The role of risk management and good governance to detect fraud financial reporting

The aim of this study is to investigate the organizational factors, auditor opinion and the role of internal auditor in banking industry to detect fraud in Indonesia. Observation data in this study are the years from 2013 to 2017. This study is an empirical study and the data are selected by using sampling technique. Observation data in this study are as many as 45, and are processed by using logistic regression analysis instrument. The dependent variable studied is fraud. Meanwhile, the corporate organizational factors are risk disclosure and independency of intern auditor function as well as independent auditor opinion. The testing result proofs that there is no corporate organizational variable and independent auditor opinion significantly affecting indication of fraud in banking company.


Introduction
Financial report demonstrates information about financial position, financial performance, and entity of cash flow that is useful for most of financial reporting users in economic decision making. Financial report is arranged by management to be accounted for the owner. In agency theory, it is known the separation between company's owner and company's management. Thus, the management as the company's management has high controlling rights toward company (Jensen & Meckling, 1976). The high controlling rights toward company can create the presence of authority misuse in making financial report, so the financial report made does not reflect the real condition. It is done by management to show good achievement for management in managing company.
The authority misuse in financial reporting is a form of fraud. Fraud according to International Standards on Auditing number 99 can be defined as an intentional action by company's management, the party that plays role in governance, employee, or the third party that conduct deception or fraud to get unfair and illegal profit (Skousen, Smith, & Wright, 2009).
Fraud can be done by individual or group. According to Hayes, Dassen, Schilder, and Wallage (2004) there are two types of fraud, which are misappropriation of asset and fraud financial reporting. Misappropriation of asset is a misuse the assets of company. Meanwhile, fraud financial report is authority misuse done toward financial reporting, it is usually done by management.
There are some theories about motivation of individual or group to conduct fraud. The first theory is Fraud Triangle, then, Fraud Diamond and now is developing to be Fraud Pentagon. Fraud triangle theory was proposed by Cressey (1953). Fraud triangle theory states that individual or group conducting fraud is motivated by pressure, opportunity, rationalization. Then, fraud triangle in 2004 was developed by Wolfe and Hermanson (2004) known as fraud diamond theory. Fraud diamond theory stated that the factors that encourage fraud are pressure, opportunity, and added one qualitative element that is believed to have significant effect toward fraud which is compensation. The last fraud theory was developed by Crowe Howart (2010) known as Crowe's fraud pentagon theory. Fraud pentagon is motivated by pressure, opportunity, rationalization, competence, and added another element which is arrogance.
The responsibility of auditor is to detect the presence of fraud by identifying and determining the risk of material misstatement on financial report containing fraud to get audit evidence on the material misstatement through design and implementation in auditing process (Dalnial, Kamaluddin, Sanusi, & Khairuddin, 2014).
Besides the presence of independent audit on financial report, company can also conduct various efforts to minimize the risk of fraud. Among others are the implementation of corporate good governance, conducting risk management, and forming internal audit unit. Good Corporate Governance is defined as a structure applied in running the company with the main purpose to increase the value of shareholder in a long term by keeping paying attention to the interest of other stakeholders based on applicable laws and norms. The function of internal audit is very important in helping management in monitoring assets of the company and reducing the presence of fraud (Amran & Ahmad, 2009). As we know that the role intern auditor right now is very hard, they are required to conduct evaluation and to give contribution of improvement in risk management, internal controlling, and governance process by using systematic approach (Tugiman, 2015).
Company's risk management or also known as enterprise risk management (ERM) is a process of risk management including identification, evaluation, and controlling of risk that can threaten business continuity of company. The purpose of ERM designing according to Beasley et al (2006) is to minimize the risk of portfolio faced by company. The risks faced by company can be financial risk and non-financial risk.
Based on the survey done by Association of Certified Fraud Examiner (ACFE) (2016), it showed the fact that financial and banking sectors are the most sectors that have fraud case compared to other sectors. Fraud cases in banking company in Indonesia involve many parties of management and the total loss of fraud is big. There were 9 fraud cases in banking companies in Indonesia in 2011, both in private companies and state owned companies (Kompas.com, 2011). Meanwhile, the fraud case in banking companies that right now has not been solved and the material loss was big is the case of Bank Century.
The average loss as the result of fraud is 5% of company's income. The frequency of fraud financial reporting is the highest and the loss of this is the biggest. The average duration of occurring this fraud before being suspected is 18 months (Bănărescu, 2015). Not all FFRs are suspected.
