Thông tư 06/2020/TT-NHNN

CIRCULAR

INTERNAL CONTROL AND INTERNAL AUDIT OF THE STATE BANK OF VIETNAM

Pursuant to the Law on the State Bank of Vietnam dated Jun 16, 2010;

Pursuant to the Government’s Decree No. 16/2017/ND-CP dated February 17, 2017 defining the functions, tasks, powers and organizational structure of the State Bank of Vietnam;

At the request of the Director of the Internal Audit Department;

The Governor of the State Bank of Vietnam hereby promulgates a Circular on internal control and internal audit of the State Bank of Vietnam.

Chapter I

GENERAL

Article 1. Scope

This Circular provides for internal control and internal audit of the State Bank of Vietnam (hereinafter referred to as “SBV”).

Article 2. Regulated entities

1. Units affiliated to the State Bank of Vietnam, including Banking Supervision Agency; Departments and equivalent; State Bank branches of provinces and central-affiliated cities; public service providers and other units established by the SBV’s Governor (hereinafter referred to as “the Governor”).

2. Controllers; internal controllers and internal auditors of SBV.

3. Other organizations and individuals related to internal control and internal audit activities of SBV.

Article 3. Definitions

For the purposes of this Circular, the terms below shall be construed as follows:

1. “SBV internal control system” means a collection of internal mechanisms, policies and processes and organizational structure, is established and implemented within units affiliated to the SBV in accordance with regulations of law, the State Bank and this Circular with the aim of controlling, promptly preventing, detecting and handling possible risks, ensuring that units operate in a safe and effective manner and objectives are achieved.

2. “internal control activities” involve supervision and inspection by organizations, individuals, internal controllers and/or authorized persons of departments and individuals during performance of their duties in order to discover inadequacies, deficiencies and violations, thereby taking or requesting a competent authority to take timely actions against them in order to ensure safe and effective management and use of resources and operation of units, and compliance with laws.

3. “internal audit activities” involve inspection, assessment and determination by SBV’s internal auditors of properness, effectiveness and efficiency of the internal control system; truthfulness and reasonableness of financial information, management information, and compliance and operational efficiency of the audited units, thereby proposing remedial measures against deficiencies, taking actions against violations or giving advice on improving the effectiveness and efficiency of the internal control system to assist the units in operating safely and lawfully and achieving their objectives.

4. “risk-based internal control and internal audit” means a methodology which is primarily focused on determining and assessing the possibility and level of risks posed to each activity, operation or process or operation of a unit so as to apply or implement internal control and internal audit in an appropriate and effective manner.

5. “internal control division/department” means a division or department assigned to carry out internal control at units affiliated to SBV.

6. “internal controller or internal auditor” means an official assigned to carry out internal control or internal audit at units affiliated to SBV.

7. “relatives” include biological parents, adoptive parents, fathers- and mothers-in-law, spouses, biological children, sons- and daughters-in-law, siblings, brothers- and sisters-in-law.

Chapter II

INTERNAL CONTROL

Article 4. Objectives of internal control activities

1. Ensure units’ strategies and plans are implemented under the direction to achieve their objectives.

2. Ensure that units operate in accordance with laws, and regulations and business processes of SBV and in a manner that prevents and reduces risks; manage and use assets and resources in a safe, effective and economical way.

3. Discover deficiencies and inadequacies, and promptly request competent authorities to amend, add or promulgate internal mechanisms, rules and regulations with a view to strengthening implementation of measures to ensure safety of assets and improve operational efficiency of units.

Article 5. Principles of internal control activities

1. Ensure objectivity and compliance with laws, and regulations and business processes of SBV and internal regulations of units; be suitable for the units’ scale and operation.

2. Adhere to the inspection and control programs and plans approved by heads, and professional guidelines of SBV.

3. Give priority to inspection, control and supervision of key or high risk activities and operations.

Article 6. Requirements for internal control activities

1. Internal control activities shall be established and maintained for all activities, business processes and transactions of a unit.

