Internal Controls in Fraud Prevention Effort: a Case Study

This study is aimed at investigating how far the internal controls are able to prevent fraud in financing administration at an Islamic Bank in Medan, Indonesia. The method applied in this study was a case study method. The operational definition used in this study was COSO framework. The data were collected through observations and semi-structured interviews. The results of the study show that some weaknesses of the internal controls have been identified as one of the factors of fraud. Poor internal controls lead to fraud. The management of the bank still employs one official to the same officials to conduct various financing activities. It leads to fraud because the activities are lack of supervisions. This study is focused on one company, so the findings may not be generalized to other companies. It is because of the different types of business, working environment, and practices. It is expected that the future study is able to enlarge the number of samples or companies.Penelitian ini bertujuan untuk mengetahui sejauh mana pengendalian internal yang dimiliki mampu mencegah fraud yang terjadi dalam penyediaan kegiatan pembiayaan pada bank pembiayaan syariah di Medan, Indonesia. Metode penelitian yang digunakan adalah metode studi kasus, definisi operasional dalam penelitian ini adalah kerangka kerja COSO. Teknik pengumpulan data menggunakan teknik observasi dan wawancara di bank pembiayaan syariah di Medan, Indonesia. Hasil penelitian menunjukkan bahwa beberapa kelemahan pengendalian internal telah diidentifikasi dapat mengakibatkan terjadinya kegiatan fraud. Pengendalian internal yang buruk memberikan peluang terjadinya fraud. Manajemen bank masih memberdayakan beberapa fungsi terkait yang menjalankan kegiatan pembiayaan dimana masih ada pekerjaan yang dilakukan oleh satu pejabat wewenang yang mengurusi berbagai kegiatan pembiayaan, sehingga kegiatan dari pembiayaan tersebut tidak dapat berjalan secara maksimal dan rentan terhadap aktivitas fraud. Keterbatasan penelitian ini hanya berfokus pada satu Perusahaan saja, temuan tersebut mungkin tidak digeneralisasikan ke Perusahaan lain, karena sifat bisnis, lingkungan kerja, dan praktiknya berbeda. Penelitian di masa yang akan datang diharapkan dapat memperbesar jumlah sampel atau Perusahaan.


Introduction
Every company possesses internal controls on the effort of supervising its business activities. It is meant to establish efficient and effective activities in order to gain the purposed entity. In the field of banking, internal controls are certainly needed as a means of supervision in addition to other regulations determined by the Financial Services Authority as a state institution which supervises financial institutions in Indonesia (Otoritas Jasa Keuangan 2016). Concerning banking crime modus operandi which does not only relate to fraud but also relate to the internal controls on human resources, it is possible that poor internal controls can be used as a fault of banking crimes (Kompas.com 2011).
In Indonesia, it is not only state officials from the executive, legislative, and judiciary who perform corruptions, but also private individuals who perform corruptions (Hamdani, Kumalahadi, and Urumsah forthcoming). Therefore, internal controls in an entity of a company must be improved. According to Singleton (2002), business policies and laws regulated in a company need a type of management which emphasizes on the effectiveness of internal controls and on the strength of environment controls in order to protect company's assets and prevent fraud.
Poor internal controls have been identified as one of the causes of fraud (Siregar and Tenoyo 2015;Zakari, Nawawi, and Salin 2016). A company must possess effective internal controls (KPMG 2004) to prevent fraud which can lead to a big loss. Internal controls can be described as policies or procedures regulated to convince that a certain purposed entity will be achieved. This is a process influenced by the board of directions of the organization, management sector, and other personnel (Mcnally 2013). The main purpose of internal controls is to support the entity in administering the risks to achieve the purposed entity being built and to maintain the work ethics.
Internal controls are the representations of holistic activities inside an organization which must be administered. The process administered by the board of commissioners is purposively done to adequately convince the members about the achievement of efficient and effective operational control purposes, financial report credibility, and the obligation towards laws and regulations (Committee of Sponsoring Organizations of the Treadway Commission (COSO) 1992). The internal control system minimizes the risks and supports the company to make sure of financial report credibility and the obligation of laws and regulations (Spira and Page 2003). The increasing number of business failure and some published fraud have encouraged companies to emphasize more on the internal control system, especially on the operational environment (Jokipii 2009).
This study is designed to analyze the extent how far the internal controls are able to fraud prevention in financing at an Islamic bank in Medan, North Sumatra province, Indonesia with the internal audits data and financing reports provided by the Operational Department in a certain period and also the results of interviews with company's management sectors related to the problems of the study, the internal controls, and account officers.

