2013 IEEE Symposium on Humanities, Science and Engineering Research (SHUSER)
Internal Control Mechanism Framework for Fraud
Prevention in Small Medium Automotive Industry
Nooraslinda Abdul Aris1, Siti Maznah Mohd Arif2, Rohana Othman3, T Chantrathevi4, Roszana Tapsir5 and Norlela
Zaini6
13
Accounting Research Institute and Faculty of Accountancy, Universiti Teknologi MARA, Shah Alam, Malaysia
2456
Faculty of Accountancy, Universiti Teknologi MARA, Shah Alam, Malaysia
Abstract— Fraud risk has becoming intrinsic to any entity.
Both internal and external fraud present a substantial cost
to the economy. KPMG Malaysia fraud survey in 2009
reported that corporate fraud is an on-going reality and
most organisations are not free from the destruction
caused by the fraudsters. The most affected organisations
are commonly the small and medium sized entities. Thus,
creating a demand to detect and mitigate the risk in order
to reduce the financial and non-financial burden to these
organisations. Despite intense effort carried out by
relevant bodies and individuals in combating fraud, it
appears that fraud in its various forms is a problem that is
increasing in frequency and severity. This paper therefore
aims to propose an internal control mechanism framework
in detecting fraud especially for the small medium
automotive industry (SMAI). The framework focuses on
purchasing department which is identified as the
department most prevalent to fraudulent activities. The
framework will be further enhanced to cater to the needs
of larger entities and other processes.
Keywords-fraud detection, control mechanism framework, small
medium automotive industry, purchasing department
I. INTRODUCTION
Fraud literally means a type of deception. Fraud risks are
seen as higher with the use of incentive systems, unethical
management attitude and when there are opportunities for
fraudulent reporting. Auditors believe that management’s
unethical attitude and management dishonesty to external
auditors as the two dominating red flags of fraud risk (Jose
and Tom, 2007). Thus, it is important for external auditors to
assess any changes in the organisation’s operations, financial
position, and industry, especially if they have been auditing
the same client for a long time.
The Association of Certified Fraud Examiners (ACFE) [1],
revealed in their study that the most common red flags of
fraud shown by perpetrators (81% of cases) are living beyond
their means (36%), facing financial problems (27%%), an
unusual closeness with vendors or customers (19%), and
excessive control issues related to their job (18%).
The main factor that contributes to the ability of an
employee being able to commit fraud is internal controls
which are limited or irrelevant in scope [2-4], followed by
personal financial pressure and expensive lifestyle. These
978-1-4799-0443-3/13/$31.00 ©2013 IEEE
factors are also perceived by the respondents in the KPMG’s
Fraud Survey Report 2009, where respondents believed that
poor internal control was the main factor contributing to
occurrence of fraudulent activities. The respondents believed
that their organisation’s anti-fraud policies and procedures are
adequate to prevent, detect and respond to fraud incidences.
Small to medium sized businesses are more vulnerable to
experience irresponsible employees and vendors who take
advantage of the business because of the insufficiency of
excellent internal controls [5], insufficient money [6], and
time to maintain good controls, lack of talented person to
develop good internal control within the organisation, and
economic/lifestyle pressure [7]. On another note, the ACFE
2010 [8] report revealed that inadequate employee screening
activities such as negligent hiring may contribute to fraud,
especially when applicants commit resume fraud even before
employment. Managers who place too much trust on
employees and lax supervision are also facilitators of fraud
[9].
Fraud is also more dominant when there exists dominated
decision makers in an organisation [10], and it just gets more
complicated when financial transactions are done
electronically and when operations are located in multiple
geographical locations [3]. Misplaced trust, lax hiring and
supervision, and insufficient implementation of basic financial
controls can lead to an environment that is ripe for internal
theft and fraud [9].
Given the fact that detecting, preventing and mitigating
fraud is essentially crucial, this paper presents an internal
control mechanism framework for the SMAI. Our main
concern is on the misuse of resources and inadequacy of
internal controls in the organisations. The paper will introduce
the background of fraud risk and SMAI. This is followed by
the fraud deterrence strategies available to most organisations.
The study finally proposes an internal control mechanism
framework suitable for preventing fraud in SMAI environment
focusing on purchasing department.
