Background of Study
Lies and deception are common human traits, and it is possibly the most dangerous aspect of the business world. By its nature, deceptive are destructive elements, and by its application, deceptive actions have caused massive business scandals. Equally astounding is the fact that deception and lies are acquired naturally, yet its power and influence are adverse. Scholars have described the term fraud in many different ways, the simplest definition of fraud is any action that has a latent intent of deception (Well, 2011). Fraud can be defined as securing unlawful or unfair advantage through intentionally committing misleading others therefore causing them harm. (Albrecht, 2004; Singh, 2011). In recent era, the complexities associated with contemporary business environment has made the issue of risk management as the major concern of stakeholders. The issue of risk taking is highly prevalent when a business intends to try a new opportunity. Therefore, companies need to be greatly vigilant in managing business risks not only to avail the opportunity but also for the survival of the business (Mohammed & Knapkova, 2016). Among such risks is a fraud where people lie to acquire some gain from it. According to Yatim (2010), risk management is focused on the committee charged with that responsibility. In other words, understanding fraud risk management requires researchers to focus on the committee looking to mitigate the fraud. Hence, the essence of this study is to investigate the influence of the risk management committee (RMC) in reducing the level of fraud risk.
Fraud is a risk that many organizations face in their operations, but if it is not controlled, it would lead to the unexpected failure of such enterprises. Usually, when the risk exposures of a firm are related mainly to financial and fraud risks, the role of surveillance of the relevant risks becomes one of the core functions of the audit committee Many have advocated for the RMC, which is a standalone organization that watches over risks and their mitigation. Regardless, empirical findings concerning this claim are still vague and very little evidence is available to quantify the benefits of a standalone committee. The role of such committees in these organizations is to identify and manage risks such as fraud (Arioglu & Tuan, 2014). Therefore, it can be deduced that the qualities and halts of members of the committee are essential in the identification and elimination of fraud risk.
According to Razali and Arshad (2014), fraud is a crime that is not easily seen when in play. However, some flags and signs can be followed in a bid to point it out. As a crime, it poses a major risk to a company considering that it could lead to its failure. Therefore, fraud risk refers to the danger and chance related to fraudulent activities of all the employees of an organization or association (Monica, 2014). For such malpractices in an organization, the business system has internal control, which refer to the process and guidelines designed to ensure that the enterprise achieves its goals and objectives regarding operational efficiency, financial reporting, and law compliance (Wang, Chen, Zhou & Jin, 2014). Internal Control are usually particular considering that those are designed to detect and control fraud.
The role of auditors particularly when internal control are concerned is to assess whether they are correctly designed and work as desired. According to Mohamed and Handley Schachelor (2014), in order to control frauds relating to misappropriation of financial statements, two most effective controls are structure of internal control and audit committee. Audit committee comprises of internal auditors who are responsible for assisting both top management and middle to develop, maintain, and scrutinize the systems of internal controls (Mohamed & Handley-Schachelor, 2014). Fraud is a crime that is often perpetuated by people in the management hierarchy that have some emblems of power. In this sense, an organization audit scrutinizes the corporate culture of an organization in a bid to determine whether corporate governance is implemented (Edogbanya & Kamadin, 2015).
A survey conducted by Ernst & Young (2013) for the region of Asia-Pacific including
Australia, China, Indonesia, Malaysia, New Zealand. Singapore, South Korea and Vietnam revealed that companies in this region undergo significant risks as compared to other countries due to weak internal control systems pertaining in respect of governance. For this reason, it is clear that a weakness in an organization’s internal control can lead to increased fraud risk. Therefore, there is a need for Risk Management Committee to manage, control and protect the organization from fraud risks. The essence of this proposal is to appraise the impact of RMC quality when it comes to internal controls aimed to control the level of fraud risk.
Scholars have agreed that fraud involves a variety of elements such as dishonesty and deception along with other elements including intensity of desire, purposeful intent, violation of trust, risk of apprehension, rationalization etc. The problem is that unlike a mistake or an error, fraud is an intentional and deliberate crime, which involves concealment of facts on purpose. Such types of fraud can intimidate the financial stability of a business. According to Association of Certified Fraud Examiner (2016), an average business loses nearly 5% of its revenues due to fraudulent activities each year. There are three most common types of frauds which include asset misappropriation, fraudulent financial reporting and corruption. Previous studies, it has been shown that asset misappropriation is the most common and destructive type of fraud out of all three (ACFE, 2012; Aris, Othman, Arif, Malek & Omar, 2013).
