The effect of enterprise risk management on prevention and detection fraud in Indonesia’s local government

Abstract

It may sound familiar to use Enterprise Risk Management (ERM) to prevent and identify fraud. However, the use of this well-known strategy in municipal administration is still uncommon. Fraud is a major concern in local government fiscal management. We acquired 151 data points from the Supervisory Apparatus of Local Government Agencies in Indonesia using a questionnaire. To test the hypothesis, this study employs regression analysis. According to the findings, the control environment, risk assessment, control activities, information and communication, and monitoring all have a significant impact on fraud prevention and detection. This work contributes empirically to the use of Enterprises Risk Management to minimize and identify fraud in Indonesian local governments.

Keywords:

• Enterprise risk management
• Indonesia local government
• fraud prevention and detection

PUBLIC INTEREST STATEMENT

This study looks into the connection between Enterprises Risk Management and the prevention and detection of fraud in local government. Research findings show that Enterprises Risk Management can prevent and detect fraud in Indonesia local government. Enterprises Risk Management can also encourage public sector institutions, especially local governments, to use resources more effectively to avoid fraud. Finally, Enterprises Risk Management can offer advantages if the local government can integrate it into business processes to detect fraud. The results indicate empirical evidence that local government still lacks transparency in access to information. These findings have policy implications, indicating that Enterprises Risk Management is critical in preventing and detecting fraud in local government.

1. Introduction

Because of the growing pressure on businesses to manage risk holistically, enterprise risk management (ERM) is growing rapidly in today’s risk management strategies (Lundqvist, 2014). Naturally, Enterprises Risk Management employs a holistic approach to risk mapping in order to aid decision-making and raise the chances of attaining tactical and analytical objectives (Mcshane, 2018). Enterprises Risk Management has been suggested by many assessors, regulators, and professionals to be applied in an organization (Arena et al., 2010). Financial institutions, on the other hand, were the first to use Enterprises Risk Management (Saeidi et al., 2018). Financial and private companies that adopt Enterprises Risk Management show increases in firm value (Bertinetti et al., 2013; Chen et al., 2019; Iswajuni et al., 2018; Nguyen & Vo, 2020; Rodrigues et al., 2019; Yudianto et al., 2021). Other research has identified the Chief Risk Officer (CRO) as an indicator for Enterprises Risk Management implementation (Liebenberg & Hoyt, 2003; Pagach & Warr, 2011). As a result, organizations with more leverage and larger assets are more likely to hire a CRO. Meanwhile, according to Beasley et al. (2008), the hiring of a CRO has little influence on market reaction. Enterprises Risk Management, on the other hand, has an impact on the performance of both financial and non-financial firms (Saeidi et al., 2020). Enterprises Risk Management research and the role of Internal audit (Abdullatif & Kawuq, 2015; Fraser & Henry, 2007; Thompson, 2013). Enterprises Risk Management is also a tool to prevent fraud (Ayagre et al., 2014; Rahman & Al-Dhaimesh, 2018; Venter, 2007). Generally, previous research has focused on financial companies, namely insurance (Hoyt & Liebenberg, 2011; McShane et al., 2011; Nguyen & Vo, 2020). Yudianto et al. (2021) In Indonesia, examine Enterprises Risk Management and internal audit quality on the performance of State-Owned Universities-Legal Entity and State-Owned Universities-Public Service Agency. However, there is still little discussion of Enterprises Risk Management in government organizations (local government). Government organizations are certainly very different from the listing or financial companies that have been the object of Enterprises Risk Management .

This study looks at Enterprises Risk Management as a tool for preventing and detecting fraud in East Java’s local government. The study of Enterprises Risk Management to deter and recognize fraud in municipal governments is a fascinating topic. Because local government management is vulnerable to fraud risk, it is necessary to examine Enterprises Risk Management in the realm of government. The government adopted Enterprises Risk Management in Government Regulation No. 60 of 2008 concerning the Government’s Internal Control System. Why is it claimed to adopt because, in Government Regulation No. 60 of 2008, aspects such as control environment, risk assessment, control activities, information and communication, and monitoring are the exact dimensions in the Enterprises Risk Management Committee of Sponsoring Organization (COSO)? Yet, Enterprises Risk Management is still not implemented optimally (Yudianto et al., 2021).

There are several reasons to conduct this study, first combatting fraud or, more specifically, the corruption in local governments is still far from expected. According to the 2019 Association of Certified Fraud Examiners (ACFE) Indonesian Chapter study, the fraud with the most cases and the highest damages was 167 corruption cases with over 373 billion in losses. Furthermore, the Indonesian Corruption Watch (ICW) showed that the perpetrators (fraudster) of corruption is the State Civil Apparatus (ASN), who work in local government institutions. The second reason to include elements of Enterprises Risk Management to prevent and detect fraud may have often been done in financial or public companies but is still rarely applied in government organizations. Government organizations are much different from finance and public companies. Government organizations have other characteristics and are non-profit. Finally, the main reason is to measure the performance of eradicating corruption based on how many cases are detected and the need to carry out crime prevention on an ongoing basis so that sins do not recur in the future.

From the statement above, we need the best solution to prevent corruption from happening again. It can reduce the losses suffered by the state. A measure that shows how much to save on potential losses is a benchmark in eradicating corruption. It is still a significant concern (Mcleod & Harun, 2014) and must be handled seriously. Therefore, the government certainly needs a certain step to overcome this problem. The application of Enterprises Risk Management will be an interesting topic in this research.

