Internal bank auditing is an indispensable part of the risk management structure of all credit institutions today, ensuring transparency and compliance with the law. According to statistics from the State Bank of Vietnam, errors in the internal control system account for up to 60% of serious operational risks at commercial banks over the past decade. Implementing internal auditing is not only a mandatory task according to regulations. Circular 13/2018/TT-NHNN It is also a tool that helps the Board of Directors effectively monitor cash flow and assets.
The rapid development of financial technology (Fintech) and digital banking has made the role of internal bank audit increasingly complex and demanding. A robust audit system helps organizations prevent fraud, optimize business processes, and build trust with customers and regulatory authorities. To better understand current regulations and how to operate this department effectively, please read the detailed content below.
What is internal auditing in banks according to legal regulations?
Internal auditing in banks is a crucial component of the risk management and control system of credit institutions. According to regulations... Circular 06/2020/TT-NHNN Under the direction of the State Bank of Vietnam, this activity is tasked with independently inspecting and evaluating the internal control system, business processes, and level of legal compliance throughout the entire bank. Through this, internal auditing helps to detect risks early, improve governance efficiency, and ensure transparency in financial and banking operations.
The concept of internal auditing in the banking sector.
Based on Clause 1, Article 3 of Circular 06/2020/TT-NHNN, internal auditing of banks is defined as the independent and objective examination and evaluation of the internal control system. The core objective is to assess the appropriateness and compliance of policies, processes, and procedures established at the State Bank of Vietnam as well as credit institutions.
Strategic nature and role
The nature of internal bank auditing goes beyond simply checking the numbers. financial reports Furthermore, it extends to evaluating the effectiveness of risk management. The role of this department is likened to a "watchful eye" that helps the Supervisory Board identify loopholes in credit processes, international payments, and fundraising before external inspection agencies intervene.
Tasks and scope of activities of internal audit in banks.
The activities of a bank's internal audit department are clearly divided into many different areas of work to cover all of the organization's risks.
Financial audit and financial reporting
This content focuses on verifying the accuracy and reasonableness of items on the balance sheet. Internal bank audits will review provisions for credit risk, and classify bad debts accordingly. Circular 11/2021/TT-NHNN To ensure that the reported profits are accurate.
Compliance auditing in banking operations
This is a crucial part of assessing compliance with capital adequacy ratio (CAR) regulations, credit limits for customers, and anti-money laundering regulations. Auditors must ensure that all transactions comply with the bank's internal "constitution" and applicable laws.
Operational and performance audit
Internal audit Banks conduct assessments of the economy and efficiency of resource utilization. For example, they evaluate the operating costs of branches, the effectiveness of card products, or fundraising promotional programs to recommend reductions in wasteful spending.
| Criteria | Financial Audit | Compliance Audit | Operational Audit |
| Target | Reliability of data | Compliance with regulations | Efficiency and productivity |
| Object | Financial statements, accounting records | Laws, circulars, procedures | Business processes, human resources |
| Result | Opinions on the data | Report violations of compliance | Recommendations for process improvement |
International standard procedures for conducting internal bank audits.
To ensure quality, the internal audit process of banks is typically standardized through six rigorous steps, applied according to the Internal Auditing Standards (IPPF).
Audit planning phase
At this stage, the head of the bank's internal audit department must determine the scope based on risk assessment (risk-based internal audit). High-risk departments such as Credit or Capital will be prioritized and allocated more resources for auditing.
Prepare preliminary documents and data.
Before visiting the facility, the audit team needs to collect periodic reports and inspection records from the previous period. Data analytics helps auditors quickly detect anomalies in balances or transaction frequencies.
Conduct on-site inspections at the unit.
This is the core phase of a bank's internal audit. Auditors will perform procedures such as observing transactions at the counter, comparing original documents, interviewing staff, and conducting surprise checks of the bank's vault to detect fraud.
Draft the report and discuss the results.
All findings of the bank's internal audit must be recorded in the audit report. Before issuing the official report, the audit team must discuss with the audited entity to reach an agreement on the errors and their objective/subjective causes.
Release of the official audit report.
The bank's internal audit report must be submitted to the Board of Directors, the Supervisory Board, and the Executive Board. The report should clearly state the severity of the irregularities and provide specific timelines for the entity to rectify them.
