and Vietnamese regulations in Vietnam Vietnamese commercial banks; Hypothesis
H3: Internal control has a significant impact on the performance in Vietnamese commercial banks;
Hypothesis H4: Internal control has a significant impact on risks in Vietnamese commercial banks.
However, the study is still limited in the content which only builds theoretical models of the
IC’s impact on the performance and risks of commercial banks in Vietnam. Therefore, it suggests
the further researching tendency is collecting data and testing hypotheses in practical conditions in
the commercial banks in Vietnam.
References
Abbas, Q., & Iqbal, J. (2012). Internal Control System: Analyzing Theoretical Perspective and
Practices. Middle-East Journal of Scientific Research, 12 (4), 530-538.
Aman, H., Nguyen, P. (2008). Do stock prices reflect the corporate governance quality of Japanese
firm. Journal of the Japanese and International Economies, 22, (4), 647-662.
Amudo, A., Inanga, E.L. (2009). Evaluation of Internal Control Systems: A Case Study from
Uganda. International Research Journal of Finance and Economics, 27, 124-144.
Ashbaugh-Skaife, H., Collins, D.W., Kinney, Jr.W.R, LaFond, R. (2009). The Effect of SOX
Internal Control Deficiencies on Firm Risk and Cost of Equity. Journal of Accounting Research,
47(1), 1-43.
Barnabas, C. (2011). Internal Control, Cede Publishing.
Basel Report (1998). Framework for Internal Control Systems in Banking Organisations. Basel Committee
on Banking Supervision, Switzerland.
Berle, A.A., & Means, G.C. (1967). The modern corporation and private property, 2nd edition
Harcourt, Brace and World, New York, ISBN 0-88738-887-6.
Charles, E.I. (2011). Evaluation of internal control system of banks in Nigeria. Being a dissertation
submitted in partial fulfilment of the requirements for the award of the Doctor of philosophy
(PhD) Accounting of St. Clements University, Turks and Caicos Islands.
Chenhall, R.H. (2003). Management control systems design within its organizational context:
Findings from contingency-based research and directions for the future. Accounting
Organizations and Society, 28, 127–168.
Chenhall, R.H. (2007). Theorising Contingencies in Management Control Systems Research. In C.
Chapman, A. Hopwood & M. Shields (Editions), Handbook of Management Accounting
Research, Volume 1 Oxford: Elsevier.
Coase, R.H. (1937). The nature of the firm. Economica, 4, 386-405.
DiNapoli, T. P. (2007), Standards for Internal Control. [Online] Available:
[Link] (October 08, 2014).
Donaldson, L. (2001). The contingency theory of organizations. USA: Sage Publications.
Drazin, R., & Van de Ven, A.H. (1985). Alternative forms of fit in contingency Theory.
Administrative Science Quarterly, 30, 514-539.
Eisenhardt, K. (1989). Agency Theory: An assessment and review. Academy of Management
Review, 14(1), 57-74.
Fama, E. F., & Jensen, M. C. (1983a). Agency problems and residual claims. Journal of Law and
Economics, 26, 327- 349.
Fama, E. F., & Jensen, M. C. (1983b). Separation of owner-ship and control. Journal of Law and
Economics, 26, 301- 325.
 12

Fanta, A.B., Kemal, K.S., Waka, Y.K. (2013). Corporate governance and impact on bank
performance. Journal of Finance and Accounting, 1(1), 19-26.
Fiedler, F.E. (1964). A Contingency Model of Leadership Effectiveness. Journal for Advances in
Experimental Social Psychology, 1 (12), 149-190.
Galbraith, J. (1973). Designing Complex Organizations. Addison-Wesley: Reading, MA.
Gillan, S. (2006). Recent Developments in Corporate Governance: An overview Journal of
Corporate Finance, 12, 381-402.
Hart, O. (1995). Corporate Governance:Some Theory and Implications, The Economic Journal,
105.
Jensen, M.C, & Meckling, W. (1976). Theory of the firm: Managerial behavior, agency costs, and
ownership structure. Journal of Financial Economics, 3, 305-360.
Jensen, M. C. & Ruback, R. S. (1983). The market for corpo-rate control: The scientific evidence.
Journal of Financial Economics, 2, 5-50.
Jin, J.Y., Kanagaretnam K., Lobo, G.J., Mathieu, R. (2013) Impact of FDICIA Internal Controls on
Bank risk taking. Journal of Banking & Finance, 37, 614-624.
Jokipii, A. (2010). Determinants and consequences of internal control in firms: a contingency
theory based analysis. Journal of Management & Governance, 14(2), 115-144.
Karagiorgos, T., Drogalas, G., and Dimou, A. (2008). Effectiveness of internal control system in the
Greek Bank Sector. The Southeuropean Review of Business Finance & Accounting, 6(2).
King, A.M. (2011). Internal Control of Fixed Assests: a Controller and Auditor’s Guide. John
Wiley and Sons Ltd.
Lakis, V. (2008). Independent auditing development tendencies. Baltic Journal on Sustainability,
14(2): 171-183.
Lakis, V. & Girinjnas, L. (2012). The concept of internal control system: Theoretical aspect.
Ekonomika, 91(2).
Leng, J. & Zhao, P. (2013). Study on the Impact of the Quality of Internal Control on the
Performance of M&A. Journal of Service Science and Management, 6, 223-231.
Magara, C.N. (2013). Effect of internal controls on financial performance of Deposit Taking
Savings and Credit Cooperative Societies in Kenya. A research project report submitted in
partial fulfillment of the requirements for the award of Master of business administration
degree, school of business, University of Nairobi.
Mawanda, S.P. (2011). Effects of internal control systems on financial performance in an institution
of higher learning in Uganda-A case of Uganda Martyrs University. A postgraduate dissertation
presented to the Faculty of Business administration and Management in partial fulfillment of the
requirement for the award of the degree of Master of business administration, Uganda Martyrs
University, Uganda.
Njanike, K., Mutengezanwa, M., Gombarume, F.B. (2011). Internal controls in ensuring good
corporate governance in financial Institutions. Annals of the University of Petroşani,
Economics, 11(1), 187-196.
Pfister, A. J. (2009). Managing Organizacional Culture for Effective Internal Control: From
Practice to Theory. Physica-Verlag, Berlin–Heidelberg.
Podpiera, R. (2006). Progress in China's Banking Sector Reform: Has Bank Behavior Changed?.
Journal of Banking & Finance, 30(10), 2605-2634.
Rezaee, Z. (2007). Corporate Governance post-Sarbanes Oxley: regulations, requirements and integrated
processes. John Willey &Sons, Inc.
Scott, W. R., (1992). Organizations: Rational, natural and open systems. Englewood Cliffs:
Prentice-Hall.
Shim, J.K. (2011). Internal Control and Fraud Detection. Global Professional Publishing Ltd.
 13

Siayor, A.D. (2010). Risk Management and Internal Control Systems in the Financial Sector of the
Norwegian Economy: A case study of DnB NOR ASA, Master Thesis in Economics and
Business Administration (Accounting Option). Tromsø University Business School, University
of Tromsø, Norway.
Simmons, M.R. (1997). COSO Based Auditing. Internal Auditor.
Sultana, R. & Haque, M.E. (2011). Evaluation of Internal Control Structure: Evidence from Six
Listed Banks in Bangladesh. ASA University Review, 5(1).
Taylor, F.W. (1911). The Principles of Scientific Management. New York: Harper.
Weber, M. (1946). From Max Weber: Essays in Sociology. Gerth, H.H. & Mills, C.W, Editions,
New York: Ox-ford University Press.