Research shows that Enterprises Risk Management effectively prevents and detects fraud in banking (Abiola & Oyewole, 2013; Rahman & Al-Dhaimesh, 2018) and manages goods and services (Venter, 2007). Other studies state that Enterprises Risk Management significantly influences financial reports and internal control (Bento et al., 2018; Cohen et al., 2016). Meanwhile, Song and Kemp (2013) research shows companies that adopt Enterprises Risk Management report immaterial internal control weaknesses more than others that do not. Recent studies also show that risk management has a significant role in financial fraud (Abdullah & Said, 2019; Mohd-sanusi et al., 2015). According to Alazzabi et al. (2020), risk management, top management support, and internal audit operations are critical components of fraud mitigation in a firm.

The research findings may be utilized by local authorities to ensure the functionality of internal controls in place to avoid and detect fraud. In addition, there are still few studies on Enterprises Risk Management in local government. For the central government, this is also useful because increasing the quality of internal control can meet the demands of local governments to combat fraud. This study is organized as follows. Section 2 begins with a theoretical examination and hypothesis building. Section 3 provides the study methodology, Section 4 has the findings and discussion, and Section 5 contains the research conclusions.

2. Theoretical background and hypothesis development

2.1. Theoretical background

2.1.1. The fraud

Fraud may occur in any enterprise. Fraud has long existed. It’s like a parasite that can wipe out a company like Enron, WorldCom, Satyam, and others. According to Ramamoorti (2008), fraud comprises intentional behaviors carried out by people through deception, cleverness, and deception, and may be broadly classified into two types of misrepresentation: suggestio falsi (suggestion of a falsehood) and suppressio veri (suppression of truth).

According to the Association of Certified Fraud Examiners, there is another approach to categorizing fraud (ACFE, 2017, 2018), is the exploitation of one’s employment for personal benefit by purposefully misusing or misapplying the employing organization’s capital and resources (or occupational fraud). According to the ACFE, the key characteristics of occupational fraud are that it is (1) covert, (2) violates the employee’s fiduciary responsibility to the organization, (3) is committed with the intent of providing a considerable financial advantage to the employee, and (4) involves the employing organization’s assets, income, or reserves. ACFE classifies fraud into three categories: corruption, asset theft, and financial statement fraud. Corruption was the most important loss in this study. In addition, a man named Donald Cressey created a hypothesis known as the Fraud Triangle. The fraud triangle is a hypothesis that explains why individuals commit fraud. People commit fraud for three reasons: pressure, opportunity, and reasoning.

2.1.2. Enterprise risk management

Studies say that there is no standard agreement regarding the components of the Enterprises Risk Management framework itself (Lundqvist, 2014). The study also mentions that organizations often use more than one framework in implementing Enterprises Risk Management . There are two approaches to identifying and measuring Enterprises Risk Management implementation in a company. First, using a simple proxy in measuring Enterprises Risk Management, for example, having a chief risk officer on board or risk committee (Abdullah & Said, 2019; Beasley et al., 2008; Hoyt & Liebenberg, 2011; Iswajuni et al., 2018; Liebenberg & Hoyt, 2003; Pagach & Warr, 2011). Second, This study is based on perceptions about the adoption of Enterprises Risk Management in an organization, which was conducted through a survey (Alazzabi et al., 2020; Bento et al., 2018; Yudianto et al., 2021). Bento et al. (2018) investigate management accountants’ roles in two parts of Enterprises Risk Management: risk assessment and effectiveness of internal control. Risk prevention, risk monitoring, internal risk treatment, and external risk treatment are the internal control components employed in their study. The monitoring component, as demonstrated by the function of internal audit, can aid in the detection of regulatory anomalies or unscrupulous actions inside the firm.

This study takes the analogy of a private company to assess whether Enterprises Risk Management can be used to prevent and identify fraud. The implementation of Enterprises Risk Management in local governments is encouraged by Government Regulation No. 60 of 2008. Enterprises Risk Management aims to assist organizations in protecting and increasing the value-added of stakeholders (COSO, 2004). But fraud can reduce company value and be categorized as one of the risks of an organization (Pike et al., 2015:315). Fraud is a universal crime (Alazzabi et al., 2020). Therefore, preventing and detecting fraud is the responsibility of the stakeholders and top management priority. According to stakeholder theory, top management aligns all interests and creates value-added stakeholders (Freeman, 1984). Therefore, under stakeholder theory, top management is expected to increase the organization’s internal control effectiveness using Enterprises Risk Management (Bento et al., 2018; Cohen et al., 2016; song & Kemp, 2013).

According to stakeholder theory, stakeholders are a group of persons or groups who could determine or are impacted by an organization’s successes. This theory suggests that if organizations want to be successful, executives must account for the interests of all stakeholders (Freeman, 1984). Miles (2017) stated a stakeholder is a collection of groups (coalition, network, or society), individuals (agents, actors, members, parties), or entities (institutions, companies, or organizations), which may be human (a person or resident) or non-human (environment, natural entity or God). It is stated that the organization is responsible for the interests of shareholders and stakeholders (Freeman & Reed, 1983). As we all know, government institutions have the purpose of serving the community. The community is one of the stakeholders in the accountability of funds used by local governments. Therefore, local governments must implement a good internal control to obtain reasonable assurances regarding financial management in local governments. This argument raises the community’s demands that top management (mayor) carry out regional financial management.

Bento et al. (2018) According to AAA, the management part of Enterprises Risk Management contributes significantly to the management of financial or compliance risks and focuses on hazards that are likely to arise. According to their findings, Enterprises Risk Management plays a critical role in preventing and controlling internal risks in terms of internal control. The goal of installing internal control systems in Enterprises Risk Management is to identify any fraud that may undermine an organization’s objectives.

