The current issue and full text archive of this journal is available on Emerald Insight at:

https://www.emerald.com/insight/1359-0790.htm

Top
Risk management, top management management
support, internal audit activities support

and fraud mitigation

Waled Younes E. Alazzabi and Hasri Mustafa 569
Department of Accounting, University Putra Malaysia, Serdang, Malaysia, and
Ahmed Ibrahim Karage
Department of Strategic Management, Putra Business School, Serdang, Malaysia

Abstract
Purpose – This paper aims to examine the effect of top management support (TMS) and risk management
(RM) on the internal audit activities (IAA) and fraud mitigation (FM) in the Libyan banking sector.
Design/methodology/approach – The data is collected using a survey questionnaire of 16 commercial
banks in Libya and analysed using a structural equation modeling.
Findings – The study shows positive and significant relationships between RM and employees’ FM and
TMS and employees’ FM. The study also demonstrates a significant mediating effect on the relationship
between RM, TMS and FM.
Research limitations/implications – The study is conducted in the Libyan banking sector. Further
research is needed in other contexts and sectors to understand the contribution of the RM and TMS on FM,
including the impact of technology and internal audit characteristics in terms of experience, education and
professional certificates on FM.
Originality/value – The study is the first attempt to explore FM in an emerging economy, particularly
Libya, by introducing IAA as a mediator. The study provides implications for regulators and top
management in the banking sector.
Keywords Banking, Libya, Top management support, Risk management, Fraud mitigation,
Internal audit activities
Paper type Research paper

1. Introduction
Fraud is a universal crime. Fraudulent activities hamper sustainable development and cause
substantial losses to the global economy. Recent study shows that fraud costs the global
economy $4tn (Association of Certified Fraud Examiners, 2018b), and the highest number of
fraud cases are recorded in the banking sector at 16.8 per cent (Association of Certified
Fraud Examiners, 2016) with a median loss of $110,000-$200,000 (Association of Certified
Fraud Examiners, 2014, 2018a, 2018b). In the Middle East and North Africa (MENA) region
[1], asset misappropriation and corruption are the most common and widespread fraud
activities in the banking sector. Since the rise of the Arab spring in Libya in 2011, fraud
incidents are more noticeable in the financial services institutions, including Libya’s

An earlier version of this paper was presented as a sundry paper at the National Seminar on
Digitalisation, Sustainability and Globalisation (10th Faculty of Economics and Management Journal of Financial Crime
Vol. 30 No. 2, 2023
Seminar, UPM) on 16 July 2019 at Universiti Putra Malaysia. The authors thank the conference pp. 569-582
reviewer for suggesting improvements. Any errors nevertheless remain the authors’ own © Emerald Publishing Limited
1359-0790
responsibility. DOI 10.1108/JFC-11-2019-0147
JFC banking sector. Fraud incidents cause significant damages to the national economy (Issa
30,2 and Al-Azzabi, 2018). The Libyan Investment Authority, for instance, suffered declines to its
financial position as banks suffered substantial losses due to internal and external fraud
(Jawher, 2017). These losses tend to be underestimated because most of the victimised
organisations opt not to report fraud incidents out of fear of the negative impact of such
reports on the respective sector (Kabuye et al., 2017). The majority of fraud incidents include
570 money laundering, letter of credit fraud, forged documents theft, assets abuse, bribes, loan
fraud, identity theft and check fraud (Jawher, 2017).
From a micro perspective view, fraudulent activities cause damages to organisations’
reputations and shareholders’ investments (Kabuye et al., 2017). Fraud has become a
national security problem and causes organisations to focus on various complicated fraud
procedures, which might impact the productivity of organisations (Halbouni et al., 2016).
Numerous studies have suggested that the best practices to mitigate fraud are:

establishing policies and procedures;

putting appropriate fraud detection, prevention, inspection, resolution, responding
and reporting procedures in place;

ensuring compliance to policies and procedures;

familiarising ethical conduct to the employees;

incorporating fraud awareness among new and current employees through
orientation-programmes; and

training new and current employees to ensure that they receive fraud training
suitable to their roles and positions (Chartered Institute of Management
Accountants, CIMA, 2009; Stead et al., 1990).

