Factors influencing the effectiveness of internal control in cement manufacturing companies

Article history: Received: June 14 2019 Received in revised format: July 25 2019 Accepted: August 5, 2019 Available online: August 5, 2019 This research approaches and used the 2013 Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) with a view to assessing the impact of the factors: (1) Control environment, (2) Risk assessment, (3) Information and communication, (4) Control activities and (5) Monitoring on the effectiveness of internal control at cement companies. The research was carried out through a survey of 210 managers and employees at Vietnamese cement companies with the support of SPSS software and assessed scale reliability through using the Cronbach`s Alpha coefficient and the method of exploratory factor analysis (EFA). The research results show that the factors above had positive relationship with the effectiveness of internal control. Also, on such basis, the author gave recommendations for maintaining and promoting the effectiveness of internal control to managers at cement companies. © 2020 by the authors; licensee Growing Science, Canada


Introduction
Internal control plays an important role in preventing and discovering risks, truly and fairly provides financial information, strengthening compliance and improving operational efficiency.Realizing such importance, cement companies have established and carried out internal controls in various forms.Internal control does not only control of an entity's department but also the process including procedures and regulations intended for all departments to ensure that corporate managers can perform functions of reporting, compliance and operation.However, establishing and efficiently carrying out internal controls is now a factor in which managers at cement companies take a great interest.Internal control is an extremely important function of corporate governance.For this reason, to improve governance efficiency, promoting the effectiveness of internal control is necessary (Suyono & Hariyanto, 2012).Internal control which is efficiently maintained will help entities achieve objectives in terms of not only report and compliance but also operation.

Literature review
Research on the factors affecting the effectiveness of internal control is basically based on 5 parts of the COSO's internal control in 1992 including: Control environment, risk assessment, control activities, information and communication systems, and monitoring.The scale of factors is summarized in Table 1, which is the summary of scale of factors affecting the effectiveness of internal control.

Table 1
The summary of the factors influencing on the effectiveness of internal control

Research Measurement Impact
Control Enviroment Amudo & Inanga (2009), Ho (2016), Gamage et al. (2014), Nguyen (2018) -Management and operating philosophy -Integrity and moral values -Commitment to competence -Organizational structure -Human resources policies Possitive Risk Assessment Walker (1999), COSO, (2013), Amudo & Inanga (2009), Ho (2016), -Determine the target -Identify risks -Risk assessment Possitive Control Activities Walker (1999), COSO, (2013), Amudo & Inanga (2009), Ho (2016), Pham (2018) -Assignment, assignment, authorization -Physical control activities -Control the information processing process -Control policies and procedures -Control technology Possitive Information and Communication COSO, (2013), Amudo & Inanga (2009), Ho (2016) "The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization.The board of directors and senior management establish the tone at the top regarding the importance of internal control and expected standards of conduct" (COSO 2013).Usually, control environment consists of the following factors: managers' integrity and ethical values, leadership philosophy and operating style; organizational structure; assignment of authority and responsibility; personnel policy; planning; management engagement; and some other factors.The role of control environment is to provide a key foundation for activities because organizational values cannot rise above the integrity and ethics of the people who create, administer and monitor them (Rae & Subramaniam, 2008).Efficient control environment has a great impact on the entire internal control system.The fact that internal control is carried out efficiently or inefficiently depends mainly on such foundation; therefore, this is the most important component for providing a solid foundation for the design and operation of an entity's internal control system.

Risk assessment
The IIA's International Standards define a risk as 'the possibility of an event occurring that will have an impact on the achievement of objectives'.Risks may be financial, operational, legal/regulatory, or strategic in nature.When risks happen, it is likely that an entity will not achieve the set objectives.Risk management is a process designed to prevent or minimize risks (Walker, 1999), and therefore it helps the entity avoids not achieving their main goals.Risk assessment is an important part in risk management (Pham, 2018).Risk assessment is the process of detecting, assessing and determining how to succeed these things (Gamage et al., 2014;Ratcliffe & Landes, 2009).Risk assessment helps an entity have the best risk management measure.Thus, the establishment and implementation of risk assessment measures will have an impact on internal control efficiency.

Information and communication
The study of Gamage and Low Lock (2014), Ho (2016) and Nguyen (2018) have shown that information and communication is an important factor affecting the effectiveness of the Internal Control systems.All researchers have confirmed that the information and communication system well designed have a positive effect on the effectiveness of internal control in the enterprise.Information must be determined reliably from both inside and outside the enterprise, to be informed and handled by people with functions in a timely manner."Information is necessary for the entity to carry out internal control responsibilities in support of achievement of its objectives.Communication occurs both internally and externally and provides the organization with the information needed to carry out day -to -day internal control activities.
Communication enables personnel to understand internal control responsibilities and their importance to the achievement of objectives" COSO (2013).Therefore, If the communication and information system is well designed and operated, it will help employees understand and perform correctly their tasks, contributing to improve the internal control efficiency in the unit.