Nevertheless, fraud can be done by management and corporate governance function. It is because there is cooperation among them, so it is difficult for auditor in detecting the presence of fraud.
Many efforts can be done by management to minimize the presence of fraud, for example improving the culture of company through the implementation of good corporate governance principles because through the implementation of good corporate governance, it can push the efficiency of corporate resources performance as well as producing sustainable long term economic value. Moreover, it also forms and makes the function of internal audit effective.
Financial Statement Fraud is a routine action producing material misstatement in financial report. APB (1998)admits that fraud done by management is difficult to be detected during financial report auditing because the management has special way to hide the fraud. The study about fraud has been done by Loebbecke, Eining, and Willingham (1989) that fraud is done because of the presence of supporting condition in entity and manager. Bell and Carcello (2000) indicated that factors that push the presence of fraudulent financial reporting are weak controlling environment, rapid corporate growth, low profit, wrong management profit prediction, and corporate ownership status. Fama and Jensen (1983) found the evidence that the function of internal controlling that is peroxide with the role of external directors will increase corporate controlling, so it will prevent the presence of fraud done by management. Young (2000) studied that audit committee is the front line in anticipating fraud action toward financial report. However, Beasley (1996) and Dechow, Sloan, and Sweeney (1995) found different evidence that the existence of audit committee does not affect significantly toward fraud in financial reporting, it is because of the position of audit committee that is not independent.
The studies in Indonesia that connect the factor of risk management toward fraudulent financial reporting are relatively few. Most of researchers study on factors affecting risk management disclosure. For example Meizaroh and Lucyanda (2011), Djoko and Aryane (2011), Simanjuntak and Widiastuti (2004) hey studied factors affecting risk management disclosure, do not study the effect of the risk management disclosure.
As known, the case of fraud in financial reporting has been much done, both in international level and in Indonesia, for example the cases of Enron, WorldCom, Kimia Farma, Bakrie and Brothers and Bank Century (www.Bapepam.go.id). The effect of these cases is that the trust of financial report user is less toward the completion and the reliability of accounting numbers in financial report. The company is expected to be more transparent in disclosing financial information of the company in order to help decision makers such as investors, creditors, and other information users in anticipating economic conditions that change more Almilia and Retrinasari (2007). It creates many requests to public company to widen disclosing practice in annual report, not only disclosing financial information but also widening the disclosure of risk information. Keputusan Ketua Bapepam dan Lembaga Keuangan Nomor (Decree of the chairman of Bapepam and Financial Agency Number): Kep-134/BL/2006 about the obligation of annual report delivery for issuer or public company, that the company must deliver explanation about the risks faced by the company as well as the efforts that have been done to manage the risks. Other regulation that regulates the risk management is the regulation issued by (the Ministry of SOE No.): Menteri Negara BUMN Nomor: Kep-117/M-MBU/2002. It is stated that SOEs must take initiative to disclose not only the problems required by legislations but also the important matters for decision making by financier, shareholder/share owner, creditor, and stakeholders, one of material risk factor that can be anticipated, including management evaluation on business climate and risk factor.
Seeing how big the demands of internal auditor role in good governance and risk management, this study will conduct the testing of the internal auditor function role and management risk disclosure in anticipating the presence of fraud fraudulent financial reporting. Based on the survey data of internal auditor development in 107 countries, it is known that internal auditor role in supporting the achievement of company's goal is only 44% (Tugiman, 2015). If the role of internal auditor in company is too low, it then will push the management to conduct fraud in financial reporting.
Besides examining the role of internal auditor, this study also examine the factor of risk management disclosure toward the tendency of company to conduct fraud. Risk management disclosure of company is needed because it contains the process of risk management including identification, evaluation, and risk controlling that can threaten the business continuity of company. The purpose of risk management designing according to Beasley, Clune, and Hermanson (2005) is to minimize the risk of portfolio faced by company. The higher level of supervision done by corporate supervisory functions, risk disclosure is not too needed, so it can decrease the presence of fraud in financial reporting (Oliveira, Rodrigues, & Craig, 2011).
Disclosure on risk management in Indonesia is still limited as voluntary disclosure, except for banking industry. Thus, there are still many types of its disclosure. The studies in Indonesia that connect factor of risk management toward fraud in financial reporting are relatively few. Most of researchers study factors affecting risk management disclosure.