The literature on fraud mitigation (FM) provides different views on implementing effective
procedures and employing experts such as forensic accountants and internal auditors
(Bierstaker et al., 2006; Coram et al., 2008; PWC, 2014; AbuazzaLaw, 2011). Internal auditors
have successfully managed to detect only 5 per cent of fraud cases in the MENA region
(PWC, 2014) despite there being a high number of fraud cases and incidents reported in the
Libyan banking by the Libyan Audit Bureau. This issue raises serious concerns about the
effectiveness of the internal audit function in Libyan banks. Internal audit activities (IAA) in
public firms including banks in Libya have inadequate top management support (TMS)
(Abuazza et al., 2015), although the Libyan banks’ board of directors are required by the
2005 law to have an internal audit unit in their organisational structure with sufficient
training and support (Central Bank of Libya, 2018). The majority of banks and other
financial institutions in Libya lack sufficient understanding pertaining to the importance of
risk management (RM) and the participation of IAA, which have the potential to diagnose
fraud risks and improve services.
Despite calls to improve corporate governance mechanisms, the extant literature paid
little attention to the role of RM and management’s supportive attitude in relation to IAA
and FM. Several studies (Abdullah and Said, 2019; Holmes et al., 2002; Mohd-Sanusi et al.,
2015; Sarens et al., 2012) offered mixed views. For example, Abdullah and Said (2019), De
Zwaan et al. (2011) and Fraser and Henry (2007) argue that the audit committee and internal
auditors (IAs) should not engage in RM activities. On the other hand, some (Abuazza et al.,
2015; Alzeban and Gwilliam, 2014; Zainal Abidin, 2017) suggest that the engagement of IA
in corporate governance including internal controls and RM enhances role of internal
auditors in FM (Chambers and Odar, 2015), which in return adds value to their organisations
(Al-Twaijry et al., 2003; Goodwin-Stewart and Kent, 2006).
 The relationship of internal auditing activities with FM remains a growing concern Top
among various stakeholders such as policymakers, the board of directors, management, management
audit committee and so on. The threat of reputational and legal risk that fraud imposes on
support
top management creates tremendous pressure on IA as a foundation of corporate
governance mechanisms and a source of information to stakeholders to be more pro-active
to ensure better practices inside banking institutions. The nature of business in these
specific organisations necessitates commitment from TMS to RM, and later to the IAA. All 571
play a vital role in ensuring corporate governance quality (Abuazza et al., 2015; Alzeban and
Gwilliam, 2014; Spira and Page, 2003), assurance services (Sarens et al., 2012) and budget
allocation (Goodwin-Stewart and Kent, 2006). While RM and IAA are interrelated, the
questions of whether RM and TMS significantly impact IAA and if these activities, in turn,
contribute effectively to managing the level of fraud in the workplace remain unclear. This
paper, therefore, examines the effect of TMS and RM on IAA and FM.
The literature focusses on factors influencing the effectiveness of internal auditing and
their effect on the management of fraud (Alzeban and Gwilliam, 2014; Drogalas et al., 2017;
Law, 2011). However, little evidence has been found regarding the influence of factors such
as RM and TMS on IAA and their combined effect on FM in the group and individually. The
majority of the empirical studies refer to advanced countries such as Australia, Hong Kong,
Malaysia and the USA (Coram et al., 2008; Law, 2011; Mohd-Sanusi et al., 2015; Hillison et al.,
1999). There are very limited studies focused on the Middle East and North Africa, but their
contexts are on the direct effect of corporate governance mechanisms on FM (Halbouni et al.,
2016; Kabuye et al., 2017; Law, 2011; Mohd-Sanusi et al., 2015). The complex relationship
between RM, TMS, IAA and FM has yet to be observed. To date, no study has attempted to
determine the mediation effect of IAA between TMS, RM and FM, respectively.
Stakeholder theory assumes that top management is responsible for aligning all the
stakeholders’ interests while committed to ensuring fair returns on shareholders’
investments. As fraud remains the most ominous risk to stakeholders and shareholders,
protecting organisations resources is among the priorities for top management.
Accordingly, this theory uses IAA as a control mechanism that participates in RM for
the effectiveness of internal controls, efficiency and economic use of resources (Al-
Twaijry et al., 2003).As a control mechanism, IAA can limit the risk of deviant
behaviour, abuse and ensure the proper use of resources. IAA also provides top
management with insightful information in areas that require management
intervention such as breakdowns and loopholes in the organisation’s internal controls
and any disturbances that can encumber the organisation’s ability to achieve its
objectives (Abuazza et al., 2015; Alzeban and Gwilliam, 2014; Mihret, 2014). Finally, the
theory views IAA as adding value to organisations while minimizing the reduction of
capital and abuse of assets and resources (Yee et al., 2010; Soh and Martinov-Bennie,
2011) caused by fraudulent activities. Within the internal control policies and
procedures (Mihret, 2014), IAA can assist the board of directors and management in
managing the risks of deviant behaviour by establishing employees’ accountability and
ensuring compliance with rules and policies. Additionally, IAA enables top
management to use resources wisely (Al-Twaijry et al., 2003; Mihret, 2014) while
recommending possible solutions to inefficiencies and lack of quality controls.
The remainder of this paper is divided as follows. Section 2 discusses the literature
review and the development of the hypotheses. Section 3 discusses the methodology.
Section 4 analyses the data and discusses the findings. Finally, Section 5 summarises the
research and concludes.
JFC 2. Literature review and development of hypotheses
30,2 2.1 Risk management
RM refers to a process that involves identifying, assessing and managing risks. The essence
of RM is that it enables organisations to deal with risks in priorities based on their severity
within the context of risk appetite, and consequently, selecting an appropriate strategy and
response to those risks (Abdullah and Said, 2019; COSO, 2017; Power, 2009). Applying and
572 practising RM can help organisations to serve various stakeholders’ interests, increase
confidence and restore trust among stakeholders that risks are actively dealt with (COSO,
2017). Recent studies report that RM can reduce financial crime significantly (Abdullah and
Said, 2019; Mohd-Sanusi et al., 2015). Venter (2007) suggests that management, internal
auditors and risk managers should work together to effectively address the risk of
procurement fraud within their RM enterprise. Power (2013) adds that the risk of fraud has
caused an expansion in the elements of auditing, managing risks, internal controls, and
regulation in terms of laws, rules, etc. Internal auditors are asked to provide more reliable
assurance to the audit committee and boards on the effectiveness of internal controls and
RM (Beasley et al., 2006; Zainal Abidin, 2017). Among the efforts to improve FM are
reviewing operations, identifying major areas of risks and recommending ways to improve
organisational controls (Abuazza et al., 2015; Bierstaker et al., 2006; Chambers and Odar,
2015). Several studies (Beasley et al., 2006; Zainal Abidin, 2017; Power, 2013; Rae et al., 2008)
document a significant association between RM and IAA. Hence, we hypothesise that:

H1. RM has a significant effect on occupational FM.

H2. RM has a significant impact on IAA.

2.2 Internal audit activities

According to the definition by [The Institute of Internal Audit (IIA), 2012], IAA centres on
the evaluation and improvement of Internal controls (ICs) and RM. IA provides valuable
recommendations on how and where internal controls can be improved and strengthened to
prevent and detect fraud activities (Alzeban and Gwilliam, 2014; Chalmers et al., 2019; Perry
and Bryan, 1997). Additionally, auditing both non-financial items and financial transactions,
and ensuring obedience with laws and regulations are part of IAA (Rae and Subramaniam,
2008). When internal audit uses procedures of risk-based auditing (Sarens et al., 2012; Zainal
Abidin, 2017), the function provides assurance that risks are mitigated properly, which
positively influences corporate governance quality (Coram et al., 2008; Lenz and Hahn, 2015).
In their empirical work, Coram et al. (2008) and Salameh et al. (2011) find that insource IAA
can detect and prevent fraud in their organisations (Bento et al., 2018). However, Kabuye
et al. (2017) find an insignificant relationship between IAA and managing the level of fraud.
Hence, we hypothesise that:

H3. IAA has a significant influence on occupational FM.

2.3 Top management support

TMS refers to the management supportive attitude in terms of committing resources,
participating in auditing plans and acting as a role model in the workplace. Early research
stressed that the role of top management in managing ethical behaviour in the workplace is
through behaving ethically and responsibly and also by improving the monitoring and
screening mechanisms (Holmes et al., 2002; Stead et al., 1990). The IAA will function
effectively if it receives sufficient recognition, acceptance and appreciation by the authority Top
in the organisation (Alzeban and Gwilliam, 2014; Sarens and De Beelde, 2006). Because IA management
plays a critical role and provides constructive services for the organisation’s control
environment and risk assessment (Adetiloye et al., 2016; Sinha and Arena, 2018), continuous
support
and comprehensive training will improve competencies and help prevent and detect fraud
(Salameh et al., 2011). More recent studies have discussed the role of management in
assessing fraud risk in the organisations’ activities (Alleyne and Howard, 2005; Baker et al.,
2017) by building the capacities and competencies of organisational members to combat 573
fraud activities (Kabuye et al., 2017; Iwasokun et al., 2019). Alleyne and Amaria (2013) find
evidence that auditors’ education via audit training (Drogalas et al., 2017) as a form of
management support that helps identify corporate fraud. Hence, we hypothesise that:

H4. TMS has a significant effect on occupational FM.