Literature Review Fraud Problems
Fraud has been in existence for generations (Prabowo 2013). Since before the Industrial Revolution, the financial scandals have plagued the world's economy (Pearson and Singleton 2008). For example, in the 1970s, the Equity Funding Scandal was uncovered, and it is one of the first major financial scandals where computers were used to assist in perpetrating a fraud (Pearson and Singleton 2008). In the banking process for lending credit and interest in Eastern Europe and Russia, bribery is done to get the access and ease the credit (Webster 1993;and De Melo, Ofer, and Sandler 1995). In Lebanon, the same survey shows that the lending will not be dealt without doing bribery (Yabrak and Webster 1995). According to the Black's Law Dictionary (2009), fraud is: A knowing misrepresentation of the truth or concealment of a material fact to induce another to act to his or her detriment [...] A misrepresentation made recklessly without belief in its truth to induce another person to act [...] A tort arising from a knowing misrepresentation, concealment of material fact, or reckless misrepresentation made to induce another to act to his or her detriment.
Furthermore, Ramamoorti (2008, p. 522) argued: Fraud involves intentional acts and is perpetrated by human beings using deception, trickery, and cunning that can be broadly classified as comprising two types of misrepre-sentation: suggestio falsi (suggestion of falsehood) or suppressio veri (suppression of truth).
Based on his Ph.D. study, by examining the employees who steal company money (embezzlers), Donald Cressey interviewed 200 people imprisoned for the fraud. The study shows that the occurrence of fraud occurring through the so-called "fraud triangle" namely pressure or motivation, opportunity, and rationalization (Cressey 1953). The increase of fraud can be caused by political, economical, and historical rationales (Damania, Frediksson, and Mani 2003). Those rationales are in the form of policy distortion done by the regime governing the country. Moreover, Alatas (1986) explains some factors causing the corruptions such as: (1) the weaknesses of the leader in the main position, (2) the weaknesses of religion and moral ethics, (3) colonialism, (4) low level of education, (5) poverty, (6) undemanding law, (7) unsupportive environment, (8) government structure, (9) radical transition, and (10) the bad condition of the society.

The Nature of Internal Controls
Establishing an ideal internal control system is viewed as a crucial mechanism to make sure that financial reports are qualified. It is worth discovering that poor internal controls can lead to the increase of material fault probabilities and the disclosure of fake finances (Bell and Carcello 2000;Kinney and McDaniel 1989). Moreover, it can also lead to the increase of the probabilities of a company to bring back its revenue (Bizarro, Boudreaux, and Garcia 2011) because poor internal controls create more probabilities of purposive revenue management and unintentionally accounting estimation mistakes (Ashbaugh- Skaife, Collins, and Kinney 2007;Doyle, Ge, and Mcvay 2007).
Adequacy and effectiveness of internal control system must be continuously evaluated to make sure that there are no weaknesses which can lead to fraud. Internal controls are policies and procedures which protect company's assets from the usage fault, make sure that the business information provided is accurate, and convince that laws and regulations have been obligated (Warren, Reeve, and Fess 2004). One of the concepts commonly accepted in the auditing theories and practices is the importance of the internal control system of clients to minimize client's business risks, to keep the assets and records, and to create credible financing information (Arens, Elder, and Beasley 2012).
On the contrary, the weaknesses of internal controls lead to fraud (Lokanan 2014;Skaife, Veenman, and Wangerin 2013), cause a tendency of increasing credit loss (Cho and Chung 2016), decrease the sales (Su, Zhao, and Zhou 2014), reduce future work ethics (Weiss 2014), improve the association which creates higher benefits of individual controls (Gong, Ke, and Yu 2013), reduce company's market values and the relevance of accounting information values (Hu et al. 2013), create low-quality of financial reports (Ghosh and Lee 2013), cause higher loans, loss of backups and provisions in the banking company (Cho and Chung 2016), and trigger negative response of the market (Nishizaki, Takano, and Takeda 2014). COSO (1992) proposes that internal controls consist of five interlinked components: (1) Control Environment, (2) Risk Assessment, (3) Control Activities, (4) Information and Communication, and (5) Monitoring.