As a whole, in 2012, the frequency of asset misappropriation, Corruption and fraudulent financial reporting was 86.7%, 33.4% and 7.6% respectively. The median loss in US Dollars (millions) was found to be 0.15, 0.375 and 1.0 respectively. It must be borne in mind that the lower the frequency, the higher the financial loss to the company has been observed (ACFE, 2012; Aris et al., 2013). Aris et al., (2013) further stated that majority of the fraud crimes had four triggers behind them. A study conducted by the ACFE (2012) showed that number of red flags raised by perpetrators in 2012 were just the same as they were in 2010. The culprits who were involved in fraudulent activities were: living beyond their means (36%), experiencing financial difficulties (27%), in an unusually close association with their vendors or customers (19%), and in issues relating to excessive control over their jobs (18%).
Internal control is a process that involves a number of measures and methods which are implemented by the management to ensure better functioning of the business. With the help of internal audit, internal check and other forms of control, management develops a system that can track fraud and nip it in the bud. Chances of fraud are high when internal control structure is inadequate and policies guiding actions of employees are not clearly defined (Getie Mihret, 2014). In order to deal and prevent the cases of fraud, management also need to keep into account these four major driving factors behind the cases of fraudulent activities. The organization has to ensure that there are means through which these fraudulent activities can be detected and mitigated before they can develop even further. The existence of such crime within an organization makes everyone question its corporate governance and most importantly, the internal control available. The two most prominent governance reforms include Sarbanes-Oxley Act of 2002 and the Basel III Accord. The purpose of these reforms is to eliminate risks associated to fraud in corporate structure with the help of stern internal control regulations.
The 2008’s financial crisis that was followed by the debt crisis in the United States and in Europe has prompted people to realize the importance of risk management (Wang, Chen, Zhou & Jin, 2014). To successfully achieve corporate governance, organizations will have to implement an aspect of internal control as well as risk management (Zemzem & Kacemb, 2014). The Malaysian Code on Corporate Governance (2016) strongly recommends to establish a committee at board level, which is responsible for supervising the risk management framework and policies of a company. Corporate governance codes and guidelines suggest that establishment of board level committees that are specialized on risk management techniques can be the most effective way to assist executives in offering their responsibility of supervising risks (Ling Liew, Mat Zain & Jaffar, 2011). Since, the important role of RMC as well as effective internal control to deal with fraud risk is of high significance as mentioned by studies taken into account in this study, therefore the purpose of this study is to evaluate the impact of RMC quality when it comes to internal controls aimed to control fraud risk.
This research study seeks to answer the following research questions:
1- Does the quality of RMC influence the level of fraud risk?
2- Does the internal control mediate the relationship between the quality of RMC and the level of fraud risk?
The general objective of this study is to investigate the effectiveness of the quality of Risk Management Committee (RMC) in mitigating fraud risk level when the internal control mediate the relationship. Specifically, the objectives are as below:
- To examine the impact of the quality of RMC on mitigating level of fraud risk.
- To evaluate the influences of quality of RMC on internal control effectiveness.
- To examine the various internal controls that could be useful in managing level of fraud risk.
- To test the mediating effect of internal control on the relationship between the quality of RMC and fraud risk level.
Significance of the Study
The essence of this study is to examine the impact of characteristics of RMC and its members on the level of fraud risk. Fraud is a crime and a liability to any organization considering its strong ability to cause business failure. Successful completion of this study and all the set objectives would provide much-needed information regarding fraud risk. Understanding to which extend the quality of the RMC impacts the level of fraud risk will enable businesses to manage risks. Implications from this study would benefit organizations that are likely to encounter such financial risks and losses. Furthermore, the findings will increase the ability of such organizations to mitigate the problems that arise with fraud risk. Assessment by the risk management committee that has been customized based on the excellent features established by this study would lead to better results in reducing the level of fraud risk (Blessy Sekome & Taddesse Lemma, 2014).