2. Internal control activities shall be carried out regularly and continually in association with control principles for daily activities of the unit, including:

a) Assigning and authorizing persons to perform tasks in a clear, transparent and lawful manner; ensuring tasks, powers and responsibilities delegated to each individual and department of a unit are separated, avoiding conflicts of interest; making sure no single individual has the total power to manipulate the operation of the unit or conceals information or violations against laws, and relevant internal rules and regulations for personal gain or for personal purposes.

b) Ensuring the principle of dual control is adhered to: the assignment of tasks and handling of operations, especially high risk operations, must be performed by at least two persons so as to supervise and control each other to ensure regulatory compliance, protect assets and improve performance unless otherwise provided by law.

c) Stipulating and strictly complying with regulations on reporting and exchange of internal information in a timely and effective way to ensure the unit operates in accordance with regulations of law.

3. Responsibilities and powers shall be delegated to each leader, department and board of a unit during internal control activities; responsibilities and roles of internal control department/division and internal controllers shall be promoted by fully and effectively implementing relevant regulations and business processes and the responsibility for task performance results to the head and the law shall be assumed.

4. Units, divisions, departments and individuals must regularly review and inspect the implementation of relevant internal regulations and business processes to promptly detect possible shortcomings, inadequacies and risks, suggest appropriate amendments in order to prevent risks and improve effectiveness in internal control activities by the units.

5. Heads of units affiliated to SBV shall provide instructions on analysis and assessment of risks posed to operations within their jurisdiction to proactively prevent and take appropriate measures to control and manage risks.

6. The role of a full-time internal controller shall be independent of that of a department, division or individual performing professional duties at a unit. Internal auditors should not be allowed to participate in professional activities subject to the inspection, supervision and control by the unit. Internal auditors (including heads of divisions in charge of internal control) who are relatives of the unit’s head should not be deployed.

7. Full-time internal controllers shall satisfy standards to be satisfied by bank controllers regarding qualifications, skills, experience and morality in accordance with SBV’s controllers.

Article 7. Scope and method of internal control activities

1. The scope of internal control activities covers all activities, operations and transactions made by a unit.

2. Internal control method means a risk-based method that is developed to inspect and supervise the compliance, especially key or high risk activities and operations.

Article 8. Contents of internal control activities

1. Regularly reviewing documents to promptly promulgate and amend internal rules, business processes and regulations so as to define work contents, tasks, powers and responsibilities of the unit and its department, division and individual upon management and handling of works in a lawful, close and scientifically sound manner.

2. Self-inspecting, controlling and supervising the compliance with regulations on accounting, financial and asset management, safety during treasury-related activities, information technology, compliance and operational efficiency of divisions and individuals in the unit; reviewing and assessing the reasonableness, effectiveness and efficiency, determining current problems and suggest necessary changes to the internal control system to ensure safety of assets and improve the effectiveness in management by the unit and its operational efficiency.

3. Classifying, managing and using information and reports of units in line with regulations of SBV to ensure smooth and continuous operation.

4. Establish effective mechanisms for supervising, reporting and exchanging internal information with the purpose of preventing risks and serving the management in an appropriate and effective manner.

Article 9. Providing instructions on and inspecting internal control

1. The Governor shall decide an appropriate method for establishing SBV internal control system on the basis of regulations of law and requirements for management and administration by SBV from time to time.

2. The Internal Audit Department shall advise and suggest the Governor to:

a) develop a method for establishing and maintaining the SBV internal control system in an appropriate, effective and efficient way.

b) promulgate regulations on professional guidance and process for internal control of units affiliated to SBV.

c) provide instructions on, inspect and assess internal control systems of units; suggest the Governor to adopt measures to perfect mechanisms and business processes and organize internal control activities of SBV in an effective and efficient manner.

d) provide and exploit relevant information and documents in order to effectively carry out internal control activities of SBV.