II. LITERATURE REVIEW
A. Fraud Risk
Fraud is deception. Deception is always the core of fraud
irrespective of industry the fraud is situated in or whatever kind
of fraud being visualizes [11]. There are many definitions of
fraud, depending on the point of view considering. According
to the ACFE, fraud is “deception or misrepresentation that an
individual or entity makes that knowing that the
594
 2013 IEEE Symposium on Humanities, Science and Engineering Research (SHUSER)
misrepresentation could result in some unauthorized benefit to
the individual or to the entity or to some other party.”
Fraud is classified in numerous ways. Bologna and
Lindquist [12] for instances classify fraud into internal versus
external fraud. This classification is applied in the field of
corporate fraud (fraud in an organisational setting), is based on
whether the perpetrator is internal or external to the victim
company. Fraud committed by vendors, suppliers or
contractors are examples of external fraud, while an employee
stealing from the company or a manager cooking the books are
example of internal fraud. Viton [13] categorizes fraud into
three namely management fraud, occupational or transactional
fraud, and corruption. While, Albrecht [14] offers two types of
classification being firstly fraud committed against an
organisation (occupational fraud), and secondly fraud
committed on behalf of an organisation (fraudulent financial
statement). Most scholars however agree that there are
fundamentally three types of fraud: corruption, asset
misappropriation, and fraudulent financial reporting [8, 15, 16].
Whatever the classification, the impact (financial and non-
financial) would be similar to the organisations.
Fraud is a million dollar business [11]. Cost of fraud as
reported by ACFE [1] on average is 5% of revenue each year.
This figure translates to a potential projected annual fraud loss
of more than USD3.5 trillion using the 2011 Gross World
Product. This big bill for fraud is not paid by its perpetrators
but is borne by innocent parties such as customers, insurance
companies and external auditors. The cost of fraud eventually
bites into the victimized organisation’s profitability as well as
the stability of the economy of a country [17].
B. Small Medium Automotive Industry (SMAI)
According to reports from the National Procurement Fraud
Task Force, out of all non-military industries, transportation or
automotive is the fourth most prevalent industry to have
committed procurement fraud [18]. Many automotive
companies in Malaysia are small and medium scaled, as large
automotive dealers depend on them in terms of parts,
accessories and service.
The operation of these small medium organisations is
focused on producing a range of relatively low-technology
accessories and peripheral items such as plastic injection
molded parts, wire harnesses, wipers, lamps, radio cassettes, air
conditioners, and metal stamped and pressed parts [19]. Having
little to cover their business with, small and medium companies
bear more burdens and are at greater risk of fraud occurrence as
compared to larger competitors [20]. However, these
businesses should start worrying because statistically,
organisations with fewer than 100 employees are experiencing
more fraud cases than larger corporations, where the median
loss per fraud case to these small businesses was US$200,000
in 2008 [21]. This statistics are 37% higher than the median
loss to larger corporations. Hence, without careful surveillance
of security and internal control system, these small automotive
businesses are putting themselves high at risk to potential
fraud, especially in the purchasing department as this is the
department that an organisation would always spend money on
[22, 23].
595
C. Purchasing Department
Based from the experiences of KPMG [24], sophisticated
frauds often occur in the purchasing department of an
automotive business. This is supported by the findings of
ACFE 2012 whereby it was found that 77% of fraud cases that
they have investigated were committed by employees of
accounting, operations, sales, executives, customer service, and
also purchasing [1].
Other investigations made by Australian Deloitte Forensic
in 2009 had also displayed a massive three time increment of
fraud, where they found most incidents had occurred in payroll,
purchasing and expenses departments [25]. Academics had also
agreed that the purchasing department is most susceptible to
fraud in an organisation [18, 23, 26, 27]. In fact, Greene [22]
had proposed that the largest fraud risk to most organisations is
contributed by purchasing fraud. The consequence of
fraudulent activity in the purchasing department is indeed
severe.
One case involving a leading United States automobile
maker had resulted to more than USD400million of financial
statement misstatement, done solely by a purchasing fraud
[28]. Highly speculative financial environment [29] and
economic pressure [18, 25] were cited as being the reasons for
this rise in the risk of fraudulent activity within departments of
an organisation.
III. FRAUD DETERRENCE STRATEGIES
To combat fraud, organisation must be managed using the
following four strategies, namely, policy and procedure (ICS),
leadership/management, audits, and ethics awareness and
training in order to prevent thefts by employees [30].