In the recent years, the concern and focus on risk management is greater than ever before due to countless instances of business scandals and bankruptcy where investors, company personnel and other stakeholders suffered tremendous loss (Mohammed & Knapkova, 2016). Structure of internal control is developed to help manage risks and increase shareholders’ value. This study would have significant impact on shareholders in particular because it nurtures confidence of investor for the organization. The money accumulated through these investment serves as a basis for the company to avail better business opportunities, which ultimately leads to long lasting competitive advantage (Mohammed & Knapkova, 2016).
Contribution of the Study
Most researchers who have covered this field in business have focused on the role of internal control that companies use to protect businesses against the many risks (Blessy Sekome & Taddesse Lemma, 2014; Yatim, 2009). They have been very helpful for the many organizations for they can understand the impact of risk, particularly when the company life is concerned. Regardless, researchers have failed to cover the influence of the RMC traits and the benefits of risk management to mitigate fraud risk. In other words, there is little that has been covered on the relationship between RMC characteristics and organizational performance. It is evident that members of the RMC serve a legitimate and important role, and it matters that they are of desired quality traits. Therefore, this paper seeks to assess the influence of these characteristics on mitigating fraud risk level. The research gap to be fulfilled by this study is, therefore, the influence of the quality of RMC on the level of fraud risk. Assessing the quality of RMCs and their influence on fraud risk level would certainly add some additional insight to the literature.
The financial statement fraud has become a popular topic in accounting in the recent past attributed to the collateral damage that would otherwise lead to company failure (Mohamed & Handley-Schachelor, 2014). Such a situation is unfortunate since the financial statement is one of the reliable tools that the shareholders use to make investment decisions in a company asset (Edogbanya & Kamadin, 2015). When a business enterprise portrays itself with such fraudulent actions, the public loses its trust and loyalty in the brand. Following a literature review on the topic of fraud, there are three primary types of fraud. They are asset misappropriation, fraudulent financial reporting and corruption (Aris et al., 2013).
The most noticeable impact of fraud risk is the collapse of a company. Such a collapse is evidenced by Razali and Arshad (2014) when they assert that some of the world’s largest businesses and corporations including WorldCom, Enron, and Global Crossing were closed down because of financial statement fraud. The Collapse of firms and scandals are the prices most companies and organizations have to pay for indulging in fraudulent activities. Even if not, such organizations are bound to experience some of the extreme financial losses.
Based on analysis from Lau and Ooi. (2016) article, it can be confirmed that the level of fraud is highly prevalent in Malaysia. Lau and Ooi. (2016) state that the most common type of fraud found incorporations is misleading financial reporting i.e. overstate their reported revenue. The cases of fraud are sensitive and most importantly, fatal to the organization’s economic health. Following the study by Mohammed and Knapkova (2016), it was discovered that there exists a positive association between the risk management of an organization and its performance. This observation was made in companies that have invested higher levels of intellectual capital. Several reasons could be attributed to this, but it can be summarized by the fact that cutting down fraud risk also reduces the costs of the company and improves the public perception of the enterprise.
Simply put, internal controls are activities and policies that manages risks to an organization. They are significant to organizations since they play an important role in preventing and detecting fraud. In order to effectively accomplish its objectives, these policies and procedures are put in place, which safeguard an organization’s assets to prevent fraud risk. Studies have found that there is a positive relationship between the establishment of internal control systems and decreased financial fraud risk (Norazida and Moorison, 2014). Ineffective internal controls systems, caused by unclear definition of policies guiding employee actions, have been proven to be a source of amplifying risk of material misstatements of financial statements that increase fraud risk (Ioan-Ovidiu, 2012; Dessalegn, 2014; Smith et al., 2005).