Post-audit monitoring and evaluation
The responsibilities of a bank's internal auditors do not end after issuing a report. They must monitor the implementation of corrective recommendations to ensure that gaps are fully filled and to prevent the recurrence of past mistakes.
Requirements and prohibited practices in internal bank audits.
The law imposes very strict regulations on the independence and professional ethics of personnel working in internal auditing at banks to prevent a situation where they are both playing the game and acting as the referee.
Independence and objectivity
Auditors are not allowed to audit the same work they have done in the last three years. This is a crucial principle of internal bank auditing to ensure the most impartial view of misconduct by colleagues or superiors.
Prohibited behaviors according to Circular 06/2020/TT-NHNN
The law strictly prohibits acts of harassment and abuse of power for personal gain. In particular, colluding with the audited entity to falsify internal bank audit results can lead to criminal prosecution depending on the severity of the offense.
Skills and professional requirements of internal auditors
Working in a demanding financial environment, internal bank auditors need to possess both integrity and competence, demonstrated through certifications and practical skills.
Professional qualifications and certifications
Auditors need a university degree in Accounting, Auditing, or Banking and Finance. International certifications such as CIA or CISA are a significant advantage for professional internal bank audit positions.
Risk analysis and critical thinking skills
A good internal bank auditor must be able to spot risks from the smallest details. Critical thinking helps them not easily accept superficial explanations from the audited entity, but always delve into the essence of the transaction.
Communication and negotiation skills
Internal bank audits frequently face resistance from audited entities. Therefore, skillful communication while maintaining principles is essential to persuade parties to accept audit findings.
Salary and career progression in internal banking auditing.
Internal auditing in banking consistently ranks among the highest-paying positions in the back-office sector of the banking industry today.
Survey of actual salary levels
Below is a table showing the average income at Vietnamese joint-stock commercial banks:
| Location | Experience | Average salary (VND/month) |
| New auditor | 1-2 years | 12.000.000 – 18.000.000 |
| Chief Auditor | 3-5 years | 20.000.000 – 35.000.000 |
| Audit team leader | 5-8 years | 40.000.000 – 60.000.000 |
| Director of Internal Audit | over 10 years | 80.000.000 – 150.000.000 |
Career advancement path
Starting as an assistant, you can progress to principal auditor, team leader, and ultimately to Chief Internal Auditor (CAE) of the bank. This is a senior position that typically reports directly to the Board of Directors and has significant power and influence within the organization.
Conclude
Internal bank auditing is not only a stringent legal requirement but also key to protecting the core values of credit institutions against market fluctuations. Building a highly skilled, knowledgeable, and ethically sound auditing team is the most sustainable investment in the safety of the national financial system.
If your bank or business is struggling to establish an audit system or train audit personnel, contact MAN – Master Accountant Network immediately. We pride ourselves on providing professional internal audit consulting and implementation services for banks, helping to optimize control processes and risk management according to international standards. MAN is committed to partnering with businesses in achieving financial transparency and enhancing governance.
Other services
- Financial statement audit services
- Internal audit services
- Internal Control System Assessment Service
- Auditing services on request
- Professional tax audit services
- Construction auditing services
- Completed project settlement audit service
Service contact information at MAN – Master Accountant Network
- Address: No. 19A, Street 43, Tan Thuan Ward, Ho Chi Minh City
- Mobile/Zalo: 0903 963 163 – 0903 428 622
- Email: man@man.net.vn
Content production by: Mr. Le Hoang Tuyen – Founder & CEO MAN – Master Accountant Network, Vietnamese CPA Auditor with over 30 years of experience in Accounting, Auditing and Financial Consulting.
Frequently Asked Questions about Internal Auditing in Banks
How does internal bank auditing differ from independent auditing?
Internal auditing focuses on risk management and compliance with internal procedures throughout the year. Independent auditing, on the other hand, focuses primarily on the accuracy of financial statements at a specific point in time and serves parties outside the bank, such as shareholders or tax authorities.
Is it mandatory for a bank to have an internal audit department?
According to the current Law on Credit Institutions, all banks and credit institutions operating in Vietnam are required to establish an internal audit system that operates independently of the Board of Directors.
Can recent graduates work as internal auditors in banks?
It is very difficult for recent graduates to immediately take on this position. Typically, banks require at least two years of experience in bank accounting or independent auditing before moving on to internal auditing.