Control activities
According to COSO (2013), "control activities are actions that are established by policies and procedures to ensure that management directives for reducing risks and achieving an entity's objectives have been being implemented".Control activities are carried out at all levels of an entity, in various stages of the business process and in technology environment (Pham, 2018).They can include a series of manual and automatic activities such as authorizations, approvals, verifications, reconciliations and reviews of operating performance and can be designed to prevent or review the implementation of management directives.Therefore, if higher efficiency control activities achieve, more effective internal control is achieved.

Monitoring
Monitoring is one of the most important aspects of internal control in any organization.According to Nguyen (2018) and Pham (2018), monitoring the performance of the internal control system over time, made continuous or separate assessment.The purpose of the monitoring is to determine the internal control made properly, fully and efficiently as designed all five components.Monitoring activities include ongoing evaluations, separate evaluations, or some combination of the two.Ongoing evaluations are built into the routine operations and are performed on a real-time basis.A separate evaluation is conducted periodically by objective management personnel, internal audit, and external parties.The scope and frequency of separate evaluations is a matter of management judgment (COSO, 2013).Surrounding this point, monitoring is performed based on 2 principles: The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning; Also, evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.Hence, it helps internal control perform more effectively.

The proposed model
Based on results of previous researches carried out by other authors, the presented theoretical basis and the actual research at cement companies, the author proposed a research model for factors affecting the effectiveness of internal control at cement companies according to the 2013 Internal Control -Integrated Framework as Fig. 1.Hypothesis H1: Control environment has a positive impact on the effectiveness of internal control at cement companies; Hypothesis H2: Risk assessment has a positive impact on the effectiveness of internal control at cement companies; Hypothesis H3: Information and communication has a positive impact on the effectiveness of internal control at cement companies; Hypothesis H4: Control activities have a positive impact on the effectiveness of internal control at cement companies; Hypothesis H5: Monitoring has a positive impact on the effectiveness of internal control at cement companies.

Research methodology
The authors use two research methods at the same time: Qualitative method and quantities method.Qualitative method is used to determine the groups of factors that affect the effectiveness of internal control at the cement companies.Quantities research method is primarily used in research as: Cronbach's Alpha reliability Testing, EFA discovery factor Analysis, KMO coefficient analysis based on primary data by survey questionnaire on 250 managers and staffs in cement companies.After 1 month, emitting 250 surveys which are designed following 5-level Likert Scale, from "Totally disagree" to "Totally agree".Survey method through stratified random sample (sex, age, division and position) from August 1 st , 2018 to August 31 st , 2018.Consequently, emitted 250 surveys, the authors gathered in 210 valid surveys to put into research using SPSS software.Table 2 show personal characteristics of the participants and Table 3 shows the questions of the survey.Organization structure 1. Functions, powers and responsibilities and coordination among departments are clearly defined in writing 2. Departments clearly understand the responsibilities in implementing internal control targets.3. Ensuring the control principles.Management philosophy and operating style 1. Management perspective of enterprises is always to ensure compliance with the regulations of the State, industry and enterprises 2. Administrators make every effort to ensure that all tasks are completed as planned and achieve the set objectives. 3. The administrator strives to achieve the goal of financial reporting on time and reasonably honest.Commitment to competence and HR policies 1. Policies and procedures for recruitment of personnel are clear and transparent.2. The key positions always meet the requirements of the job 3. Human resources are trained and fostered to improve their qualifications in accordance with the changes from internal enterprises, environment, institutions, regulations ... 4. Enterprises formulate appropriate standards and methods for evaluating work results, and results are communicated specifically to each individual.5. Policies on salary, bonus, welfare and discipline are clear and appropriate RISK ASSESSMENT Synthesizing and developing from Walker (1999), COSO, (2013), Amudo & Inanga (2009), Ho (2016), Determine the targets 1. Operational, compliance and reporting objectives are set clearly and appropriately.2. Identify goals that take into account the appropriate risk 3. The objectives of enterprises are clearly and fully communicated to all employees 4. Enterprises conduct periodic evaluations for the achievement of objectives Risk Identification and Assessment 1. Considering costs -profits in the process of identification and risk assessment.2. Risk identification is carried out at all levels, departments, functions and activities in enterprises 3. Using appropriate methods to identify and assess risks 4. Enterprises have appropriate strategies to deal with risks Change management 1.Enterprises predict, identify and deal with changes in factors 2. Regularly assess the impact of changes and make adjustments to internal control.CONTROL ACTIVITIES Synthesizing and developing from Walker (1999), COSO, (2013), Amudo & Inanga (2009), Ho (2016), Pham (2018) Control technology 1.Control activities ensure that rights and content accessed is limited to authorized persons.2. Enterprises control data centers and network systems and computers 3. Enterprises control applications and software Control policies and procedure 1. Policies and control procedures consistent with the objectives of enterprises.2. Control policies and procedures are documented and clearly communicated to all employees.3. Policies and procedures specify the scope of application, roles and functions of the relevant departments.4. Control policies and procedures are developed in accordance with each activity, function, and job. 5. Control activities are carried out by qualified individuals and departments at the right time.6. Businesses periodically carry out reevaluation of policies and procedures and make adjustments if necessary.Control Activities 1. Physical control activities ensure that property is protected from access by unauthorized persons 2. Control to ensure that all operations are verified with validity and legality before recording.3. Control ensures the transactions are fully recorded 4. Control to ensure that transactions are recorded in the right order and ensure the control process.

