UNIVERSITE OUVERTE DE HCMV UNIVERSITE LIBRE DE BRUXELLES
ECOLE DE COMMERCE SOLVAY
MMVCFB
PROGRAMME DE MAITRISE EN MANAGEMENT
VIETNAM-COMMUNAUTE FRANCAISE DE BELGIQUE
PHAN QUYNH ANH BUILDING A RISK MANAGEMENT SYSTEM AT
HO CHI MINH CITY INVESTMENT FUND FOR
URBAN DEVELOPMENT
(HIFU)
MASTER DEGREE THESIS IN MANAGEMENT
(MMVB 6)
HO CHI MINH CITY
2007

MMVCFB

ACKNOWLEDGMENTS
After learning the two years of the Vietnam Belgium Master-In-Management
Program - Intake 6 (MMVB6), I have gained knowledge on various aspects of
business management which are very valuable for my application in my actual
work. When studying with my classmates, I have also gained the team spirit and
the assistance and cooperation that help me build and develop my relationship

Currently, in Vietnam, this concept has still been a new issue to many
enterprises, especially for state-owned company. Apparently, risks in trading,
including financial transactions of Vietnamese firms are likely to occur frequently
and at more serious level. In addition, those risks have more and more
complicated and sophisticated and would lead to serious damages and losses for
firms if those firms have not willing to face with those matters. Accordingly, it is
very crucial to have a tool of risk prevention for Ho Chi Minh City Investment
Fund for Urban Development (HIFU) to deal with risks in its operation and
development.
This research aims to identify potential risks and the current situation that
may cause to the Fund’s activities and suggest a risk management system for the
Fund. Attempts are made to propose a risk management system for the Fund in
risk management and give some recommendations for State and for the Fund itself
to implement that system efficiently and effectively
The research suggests that all the Fund’s employees should keep in mind the
increasing risks in the Fund’s operation due to the rise in uncertainty of the
market. However, knowing risk management and applying an appropriate risk
management will help them in preventing and minimizing loss. WARRANT STATEMENT

I declare that this thesis is my own work and the source of
information and material that I have used have been fully
identified.
PHAN QUYNH ANH


Great Distinction: 18/20.

Ho Chi Minh City, 28 February 2006

(Signed)

Dr. Vu Huu Duc
Guidance Counselo
r
COMMENTS FROM ASSESSOR 1
TOPIC
: Build a risk management system at Ho Chi Minh City Investment Fund
for Urban Development (HIFU).
COMMENTS FROM ASSESSOR 2
TOPIC

1.2 Introduction of COSO’s Enterprise risk management 13
1.2.1 Introduction of COSO 13
1.2.2 COSO – Internal Audit Framework, 1992 and Improvements to
Enterprise Risk Management Framework 14
1.2.3 Introduction of COSO’s Enterprise Risk Management Integrated
Framework 17
1.2.4 Enterprise Risk Management defined by COSO 17
1.2.5 Components of COSO’s Enterprise Risk Management
Framework 19
1.2.6 Benefits of Enterprise Risk Management 20
1.2.7 Limitation of Enterprise Risk Management 21
CHAPTER II - CURRENT SITUATION AT THE FUND 23
2.1 Overview of local investment funds in Vietnam 23
2.2 Overview of the Fund 24
2.2.1 History and development 24
2.2.2 The Fund’s missions 27
2.2.3 Organization chart 28
2.2.4 Nine years of operation (1997 – 2005) 29
2.2.5 Oriented development for period 2006-2010 30
2.3 Current management processes 32
2.3.1 The appraising process 32
2.3.2 The process of trusted fund management 33
2.3.3 The process of credit financing 34
2.3.4 Direct investment process 35
2.4 Current situation of risk management at the Fund 36
CHAPTER III - PROPOSAL RISK MANAGEMENT SYSTEM AT THE
FUND 43

KYC Know Your Customer
LDIFs Local Development Investment Funds
ML Money Laundering
MLRO Money Laundering Representative Officer
OFAC Office of Foreign Asset Control
PCs The People’s Committee
SOE State-Owned Enterprise
USTDA United States Trade and Development Agency
VND Vietnamese dong
WB World Bank

INTRODUCTION

BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY
INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 1

INTRODUCTION

1. BACKGROUND

In the process of integration with the international economy, Vietnam
government has had efforts to achieve the progress on many areas of economy, politics
and society.
By 2005, Vietnam has established commercial relations with over 220 countries
and territories among the total number of 250 countries and territories in the world
1
.