H5. TMS has a significant impact on IAA
Figure 1 shows the hypothetical relationships. The figure shows that IAA acts as a mediator
between RM and FM and between TMS and FM.

3. Methodology
3.1 Research setting
Data was gathered from the commercial banks in Tripoli, the capital city of Libya, and
where the majority of banks and their branches are operating (Central Bank of Libya, 2018).
The banking sector suffers high incidents of fraudulent activities, which raises concerns
among the public, educators and policymakers (Issa and Al-Azzabi, 2018).

3.2 Study population and sampling

Currently, 143 commercial banks with their separate branches operate in Tripoli. The
sample is drawn from our direct contact with banks and access to the websites of the Central
Bank and Libyan commercial banks. According to Sekaran and Bougie (2010), a sample size
between 30 and 500 is deemed adequate for research. Meanwhile, Krejcie and Morgan (1970)
proposed the ideal sample size for 192. However, the sample size, in this study, based on
G-power is 129. The focus of the study is on personnel involved in fraud-management,
specifically, internal auditors. Respondents are chosen on the basis of their knowledge and
positions as internal auditors in monitoring transactions (Bento et al., 2018), improving
governance process, and detecting, preventing and reporting fraud (Kabuye et al., 2017).

3.3 Instrument preparation and measurement of variables

The instrument is designed based on an extensive review of the existing literature and is
divided into four sections. An independent variable RM was placed in the first section. The

Risk Management
H1

H2

Internal Audit Activities H3 Fraud

Mitigation
Figure 1.
H4
Conceptual
Top Management Support H5 framework
JFC other variables TMS, IAA and FM are in second, third and fourth sections, respectively.
30,2 Other respondents’ biography such as age, position, experience and professional certificates
are also enlisted in the instrument.
In the instrument, FM is measured by eight items adopted from Kabuye et al. (2017). For
RM, the measurement includes seven items adapted from Al-Tamimi and Al-Mazrooei
(2007) but with modification. For TMS and IAA, both are adopted from internal auditing
574 literature (Alzeban and Gwilliam, 2014; Kabuye et al., 2017). Each variable is evaluated and
based on a five-point Likert scale (1 = strongly disagree and 5 = strongly agree).
For the validity and reliability checks, the questionnaire instrument was pre-tested by a
group of three academics, two professionals and one Chief Executive Officer. The purpose
was to refine and improve the instrument proceeding to pilot study and data collection
stage. Then, the questionnaire was sent for a pilot test of 29 respondents. According to
Hertzog (2008), a number of respondents between 25 and 40 are satisfactory for visible
study.
Table 1 shows the results of the reliability and validity test. Reliability analysis is
conducted for the scales using the coefficient of Cronbach’s alpha. Generally, the values of
Cronbach’s alpha should be higher than 0.70 (Cho and Kim, 2015). The internal reliability for
RM is 0.784, TMS is 0.799, IAA is 0.786 and FM is 0.838. The results indicate very good
reliability and consistency for all the scaled items.
A cover letter was introduced with each questionnaire to illustrate the significance of the
topic and assuring that all the obtained information from the respondents are confidential
and used for the purpose of research. We also kept the instrument short with concise and
clear wordings. This procedure is useful for controlling the issue of non-response bias. We
distributed 389 questionnaires. Out of this number, we received 258 responses, and upon
checking the responses, we found that three responses returned blank while 25 responses
had high missing data. Only 230 responses were completed and used for analysis.

4. Data analysis and findings

To avoid common method bias, we followed procedurals as suggested by Chang et al. (2010)
and Podsakoff et al. (2003). We carefully selected the scales from different sources and
performed the test of Harman’s single factor. We also checked if outliers exist in data. We
find that outliers do not exist and that data is distributed normally.