Article 10. Responsibilities and powers of heads of units

1. A head of a unit has the responsibility to:

a) establish and maintain an internal control system and organize internal control activities at the unit in accordance with Article 5 through 8 hereof and other relevant regulations of SBV, and be responsible to the Governor for the internal control.

b) make and promulgate internal regulations and business processes so as to perform his/her functions and tasks, manage and use assets in accordance with regulations of law, rules and regulations of SBV.

c) provide instructions on provision and exploitation of information related to internal control activities at the unit; closely cooperate with the Internal Audit Department in implementing measures to supervise and exploit information concerning risk assessment and warning.

d) direct and be in charge of the internal control department/division or internal controllers of the unit; deploy full-time internal controllers at the unit in accordance with the requirements set out in Clauses 6 and 7 Article 6 hereof; enable the internal control department/division and internal controllers to effectively perform its/his/her duties.

dd) If the unit does not have any internal control department/division or full-time internal controller, the head shall establish and maintain an internal control system which is suitable for the unit’s scale, operation and form of administration, and organize internal control activities in accordance with regulations laid down in this Circular and be responsible to the Governor for the compliance with laws and asset safety assurance by the unit.

2. A head of a unit has the power to:

a) proactively deploy personnel and decide internal control measures and methods in line with regulations of this Circular and SBV’ relevant regulations.

b) request the Governor to amend, add or complete mechanisms, rules and business processes in order to improve the effectiveness in internal control activities at the unit and SBV.

c) take actions against violations of laws and SBV’s regulations discovered during through auditing or request a competent authority to do so.

d) Other powers prescribed by law and SBV.

Article 11. Tasks and powers of internal control department/division and full-time internal controllers at a unit

1. Tasks:

a) Develop annual and periodic (if any) internal control programs and plans and submit them to the head for approval; organize the implementation thereof after obtaining approval;

b) Assist the head in carrying out internal control activities in accordance with this Circular and other relevant regulations of SBV.

c) Directly inspect, control and supervise operations and asset safety assurance as assigned; request and suggest the Governor to amend, add and perfect the business process, take actions against deficiencies and violations discovered through auditing and be responsible to the head for performance results.

d) Submit internal control reports to the head as prescribed and as requested.

dd) Regularly update and consider documents, rules, business processes, professional knowledge and skills to perform tasks as requested.

2. Powers:

a) Exploit and sufficiently and promptly provide all information and documents concerning activities, operations and transactions of the unit to perform the internal control task.

b) Request the head to take necessary measures to enhance effectiveness and efficiency in internal control activities and provide instructions on correcting deficiencies and violations discovered through auditing.

c) Be deployed and enabled to perform their tasks; be offered training and refresher training courses to improve their professional competence and skills.

d) If any violation against laws and SBV’s regulations is found possibly resulting in threatening safety of information, money and assets of the unit, the internal control department/division or full-time internal controller shall immediately report the violation to the head; if the head fails to impose penalties or imposes penalties for such violation in contravention of regulations, the internal control department/division or full-time internal controller is entitled to notify the Governor in writing (via the Internal Audit Department).

Article 12. Reporting of internal control

1. Every internal control department/division and internal controller shall submit periodic or ad-hoc internal control reports to the head. The head shall prescribe contents, methods and time limit for submitting the reports.

2. The units mentioned in Clause 1 Article 2 hereof shall submit an annual report on internal control to the Governor (via the Internal Audit Department) in writing before January 15 of the following year according to the Appendix hereto.

In the event that a risk is posed resulting in loss of money or assets or threatening information safety, the unit shall notify the Governor (via the Internal Audit Department) in writing within 24 hours from the time when the risk is posed.

3. The Internal Audit Department shall consolidate propositions, advise and suggest the Governor to deal with them upon internal control at units affiliated to SBV.

Chapter III

INTERNAL AUDIT

Article 13. Objectives of internal audit activities

1. Assess the conformity, effectiveness and efficiency of the internal control system and effectiveness in internal control activities of audited units.

2. Assess the compliance with laws and SBV’s regulations and business processes regarding information on finance and assets, management information and operational efficiency of audited units.

3. Through auditing, request or advise audited units to take measures to correct deficiencies and improve effectiveness in internal control activities, ensuring asset safety, lawful operation and achievement of objectives.

Article 14. Principles of internal audit activities

1. Ensure the independence, truthfulness, objectivity, publicity and transparency.

2. Comply with laws, SBV’s regulations and business processes; adhere to audit programs and plans approved by the Governor.

3. Do not interfere in or obstruct the normal operation of audited units; protect state secrets and secrets of audited units.