A. Internal Control Policies and Procedures
Internal controls are important measures of fraud detection
and prevention [6]. There are a number of policies and
procedures an organisation may adopt. Some include owners
to analyse financial statements, limit employee access to
offices with the accounting software, of which should utilize
user ID and passwords, ensure bills are paid timely and review
all electronic transactions [5]. The HR department is required
to do background investigations on job applicants to make
verifications regarding education and employment history
[31].
Yet, the existence of the policy and procedure alone is
insufficient to combat fraud [4] without effective management
in ensuring compliance to such policies and procedures. Policy
and procedures are created and their implementation should be
overseen by the management [3, 32], and even minimal
supervision of accounting functions may provide some
essential control that will help prevent fraud [5]. The tone at
the top is important [6] and should be the one that creates a
positive workplace environment of honesty and integrity that
pervades throughout the organisation [31] which essentially
creates the control environment, that actually has more
influence on employer and employee behaviour than code of
conducts [33].
 2013 IEEE Symposium on Humanities, Science and Engineering Research (SHUSER)
B. Leadership / Management
ACFE [1] reported that fraud is more likely to be revealed
through a tip off by an employee than any other procedure,
and thus it is important for management to communicate with
staff and provide formal venues for fraud, waste or abuse
reporting such as a whistleblower policy on a confidential and
anonymous basis [31]. All in all, the management can do a lot
to deter employee fraud by carefully addressing the
opportunity and rationalization aspect of the fraud triangle by
establishing a thorough control system.
C. Audits
Auditing standards are unambiguous in stating that fraud
risk is one of the risks that require consideration by auditors.
Glover & Aono [17] for instances had revised the traditional
audit-risk model in providing more proactive integrated
approach to prevent and detect fraud by stating that:
Fraud detection risk = (corporate culture x industry traits)
+ control risks
The model will allow auditor in assessing the client’s
internal control structure as prescribed by SAS No. 55, SAS
No. 60 and other relevant standards. The consideration of both
corporate culture and industry traits provides the auditor with
a basic understanding of the organisation which supports the
internal control systems, management assertions and generate
financial information.
International Auditing Standard (ISA 240) requires
auditors to identify the possibility that fraud risk factors that
may indicate that fraud exists in a client entity. The audit
should be planned and performed by auditors with an attitude
of professional skepticism [32]. As an auditor becomes more
“relaxed” (low fraud risk) in his audit work, there is lower
probability for him to be able to detect the occurrence of
fraud, in contrast to when he had assessed the level of fraud
risk as high [34].
D. Ethics and Training
The fourth strategy consistently reported by previous
literature is ethics and training. Since fraud is committed by
people, it is essential to go beyond the physical restraints of
policy, procedure and audits by including ethics. The anti-fraud
procedures that significantly enhance fraud deterrence and
result in earlier detection include, among other things, ethics
and integrity awareness and training [6, 35]. Although many
corporations have statements of ethics, the missing steps are
often awareness and training. It is crucial to know the extent
that employees have internalized the corporation’s ethics and
integrity policies.
IV. INTERNAL CONTROL MECHANISM FRAMEWORK FOR
SMAI
Bologna and Lindquist [12] state that prevention should
take precedence over detection. A strong internal control is the
most effective method of fraud prevention, and it starts with
identification of the weakness in the current system [9].
Murdoch [37], claims that rules/policy which are clearly stated
and followed without deviation (procedure) create a framework
that will guide employees to properly handle funds and
financial records [37]. Internal controls are also crucial in
596
detecting technology-enabled fraud like unauthorized access
and physical intrusion or modifications to computer programs
[31]. Internal controls are needed, and they consist of
organisational mechanisms, encouraging and informing
employees to behave legally and ethically, which detects
transgression and reward desired behavior and that disciplines
those who are involved in illegal activities [10].
A number of previous academic research were considered
in coming up with the framework presented in fig. 1 below.
Six themes were identified to be the most important
consideration in establishing the internal control mechanism
framework for fraud prevention in the purchasing department
of SMAI.
Fig. 1: Internal Control Mechanism Framework for purchasing department of
SMAI
The items included in the framework are deduced from the
review of previous academic research. Among the questions
included are as per Table 1 below:
Table 1: Questions included according to the themes
A. General
1) Purchasing guidelines/procedures
2) Organisational chart
3) Applicable laws and regulations
4) Vendors selection criteria
5) Ethical policy
6) Segregation of duties between preparing and approving
documents/transactions
7) Training and courses
B. Requisitions from user department
1) Roles and responsibilities of user
2) Contracts documentation availability
3) Segregation of duties between preparer, approver, etc.