Fraud Prevention
Internal controls are mostly conducted as one of the ways to prevent fraud. The controls are established to make sure that the integrity among employees is well conducted (Bologna, 1993;(Haugen and Selin 1999). Rahman and Anwar (2014) argue that banks do not have to depend on one method to resolve fraud. The banks are supposed to establish checks and balances to identify faults in the internal control system and to improve more effective methods of preventing and detecting fraud. Explicitly, showing the process of company's risk identification and mitigation is a crucial element in achieving a good work performance and the target profitability to prevent the loss of resources (COSO 1992).
According to Hall (2011), fraud refers to the false representation of material facts conducted by one party to another with a purpose of deceiving and influencing other parties to lean on those facts which lead the related parties to loss. Concerning the applied laws, a fraudulent act must acquire the following conditions: (1) False representation; there must be false or unrevealed reports, (2) Material fact; the fact must be a substantial factor supporting an individual to act, (3) Intent; there must be intentions to perform fraud or understandings that the report is false, (4) Justifiable reliance; the false representation must be a substantial factor causing other dependent parties loss, and (5) Injury or loss; the fraud has caused injury or loss to the victims.
Fraud preventions are commonly believed as the activities conducted in establishing policies, systems, and procedures which support the knowledge that needed actions have been conducted by the company's board of commissionaires, management, and other personnel to provide adequate trust in the process of achieving its purposes. The purposes include the operational efficiency and effectiveness, financial report credibility, and the obligation towards the applied laws and regulations (COSO 1992). According to Tuanakotta (2012), fraud preventions can be conducted by activating the internal controls. An active internal control is the most common established controls. It is similar to the wall in a house which prevents robbers, but it worth concerning that even the strong wall can still be broken. Hence, fraud actors are still able to perform the crime. COSO (2010) reports that regularly there is much loss on public company's assets and it is commonly on middling and lower companies in which more than 26% asset becomes a loss. Black (2005) previously states that this phenomenon is called control fraud. There are some types of control fraud: accounting fraud, looting, and crass kleptomania.