4.1 Demographic information

Table 2 shows that 78.7 per cent of the 230 respondents are male while 21.3 per cent are
female and almost 70 per cent of the respondents above 30 years of age. Respondents who
hold a bachelor’s degree form 47.2 per cent of the population. The population consists of
experienced internal auditors of which 46.1 per cent are employees in internal audit
departments, 93.4 per cent with work experience from five years and above, and 69.6 per
cent hold professional certificates. Approximately 77.8 per cent of the respondents work in
public banks while 22.2 per cent (17.4 and 4.8) work in mixed ownership and private banks,

Construct No. of items Cronbach’s a

RM 7 0.784
TMS 6 0.799
Table 1. IAA 10 0.786
Reliability test FM 8 0.838
Type Description Frequency ()
Top
management
Gender Male 181 78.7 support
Female 49 21.3
Age Less than 25 33 14.3
25-30 years 36 15.7
31-40 years 110 47.8
41-50 years 25 10.9 575
Above 50 26 11.3
Education Diploma 81 35.2
Bachelor 104 45.2
Master 36 15.7
Doctorate 8 3.5
Other 1 0.4
Work experience Less than 5 15 6.5
5-10 years 57 24.8
11-15 years 50 21.7
16-20 years 78 33.9
Above 20 30 13
Position Employee 106 46.1
Supervisor 10 4.3
Assistant 36 15.7
Head of Department 46 20
Assistant Director 19 8.3
Director 13 5.7
Professional certificates Yes 160 69.6
No 70 30.4
Type of bank ownership Public 179 77.8
Private 11 4.8
Mixed (public and private) 40 17.4
Foreign – –
Other – –
Size of bank: number of employees 1-50 44 19.1
51-100 22 9.6
101-500 94 40.9
501-1,000 14 6.1 Table 2.
Above 1,000 56 24.3 Descriptive statistics

respectively. Overall, 19.1 per cent of the respondents work in banks employing 1-50
employees, 40.90 per cent were in small size banks, and 24.3 per cent were in large banks.

4.2 Descriptive statistics

Based on the results in Table 3, RM has the lowest mean score value (3.324) and the
standard deviation (SD) is 0.784. TMS has a higher mean score value (3.365) and the value of

Construct Mean Min Max SD

RM 3.324 1.000 4.860 0.784

TMS 3.365 1.330 5.000 0.623 Table 3.
IAA 3.512 1.800 4.800 0.582 Descriptive on the
FM 3.378 1.000 4.630 0.669 study variables
JFC SD is 0.623. IAA’s mean value is the highest (3.512) and the SD value is 0.582. The data
30,2 indicates that predictor or exogenous variables are rated high towards endogenous
variables (mitigation of fraud) in the banking sector. This indicates that effective RM, TMS
and IAA are crucial and keys in the direction of FM.
In this study, partial least square-structure equation modelling is used to give
simultaneous estimation to interrelated relationships and observe the hypothetical
576 relationships.
4.2.1 Measurement model assessment. For the purpose of assessing the validity and
reliability of the items and their relationship to constructs, we checked measurement model
as suggested by Hair et al. (2017). Following the model, composite reliability (CR) is used to
assess the internal consistency reliability of constructs while convergent validity (CV) and
discriminant validity (DV) is used for the purpose of ensuring the validity of constructs.
Indicators’ reliability and average variance extracted (AVE) are necessary to establish and
ensure the CV of constructs. Additionally, cross-loading, Fornell–Larcker and Heterotrait–
Montrait ratio of correlation (HTMT) are essential to establish DV.
4.2.2 Composite reliability. CR functions as a means for assessing internal consistency
reliability (Hair et al., 2017). Typically, CR values fall between 0 to 1; and the closer to 1 the
better estimate for internal reliability. Table 4 shows that all the CR values are above 0.7.
According to Hair et al. (2017), values of CR that are greater than 0.70 indicate satisfactory
levels of internal consistency.
4.2.3 Convergent validity. According to Hair et al. (2017), outer-loadings indicators and
AVE values must be considered to ensure CV. Typically, the loadings should be > 0.70, but
values higher than 0.50 are also considered as acceptable. AVE means that construct(s)
should describe or explain at least half of the variance of their respective indicators. If the
values of AVE are < 0.50, it indicates that the error variance surpasses explained variance.
In Table 5, CV is established because the indicator reliability of each indicator is higher than
0.70, except (FM2 = 0.589, RM4 = 0.699, IAA1 = 0.695 and IAA2 = 0.623). Some indicators
have loadings lower than 0.40. Because the indicators’ low loading impacted the CR, these
indicators (RM7, TMS2, TMS6, IAA5, IAA7 and FM4) were deleted to improve the CR. As
all values of AVE are > 0.6 and the indicator reliability of each is between 0.50 and higher
than 0.70, then CV is established.
4.2.4 Discriminant validity. Cross-loading, Fornell–Larcker and HTMT are the necessary
approaches for establishing DV (Hair et al., 2017). The cross-loading indicates that the outer-
loadings of the indicator on its related constructs are higher than any of its cross-loadings on
other constructs. For Forner–Larcker, each construct’s AVE square root is greater than its
highest correlation with other construct(s). HTMT provides an estimate of the true
correlation between two distinct constructs. If the value of HTMT is less than one, it
indicates a DV. All the values produced from the three approaches indicate that DV is
established and there exists uniqueness between constructs and their indicators.
4.2.5 Structural model evaluation. After assessing the measurement model, the second
step is to assess the structural model to test the hypothesised relationships. Assessing the