4) Re-order level policy
5) Review and authorization
C. Placement of orders by Purchasing department
1) Supports documentation
2) Exceptional order cases
3) List of supplier and price lists
4) Budgets and limitation of order
5) Purchase order form and usage
6) Documentation, filing and reporting
D. Receipt of goods to Receiving department
1) Restriction of access between ordering and receiving
2) Centralized and secured receiving area
 2013 IEEE Symposium on Humanities, Science and Engineering Research (SHUSER)

3) Rejected materials policy [7] John, R.H. (2008). 10 Ways to Improve Internal Controls and Prevent
4) Delivery notes inspection and confirmation Fraud. Igniting Your Business.
5) Control over credit memos [8] ACFE (2010). ACFE Report to the Nation on Occupational Fraud and
6) Recording and filling Abuse. Technical report. Association of Certified Fraud Examiners.
E. Invoice/payment processing
1) Centralized invoicing and payment processing [9] Moorthy, M.K., Seetharaman, A., Somasundaram, N.R. and Gopalan M.
2) Segregation of duties (2009). Preventing Employee Theft and Fraud. European Journal of
3) Recording transactions Social Sciences (12):2
4) Review vendors accounts [10] Jose, R.H. & Tom, G. (2007). Corporate Fraud: Preventative Controls
5) Specify payment process Which Lower Fraud Risk. Research Memorandum.
6) Accuracy of invoice and payment [11] Jans, M., Lybaert, N., and Vanhoof, K. (2009). A Framework for
F. Disbursement of payments Internal Fraud Risk Reduction at IT Integrating Business Processes: The
1) Purchase order availability and usage IFR2 Framework. The International Journal of Digital Accounting
2) Support documents Research Vol. 9, 1-29.
3) Signatory list for cheque signing
4) Secured cheque books [12] Bologna, G. and Lindquist, R. (1995). Fraud Auditing and Forensic
5) Double payments Accounting. John Wiley & Sons. New Jersey.
[13] Viton, P.L. (2003). Creating Fraud Awareness. SAM Advanced
Management Journal.
The list above is not exhaustive. The list will be expanded [14] Albrecht, W. A. (2004). Fraud Examination and Prevention. Mason,
and tested using the SMAI environment to prove that such OH: South- Western.
mechanism if exist will reduce the fraud risk incidence. [15] AICPA. (2006). Appendix to SAS No. 99, Fraud Risk Factors.
V. CONCLUSION AND MOVING FORWARD [16] Saksena, P. (2012). Ethical Theories and the Incidence of the
Occupational Fraud. Advances in Management 5(1): 55-58.
Regardless of the size of a business, ensuring it to be fraud [17] Glover, D. H., & Aono, Y. J. (1995). Changing the model for prevention
proof should be the most important consideration of any and detection of fraud. Managerial Auditing Journal Vol. 10 No. 5, 3-9.
company. [18] Stern, D., Treccagnoli, P., Upton, P., and Delaney, B. (2009). Cracking
down: The facts about risks in the procurement cycle. Discussion paper
As such, having a proactive fraud prevention and detection for PricewaterhouseCoopers.
measures is seen as a wish list by almost all organisation. Such [19] UNDP. (2006). Malaysia Small and Medium Enterprises: Building an
measure mean fraud activities may be reduced and thus sharing Enabling Environment. Retrieved 13 September 2012, from
the ultimate profit with the legitimate stakeholders. The http://www.undp.org.my/uploads/UNDP_SME_Publication.pdf
internal control mechanism framework offers way for SMAI in [20] Laufer, D. (2011) Small business entrepreneurs: A focus on fraud risk
mitigating fraud occurrences in their organisations especially and prevention. American Journal of Economics and Business
the purchasing department. Administration 3(2): 401-404.
We are convinced that this framework could be further [21] ACFE (2008). ACFE Report to the Nation on Occupational Fraud and
enhanced in developing a self-assessment model for fraud Abuse. Technical report. Association of Certified Fraud Examiners.
detection for the larger entity and being built for other [22] Greene, C.L. (2009). Focus on Employee Fraud — Purchasing Frauds.