Executives, auditors, and risk managers must collaborate to successfully control fraud risk in the organization’s purchase of products and services (Venter, 2007). In addition, the study also states that the separation between the risk committee and the audit committee can strengthen control, prevention, and detection related to corporate fraud (Abdullah & Said, 2019). The separation between these two committees is one of the effective ways in the corporate governance mechanism to prevent fraud in the company. Meanwhile, Enterprises Risk Management is used in the banking sector to improve the efficacy of internal control and decrease the danger of incorrect financial reporting (Rahman & Al-Dhaimesh, 2018). This study also shows that senior management is critical to improving the effectiveness of the internal control system.

2.2. Hypothesis development

The purpose of this research is to see if Enterprises Risk Management can be used to deter and identify fraud in local authorities. Based on previous research that focuses on banks and private companies, it is still limited to examining the Enterprises Risk Management implementation in local governments. Meanwhile, the current study employs the Enterprises Risk Management -internal control framework, which includes the following elements: control environment, risk analysis, control functions, information and communication, and monitoring (COSO, 2013). Fraud prevention in this study refers to management activities in terms of establishing policies, systems, and procedures that help ensure the board of commissioners, management, and other personnel of the institution be able to provide financial reporting reliability, effectiveness, and operational efficiency of the organization (COSO, 2013). In contrast, fraud detection is an activity to find a series of red flags or symptoms to provide early information and warnings to stakeholders.

Enterprises Risk Management is believed to effectively prevent and detect fraud in banking (Ayagre et al., 2014; Rahman & Al-Dhaimesh, 2018). This study shows the internal environment has the most significant influence on fraud prevention in banking. Ayagre et al. (2014) assert that the control environment and monitoring components provide reliable internal control. Another study shows that Enterprises Risk Management can be a tool for organizations to combat fraud in the procurement of goods and services (Venter, 2007). With the support from top management and internal auditors, they can effectively minimize the risk of fraud.

Mohd-sanusi et al. (2015) examine several modifications of corporate governance elements to reduce fraud in banking companies in Malaysia. Corporate governance, internal control processes, fraud prevention programs, and risk management are examples of these systems. The study’s findings reveal that risk management has a major impact on the occurrence of fraud. Meanwhile, corporate government and fraud prevention programs have a significant adverse effect on internal or employee fraud. Furthermore, risk management has a negative association with external or customer fraud. However, internal control does not significantly affect the occurrence of fraud. Another study using a sample of companies engaged in finance in Korea showed different results (Suh et al., 2019). The results show that the method of control, when combined with the measurement components of preventing and detecting fraud (internal control), had a considerable negative influence on the incidence of fraud in the past. Another result shows that employees of Korean financial organizations say that when the management overrides control, it will be more dangerous than conspiracy within the organization.

Abdullah and Said (2019) investigates the audit committee’s association with corporate financial fraud, as well as the efficacy of having a distinct audit committee and risk committee. This study uses web-based data for companies that have cases of financial fraud. The results show that when these two committees are separated from each other or stand alone, it will significantly affect financial fraud. Furthermore, the risk committee, which functions independently of the oversight committee, is more common in firms when no financial misconduct has been uncovered.

Alazzabi et al. (2020) examine the effect of top management commitment and risk management on internal audit efforts and fraud prevention in the banking sector. The findings suggest that top management assistance is appropriate and broadens the scope of risk management. It improves the possibilities to deter and identify fraud by broadening the scope of internal audit efforts. As a result, as a form of top management support, the commitment of available resources and involvement in the audit plan boosts internal audit opportunities in reducing the risk of fraud. This viewpoint demonstrates that banks’ success in combating fraud is indeed contingent on providing enough assistance through the allocation of resources for internal audit operations, hence boosting the efficacy of internal audits in prevention, identifying, probing, and reporting fraud.

Yudianto et al. (2021) research have an impact on the performance of State-Owned Universities-Legal Entity and State-Owned Universities-Public Service Agency in Indonesia. They were using descriptive studies and questionnaires in collecting data. The findings indicate that Enterprises Risk Management has a considerable beneficial impact on academic outcomes. In addition, the application of Enterprises Risk Management can assist universities in identifying risks that can hinder the university’s goals and provide solutions to overcome them. The application of Enterprises Risk Management can also help universities find opportunities to achieve the expected performance.

According to prior studies, Enterprises Risk Management should be able to prevent and identify fraud in the local authority context. Therefore, the research hypothesis is as follows:

H1: Enterprises Risk Management can prevent fraud in the local government environment

H2: Enterprises Risk Management can detect fraud in the local government environment

3. Methodology

3.1. Research method

We used mix method design (Creswell, 2014). This study is a method of gathering and combining quantitative and qualitative data at one step of the research process in order to better comprehend the research topic (Creswell, 2014). We use Explanatory Sequential Mixed Methods Design, which is a common mix technique (Creswell, 2014). The initial part of this research is collecting quantitative data via questionnaires. This step’s goal is to collect data and identify informants for the next stage.

In the second step, a qualitative technique will be used to collect data through interviews to determine how Enterprises Risk Management can prevent and identify fraud. A quantitative technique can give a broad overview of the study topic. The quantitative data can then be analyzed qualitatively via in-depth interviews to obtain the respondent’s perspective on the study topic. Figure 1 depicts the research model of explanatory sequential mixed methods design:

Figure 1. Research design.