4. The Governor shall make a final decision on controversial issues concerning internal audit activities of SBV.

Article 15. Requirements for internal audit activities

1. Determine scope of audit, perform tasks and exchange audit results without any interference and access audit information and documents without any limitation.

2. Upon carrying out an internal audit, controllers and internal auditors must adopt an objective, fair and unbiased attitude and avoid all conflicts of interest with audited units, and must be proficient and meticulous in work. Controllers and internal auditors has the right and obligation to report issues that may affect their independence and objectivity before and during an internal audit at a unit to a competent person in accordance with the SBV’s Internal audit regulation.

3. Do not deploy controllers and internal auditors to audit:

a) activities or units to which they are responsible for carrying out or manage within the last 03 (three) years.

b) regulations, processes and procedures which they are mainly responsible for establishing.

c) a unit that has their relative who is the head of the unit, the chief accountant (or the head of the accounting department), the head of the internal control department/division or the full-time internal controller.

Article 16. Application of standards and principles of professional ethics to internal audit activities

The internal audit activities of SBV shall focus on and ensure the compatibility with Vietnamese Standards on Internal Auditing, and adhere to principles of professional ethics promulgated or published by the competent authority.

Article 17. Prohibited acts

1. The Internal Audit Department, heads and members of audit delegations are prohibited from committing the following acts:

a) Harassing and causing difficulties to audited units.

b) Abusing positions and powers for self-seeking purposes.

c) Illegally interfere in normal operation of audited units.

d) Colluding with audited units to falsify audited information.

dd) Taking bribes.

e) Revealing state secrets and secrets of audited units; revealing information about audit and audit results prior to official promulgation or publishing thereof.

g) Reporting falsified or insufficient audit results.

h) Committing other acts in contravention of regulations of law and SBV’s regulations.

2. Audited units and relevant organizations and individuals are prohibited from committing the following acts:

a) Refusing to provide information and documents (including confidential information and documents) concerning audit plans and contents at the request of the Internal Audit Department and internal audit delegations.

b) Obstructing and harassing the work of internal auditors.

c) Reporting false, untruthful, insufficient, unpunctual or impartial information and figures related to internal audit contents.

d) Bribing audit delegations.

dd) Concealing violations of laws on assets, finance and budget.

e) Other prohibited acts in accordance with regulations of law and SBV.

3. Organizations and individuals are prohibited from illegally interfering in internal audit activities.

Article 18. Management and provision of instructions on internal audit activities

The Governor shall provide instructions on and inspect internal audit activities of SBV, including:

1. promulgating or authorizing promulgation of documents, rules and processes regarding internal audit of SBV.

2. approving annual and unscheduled plans for internal audit of SBV.

3. deciding to appoint and dismiss controllers.

4. taking necessary measures to manage and supervise internal audit of SBV, including measures to take prompt measures against violations of law and regulations on internal audit; providing instructions on supervision and assessment of internal audit activities to make sure objectives are achieved and internal audit activities are carried out in an effective manner.

5. Providing adequate and necessary resources for internal audit activities; decide issues concerning interests of internal auditors.

6. Providing instructions on handling or handling, within his/her power, complaints, denunciations and propositions from audited units and other organizations and individuals related to internal audit activities of SBV.

Article 19. Scope and subjects of internal audit

1. The scope of internal audit covers all activities and business processes of SBV. According to the audit plan approved by the Governor, the Director of the Internal Audit Department shall decide specific scope of audit suitable for each audit.

2. Subjects of an internal audit are all units affiliated to SBV as prescribed in Clause 1 Article 2 hereof.

Article 20. Internal audit methods

Internal audit method refers to a risk-based method which that is meant to give priority to audit of units, high risk activities and business processes.

The Director of the Internal Audit Department shall provide guidance on risk-based internal audit method.

Article 21. Contents of internal audit activities

1. Internal audits of SBV include:

a) Financial audit, which is conducted to assess and confirm the accuracy and truthfulness of financial information and financial statements of an audited unit.

b) Compliance audit, which is conducted to assess and confirm whether a unit complies with laws, rules and regulations.

c) Operational audit, which is conducted to assess the economy, efficiency and effectiveness in management and use of public finance and public assets.

d) Other audits suitable for tasks and powers of SBV’s internal auditors.