Control activities take place regularly, including in all activities COMMUNICATION AND INFORMATION SYSTEM
Synthesizing and developing from COSO (2013), Amudo & Inanga (2009), Ho (2016), Pham (2018) Communication 1.The communication channel of enterprises allows their subordinates to easily and promptly reflect related issues to functional superiors.2. Information about tasks, requests from superiors are clearly communicated, to the right people, at the right time.Information system 1.Information system ensures information is provided promptly, fully and completely in accordance with information needs 2. Information system ensures easy access to information, convenient to use. 3. Information system ensures information is kept confidential and stored securely.4. Information is fully integrated into the reports and serves the manager in decision making 5. Enterprises perform well in providing honest, relevant and timely information to external audiences.MONITORING Synthesizing and developing from COSO, (2013), Amudo & Inanga (2009), Ho (2016), Nguyen (2018), Pham (2018) Ongoing monitoring 1. Enterprises monitor regularly for major activities to ensure results meet the set objectives. 2. Monitoring activities in enterprises are carried out in accordance with the scope and nature of activities, risk levels and changes in the enterprise.3. The monitoring process is established in the processes, business activities, functions of the enterprise.Periodic monitoring 1. Enterprises perform well self-assessment and cross-evaluation among departments and divisions.

The results
Preliminary assessment of the reliability of scale with Cronbach's Alpha coefficient, the verification result of five independent variables are the Control Environment (MTKS), Risk Assessment (DGRR), Information and Communication (ICT), Control Activities (HDKS) and Monitoring (GS) of components of the scale are all greater than 0.6, as Table 4 and considering Corrected Item-Total Correlation of observing variables have achieved a detection requirement greater than 0.3 (Hair & partner, 2006).For MTKS variable, the MTKS 5 variables have a Corrected Item-Total Correlation 0.245, less than 0.3 so that MTKS 5 variable was eliminated, the second running of Cornbrash's Alpha coefficient is 0.787.Similarly, for monitoring variable, G1 variable has a Corrected Item-Total Correlation 0.273 so that GS1 variable was eliminated, the result of the second running of Cronbach's Alpha coefficient is 0.816.After the data processing of Cornbrash's Alpha coefficient type 02 variables were MTKS 5 and GS 1, keeping 21 independent variables and 03 dependent variables for the analysis of EFA Discovery Factor.The information systems ensure that information is provided from the departments to the managers and from the managers to the departments in a timely manner. .

.773
Synchronized computing is the strength of information and communication systems.
.717 .734 Information security issues had guaranteed and hadn't ever made a mistake .739.723Business always ready prepares emergency response plans in case of the failure of an IT system.
. After the step of evaluating the reliability of the scale through Cronbach's Alpha coefficient, the author used the remaining 21 independent variables and 03 dependent variables to analysis of EFA discovery factor.For the analysis of EFA discovery factor, the author used Principal Component extraction method to reduce data and decrease the collinearity among the factors for the next multiple regression analysis, Varimax rotation.The result of EFA initial analysis with the verification value of Bartlett's Test was significant (Sig rate <0.05), however TTT4 variable has maintained Factor loading < 0.5, therefore in Table 6 TTT4 variable was not loading for any independent variables.Thus, the author removed TTT4 variable and re-run the analysis of EFA discovery factor which result in KMO 0.0839 coefficient with verification value of Barletta's Test with a significant statistic (Sig rate < 0.05) as Table 5, differential extraction is reached 63,26% > 50%.Extraction Sum of Squared Loadings Coefficient = 1.265 satisfy > 1, as Table 5 satisfies verification requirement, Factor loading coefficient is greater than 0.5, indicating that the observed variables are correlated with Total Correlation..000 The analysis of EFA discovery factor for 03 dependent variables shows that the result of KMO=0.727 with Sig rate < 0.05 in Table 6, Factor loading coefficient is greater than 0.5, indicating that dependent variables are correlated with each other and Total Correlation (See Table 6).Results of EFA are given in Table 7.  .000 (Source: Analysis results from SPSS After processing, analyzing of EFA discovery factor, the remaining 20 independent variables are used for running of Pearson data to quantify the degree of linear relationship between two quantify variables, if Pearson coefficient > 0.3 it means that the two variables are correlated.In the Correlations Analysis between 05 independent variables and 01 dependent variable, Table 8 shows that the relationship between " Effectiveness" and 05 " Control Environment", "Risk Assessment", " Information and Communication Systems", "Control Activities" and "Monitoring" variables are significant.Between dependent and independent variables there is a linear correlation (See Table 8).