3.2. Data and sample

This study uses the perception of Indonesia’s Regional Government Agencies Supervision Apparatus (called APIP). APIP’s major purpose is to enhance the efficacy of risk management in carrying out its tasks and activities, as well as to enhance the standard of governance of government agencies. On this basis, APIP is considered the correct respondent for this research. Respondents were requested to complete a questionnaire about Enterprises Risk Management as well as fraud prevention and detection (Figure 2). A total of 247 surveys were issued, with an 86 percent response rate. However, there were incomplete questionnaires and outliers in the data. The incomplete questionnaires is 36, and the outlier in data is 24, so the final sample of this study amounted to 151 respondents. Research samples of more than 30 and less than 500 are considered sufficient for research in general (Sekaran & Bougie, 2016:264). The survey rate return is presented in Table 1.

Table 1. Details of questionnaire distribution and response rate

No	Local Area Government	Questionnaire Distribution	Questionnaire Return	Response Rate	Incomplete Questionnaire and outlier	Questionnaire Used
1	Sumenep (District)	20	19	95%	10	9
2	Pamekasan (District)	20	16	80%	8	8
3	Blitar (City)	18	15	83%	3	12
4	Blitar (District)	15	11	73%	2	9
5	Nganjuk (District)	25	23	92%	10	13
6	Madiun (City)	20	15	75%	2	13
7	Madiun (District)	15	13	87%	3	10
8	Sidoarjo (District)	25	24	96%	8	16
9	Lamongan (District)	20	18	90%	2	16
10	Bojonegoro (District)	24	21	88%	4	17
11	Gresik (District)	25	23	92%	7	16
12	Workshop Fraud Audit	20	14	70%	2	12
	TOTAL	247	212	86%	61	151

Figure 2. Research Framework.

3.3. Measures of variables

This survey is a personally administered questionnaire. Questionnaire items are made in clear and accessible language so that respondents can understand them. In the survey section, the data is about respondents’ biographies such as position, gender, last education, age, and years of service. Then the independent variable Enterprises Risk Management was measured by 29 question items consisting of five dimensions of internal control, namely control environment, risk assessment, control activities, information and communication, and monitoring (COSO, 2013). Meanwhile, fraud prevention (Prevent) is measured by 7 question items, and fraud detection (Detection) is measured by 6 question items adopted from the Center for Supervisory Education and Training (CSET) Financial and Development Supervisory Agency (BPKP) (2008) with modifications. At the end of the survey, respondents were asked to respond to everything related to Enterprises Risk Management and fraud prevention and detection in the local government. All variables are measured by five Likert scales (1 = strongly disagree and 5 = strongly agree). The research framework is presented in the following model:

3.4. Technique of analysis

The independent variable is Enterprises Risk Management (ERM), and the dependent variable is fraud prevention and detection. The analysis technique to test the hypothesis uses regression analysis and the following research model:

(1) $\mathrm{E}\mathrm{n}\mathrm{t}\mathrm{e}\mathrm{r}\mathrm{p}\mathrm{r}\mathrm{i}\mathrm{s}\mathrm{e}\mathrm{R}\mathrm{i}\mathrm{s}\mathrm{k}\mathrm{M}\mathrm{a}\mathrm{n}\mathrm{a}\mathrm{g}\mathrm{e}\mathrm{m}\mathrm{e}\mathrm{n}\mathrm{t}={\beta }_0+{\beta }_1\mathrm{F}\mathrm{r}\mathrm{a}\mathrm{u}\mathrm{d}\mathrm{P}\mathrm{r}\mathrm{e}\mathrm{v}\mathrm{e}\mathrm{n}\mathrm{t}\mathrm{i}\mathrm{o}\mathrm{n}+\epsilon$(1)

(2) $\mathrm{E}\mathrm{n}\mathrm{t}\mathrm{e}\mathrm{r}\mathrm{p}\mathrm{r}\mathrm{i}\mathrm{s}\mathrm{e}\mathrm{R}\mathrm{i}\mathrm{s}\mathrm{k}\mathrm{M}\mathrm{a}\mathrm{n}\mathrm{a}\mathrm{g}\mathrm{e}\mathrm{m}\mathrm{e}\mathrm{n}\mathrm{t}={\beta }_0+{\beta }_1\mathrm{F}\mathrm{r}\mathrm{a}\mathrm{u}\mathrm{d}\mathrm{D}\mathrm{e}\mathrm{t}\mathrm{e}\mathrm{c}\mathrm{t}\mathrm{i}\mathrm{o}\mathrm{n}+\epsilon$(2)

Where:

β₀ = constant

β₁ = coefficient

ε = error

Table 2 shows the reliability values of 43 statement items used as research surveys to measure the seven Enterprises Risk Management variables and prevent and detect fraud in government organizations. Reliability is measured using Cronbach’s alpha. The research instrument is valid if the Cronbach’s alpha is above 0.70 (Cho & Kim, 2015). Cronbach alpha coefficient of the seven variables tested in this study showed results above 0.70. These results indicate that each item establishes in this study is reliable and consistent.

Table 2. Reliability test

Variables	Items	Cronbach’s Alpha
Environment	6	0.856
Risk assessment	6	0.843
Control activities	6	0.823
Information and Communication	6	0.832
Monitoring	5	0.806
Prevention	7	0.809
Detection	6	0.822

5. Analyses and discussion

5.1. Descriptive statistic

The results from Table 3 show that monitoring has the lowest mean value (19,94) with a standard deviation of 1,923. The prevention variable has the highest mean value (28,33) with a standard deviation of 2,558.