2. According to requirements of each audit, the Director of the Internal Audit Department shall decide an appropriate audit.

Article 22. Internal audit plans

Internal audit plans include annual audit plan and detail audit plan:

1. Annual audit plan: Based on objectives, annual policy management plan, result of risk assessment and available resources, the Director of the Internal Audit Department shall develop an annual plan for internal audit of SBV and submit it to the Governor for approval before December 21 and notify the audit plan to units affiliated to SBV. The plan shall contain contents, scope and subjects of the audit, and comply with the following requirements:

a) Regarding risk-based internal audit: priority should be given to audit of activities, operations and operations/management units at high level of risk.

b) Comprehensiveness must be ensured: all activities, business processes and units are audited.

c) Adequate time must be set to be able to conduct unscheduled audits at the request of the Governor or upon receipt of information about signs of offences or high risks.

d) The plan may be adjusted if there is any basic change to contents and scope of audit, risk variations and current resources or at the request of the Governor.

2. Detailed audit plan: Based on the annual audit plan approved by the Governor, the Director of the Internal Audit Department shall develop and promulgate a detailed audit plan suitable for resources and requirements of each audit, including expected date of audit, members of audit delegations, focus of the audit and other relevant requirements. The detailed audit plan shall be formulated in accordance with the regulations set out in the process for internal audit of SBV.

Article 23. Implementation of audit plans and audit decision

1. According to the audit plan approved by the Governor, the Director of the Internal Audit Department shall conduct internal audits in accordance with rules and process for internal audit of SBV.

2. The Governor shall authorize the Director of the Internal Audit Department shall sign audit decisions according to the annual or unscheduled audit plans approved by the Governor. An audit decision shall contain:

a) Bases for conducting the audit;

b) Audited unit;

c) Objectives, contents and scope of the audit;

d) Date and place of audit;

dd) Chief and members of the audit delegation;

e) Other contents (if available).

The audit decision shall be notified to the audited unit 03 (three) days prior to the audit, except for the case of unscheduled audit. During the audit, if needed to change the contents mentioned in Points a, b, c, d and dd of this Clause, the Director of the Internal Audit Department shall issue a written decision and notify it to the audited unit and members of the audit delegation.

Article 24. Internal audit reports

1. Report on an audit: the report is prepared by an audit delegation for each audit or each content of the audit. The audit report shall state key contents of the audit, including objectives, scope and result of the audit.

The report shall be prepared, promulgated and sent in accordance with the process for internal audit of SBV.

2. Annual report on audit results: the report shall contain results given according to each content of the audit or all audit activities carried out in a year.  The report shall specify the implementation of the approved audit plan and focus of the audits conducted in a year; deficiencies and violations discovered through the audit; propositions and results of implementation of propositions by the internal auditors; assessment of the internal control system related to audited activities and suggestions on perfecting the internal control system.

The Internal Audit Department shall notify the Governor of the internal audit results in accordance with this Clause before January 30 of the next year.

3. Ad hoc report: if any serious violation or high risk is found resulting in threatening asset and information safety at the audited unit, thereby exerting adverse effects on operation and reputation of SBV or at the request of the SBV’s management board, the Internal Audit Department must promptly report it to the Governor within 48 hours for possible solutions.

Article 25. Propositions and implementation of propositions during internal audit activities

1. Opinions specified in an internal audit report include:

a) Propositions, which are opinions expressed when the internal auditor finds a violation in accordance with regulations of law, SBV and audited unit.

b) Recommendations, which are opinions expressed when the internal auditor assesses an activity/operation carried out by the unit may pose a high risk, thereby threatening asset and information safety or it is necessary to make amendments to the business process in order to prevent risks and improve operational quality and efficiency.

2. The audited unit and other relevant units shall comply with and promptly implement all propositions specified in the audit report. Regarding the propositions specified in the audit report, the audited unit and other relevant units are encouraged to consider and apply such propositions in order to amend, add and perfect their business processes, prevent risks and enhance operational efficiency.

3. The Internal Audit Department shall supervise, inspect and assess the implementation of propositions and recommendations by audited units.