McGovern & Greene LLP Series Article. Retrieved 11 September 2012,
processes within an organisation that may be potentially eye from http://www.mcgoverngreene.com/archives/archive_articles /Craig_
for fraud. Greene_Archives/Focus-Employee_Frauds-Purch.html
ACKNOWLEDGMENT [23] Venter, A.C. (2007). A procurement fraud risk management model.
Meditari Accountancy Research. 15(2): 77-93
The team members would like to express their gratitude to [24] KPMG. (2009). Fraud in the Automotive Industry in Central and Eastern
Ministry of Higher Education (MoHE) and Accounting Europe. Retrieved 11 September 2012, from
Research Institute (ARI), Universiti Teknologi MARA (UiTM) http://www.kpmg.com/PL/en/IssuesAndInsights/ArticlesPublications/Do
cuments/Fraud_in_the_Automotive_Industry_in_CEE_Web.pdf
Malaysia for providing the financial means and facilities. This
[25] Deloitte. (2009). Preventing procurement fraud and corruption.
article would not have been possible without the support of the Discussion Paper for Deloitte Australia.
grant provider, small medium automotive industry and [26] Nxumalo, Z. (2011). Fraud Risk in Public Procurement. National Public
personnel, family, and friends. Entities Risk Management Forum.
REFERENCES [27] Greene, C.L. (2002). Proactive procurement fraud prevention model.
Retrieved 12 September 2012, from
[1] ACFE (2012). ACFE Report to the Nation on Occupational Fraud and http://www.auditforum.org/speaker%20presentations/miaf/miaf%2009%
Abuse. Technical report. Association of Certified Fraud Examiners. 202005/Greene_Speaker_Handout_9_05.pdf
http://www.acfe.com/uploadedFiles/ACFE_Website/Content/rttn/2012- [28] Albrecht, C., Kranacher, M., & Albrecht, S. (2010) Asset
report-to-nations.pdf Misappropriation. Research White Paper for the Institute for Fraud
[2] Singh and Kashyap, N. (2009). Tackling white collar crime. Security Prevention. Retrieved 12 September 2012, from
Today http://www.theifp.org/research-grants/IFP-Whitepaper-5.pdf
[3] Voon, M.L., Voon, S.L. and Puah, C.H. (2008). An Empirical Analysis [29] Alhabshi, S.M. (2010). An Insight into Financial Criminology in Islamic
of the Determinants of Corporate Crime in Malaysia. Journal of Applied Banking and Finance. Paper Presented at the International Conference of
Economics and Management Letters 1(1): 13-17. Financial Criminology, 14-15 December 2010, Malaysia.
[4] Isa, T. (2011). Impacts and Losses Caused By the Fraudulent and [30] Knechel, W. R. (2001). Auditing: Assurance and risk. 2nd edition.
Manipulated Financial Information on Economic Decision. Review of South-Western College Publishing
International Comparative Management 12: 5. [31] Moore, J. (2010). Preventing and detecting fraud, waste, and abuse.
[5] Kapp, L. A. & Heslop, G. (2011). Protecting small businesses from Retrieved 27 July 2012, from
fraud: Simple controls can reduce opportunities. The CPA Journal 62-67 http://www.astd.org/Publications/Magazines/ThePublicManager/Archiv
[6] Viviers, S. and Venter, D. (2008). Fraud: An SMME Perspective. es/2010/04/Preventing-and-Detecting-Fraud-Waste-and-Abuse.aspx
SAJESBM NS (1): 1

597
 2013 IEEE Symposium on Humanities, Science and Engineering Research (SHUSER)
[32] Bunget O.C., (2009). The role of financial auditor in detecting and
reporting fraud and error. Munich Personal RePEc Archive (MPRA).
(12888). 10p.
[33] Zauwiyah, A., & Mariati, N. (2008). The Control Environment,
Employee Fraud and Counterproductive Workplace Behavior: An
Empirical Analysis. Communication of the IBIMA. Vol 3.
[34] Nahariah, J. (2009). Fraud Detection: The Moderating Role of Fraud
Risk Level. Journal of Business and Public Affair (3): 1.
598
[35] Pergola, C.W. & Mohr, T. (2004). The red flags of fraud. Retrieved from
www.directorship.com
[36] PwC (2007). Economic crime: people, culture and controls. The 4th bi-
ennial global economic crime survey. Technical report.
PriceWaterhouse&Coopers, NY.
[37] Murdoch, H. (2008). The three dimensions of fraud. Internal Auditor 81-
83.