Table 3. Descriptive statistic

Variable	N	Minimum	Maximum	Mean	Std. Deviation
Control environment	151	21	25	23.30	0.800
Risk assessment	151	17	30	24.70	2.138
Control activities	151	22	30	23.74	1.615
Information and Communication	151	16	30	23.52	2.023
Monitoring	151	14	25	19.94	1.923
Prevention	151	22	35	28.33	2.558
Detection	151	20	30	25.94	2.214

By referring to the average value of the variables control environment, risk assessment, control activities, and communication shows that respondents’ perceptions illustrate that local governments can implement Enterprises Risk Management effectively. The high mean value confirms this statement. However, the monitoring shows that the mean value is below 20, which illustrates that respondents tend to be hesitant about implementing Enterprises Risk Management as measured by the monitoring variable. Meanwhile, for prevention, it shows a high mean value. These findings indicate that respondents agree to implement fraud prevention measures for local governments. Furthermore, the mean value of the detection variable is also high, so it is the same as prevention. Therefore, it is necessary to detect fraud within the local government.

Table 4 shows the correlation between the variables. The correlations in Table 4 are measured using Pearson’s correlation. This table shows that prevention has a significant positive correlation to control environment, risk assessment, control activities, information and communication, and monitoring. The detection variable has a significant positive correlation with control environment, risk assessment, control activities, information and communication, and monitoring. The highest correlation between preventing and monitoring variables (r = 0,643) indicates that local governments can improve fraud prevention by increasing monitoring. The relationship between detection and control environment has the lowest relationship (r = 0.407). The relationship between Enterprises Risk Management variables and prevention and detection shows that a higher Enterprises Risk Management will also increase the prevention and detection of fraud in local government. Before testing the hypothesis, it is necessary to test the research model. The test result with the assumption of the Best Linear Unbiased Estimator (BLUE) shows that the data is usually distributed, homogeneous, and has no multicollinearity between the variables.

Table 4. Correlation matrix

Variable	Environment	Risk assessment	Control Activities	Information and communication	Monitoring	Prevention	Detection
Environment		,213**	,367**	,148	,406**	,462**	,407**
Risk assessment	,213**		,419**	,274**	,445**	,522**	,442**
Control Activities	,367**	,419**		,500**	,587**	,559**	,508**
Information and Communication	,148	,274**	,500**		,627**	,527**	,467**
Monitoring	,406**	,445**	,587**	,627**		,643**	,567**
Prevention	,462**	,522**	,559**	,527**	,643**		,534**
Detection	,407**	,442**	,508**	,467**	,567**	,534**

5.2. Regression results

Table 5 displays the coefficients and t values derived from the regression analysis. The findings revealed that Enterprises Risk Management (control environment, risk assessment, control activities, information and communication, and monitoring) could prevent fraud. The findings of this research show p-values of 10%, 5%, and 1%. This test shows the same results as before (correlation matrix Table 4). The results indicate that Enterprises Risk Management can be seen as a tool to prevent fraud in the local government. The local government believes that Enterprises Risk Management can be a helpful tool for fraud prevention following Government Regulation No. 60 of 2008 concerning the Government’s Internal Control System. It will be able to achieve the aim of reducing fraud while boosting the efficacy and efficiency of a municipality.

Table 5. Model 1 (Fraud Prevention as Dependent Variable)

Variables	Beta	t-Stats	p Value	Note
Constant	−14.255	−3.217	.002
Control environment	.767	3.901	.000***	H1 accepted
Risk Assessment	.313	4.206	.000***	H1 accepted
information and communicationA	.193	1.694	.092*	H1 accepted
information and communication	.281	3.055	.003***	H1 accepted
monitoring	.289	2.621	.010***	H1 accepted

Significant at 10%*, 5%** and 1%***

Hypothesis analyses show that H1 is accepted. Enterprises Risk Management can be used to prevent fraud in the local government. Control environment, risk assessment, control activities, information and communication, and monitoring can be used for fraud prevention in local government. All of the Enterprises Risk Management dimensions show a positive sign toward fraud prevention. The result shows that a higher Enterprises Risk Management will be better for fraud prevention in local government. Therefore, the first hypothesis can be declared accepted.

Control environment, risk assessment, control activities, information and communication, and monitoring proxies have a significant positive effect on fraud prevention, indicating that solid internal control can reduce the risk of fraud (Ayagre et al., 2014; Bento et al., 2018; Mohd-sanusi et al., 2015; Rahman & Al-Dhaimesh, 2018; Suh et al., 2019). Adopting internal control, Enterprises Risk Management increases the effectiveness of internal control and improves the quality of the reports produced (Cohen et al., 2016; Song & Kemp, 2013). Control environment act as a basis of all control components. Risk assessment, control activities, information and communication, and monitoring activities will work effectively if the control environment also works effectively. The control environment shows that top management (mayor) sets the right direction at the top, showing the organization’s importance of effective internal control. The control environment has the second-highest t value (t = 3,901); therefore, the findings suggest that top management is committed to and supportive of values and moral standards in order to guide organizational behavior, responsibility, attitude, and activities in the appropriate path. Top management believes that control is vital and that the entire organization will detect and respond to set controls.

The application of Enterprises Risk Management can also increase the organization’s value (Yudianto et al., 2021). Our findings are consistent with earlier research indicating the presence of powerful internal control in the control environment and monitoring components (Ayagre et al., 2014). Another finding is that a greater awareness of the control environment and the monitoring component of the internal control system will provide us with a better grasp of the overall system’s effectiveness. The findings also show that APIP, as the local government’s internal auditor, has done an excellent job of monitoring and preventing fraud. Monitoring ensures that Enterprises Risk Management can run effectively within an organization.

