© 2017 KPMG Limited, KPMG Tax and Advisory Limited, …...has been at KPMG Vietnam since 2009. She currently leads the Internal Audit, Risk and Compliance practice for Vietnam and

1© 2017 KPMG Limited, KPMG Tax and Advisory Limited, KPMG Legal Limited, all Vietnamese limited liability companies and member firms of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.

Document Classification: KPMG Confidential



01

02

Topical overview

03

New SectionQuestion & Answer session

Regulatory landscape in Vietnam

Three Lines of Defense (3LoD)

04

Governance, Risk and Compliance Webinar Agenda

10 minutes

30 minutes

10 minutes

10 minutes



Question and Answer Session

Please submit questions in the chat window (bottom right corner of the screen) at any time during the presentation.

Don’t forget to hit SEND.

I will compile the questions and submit them to the speaker in the last 30 minutes of the webinar, as time permits



Key Presenter

Trang has more than 17 years of experience, and has been at KPMG Vietnam since 2009.

She currently leads the Internal Audit, Risk andCompliance practice for Vietnam and Cambodia. Herareas of focus and expertise include corporategovernance, internal audit, enterprise riskmanagement and internal controls. Her clientelerange across numerous sectors including financialservices, FMCG, healthcare and life science,construction and real estate, telecom, tech, andeducation.Nguyen Anh Xuan Trang

Director, ConsultingKPMG Vietnam

Governance, Risk, and

Compliance – Overview



Top concerns of Audit Committees

Source: KPMG 2017 Global Audit Committee Pulse Survey

3%

3%

7%

8%

9%

11%

13%

13%

19%

21%

22%

24%

28%

28%

34%

41%

Other

Readiness for OECD country-by-country tax reporting

CFO succession planning

Assessing audit quality

Key assumptions underlying critical accounting estimates

Talent and skills in the finance organization

Fraud risk

Implementation of new accounting standards

Pressures of short-termism and aligning company's long-term…

Ensuring that internal audit maximizes its value

Maintaining internal controls over financial reporting

Tone at the top and organizational culture

Maintaining control environment on company's extended org

Managing cybersecurity risk

Legal/regulatory compliance

Effectiveness of risk management program

The survey was conducted from Aug-Oct 2016. Results shown are for 832 complete responses from 42 participating countries:

• 55% of respondents were Audit Committees Chairs; 45% Audit Committees Members

• Company types of survey : 63% were public companies, 25% private companies, 7% non-profits; and 5% other.

• Sectors: banking/ financial services, manufacturing, consumer goods, insurance, technology, RE, media, healthcare, not for profit, etc.



Challenges in maintaining a robust 3 lines of defense (1 of 2)

Sector driven by regulatory requirementsThe Vietnam market is relativelyyoung, in comparison to others inAsia, like Singapore or Hong Kong,with evolving regulatory requirements.

Overlap in scope of work Confusion with regards to scope of

work between IC, IA, Risk, ISO Focus and scope of Internal Audit

similar to External Audit

Weak 1st & 2nd line of defenseIncomplete/weak 1st line and 2ndline of defense resulting in ineffectiveand inefficient internal audit – 3rdline of defense.

Perception as a ‘policeman’ & low value-add

Lack of knowledge about internalaudit: Internal Audit methodology is not

based on leading practices orprinciples;

Insufficent Internal Audit qualitymanagement

INTERNAL AUDIT (VIETNAM)

Technology and data analyticsData analytics and other technologyprocesses have not been leveragedto conduct root cause and trendanalysis



Challenges in maintaining a robust 3 lines of defense (2 of 2)

Lack of awarenessAwareness is strong mainly amongcompanies in the Financial Servicessector, due to heightened regulationsand guidelines related to RiskManagement.

ENTEPRISE RISK MANAGEMENT

Lack of risk management professionals in non-FS sectorsRisk management professionals tendto be focused in the FinancialServices sector. In FMCG andmanufacturing sectors, riskmanagement positions aren’t asattractive due to low return andbenefits

Sector driven by regulatory requirementsImplementation of risk managementis for compliance purposes,especially in quality and safety forspecific sectors

Enterprise Risk Management is not independently establishedImplementation of risk management is for compliance purposes, especially in quality and safety requirement for specific sectors



Current reporting lines for internal audit

SHAREHOLDERS

BOARD OF DIRECTORS/ MEMBERS’ COUNCIL

CEO INTERNAL AUDIT

Functional reportingAdministrative reporting

SHAREHOLDERS

BOARD OF DIRECTORS

CEO INTERNAL AUDIT

CONTROL BOARD

Banking, Joint-Stock Company and Public Company in Vietnam

Securities Brokerage, Investment Fund and Public Company in Vietnam

CONTROL BOARD

Regulatory Landscape in

Vietnam



Key Regulations in Vietnam

INSURANCE Decree 73 / 2016 / ND-CP: Implementation of the Law on insurance

business and certain amended articles Circular 50 / 2017 / TT-BTC on guidelines for Decree 73