Literature Review and Hypothesis Development
Agency theory explains that there is interest conflict between agent (management) and principal (owner). This theory assumes that manager as agent is responsible for optimizing profit of owners (principal), but in the other side, manager also has interest to maximize their welfare, so there is big possibility that agent does not always act for the best interest of principal (Jensen & Meckling, 1976). Risk management of company or known as Enterprise Risk Management (ERM) is a process of risk management including identification, evaluation, and risk controlling that can threaten the business continuity of company. The purpose of ERM designing according to Beasley et al. (2005) is to minimize portfolio risk faced by company. The risk faced by company can be financial risk and non-financial risk.
There are studies about the relation between Independent Commissioner Board and The level of Risk Disclosure, the result is that company with high proportion level of independent commissioner board will get demand to give information more in order to balance their personal reputation risk level (Oliveira et al., 2011). Therefore, to reduce agency costs, company with higher proportion of independent commissioner board will tend to disclose wider information.
The study done by James (2003) shows that financial report users assume that internal audit function that reports to senior management is not really able to give protection toward the presence of fraud in financial reporting. It is because of the presence of assumption that internal auditor function is not independent, and the scope of internal auditor activity might be limited. Thus, the presence of internal audit function objectivity is needed through stronger reporting structure, which is with the supervisory responsibility of audit internal function directly to audit committee. Matoussi and Gharbi (2011) found that the higher proportion of independent directors from outside of company, the smaller tendency of fraud occurrence in company.

Organizational Factors Related to Financial Statement Fraud
Financial reporting fraud can be found when auditor suspects the presence of accounting error or the lack of explanation about management of transaction and account balance. However, this fraud is often found because the financial difficulty of company that eventually will make the company bankrupt. The study about fraud has been done by Loebbecke et al. (1989) that fraud is done because the presence of condition that supports in entity and manager. Bell and Carcello (2000) indicated that factors pushing the presence of fraudulent financial reporting are the weak controlling environment, rapit corporate growth, low profit, wrong management profit prediction, and corporate ownership status. Fama and Jensen (1983) found evidence that internal controlling function that is proxied with the role of external directors will increase controlling of the company, so it will prevent the presence of fraud done by the management. Love (2000) studied that audit committee is the front line in anticipating fraud action toward financial report. However, Beasley (1996), and Dechow, Sloan, and Hutton (1998) found different evidence that the existence of audit committee does not significantly affects fraud in financial reporting. Beasley et al. (2005) examined corporate governance between sample of companies that conduct fraud and the ones that do not conduct fraud, they found the evidence that the companies that conduct fraud have only few audit committee. It might be because the audit committee is not independent and less works maximally. Meanwhile, the sample of companies that do not conduct fraud, place their external directors more.
Many efforts can be done by management to minimize the presence of fraud, such as improving the culture of company through the implementation of good corporate governance principles. Because through the implementation of good corporate governance, it will promote the efficiency of corporate resources performance as well as producing sustainable long term economic value. Moreover, it also forms and makes internal audit function effective. As we know that now the role of internal auditor is very hard, they are required to conduct evaluation and to give improvement contribution in risk management, internal controlling, and governance process by using systematic approach (Tugiman, 2015).
Internal auditor should not conduct audit related to the risk management and governance if organization's internal controlling has not been adequate. Organization internal controlling that is adequate is stated in external auditor opinion with unqualified opinion (Tugiman, 2015). Based on the survey data of internal auditor development in 107 countries, it is found that the role of internal auditor in supporting the achievement of company's goal is only 44% (Tugiman, 2015).
Based on the theories above and some studies that have been done previously, the hypotheses proposed in this study are as the following: H1: The role of internal auditor function affects the tendency to conduct fraud. H2: The disclosure of enterprise risks management affects the tendency to conduct fraud. H3: Auditor's opinion affects the tendency to conduct fraud.