Risk assessment is the most dominant influence on fraud prevention. The result shows risk assessment has the highest t value (t = 4,206). This result proves that respondents consider risk assessment the essential Enterprises Risk Management component. Risk assessment also has an essential role in providing a high-quality internal control system (Cohen et al., 2016). Our findings are consistent with previous research, which showed that risk assessment significantly affects fraud reduction (Rahman & Al-Dhaimesh, 2018). This finding confirms that Enterprises Risk Management has a role in existing risk assessment in local government. Our results also show that local governments regularly agree to see risk assessments. The goal is to determine whether the risks faced will hinder the organization’s goals. Local governments, through APIP, can conduct periodic studies to assess risk.

Venter (2007) states that organizations can better prevent fraud if they are actively evaluating and assessing their risks and weaknesses against fraud. Monitoring periodically should be done to make sure the assessment. The risk assessment always identifies the risks faced by the organization both internally and externally. COSO also said risk assessment is an essential key for effective corporate governance. Internal control should be flexible to face changes regarding the risks faced by the organization. This way, local governments can further strengthen their efforts in preventing fraud. In addition, monitoring through an internal audit can improve fraud prevention in organizations (Alazzabi et al., 2020). Information and communication, as well as monitoring, are essential components of efficient internal control.

Our results show information & communication related to fraud prevention. This result is different from previous results, which said that information and communication did not reduce fraud (Rahman & Al-Dhaimesh, 2018). The t value for information and communication is 3.055 and shows a significance of 1%. The findings of this research are in line with the view that local governments establish information & communication to ensure all information goes well to all personnel responsible for internal control throughout the organization. Local governments also strive to communicate not only to internal parties of the organization but also to external parties such as business partners and the community, which also influences the internal control component to run effectively.

This study indicates that Enterprises Risk Management is necessary to prevent fraud in local government. Respondents believe that Enterprises Risk Management has a substantial effect on preventing fraud. However, some problems arise in the local government. Several respondents expressed their feelings toward the implementation of Enterprises Risk Management in local governments. Some of them confirmed this statement.

Respondents’ answers stated that:

“Control environment consists of soft control based on intangible factors such as integrity, honesty, and ethical values, which are informal controls, tend to be subjective and intangible. This control is difficult to prove its existence with the usual audit procedures. The intangible factor is still an obstacle carried out by APIP. For example, it relates to integrity which should be held firmly but is often violated by dishonest state civil apparatus.

Other respondents also answered that:

“Need more commitment to carry out properly by the stakeholders. In some cases, there are political issues from the policymaker.”

The following respondent answered:

“Lack of awareness of officials and employees to hold firm integrity and ethics.”

Respondents answered:

“The placement of employees is not based on their competence and lack of human resources.”

Respondents’ answers can be ignored. They demand some improvements in Enterprises Risk Management implementation in local government. It is good to see how the organization reacts to the flaw in Enterprises Risk Management implementation. In addition, the manifestation of the control environment is intangible, so it isn’t easy to measure, plus it needs more commitment and awareness within the local government to carry out. An exciting answer arises because the respondents also mentioned that the placement of employees is not according to their competence and the lack of existing human resources. All matters relating to the control environment already exist within the local government but are challenging to implement correctly. Therefore, a controlled environment needs more attention to fraud prevention in local governments. The control environment is the basis of all other components; therefore, it must be understood by all parties in the organization, including its structure (Mohd-sanusi et al., 2015), because this component is related to ethics, standards, and values in an organization. Basic things like this are often ignored and very difficult to implement. The values of an organization will take a long time to establish. When it becomes a habit, it will take the form of organizational culture. It is understood by all parties and must be carried out in organizational activities. COSO contends that the control environment is critical since it influences the incentive of organizational parties to behave responsibly.

Control activities have an essential role in preventing fraud within the local government. As shown by previous research, two components (relating to the control environment and control activities) might be seen as “prerequisites” for Enterprises Risk Management deployment (Lundqvist, 2014). Furthermore, his research also states that a controlled environment is a component that identifies an organization’s risk management activities, and control activities are components with attributes that determine Enterprises Risk Management implementation. With this result, local governments must pay serious attention to controlling activities in their institutions. The control environment and control activities are required for Enterprises Risk Management implementation. Control environment relates to the values, ethics, culture, organizational philosophy, and risks appetite. Control activities contain policies and standards that ensure that everything in the control environment (especially risk) can be carried out properly by all levels of the organization. Some respondents also found problems in control activities. Therefore, local governments need to find solutions to this problem. The respondent stated the reasons as follows:

“Need more attention over fixed assets owned by local governments because of insufficient documents and records.”

Other respondents answered:

“Not comply with applicable standards and the absence of periodic reviews of performance.”

Respondents answered:

“Each organization in the local government already has standards and procedures based on the SPIP decree. Control activities have not been running effectively.”

Respondents answered:

“There is an inaccuracy in identifying and analyzing risk so that the control activities carried out are not appropriate.”

Respondents answered:

“Loopholes in the control system create opportunities to commit fraud. It needs regular reviews. The current condition shows regular review seems doesn’t work effectively.”

The respondent said they need more spirit to carry on the standards. Loopholes in the control systems create opportunities for wrongdoing. Another statement said a regular review of performance within local government doesn’t work effectively. Control activities contain rules and processes that must be followed in order to guarantee that the management philosophy, ethics, and organizational integrity are carried out properly. In addition, wrong procedures will lead to wrong control activities carried out. Inadequate records or control documents over assets owned by local governments need more attention. The research results show that there are errors in identifying and analyzing risks. The findings of this research are strong evidence of why the control activity component has the lowest t value (t = 1.694).