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) notes that internal control has five components: risk assessment, control activities, control environment, information and communication, and monitoring. Therefore, it is essential for an organization’s management to have a holistic approach when dealing with fraud. As noted by COSO, this approach entails ensuring that the environment factors that may promote fraud, such as weak policies are strengthened, monitoring in order to detect fraud, implementing control measures, and training,
The essence of risk management committee and its role in organizational performances is without a doubt vital. Since risk is innate in every business activity, it is vital for institutions to apprehend them and adopt adequate measure towards preventing, reducing or dealing with the risks. Monitoring risks is essential because unforeseen circumstances could make organizations experience losses. Previous researches have anticipated that Risk Management Committee (RMC) could significantly influence firm performance (Mohammed & Knapkova, 2016; Krause & Tse, 2016; Kallamu, 2015; Edogbanya & Karmardin, 2015). In these studies, it is clear that having RMC will result to enhance monitoring of risks that will lessen losses as well as promote performance due to internal policies to help in managing the same.
The risk management committee of any organization is charged with the responsibility of managing the internal control including those that control fraud. As shown, fraud has lots of adverse outcomes of the organization and as such everyone tries to mitigate the fraud risk. Ng et al. (2012) carried out a research whose key objective was to assess whether there is any statistically significant relationship between a business’ risk taking and the characteristics of the risk management committee. The three principle features of the RMC include size, independence of the board, and the number of meetings it holds. The number of RMC meetings were found to be insignificant in the study as opposed to the size and independence features which depicted a negative relationship with risks (Ng et al., 2012). Similarly, experience has been found to be an important factor in managing risks. Arioglu and Tuan (2014) and Ng et al., (2012) argue that professional expertise is needed as an approach to show intensive attention to oversight effectiveness. The other essential characteristics are the number of women on the RMC board which can be simply defined as gender diversity. Several studies have asserted that gender diversity offers an organization better performance (Zenzem & Kacemb, 2014; Campbell & Vera, 2008). Campbell and Vera (2008) carried out a study where they sampled Spanish firms, and their discovery was that gender diversity would lead to more economic gains and greater performance.
In the perspective of Malaysia, a diminutive amount of research has been conducted in order to determine the relationship or investigate the impact of RMC characteristics on performance as well as on risk-taking. However, there is no study has been conducted in order to determine the impact of the quality of RMC on the level of fraud risk through mediation of internal control. This study seeks to fill the gap by adding more to literature pertaining to this field. Keeping in account the limitations of a research, more studies have to be carried out in order to validate the relationship between the variables.
The Resource-Based View Theory
The resource-based view theory (RBV) requires that an organization to possess resources that can be manipulated to provide it with a competitive advantage over its competitors. Proper application of these resources can lead to better performance for extended periods of time. Therefore, acquiring and assigning a value to organizational resources is the ultimate path to gaining competitive advantage. According to this theory, the resources are not easily transferred from one organization to the next, as a result, they are retained once they are assimilated. It is further stated that these resources can prove to be very expensive and difficult to substitute. In relation to the resource-based view theory, the RMC is a vital resource, particularly when fraud risk is involved (Govan & Damnjanovic, 2016). This theory will be useful in explaining the relationship between quality of RMC and fraud risk.
Consistent with this approach is the fact that an organization that establishes an internal control system demonstrates a higher awareness of the importance of managing risk and control of their internal functions. Internal control systems are responsible for the monitoring and evaluation of the organization’s financial risk (Yatim, 2009). This approach will be useful in explaining the various internal controls that could be useful in managing level of fraud risk. Moreover, this approach can enable the auditor and the audit committee to identify areas of potential fraud so that they may concentrate most of their efforts in these parts.
Structural Equation Modelling
This study will make use of Structural Equation Modeling, which is a diverse set of mathematical models, statistical methods, and computer algorithms that fit into an organization’s network and constructs data. It is usually applied in the analysis of unobservable (latent) constructs. This structural model will be useful in showing the causal dependency between independent (Quality of RMC) and dependent variables (Fraud risk).
This study is conducted to assess the quality of characteristics of RMC in predicting the fraud risk level through mediation of internal control in organizations. From this basic study objective, there are mainly three variables which are to be analyzed in this study
1) Quality of RMC (Independent Variable)
2) Fraud Risk level (Dependent Variable).
3) Internal Control (Mediator Variable).