Article 26. Tasks and powers of the Internal Audit Department

1. Tasks:

a) Formulate annual or unscheduled internal audit plans and submit them to the Governor for approval.

b) Assess the reasonableness, efficiency and effectiveness of the internal control system and compliance and operational efficiency of audited units; propose measures to correct errors and take actions against violations; provide advice on measures to perfect and improve efficiency and effectiveness of the internal control system; supervise and inspect the implementation of propositions and recommendations given by internal auditors.

c) Develop, add and perfect methods for internal audit of SBV with the aim of increasing quality and audit effectiveness and satisfy management and administration requirements laid down by the SBV’s management board.

d) Advise heads of units affiliated to SBV on completing the internal control system and risk assessment and management process in a manner which is suitable for their functions and tasks.

dd) cooperate with relevant units affiliated to SBV in establishing a competency framework for bank controllers to form the basis for recruitment, employment and training of internal controllers and auditors.

e) Establish and maintain a mechanism for professional exchange with the State Audit Office of Vietnam, Banking Supervision Agency and relevant audit authorities and units in order to provide professional advice and establish effective cooperation; act as a unit in charge and cooperate with relevant authorities and units in handling issues related to functions and tasks of internal auditors.

2. Powers:

a) Be provided with sufficient resources, equipment and other necessary conditions for satisfying requirements for internal audit activities.

b) Be entitled to access, exploit and provide fully and promptly all information, documents, records and reports necessary for internal audit; request audited units to report and explain contents related to internal audit in writing (if necessary).

c) Be entitled to approach and interview all officials and employees of audited units about issues related to the content and scope of the audit.

d) Be entitled to attend meetings of the SBV’s management board in accordance with the SBV’s working regulation to capture information for internal audit purposes.

dd) Be entitled to supervise, monitor, inspect and evaluate the remedy and completion by units with regard to issues proposed and recommended by internal auditors.

e) Other powers prescribed by the Governor and law.

Article 27. Responsibilities and powers of the Director of the Internal Audit Department

1. The Director of the Internal Audit Department has the responsibility to:

a) organize the implementation of approved audit plans, ensuring the progress, efficiency and quality of each audit; be responsible to the Governor for the internal audit activity results.

b) report internal audit results or issues concerning internal audit activities of SBV to the Governor.

c) organize assessment of risks posed to operations of SBV to develop internal audit plans and implement them in an effective manner; organize assessment and control of quality of internal audit activities of SBV as prescribed in Article 31 hereof.

d) take specific measures to maintain satisfaction of requirements for internal audit activities set out in Article 15 hereof; strengthen administrative discipline and rules during internal audit activities; take actions against misconduct, embezzlement and corruption during internal audit activities.

dd) consider and handle complaints and propositions of audited units about internal audit activities; consider and handle propositions about recording opinions on audit conclusion given by audit delegations’ chiefs and members.

e) suggest or cooperate with relevant units to provide training and refresher training to controllers, internal controllers and internal auditors so that they can satisfy the prescribed standards.

g) perform other tasks related to internal audit activities at the request of the Governor.

2.  The Director of the Internal Audit Department has the power to:

a) promulgate or request the Governor to promulgate rules and processes for effective management and administration of internal audit activities.

b) sign audit decisions as authorized by the Governor in accordance with Clause 2 Article 23 hereof.

c) Proactively take and decide specific measures to implement internal audit plans.

d) Request the Governor to resolve difficulties that arise from internal audit activities.

dd) Request the Governor to consider devolving responsibilities and take actions against organizations and individuals that fail to comply with internal audit decisions, conclusions and propositions or that violate laws and regulations of organizations.

e) Decide to exploit and use internal audit dossiers to perform his/her tasks or provide it to relevant organizations and individuals in accordance with regulations of law and SBV.

g) Exercise other powers as prescribed by law.

Article 28. Internal audit delegations

1. An internal audit delegation shall be established to conduct audits according to the approved plans and programs.

2. The internal audit delegation is composed of a chief, deputy chief (if any) and members, and established by the Director of the Internal Audit Department.