Construct Cronbach’s a CR

RM 0.881 0.909
TMS 0.829 0.886
Table 4. IAA 0.887 0.912
CR FM 0.910 0.928
Construct and items FM IAA TMS RM AVE
Top
management
RM 0.628 support
RM1 0.854
RM2 0.835
RM3 0.877
RM4 0.699
RM5 0.769 577
RM6 0.700
TMS 0.661
TMS1 0.798
TMS3 0.810
TMS4 0.855
TMS5 0.787
IAA 0.620
IAA1 0.695
IAA2 0.623
IAA3 0.817
IAA4 0.851
IAA6 0.831
IAA8 0.834
IAA9 0.834
IAA10 0.783
FM 0.601
FM1 0.840
FM2 0.589
FM3 0.777
FM5 0.770
FM6 0.835 Table 5.
FM7 0.822 Indicator reliability
FM8 0.763 and AVE

structural model requires several steps, which includes checking the collinearity through
calculating the variance inflation factor (VIF), path coefficient ( b -values) and (R2) coefficient
of determination, effect size (f2) and predictive relevance (Q2), as discussed in Hair et al.
(2017). In Table 6, the VIF values are less than 5. Specifically, the highest value is 2.215 and
the lowest value is 1.594, which indicates the absence of collinearity. The path coefficient
values indicated statistically significant paths, as all the t-statistic values are higher than
1.96, and all of the p-values are < 0.001.