According to COSO, control activities include authorization of approvals, reconciliation, review of operational performance, safeguarding assets, and segregation of duties. This research further confirms that the implementation of control activities in local governments is not working because the weaknesses mentioned by respondents are contrary to what COSO should have done. Local governments can review current operational performance to ensure that these control activities follow existing conditions and ensure that all personnel within the organization comply with standards and policies.

Table 6 presents the coefficients and t values model 2. In this model, the test between Enterprises Risk Management and fraud detection is carried out. Our findings stated that control environment, risk assessment, control activities, information and communication, and monitoring significantly detect fraud. The p-value of these components indicates significance (10%, 5%, and 1%). Control environment shows the highest t value, and risk assessment is the second highest. We think it interesting result, previous tests (Enterprises Risk Management to prevention) also show this two-component is the highest. According to respondents, it means that control environment and risk assessment are strong determinants in local government. The higher the Enterprises Risk Management will better fraud detection in local government.

Table 6. Model 2 (Fraud Detection as Dependent Variable)

Variables	Beta	t-Stats	p Value	Note
Constant	−5.094	−1.213	.227
CONTROL ENVIRONMENT	.548	2.939	.004***	H2 accepted
risk assessment	.201	2.847	.005***	H2 accepted
control activities	.184	1.703	.091*	H2 accepted
information and communication	.200	2.295	.023**	H2 accepted
monitoring	.212	2.023	.045**	H2 accepted

Significance at 10%*, 5%** and 1%***

Our research findings show that H2 is accepted. The results indicate that Enterprises Risk Management can be used to detect fraud in the local government. All of the components of Enterprises Risk Management show significance to fraud detection. Our results show that higher Enterprises Risk Management will be better for fraud detection. Respondents agree that Enterprises Risk Management can prevent and detect fraud in local government. These results are consistent with research that states that Enterprises Risk Management is effective in fraud prevention and detection (Abiola & Oyewole, 2013; Bento et al., 2018; Rahman & Al-Dhaimesh, 2018; Suh et al., 2019). Risk assessment is critical in the identification of fraud. According to the conclusions of this study, APIP, as the local government’s internal auditor, plays an important role in preventing and detecting fraud (Alazzabi et al., 2020). Training will increase personal competence in efforts to improve fraud prevention and detection. One of the essential parts of examining financial statements is to carry out a risk assessment of the client’s internal control (COSO, 2013). Our results show that risk assessment has the second-highest score (t = 2,847). It is said that risk assessment has the most dominant correlation to fraud detection. This result is consistent with the COSO statement, which believes that risk assessment is the most crucial component to create effective governance (COSO, 2013).

Risk assessment is closely related to organizational control objectives. Therefore, the risk assessment needs to be carried out periodically to run effectively. By doing this, the local government can anticipate any obstacles that can interfere with the organization’s goals. Risk assessment also maps all kinds of risks that the organization will face. Avoiding risk can be detrimental to the organization because every organization must be prepared to manage risk appropriately. In this study, risk assessment can detect fraud, meaning that the local government through APIP has been able to do it well. This finding explains that in the local government environment, it can carry out a risk assessment well so that it can support achieving organizational goals.

Monitoring also establishes a significant t-value. The findings of this research illustrate that monitoring is essential in ensuring that Enterprises Risk Management can run effectively within the local government environment. Our finding parallels the COSO statement, which states that monitoring is an essential component that ensures that Enterprises Risk Management can run well in a sustainable manner (COSO, 2013). In addition, monitoring carried out by APIP can assist organizations in preventing and detecting fraud. Arena et al. (2010) stated that monitoring ensures management activities can run effectively. Monitoring activities can make activities in the local government-run well following the rules and policies set.

The control environment also set the highest t value (t = 2,939). This finding is similar to the previous model (Table 5), which obtained similar results. The findings of this research explain that the control environment is better for preventing and detecting fraud. COSO states that it contains a code of ethics, integrity, and competence of personnel in the organization. Like the previous reason, respondents show that this is far from perfect. They say they need some improvement in Enterprises Risk Management application in local government. Respondents mentioned the reasons as follows:

“The existing control environment has not been implemented properly. The main factor is the lack of commitment and the existing resources are not qualified both in terms of quantity and quality.”

Other respondents said:

“The control environment has not been implemented optimally.”

Respondents answered:

“Inadequate control system and review conduct by APIP not followed.”

Respondents stated that the control environment was not adequately run because the personnel lack of commitment to carrying out. In addition, the review conducted by APIP was also not followed up. The personnel still hard to implement the existing control environment. Moreover, the local government’s control environment needs improvement, making it better to detect fraud. The control environment is intangible, different from control activities, making it difficult to review. Of course, this makes it difficult for the arena of different interests, motives, and environmental temptations. Respondents stated that the quality or competence of personnel in local government is not qualified. Based on the findings of this research, it makes it more complicated to build a sound control environment. To overcome staffing problems, can provide clear rewards and promotions, and training.

The control activities also need some improvement. The test results show that the p-value of control activities is higher than the significance level. COSO states that components of control activities such as procedures and policies must follow the vision and mission of the organization. Furthermore, according to COSO, control actions are the most apparent component of internal control components and the most crucial in avoiding wrongdoing. This component guarantees that the identified risks are addressed in all areas of the organization. Respondents provide certain reasons why control efforts should be improved:

Respondent’s response:

“Some cases inaccuracy in identifying and analyzing risks causes control activities are not appropriate with the organization condition.”

Other respondents answered:

“There is no proper procedure in carrying out control activities. Moreover, even though there is a procedure, the relevant parties have not carried it out properly.”