Research Method
This study is an empirical study by using secondary data. The population in this study is all financial sector companies listed in Indonesia Stock Exchange in 2013-2017. Sampling technique used in this study is purposive sampling, with the criteria: companies deliver annual report openly and available data are complete.
Data in this study are secondary data. Data needed in this study are the data of financial companies listed in Indonesia Stock Exchange obtained from www.idx.co.id, and annual report data of companies listed in Indonesia Stock Exchange obtained from www.idx.co.id.
Variables in this study consist of 3 variables, which are dependent variable, independent variable and controlling variable. Dependent variable in this study is fraud. This variable is measured by using variable dummy. Score 1 shows the company is indicated conducting manipulation in financial report, and score 0 shows the company is not indicated conducting manipulation in financial report. Companies that are indicated conducting manipulation in their financial report are proxied by using Beneish M-Score model.
Meanwhile, independent variables in this study are risk management and effectiveness of corporate internal audit function. Variable of risk management is measured by using each type of risks, which are the risks of credit, market, liquidity, obedience, law, strategy, reputation, and operational. Meanwhile, variable of internal auditor function effectiveness is measured from the independency level of internal auditor function in the company. Controlling variable used in this study is auditor opinion. This opinion is measured by using variable dummy. Score 1 shows auditor opinion other than qualified, and score 0 shows auditor opinion that is qualified. Similar to the argumentation of Tugiman (2015), it stated that adequate organization internal controlling will be shown in external auditor opinion with unqualified opinion.
Data in this study will be analyzed by using logistic regression analysis instrument that are processed by using software SPSS. The logistic regression model in this study is as the following: After data processing, hypothesis testings are done. Hypotheses of study will be supported if the value of t significance from regression processing result shows significance less than 5%.
To determine whether the company is manipulator or non-manipulator, it is identified by using Beneish M-Score analysis. If the score of M-Score is below -2.22, the company might be prudent, but if the score of M-Score higher than -2.22, the company might conduct manipulation in its financial report.

Result and Discussion
Year of observation used in this study is the year 2013 to 2017. The number of sample in this study is as many as 45 samples. The illustration of data in this study is shown on Table 1 as the following: Position of internal auditor in company is categorized in the level of its independency. The highest independency level is given score 1, which is auditor position under president director/commissioner board. Based on the observation, most of internal auditor positions are very independent (62%). Meanwhile, the position of internal auditor under the president director is given 2. As much as 38% of internal auditor positions in the observation are less independent. The more independent internal auditor position, the lower possibility of fraud in the company.
The most risk disclosure is 8 types of risks, which is 67%. The more number of disclosures show the transparency of corporate information, so it will press the presence of fraud in the company.
Auditor opinion given mostly is unqualified opinion (83%). It shows that the financial report made by banking company is reasonable and free from material misstatement and fraud.
Meanwhile, the indication that the company conducts fraud is relatively small, which is only 7%. It is because to evaluate whether the company really conducts fraud only through a measurement. Moreover, the high banking regulation will really press the possibility of banking company to conduct fraud.
Based on the logistic regression analysis, the regression analysis result is shown on Table 2. Based on the logistic regression processing result, it is known that there is no independent variable able to predict whether company conducts fraud. It is because some factors. If it is viewed from data frequency distribution on Table 1, most of banking companies have followed banking regulations well. Internal auditor has had high independency level in conducting the task, so it can press the presence of fraud in financial reporting as well as able to evaluate effectiveness of company controlling that has important role toward fraud action. The number of risk disclosure shows the transparency of company's information. The more disclosed information, the less risks of fraud done by company. The companies that conduct fraud usually limit the the number of information disclosure, it is done to cover inaccurate information.
Most of auditor opinions are unqualified opinion. It means that companies in making financial report have fulfilled the determined criteria in applied accounting standards, and the financial report does not contain misstatement material and fraud. Auditor guarantees the truth of the opinion because if the auditor acts rashly, a sanction can be given both professionally and from clients. Moreover, the high banking regulation will require company to be obedient toward the regulation, so the company will think more when conducting fraud.

Conclusion
The purpose of this study is to investigate organizational factors of banking company that affect the tendency of banking company to conduct fraud. Based on the data and discussion above, it can be concluded that there is no organizational factor able to indicate that banking company conducts fraud, and the role of internal auditor cannot fraud predictor.
Based on frequency distribution, most of banking companies have run or followed the regulation of banking. Position and attitude of independent internal auditor, high level of information disclosure, and high obedience in financial reporting can be viewed from given auditor opinion. The result analysis shows there is no corporate organizational variable and independent auditor opinion and role of internal auditor significantly affecting indication of fraud in banking company.
There are several limitations of this study, the measurement of companies conducting fraud uses prediction, so it is unable to give the real description of fraud. Thus, for the next study, it can use more accurate prediction. Moreover, organizational measurement only uses the number of risks management and internal auditor position. The next study can use different measurement and add research variable.