3. Standards to be satisfied by a chief and deputy chief of the internal audit delegation:

a) His/her qualifications, leadership capacity and work experience must be suitable for assigned tasks.

b) He/she must be a principal controller or hold the position of deputy head of division or equivalent or higher position.

4. Activities of the audit delegation; tasks, powers and responsibilities of the chief and members are specified in the internal audit regulation and process for internal audit of SBV prescribed by the Governor.

Article 29. Responsibilities and powers of audited units

1. An audited unit has the responsibility to:

a) comply with internal audit decisions;

b) prepare and sufficient and promptly provide all information, documents, records and reports (including confidential ones) related to audit plans and contents at the request of the Internal Audit Department and internal audit delegation; be responsible to the Governor for the accuracy, truthfulness and objectivity of the information and documents provided.

c) sufficiently and promptly provide explanation for and respond to issues concerning the audit contents and scope at the request of the audit delegation and be responsible for its response.

d) enable the audit delegation to perform its tasks; facilitate the operation of the audit delegation.

dd) sufficiently and promptly organize implementation of audit conclusions and propositions and submit a timely report thereon to SBV (via the Internal Audit Department).

2. An audited unit has the power to:

a) refuse to provide information and documents not related to the audit contents.

b) provide written explanation for the issues stated in the draft audit report if deemed inappropriate;

c) file complaints with the Director of the Internal Audit Department or the Government about audit assessment, conclusions and propositions if there are sufficient grounds to believe that opinions given by internal auditors is unreasonable or unlawful.

d) file complaints with the Director of the Internal Audit Department or the Government about violations of laws committed by the chief and members of the audit delegation; request replacement of the chief and members of the audit delegation if there are sufficient evidences for impacts of violations against laws and regulations on audit principles and requirements on the truthfulness and objectivity of the audit result.

dd) Exercise other powers in accordance with regulations of law and SBV.

Article 30. Internal audit regulation and internal audit process

1. The internal audit regulation provides for organizational structure and operation of SBV the internal audit delegation.

2. The internal audit process provides for sequence, contents and procedures for conduct of an internal audit by SBV’s internal auditors.

3. The internal audit regulation and internal audit process shall be promulgated by the Governor at the request of the Director of the Internal Audit Department.

Article 31. Assurance of quality of internal audit activities

1. Internal audit activities and internal audits of SBV shall undergo internal supervision and assessment to satisfy audit requirements and ensure audit quality.

2. The Director of the Internal Audit Department shall prescribe, provide instruction on and organize assessment and control of quality of internal audit activities of SBV within his/her jurisdiction.

Article 32. Internal audit dossiers

1. Documents on each audit should be included in an audit dossier.

2. Responsibilities, procedures for preparation, components and list of audit dossiers are specified in the internal audit regulation and process.

3. The storage and archiving of internal audit dossiers shall comply with regulations of law and SBV on archives.

4. The exploitation and use of internal audit dossiers shall be decided by the Director of the Internal Audit Department.

Chapter IV

BANK CONTROLLERS

Article 33. Controllers

1. SBV’s officials directly responsible for carrying out internal control and audit on a full-time basis may be assigned to various positions of bank controllers if conditions and standards prescribed by SBV are met.

2. Positions of bank controllers include bank controllers, principal bank controllers and senior bank controllers.

3. Bank controllers shall perform their tasks in accordance with regulations promulgated by the Governor and other relevant documents; be entitled to benefits in accordance with regulations of the State and SBV.

Article 34. Appointment and dismissal of bank controllers

1. Based on the conditions and standards prescribed by the Governor, units shall make applications for appoint and dismissal of bank controllers and submit them to the Department of Personnel and Organization.

2. The Department of Personnel and Organization shall take charge and cooperate with the Internal Audit Department in submitting decision on appointment and dismissal of bank controllers as prescribed.

Chapter V

IMPLEMENTATION CLAUSE

Article 35. Effect

This Circular comes into force from August 15, 2020 and supersedes the Circular No. 16/2011/TT-NHNN dated August 17, 2011 of the Governor of the State Bank of Vietnam.

Article 36. Implementation

Chief of Office, Director of Internal Audit Department, heads of units affiliated to SBV, directors of State Bank branches of provinces and central-affiliated cities are responsible for the implementation of this Circular.