Research Method
This research applied case study approach in achieving its aims and objectives. A case study method provides some winning and inspiring research in the field of social science because it proposes detail and deep understanding about the problems and issues being researched (Miller and Brewer 2003). Moreover, this is the appropriate approach to learn and investigate less-known and less-understood fields (Leedy and Ormrod 2015) which are commonly hard to be accessed through other types of research. Investigating the banking industries, with the unique processes and less-known operations, the researcher explored relevant issues through this approach because it proposes unique chances in the process of investigation.
The company chosen for this research was a banking company located in Medan, Indonesia. This company focuses on financing products of its clients. This company started to be active in 1996 with the biggest ownership capital by Universitas Islam Negeri Sumatera Utara.
This research applied a mixed method in collecting and analyzing data, which were document analyses and interviews. Applying more than a single method in collecting data enables the researcher to compare and to verify the information accuracy (Brewer and Hunter 2006). This method can increase the credibility and validity of the findings because the final bias will depend on one method which later can be avoided (Yin 2012).
The documents analyzed in this research were the internal audits and financing reports provided by the Operational Department in a certain period. It also conducted a monitoring of the continuity of customers' installment. The reports were chosen because representing independent views or assessments in an accounting organization, financing, and other operations. The main objectives of the internal audit reports in this research were to gain auditing opinions of adequacy and effectiveness of the internal control system, to identify the weaknesses of the internal controls, and to identify fraud resulted from the poor internal controls. Meanwhile, the financing reports were chosen because representing explanations about the continuity of costumers' installment, both of financing installment and of financing administration.
This research also applied interviews with company's management sectors related to the problems of the research, the internal controls, and account officers. Those sectors were chosen because of the experiences owned by auditing Administration Department and in conducting financing operations. Semi-structured interviews were conducted to gain deep information related to the weaknesses of internal controls and fraud in the company. This method is conducted to ease the interviewer to explore more information and to gain clarification of the answers from the interviewee (Barriball and While 1994). The interview in this research covered the interviewees' opinions about the adequacy and effectiveness of internal control system in the Administration Department, the efforts conducted by the management to detect and to prevent fraud, the impacts of fraud, and the possibilities of fraud excuses.
Before conducting the interviews, respondents were given an explanation about the aims of the research. The researcher also asked for permission to take notes and to transcribe the interviews. Manual transcriptions were coded and analyzed to identify the patterns or correlations appeared. This research applied a similar method conducted by Ermongkonchai (2010) in qualitative research about non-ethical behaviors among employees in an organization in Thailand; by Zakari, Nawawi, and Salin (2016) in research about internal controls and the impacts referring to fraud in an oil and natural gas company in the United States; and by Omar, Nawawi, and Salin (2016) in research about the causes and effects of employees' fraud focusing on a certain industry which was an automobile industry in Malaysia.
The collected data from the above methods have been analyzed in three different phases: data reduction, data presentation, and conclusion (Malhotra 2010). In the data reduction phase, the emphasized and crucial information was chosen, while the less significant information was eliminated. The general theme was developed and investigated. In the data presentation phase, visual and diagram presentations were used to investigate whether there were patterns, correlations, or dependencies among the information chosen. The final phase is the conclusion. In this phase, the meaning of the theme or information was analyzed and verified. This was conducted to make sure that all of the collected information met the objectives of the research. All of the analyses phases were conducted using the qualitative software.

Discussions
In this part, after the data collection and analysis, the weaknesses of internal controls in the Administration Department are analyzed based on the findings viewed in the Internal Audit Reports and the Standard Operating Procedure (SOP) of internal controls. The results of this research reveal four weaknesses of internal controls.

Inadequacy of Working Unit on Financing Personnel
Based on the audit findings, the company is still employing only one official to manage some functions of financing activities. It is worth concerning because there is a possibility that the financing activities cannot run effectively and are susceptible to fraud in the operational activities.
This research reveals that the distribution of function and charge at each sector is not vivid because it does not involve related unit in the financing operations. Financing officials in the Islamic bank should at least have four units to function as financing activities, starting from officials offering the bank's products to officials coping with the jammed administration, such as Account Officer (AO), Financing Support Unit, Financing Administration Unit, and Financing Supervision Unit. The financing supervision unit is in charge of supervising financing related to warning letters to customers, billing, and administration of guarantee or customers' file.

Inappropriate Financing Administration towards Financing Platform
The process of risk prediction conducted in financing administration was performed by Account Officer as the sector which assesses customers whether worth considering to be given financing or not. To avoid unexpected risks, mutual decisions are needed to make in the process of discussion in the Financing Committee, so there are mutual decisions with inputs and assessments from related officials in that financing.
This research reveals that the financing activities conducted by the bank to the customers are below the financing platform guarantee. Considerations of the financing decisions conducted in the collateral financing are still below the financing platform.
There are some customers who are considered as appropriate clients only by assumptions of having a good track record. The bank management also refers to the principle of kinship, so the collateral is not suitable for the financing platform. However, the company still considers the risks which may appear from the decisions given to the customers.

Inadequacy of Follow-Up towards Debtor Filing
At the early financing in which Account Officer performing the duty and after being followed-up based on SOP and other reports related to financing, all activities are conducted in some phases with high supervisions which follows-up the data collected. Following those activities, approvals are given through financing committee meeting. It is part of the most crucial supervisions and considerations, so checks and balances are done. After all of the activities conducted, holistic records and transactions existed are followed-up towards the accounting sector to note the transactions, while the administration sector saves all files in the financing transactions.
This research reveals that commonly the transactions conducted from financing activities can be processed within three days, but the lack of supervision and follow-up towards debtors in completing all the files leads to a longer time of process which is up to one month. Besides, routine entries and reports related to routine financing are conducted by administration sector.