BANKING Law on Credit Institution 47 / 2010 / QH Circular 44 / 2011 / TT-NHNN on IC system and internal audit of

credit institutions, foreign bank's branches

SECURITIES BROKERAGE

Circular 210 / 2012 / TT-BTC guidance on the establishment and operation of securities company

INVESTMENT FUND

Circular No. 212 / 2012 / TT-BTC guiding the establishment, organization and operation of fund management company

PUBLIC COMPANIES

Decree 71 / 2017 / ND-CP on Corporate Governance applicable to public companies, effective 01 Aug 2017 to replace Circular 121 / 2012 / TT-BTC

JOINT STOCK COMPANIES Law on Enterprise 68 / 2014 / QH13

Draft Draft Decree on Internal Audit



New Decree No. 71 on Corporate Governance



Draft Decree on Internal Audit

How can Vietnamese companies strengthen their CG practices to align with leading practices?



KPMG Governance Framework

Source: KPMG’s Board Advisory Services

Aims to help corporate leaders understand corporate governance responsibilities and improve their performance and governance standards



KPMG Governance Framework


Aims to help corporate leaders understand corporate governance responsibilities and improve their performance and governance standards

KPMG Management Assurance Framework focuses on 1.2 and 3.2

KPMG Management Assurance Framework focuses on 1.2 and 3.2



KPMG Management Assurance Framework


Utilizes a holistic methodology, proactive risk management (including fraud risk) with adequate and effective monitoring as key components.



Operationalising Management Assurance FrameworkOperationalising risk management

Management Self-Assurance

Almostcertain

Likely

Possible

Unlikely

Remote

Low Minor Moderate

Major Severe

R2

R1R4

R3

Audit Committee

Develop and update

Control Owners Self Assessment

Process Owners Self Assessment

Validation by IA; Reporting of results to

Management and AC

RCSA Test Results

(P&P 4)

Board Risk Committee

Governance Committee

Investment Committee Etc.

Board Oversight

2nd Line of Defense: Risk Profile (ERM) 1st Line of Defense: People, Processes & Systems

2nd and 3rd Line of Defense: RCSA + Internal Audit

Policy & Procedure 1





RCSA

Integrated Risk Assurance



KPMG Management Assurance Framework: 3rd Line of Defense Model

Tone at the Top Entity Level Management

Operational and Control

(First Line)

Policies and Procedures

Board Oversight

Business and Operational Processes

Reporting – Internal & External

Assurance(Third Line) Concurrent Audit Internal Audit Management Audit

Monitoring(Second Line) Compliance Risk Management

Operating Model

• Roles & Responsibilities

• IT Infrastructure

• Third Party Service


© 2017 KPMG Tax and Advisory Limited, a Vietnamese limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.

The KPMG name, logo are registered trademarks or trademarks of KPMG International.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

kpmg.com/socialmedia kpmg.com/app

KPMG Tax and Advisory LimitedNo. 115 Nguyen Hue StreetBen Nghe Ward, District 1Ho Chi Minh City, VietnamTel: + 84 838219266

Markets GroupMs. Van LyMarkets [email protected]+84 90 780 9576

https://www.linkedin.com/company/10473005?trk=tyah&trkInfo=clickedVertical:company,entityType:entityHistoryName,clickedEntityId:company_10473005,idx:0https://www.linkedin.com/company/10473005?trk=tyah&trkInfo=clickedVertical:company,entityType:entityHistoryName,clickedEntityId:company_10473005,idx:0https://www.facebook.com/kpmgvietnamhttps://www.facebook.com/kpmgvietnamhttps://www.youtube.com/user/KPMGinVietnamhttps://www.youtube.com/user/KPMGinVietnammailto:[email protected]



Upcoming Webinar:

Slide Number 1Slide Number 2Question and Answer SessionKey Presenter Governance, Risk, and Compliance – OverviewTop concerns of Audit CommitteesChallenges in maintaining a robust 3 lines of defense (1 of 2)Challenges in maintaining a robust 3 lines of defense (2 of 2)Current reporting lines for internal auditRegulatory Landscape in VietnamKey Regulations in VietnamNew Decree No. 71 on Corporate GovernanceDraft Decree on Internal AuditHow can Vietnamese companies strengthen their CG practices to align with leading practices?KPMG Governance FrameworkKPMG Governance FrameworkKPMG Management Assurance FrameworkOperationalising Management Assurance FrameworkKPMG Management Assurance Framework: 3rd Line of Defense ModelSlide Number 20Upcoming Webinar:

Documents

© 2017 KPMG Limited, KPMG Tax and Advisory Limited, …...has been at KPMG Vietnam since 2009. She currently leads the Internal Audit, Risk and Compliance practice for Vietnam and