Decree 05 on Internal Audit Activities
On 22 January 2019, the Government of Vietnam has issued Decree No. 05/2019/ND-CP creating a legal framework for the implementation of internal audit activities (“Decree 05”). These new regulations not only require greater proficiency and ensure more transparency of corporate governance, but also reach international best practices on internal audits.
Below are several key issues in Decree 05 that we would like to point out:
Entities subject to implementation of internal audit
Decree 05 requires internal audits of the following subjects (the “Eligible Entities”):
- Governmental agencies (ministries, ministerial-level agencies, government-attached agencies and their affiliated units including non-business units affiliated to ministries, ministerial-level agencies, and government-attached agencies);
- Provincial People’s Committees and centrally-run cities, specialized agencies under the People’s Committees of provinces and centrally-run cities and non-business units directly under the People’s Committees of provinces and centrally-run cities;
- State-owned public service units; and
- Enterprises (listed companies; enterprises majority owned by the State, which are parent companies operating in a parent-subsidiary business model; and State-owned enterprises which are parent companies operating in a parent-subsidiary business model).
Before the issuance of Decree 05, the regulations on establishment and implementation of internal audits had been scattered throughout different pieces of legislation such as the Law on Credit Institutions, the Law on Securities, etc. This caused confusion and inconsistencies in the scope of applicable entities. The consolidation of regulations in Decree 05 resolves this issue.
Objectives and principles of internal audit
As introduced by Decree 05, through activities of independent reviews, assessments and consultancy the internal audit should provide independent and objective assurances and recommendations that:
- the internal control system of the organization operates appropriately to prevent, detect and address risks;
- the corporate governance and risk management processes of the organization are highly effective and efficient; and
- operational and strategic objectives, plans and business commission of the organization have been accomplished.
To achieve these objectives, the internal audit must ensure it is conducted with independence, objectivity and legal compliance. An independent internal audit function, through a risk-based approach, should be a third line of defense for businesses so as to effectively assist the Board of Directors in governance and strategic decisions.
Work of internal audit with respect to enterprises
Decree 05 allows enterprises, subject to management’s discretion, to establish an Internal Audit Department or hire an accredited independent audit organization to provide internal audit services, provided that such engagement ensures full compliance with the objectives and principles of internal audits.
An exception is made in case an enterprise is under the Ministry of National Defense or the Ministry of Public Security. In such case, the work of internal audit must be conducted in accordance with the regulations of the Minister of National Defense and the Minister of Public Security respectively.
Changes in the New Enterprise Law
Considering the newly introduced provision of Audit Committee of joint stock companies (“JSC”) as introduced by the new Enterprise Law No. 59/2020/QH14 dated 17 June 2020, which will take effect as of 1 January 2021, where the organizational and managerial structure of a JSC includes a General Meeting of Shareholders (“GMS”), the Board of Directors (Hội đồng Quản trị) (the “Board”) and a Director or General Director without the Inspection Committee (Ban Kiểm soát), that company shall establish an Audit Committee, which will be responsible for overseeing the reliability of the company’s financial reports and effectiveness of the company’s internal control and risk management systems as well as the Internal Audit Department of the company.
Audit Committees must have two or more members. The chairman of the Audit Committee must be an independent member of the Board. Other members of the Audit Committee must be non-executive members of the Board.
Adoption of International Finance Report Standards
The Ministry of Finance has also recently adopted the International Financial Reporting Standards (“IFRS”). IFRS imposes more complex techniques for application than the previous standard. Since one of the main responsibilities of the Internal Audit is to examine the financial report of the company, the change that this new international standard brings may affect the Internal Audit function.
From 2025, IFRS will officially replace the current Vietnamese Accounting Standards (VAS). The implementation of adoption of IFRS in Vietnam is explicated under Decision No. 345/QD-BTC dated 16 March 2020 of the Ministry of Finance on approval of the scheme for application of financial reporting standards in Vietnam. Accordingly, the Ministry of Finance will, based on the needs and availability of enterprises and the actual situation, stipulate the plan and time for compulsory application of IFRS to create consolidated and/or separate financial statements for each group of eligible enterprises.