ϖ The objectives of this research are:
• Identify potential risks and inherent risks may impact on the Fund based
upon the Fund’s functions and characteristics.
• Introduction a risk management framework for the Fund’s implementation
which has issued by COSO (Committee of Sponsoring Organizations)
• Give concluding remarks and recommend solutions to State and the Fund
for better risk management at the Fund.
ϖ The scope of the research:
The thesis will first guide an introduction of concepts of risks, risk management
and comprehensive introduction of COSO and its enterprise risk management
framework that is used popularly all over the world.
The main part of this thesis focuses on the Fund’s current situation and the need
of risk management system. With the above objectives, this research focus only on a
proposal of risk management system and proposes two processes as two specific
examples in managing two among of various risks which are probably occurred at the
Fund. In conclusion, this research gives some recommendations for the State and the
Fund’s Board of Management on better building risk management system for the
Fund.
3. METHODOLOGY

This research is conducted in 2 stages:
1. Review literature on:
- Concepts of risk and risk management in finance and banking field
- COSO – Enterprise risk management framework.
- Some official documents, analysis, reports of the Fund
2. Conclusions and recommendations:
Following a new kind of risk management framework, the literature of risk
management as well as a comparison with the current situation of the Fund and current
situation of Vietnam as well, some conclusions and suggestions are given to help the

management procedure as examples. In addition, there are some
recommendations for the State and the Fund to implement the risk management
in the better way.

- Current situation in Risk
management of HIFU
- Propose a risk
management system at
HIFU
Objectives of Research
Literature review on:
- COSO-Enterprise Risk
Management
Framework
- Concept of Risks and
Risk Mana
g
ement
Conclusion and
recommendations
CHAPTER I

BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY
INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 4

CHAPTER I
LITERATURE REVIEW
1.1 General concepts on risk management
1.1.1 Concepts of risk
There are many definitions of risk depending on the specific application and

When risks happened, they will damage the life, spirit, assets of the people which
can lead to material or immaterial consequences.
• Risks are unexpectable events.
The uncertainties happened without expectation will be referred as risk,
otherwise, with expected one is not called a risk.
Finally, if event occurs intentionally or is known in advance, or happened
without leaving any consequences, those events are not seen as risks. Alternatively, if
an event occurred that lead to losses in the plan will not be seen as risk.
1.1.2 Concepts of risk management
Nowadays, the world economy has faced a lot of many criminals or business
corruptions due to lack of management, especially lack of risk management. So that
the enterprise risk management is now become a critical issue in business that all
companies must deal with. Generally, enterprise risk management is so-called a tool
which enables management to identify, assess and manage risks in the face of
uncertainty.
Similarly, risk management is a general management function that seeks to
assess and address the causes and effects of uncertainty and risk on an organization.
The purpose of risk management is to enable an organization to progress toward its
goals and objectives (its mission) [Williams, JR, Smith and Young, 1998].
Moreover, James Lam (2003) stated that ‘‘Risk Management is the process of
measuring, or assessing risk and then developing strategies to manage the risk’’. In
general, the strategies include transferring the risk to another party, avoiding the risk,
reducing the negative effect of the risk, and accepting some or all of the consequences
of a particular risk. Traditional risk management focuses on risks stemming from
physical or legal causes (e.g. natural disasters or fires, accidents, death, and lawsuits).
CHAPTER I

BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY
INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 6
Financial risk management, on the other hand, focuses on risks that can be managed

INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 7
1.1.4 Cause and factor of influences
ϖ Objective causes:
Theses causes of risk happen unexpected, uncontrollable and not directly related to
human activity. The objective causes of risks include:
a. Causes arise from unfavorable natural conditions such as: storm, tsunami,
flood, earthquake, etc. These are phenomena follows the law of nature and are
influent by many different factors.
b. Causes arise from the business environment: the business environment contains
many potential risks to those not either able to recognize and apply economic
rules, nor to take business opportunities, or not being adaptive with the
environment change, etc. These are indirect causes of risks and damages to
companies. The causes of risks arise from the business environment include:
• Economic crisis: a fundamental factor causes bankruptcy to several
businesses.
• Economic policy of the government: changes in economic and public policy
represent a potential source of risk to the business environment that
businesses are facing.
• Changes in monetary policy, exchange rates: is an important risk factor to
businesses, especially to business relying on international trade.
Therefore, objective causes are uncontrollable. The solution against this type of
risks largely is depended on the forecasting and the adaptive capability of the
businesses. Risks come from these objective causes although does not occur so often
but they cost severe and widespread damages to the business environment.
ϖ Subjective causes:
These causes of risks arise from both direct and indirect human or institute actions
in doing their business. Some major subjective causes as follows:
a. Human mistakes in selecting business strategy.
b. Human mistakes in selection management structure and policy.
c. Lack of information.


BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY
INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 9

1.1.6 The major risks in finance industry
Basically, there are three types of fundamental risks that all enterprises have to
face during their operation such as Business risk, Financial risk and Operational
risk. However, depend on business type; enterprise’s characteristic that each above
risks will include many different concrete risks.
HIFU is a financial institution, i.e. its operation mainly is in finance industry.
According to Bank Training Center (2006), they define each type of fundamental
above risks will include following concrete risks:
ϖ Business risk:
This risk is the uncertainty associated with operating cash flows of a business. In
other word, it is the risk that a company will not have adequate cash flow to meet its
operating.
It includes some risks as above:
o Political risk, Policy risks: the risk that regulators will change the current
rules or impose new rules. They may negatively impact to entity’s
position.
o Credit risk: this risk is identified when a business partner is not being able
to fulfill the agreements in the contract.
o Environment risk: generally refers to the increased chance that biological
or ecological damages could occur as a result of exposure to hazardous
substances present in the environment. Any living organism can be
affected.
CHAPTER I

BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY
INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 10

INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 11
more the interest rate risk. The greater the coupon rate of a bond (all other
features the same), the less the interest rate risk.
+ Liquidity risk: this risk is identified when a debtor is not being able to
pay off their liabilities when they come due.
+ Foreign Exchange risk: the risk of an investment's value changing due
to changes in currency exchange rates.
1.1.7 Summary of some typical cases
(a) Typical examples on international banks suffered from losses in 1990
2

• The case of Barings, Plc
On 26 February 1995, Barings Plc (UK) announced bankruptcy after 233 years of
existence. Direct cause that led to this case was due to Mr. Leeson who was an officer
in charge of the Bank’s operations in Singapore. He self-managed to decide to invest
USD 7 billion in term exchange contracts on the index of Nikkei on the stock
exchange of Japan. Due to wrong anticipation of the exchange rate, Barings suffered a
loss of USD 1.3 billion. The mistake of Barings was due to the fact that Leeson took at
the same time 2 functions: operation and post-operation (examine, supervise the
Bank’s operation, absolute compliance to guidelines and policies of the Bank) while in
principle, those 2 functions shall be totally independent to each other. Leeson was over
confident in his business skills and made use of over-centralization of power on him
that led to the above-mentioned losses. The lesson on the bankruptcy of Barings was
an alert to all the banks in the world about losses that may occur due to the loop holes
in monitoring, supervision, management and assigning of functions per job.
• The case of Daiwa Bank Limited, Japan and Daiwa Bank Trust in New
York:
This bank was one of the 12th largest banks in Japan. On 26 January 1995, the
Bank advised Mr. Igushu, Executive Office of the Bank in New York that the Bank


Bank) from 2001, Director and Chief Accountant at MK Construction & Trade Co.,
Ltd. (MK) created close relationship with Director of the Branch, Credit Manager and
Credit Officer at the Branch. From that, MK was granted loans without fulfilling
procedures required by the Bank. Moreover, the Director and Chief Accountant at MK
regularly cooperated with officers at the Branch to misappropriate in lending
transactions.
Knowing the above problems, at beginning 2002, Nguyen Trong Quy actively
proposed MK Chief Accountant to create chances for Hoang Dinh Co., Ltd., Dai Phat
Co., Ltd. to approach credit officers of the Bank to obtain loans with promises that
CHAPTER I

BUILDING A RISK MANAGEMENT SYSTEM AT HO CHI MINH CITY
INVESTMENT FUND FOR URBAN DEVELOPMENT (HIFU) 13
they would share commissions if successful. With cheating knowledge and techniques,
Nguyen Trong Quy had helped the above accomplices to falsify dossiers,
documentations relative to loan projects, etc. to formalize loan documentation. After
drawing the loans, those people fled away leaving the huge loss to the Branch
(Extracted from People’s Police News – Issue dated 28 February 2004, page 5)
Lesson learnt
: Based on the above-mentioned typical cases both on international
and local levels, though the seriousness and circumstance of each case may be
different but overall lessons learnt can be summarized as below:
• Some high level management executives of the banks have ignored
compliance to operating principles and legal regulations on banking
activities;
• Executives at lower levels, officers directly handling transactions were not
educated in professional ethics and became of low level of accountabilities,
their quality became easy to be changed or deteriorated, thus being easy to
be lured by customers.
• Procedures at companies were not clear in authorization of rights, leading

The National Commission was jointly sponsored by five major professional
associations in the United States as below:
• The American Accounting Association – AAA
• The American Institute of Certified Public Accountants - AICPA
• Financial Executives International - FEI
• The Institute of Internal Auditors - IIA
• Institute of Management Accountants – IMA
The Commission was wholly independent of each of the sponsoring
organizations, and contained representatives from industry, public accounting,
investment firms, and the New York Stock Exchange.
1.2.2 COSO – Internal Audit Framework, 1992 and Improvements to
Enterprise Risk Management Framework