Regression analysis
The method chosen for regression analyze is least square implemented in SPSS software.In Table 9, the value of Adjusted R Square is 79,2%, which shows the effect level of 05 independent factors in the topic to the effectiveness of Internal control at cement companies is 79.2%.The remaining 20.8% is due to the influence of other factors to the effectiveness of control.The Durbin-Watson coefficient is 1.589 in the range from 1 to 2 that satisfies the requirement of the test (See Table 9).Looking at the standardized coefficients beta given in Table 11, variable DGRR has the lowest number with 0.105 and the highest number belongs to TTTT with 0.427.In other words, dependent variable has the positive relationship and strongest with independent variable "Information and Communication", on the contrary, the variable has the weakest relationship with dependent variable which is "Risk assessment" and they are all meaningful when the level of significance is five percent.Equation of regression show that, the independent variable and dependent variable in the research model have positive relationships, inside, the most effective variable is "Information and Communication" with the coefficient β3 = 0.427 followed by "Control environment" β1= 0.197, "Control activity" β4= 0.189, "Monitoring" β5= 0.154 and "Risk assessment" has the weakest effect to the effectiveness of internal control at cement companies with coefficient β2= 0.105

Conclusion
Research result has indicated that Hypotheses H1, H2, H3, H4, H5 are accepted, which means that Control Environment, Risk assessment, Information and Communication system, Control and Monitoring activities have positive effects to the effectiveness of internal control.The determination and assessment of the influence of factors on the effectiveness of internal control at the cement companies in the current competitive conditions are important.It helps managers identify and accurately assess the factors that have a strong influence on the quality of control, thereby improving the efficiency and effectiveness of governance in general and control in particular.Based on the research results, in order to maintain and promote the effectiveness of internal controls at the cement companies, it is necessary to establish closely and systematically the influencing factors including Control Environment, Risk Assessment, Information and Communication Systems, Control Activities as well as Monitoring.

Fig. 1 .
Fig. 1.The proposed model (Source: Results of the author's synthesis, 2019) Research Model for factors affecting effectiveness of internal control at cement companies Given objectives, scope and the research model for factors affecting the effectiveness of internal control at cement companies as well as the basic theory presented above, research hypotheses are posited as follows:

Form
of equation: Y = β1X1 + β2X2 + β3X3 + β4X4 + β5X5 Inside: Xi is an independent factor group X1: Group of Control environment factors X2: Group of Risk assessment factors X3: Group of Information and Communication system factors X4: Group of Control activity X5: Group of Monitoring factors Y: The effectiveness of Internal control Apply to the result of running model, we have: Y = 0.197X1 + 0.105X2 + 0.427X3 + 0.189X4 + 0.154X5

Table 2
Personal characteristics of the participants

Table 3 Questionnaires
Code of conduct or rules on ethical values are established and clearly communicated to managers, employees, departments through writing or actions.2. Code of conduct is established based on ethical standards, relevant legal provisions and business regulations Management and operating philosophy.1.The Board of Management / Board of Supervisors understands and monitors the implementation of responsibilities for stakeholders.2. The Board of Management approves and implements policies to support internal control activities.3. The management board / control board ensures independence in monitoring.

Table 4
The results of the Cronbach Alpha coefficients

Table 6
The results of EFA test

Table 7
The results of KMO and Bartlett's Test of Sphericity Kaiser-Meyer-Olkin Measure of Sampling Adequacy.

Table 8
The results of Pearson correlation test (Source: Analysis results from SPSS)

Table 9
The results of the statistical test for regression analysis According to Table10, analyzing F shows that we have Sig coefficient smaller than 0.05, which means that the research sample in the topic is meaningful to the whole.

Table 11
The results of the regression analysis