The relationship between the quality of RMC and level of fraud risk with internal control as a mediator variable to prevent fraudulent activities in organizations is summarized by the framework below:
As per the objectives of the study the impact of quality of characteristics of RMC is examined upon its ability to somehow mitigate the level of fraud risk in an organization. Implementation of the mediator variable, internal control defines the quality of RMC as well as its impact on fraud risk level. This means that quality of characteristics of RMC is the influencing or explanatory variable whereas level of fraud risk is the recipient variable. With this basic understanding of the approach and nature of variables, it is equally important as to explain the measurements of independent and dependent variables. Along with that, the measurement of mediator variable.
The assessment of characteristics of RMC can be explained through five major measurements, which cumulatively design a model of an appropriate RMC provided as under size of committee (SC), independent directors (ID), frequency of meeting (FM), expertise of directors (ED), and RMC gender diversity (GD) (Abdullah & Ismail, 2015; Kallamu,2015; Ng et al., 2012). Likewise, the dependent variables can be best understood with the following two measures of fraud risk, Beneish M-score model and F-Score (Razali & Arshad, 2014, Beneish, Lee & Nichols, 2013; Dechow, Ge, Larson, And Sloan, 2011). A mediator variable mediates between the dependent and independent variable serving to explain the relationship that exists between them. In this case, internal control act as an intermediary to provide the description of the association between the characteristics of the RMC variable and level of fraud risk. The measurements of internal control is the internal audit budget (Barua, Rama, & Sharma, 2010).
The control variables, on the other hand, refers to those that remain uncharged throughout the entire process of study. This study has two primary control variables which are film size (FS) and financial leverage (FL). Company size relates to the natural logarithm of total asset whereas financial leverage, as used in this study implies the long term debt over total equity (Andersen, 2008; Pagach & Warr, 2011; Mohammed & Knapkova, 2016).
Beneish M-score model = a + ß(SC) +ß2(ID) + ß(FM) + ß(ED) +ßs(GD) + IC + FS+FL + Eo
F – score = a + ß(SC) +ß2(ID) + ß(FM) + ß(ED) +ßs(GD) + IC + FS+FL + Eo
This study employs a quantitative research design. The data to be utilized in this study will be obtained from secondary sources, particularly from the Datastream financial database and companies’ financial reports, pertaining to the relevant companies of Bursa, Malaysia. In this sense, the sample will involve all non-financial companies of Bursa Malaysia since 2012 to 2016. The aim of doing so is to investigate the impact of mediator variable on the relationship between independent and dependent variables. Since all variables are in quantitative form, therefore the need of statistical technique is indispensable.
Albrecht, W. A. (2004). Fraud Examination and Prevention. Mason, OH: South- Western.
Arioglu, E., & Tuan, K. (2014). Characteristics of members of board committees at Borsa Istanbul. International Journal of Economics and Finance, 6(12), 83.
Dessalegn Getie Mihret , (2014),”National culture and fraud risk: exploratory evidence”. Journal of Financial Reporting and Accounting, Vol. 12 Iss 2 pp. 161 – 176
Ioan-Ovidiu Spatacean. 2012. Addressing Fraud Risk by Testing the Effectiveness of Internal Control over Financial Reporting Case of Romanian Financial Investment Companies. Procedia Economics and Finance 3, 230 – 235
Krause, T. A., & Tse, Y. (2016). Risk management and firm value: recent theory and evidence. International Journal of Accounting and Information Management, 24(1), 56-81.
Malcolm Smith Normah Haji Omar Syed Iskandar Zulkarnain Sayd Idris Ithnahaini Baharuddin,
(2005),”Auditors’ perception of fraud risk indicators”. Managerial Auditing Journal, Vol. 20 Iss 1 pp. 73 – 85.
Norazida Mohameda, Moorison Handley-Schachelor. (2014). Financial statement fraud risk mechanisms and strategies: the case studies of Malaysian commercial companies. Procedia – Social and Behavioral Sciences 145, 321 – 329
Singh, S. (2011). The Common Types of Fraud, It’s Causes and Impact to a Public Sector Organization. National Public Sector Accountants Conference (pp. 1-30). Kuching: KPMG Malaysia.
Yatim Puan. (2009). Audit Committee Characteristics and Risk Management of Malaysian Listed Firms. Malaysian Accounting Review, Vol. 8 No. 1 19-36.