Inadequacy of Supervision of Financing Transaction Record Practices
The supervision of financing must be completed with an internal audit towards all aspects of financing which has been conducted. Internal audit is a follow-up effort in supervising financing in order to make sure that it is conducted well based on the financing principles and applied financing regulations.
This research reveals that the Internal Audit's duty in supervising financing activities and records is not conducted in a maximum way. It is found that the records of financing transactions are not suitable with PSAK 102 1 in which it must be conducted by the bank based on the regulation issued by Indonesian Financial Service Authority. However, there is no refinement yet related to the existing problem because it will influence financial reports and other transactions.

Interview Results
The interviews with the Operational Director and the Internal Auditor are conducted to gain the opinions about the Department's internal control system. The Operational Director possesses experiences in conducting financing activities, while the Internal Auditor is experienced in auditing for Administration Sector. Detail results of the interviews are explored in the following explanations.

Internal control area that needs improvement
The operational bank director opines that the Department needs to improve the assessment of collaterals to appraisal companies because previously it was conducted by the related officials in the process of assessment. This is based on the Standard Operating Procedure about collateral assessment.
The internal auditor suggests that the Department needs to add the number of personnel in conducting financing. There are some findings concerned during auditing because of the lack of personnel in the financing department. For example, the financing process must wait for a longer time until the agreement of financing given to the customers. Another suggestion from the internal auditor is that the Department needs to improve the recording process which is not suitable with PSAK 102 to later obey the regulations made by the Islamic banks in Indonesia. The bank also needs to add the logistics to keep financing documents such as filing cabin to keep financing copies and the safe-deposit box to keep the original documents.

Internal control weaknesses that tend to lead fraud
The internal auditor and the operational director agree to see that the weaknesses of the internal controls will create a gap to fraud in the financing department. The tendency to lead fraud caused by some personnel can concretely create a chance to perform fraud. For example, in the process of financing, there is a possibility that the financing personnel conspires with customers to ease the process of financing even though there are still some requirements which are not met yet.

The role of internal control system to prevent fraud
The internal auditor and the operational director agree to see that effective and adequate internal controls can prevent fraud in the financing department. Although it cannot be prevented thoroughly, the company still can implement the internal controls. For example, it can improve the organization cultures by implementing the principles of Good Corporate Governance (GCG) which are linked each other. The principles are based on a strong fairness, transparency, accountability, morality, and commitment. Therefore, the internal auditor suggests that the company administers sanctions to fraud actors and gives awards to employees acquiring good achievement.

Conclusion
This research reveals that some weaknesses of internal controls have been identified as one of the reasons of fraud. Poor internal controls lead to fraud. The implementation of good internal controls is expected to prevent fraud in financing, so the bank can achieve its purposes. Moreover, internal or external possible risks related to financing can be minimized through adequate supervisions.
The management of the bank still employs the same officials to conduct various financing activities. It leads to fraud because the activities are lack of supervisions. The controlling activities have performed good supervisions, but there are still weak financing activities in the other parts. There is still collateral financing given by the customers which are not suitable for the financing platform. The company possesses one internal control that is in charge as an auditor and internal auditor. The job and responsibility of the internal control in the bank covers a broad supervising and auditing, but the human resources are very limited.
It is suggested that the company must concern the environment controls, so the activities of operational financing can run well. Therefore, the officials of financing of Islamic bank are at least covering four units. The functions of officials in conducting financing activities at Islamic bank, starting from those who offer bank's products to those who handle jammed administration, are Account Officer (AO), Financing Support Unit, Financing Administration Unit, and Financing Supervision Unit.
The results of this study provide theoretical implications that poor internal controls provide opportunities for fraud. These findings complement the results of previous research conducted by Lokanan (2014) and Skaife, Veenman, and Wangerin (2013). Managers who only focus on earnings results and ignore fraud prevention, so the performance of subordinates or employees are neglected to be evaluated will also have an impact on the prevention of fraud less than the maximum. The results of this study can explain that the prevention of maximum fraud in an organization must be followed by a good internal control as well. Management can strengthen the role of internal control by multiplying its personnel, and there are not several important positions filled by one personnel.