The following respondent answered:

“Interventions and conflict of interest that hinder control activities running well.”

Our results show that the existing procedures had not been carried out correctly and errors in identifying and analyzing risks are why control activities fail to detect fraud. The lack of commitment to carry out these procedures from people inside the organization is familiar. Therefore, it is necessary to increase this component to prevent and detect fraud in local governments. Human resources problems are still the main obstacle to implementing established policies, procedures, or ethics. Respondent also stated another reason like no deterrent effect when violating rules and intervention from certain parties that hinder effective control. Ignorance and didn’t carry out rules consistently cause the tasks and functions of the existing task forces of the local government not to run optimally. Currently, local governments must be professional in carrying out their duties, especially those related to fraud prevention and detection. As this respondent stated:

“There has been no deterrent effect on violating control activities.”

Another respondent answered:

“There are still many interventions and certain interests that hinder the controlling activities from running well.”

The next component that is also set significant to detect fraud is information and communication. Again, the test results show that the p-value of the information and communication proxy is lower than the significance level (Table 6). Respondents gave exciting information about this component, including:

“There are still limited information and communication due to various interests. Lack of transparency of stakeholders in informing every issue.”

Respondents answered:

“Information systems, especially those based on information technology (IT), are very diverse and not integrated. It makes the implementation tends to be ineffective.”

Respondents answered:

“Lack of information systems and there is no internal supervision and control over information and communication.”

Respondents answered:

“Reliable information is not fast enough to respond to and not immediately addressed/communicated.”

Respondents answered:

“Some information is confidential, and it is closed or deliberately not communicated to other parties.”

The respondents’ answers indicated that the information is still limited due to several interest reasons. This problem indicates that local government is quite challenging to obtain reliable information, even though one of the central objectives is the government’s Internal Control System (SPIP) stated the reliability of financial reports. This objective will be difficult to achieve if the information or data is unreliable. Not to mention the bureaucratic problems that are pretty complicated in local governments. Finally, access to information is not fully open. Therefore, achieving effective, efficient, transparent, and accountable financial management is challenging.

We found something interesting regarding information and communication. Limitations and lack of transparency are also factors that make information and communication need evaluation. This information and communication are essential to ensure the validity of the information received by the personnel responsible for internal control throughout the organization. Information and communication, according to COSO, stress the qualitative components of information. The information must be relevant, timely, current, accurate, and easily available. In addition, this component connects one component to another.

This study also tests the coefficient of determination on all variables. The coefficient of determination test results is seen from the r adjusted fair values of 0.558 and 0.423 as shown in Table 7. This value shows the determinant of the model being tested is 56% for model 1 and 42% for model 2. Thus, there are still many factors or determinants for these two models’ prevention and detection variables.

Table 7. R adjusted square

Variables	R Adjusted Square	%
Enterprises Risk Management—Prevention	.558	56
Enterprises Risk Management—Detection	.423	42

6. Conclusion and limitation

This study examines Enterprises Risk Management to prevent and detect fraud in the Indonesian local government. We test five Enterprises Risk Management pillars based on COSO (2013), namely: control environment, risk assessment, control activities, information and communication, and monitoring of fraud prevention and detection. Our results show that control environment, risk assessment, control activities, information and communication, and monitoring significantly influence fraud prevention efforts. Other results show that control environment, risk assessment, control activities, information and communication, and monitoring can be used for fraud detection efforts.

The results indicate empirical evidence that local government still lacks transparency in access to information. Existing procedures and rules are challenging to run optimally because of human resource factors and various interests that hinder them. Maybe this is called override of rules and policies by some parties. There is some evidence that local governments lack employees capable of their work. To solve this problem, local governments must implement an internal control environment so that governance can run effectively and efficiently. Leaders in local government must provide a good example or role model in the administration of regional finance (tone at the top) because, as previously stated, rules, ethics, and integrity are in the form of soft control, all of which require honesty from the users. In addition, training is crucial to improve APIP’s competence to prevent and detect fraud. Local governments also need to conduct periodic reviews to ensure operational performance and conformity between applicable standards and policies and existing activities.

We admit that there are some limitations:

1. The sample APIP personnel did not sufficiently understand enterprise risk management, so there was a tendency for limited research results (which cannot be generalized).

2. The researcher arranges questions based on previous studies to reflect the dimensions of Enterprises Risk Management but does not use all the questions from previous research because it adapts to the application of the local government sector in Indonesia.

3. This study focuses on APIP’s perception of Enterprises Risk Management to prevent and detect fraud in local governments.

However, the following research could be other personnel in local government to gain a better understanding. In addition, to understand that fraud prevention and detection is not only the task of APIP but all elements of the local government. This research enables local governments to gain actual proof that implementing enterprise risk management may be utilized to prevent and identify financial fraud. Lastly, enhancing ideas about the identification of financial fraud in local authorities and contributing to audit practice regarding the model for detecting financial fraud in local governments.

Acknowledgements

The Directorate of Research and Community Service (DPRM), Directorate General of Research and Development Strengthening, Ministry of Research, Technology, and Higher Education supported this research via the Research Contract for the Fiscal Year 2018 Number: 103/SP2H/LT/DPRM/2018.

Disclosure statement

No potential conflict of interest was reported by the author(s).

Additional information

Funding

This work was supported by the This research was funded by the Directorate of Research and Community Service (DPRM), Directorate General of Research and Development Strengthening, Ministry of Research, Technology and Higher Education under the Research Contract for Fiscal Year 2018 Number: 103/SP2H/LT/DPRM/2018. [IDR98,234,500.00].