Q2
2 2
Paths direction VIF t-statistic p-value Path coefficient R f

RM ! FM 2.125 4.384 0.000 0.306 0.132

TMS ! FM 1.839 2.711 0.007 0.210 0.072
RM ! IAA 1.594 6.391 0.000 0.489 0.333
TMS ! IAA 1.594 4.393 0.000 0.332 0.153
IAA ! FM 2.215 4.677 0.000 0.410 0.228
IAA 0.548 0.312 Table 6.
FM 0.667 0.368 Summary of the
structural model
JFC In Table 6, the R2 value of IAA = 0.548 means that RM and TMS can explain 54.8 per cent of
30,2 the variance in IAA. Furthermore, R2 for FM = 0.667 means that RM, TMS and IAA can
explain 66.7 per cent of the variance in FM.
According to Hair et al. (2017), f2 values can be small (0.02), medium (0.15) and large (0.35). The
assessment of f2 indicates that the f2 values for RM, TMS and IAA on FM are 0.132, 0.072 and
0.228, respectively, indicating that RM has a close to medium effect while TMS has a small effect
578 and IAA has a higher than the medium effect on FM. The f2 values of RM and TMS reveal close
to large (0.333) and medium (0.153) effect on IAA, respectively. Finally, the examination of Q2
values using the blindfolding procedure revealed the Q2 values of IAA = 0.312 and FM = 0.368
indicating greater predictive relevance of the model, as the values are greater than zero.
Bootstrapping with the option of 5,000 is performed to assess the statistical significance
of the paths’ directions and the mediating effects of IAA. From Table 6, the path directions
of RM ! FM (t-values = 4.384, p-value < 0.001 and b = 0.306) and RM -> IAA (t-values =
6.391, p-value < 0.001 and b =0.489). It is clear that all the t-values are greater than 1.96 for
two-sided test and all the p-values are < 0.001. Accordingly, the directions of the paths are
statistically significant and H1 and H2 are supported.
IAA ! FM path direction shows that (t-values = 4.677, p-value < 0.001 and b = 0.410).
Based on the statistical results, the path direction of IAA -> FM is statistically significant.
We, therefore, conclude that H3 is supported.
The direction of TMS -> FM reveals (t-values = 2.711, p-value = 0.007 and b = 0.210)
and also the path of TMS -> IAA (t-values = 4.393, p-value < 0.001 and b = 0.332). The
values show significant and positive relationships. Hence, H4 and H5 are supported. The
bootstrapping reveals that IAA has a mediating effect in the model, as shown in Table 7.
The results of the mediation analysis indicate that IAA mediates (RM -> IAA -> FM) the
relationship between RM and FM because the results (t-values = 3.443, p-value = 0.001 and
b = 0.201) are statistically significant. The results also show that IAA mediates (TMS ->
IAA -> FM) the nexus between TMS and FM (t-values = 3.322, p-value = 0.001 and b =
0.136). Because the direct effect of RM -> FM and TMS -> FM indicate significant and
positive relationship and also the indirect effect indicates positive and significant, then IAA
has a partial mediating effect. The results of our paper suggest that RM, TMS and IAA have
a crucial role in achieving better levels of FM. The findings indicate some contradiction with
previous research (Abdullah and Said, 2019) that find a stand-alone risk committee
influences on FM significantly. Furthermore, the outcomes of the study contradict with
Mohd-Sanusi et al. (2015) findings that document that significant relationship between RM
and external but not internal FM. The findings also support Beasley et al. (2006), Rae et al.
(2008) and Zainal Abidin (2017) that claim RM significantly influences IAA. For TMS, the
findings are in line with Alzeban and Gwilliam (2014) and Kabuye et al. (2017) that discuss
the significance of TMS on IAA and Alleyne and Howard (2005), Baker et al. (2017), Holmes
et al. (2002) and Iwasokun et al. (2019) that stress the significance of TMS in FM. The study,
however, reveals findings contradictory to Kabuye et al. (2017) that found that IAA does no
significantly predict fraud-management. Overall, the partial mediation shows that more
TMS and involvement of IAA in RM increases the chances of achieving occupational FM.

Original Sample Standard deviation t-statistics

Path direction sample (O) mean (M) (STDEV) (|O/STDEV|) p-values
Table 7.
Specific indirect TMS ! IAA ! FM 0.136 0.137 0.041 3.322 0.001
effect RM ! IAA ! FM 0.201 0.201 0.058 3.443 0.001
5. Summary and conclusion Top
This study examined the impact of RM, TMS and IAA on FM in the Libyan banking sector. management
The study confirms that RM, TMS and IAA function as crucial organisational factors for FM
in the workplace. Our findings suggest that adequate TMS and widening the scope of RM leads
support
to better chances for preventing and detecting fraud by extending the scope of IAA. Hence,
committing adequate resources and participating in audit plans as a form of TMS improve the
chances of internal auditing in limiting the risk of fraud. The findings of the study enhance our
understanding of the importance of involving IAA in RM. This work contributes to the existing 579
literature by determining the mediating effect of IAA on the relationship between RM, TMS
and FM. The findings indicate that banks’ success in their fight against occupational fraud also
depends on providing adequate support through allocating resources to IAA, thereby
enhancing IA effectiveness in preventing, detecting, investigating and reporting fraud.
This paper addresses occupational FM in the banking sector in an emerging economy.
Our study is one of the first attempts that contribute to FM in an emerging economy,
particularly in Libya. It provides implications for:

government regulators who can use the findings to stress the significance of
internal audit function in fighting fraud and ensuring sound practices in the
banking sector; and

top management of commercial banks of their role toward the internal audit
function and its effective in RM process.

Top management executives are advised to pay attention, allocate proper resources for IAA,
and provide training in RM to reduce the risk of fraud in the banking sector.
Future studies can re-examine the relationships of RM, TMS and IAA on FM in different
contexts while including other staff (e.g. top management and chief financial officers) to
increase the generalisability of the findings. It would also be interesting if future studies
examine more variables such as the impact of the audit committee, internal auditing
characteristics and technology on IAA and FM.

Note
1. There are 19 countries that are generally considered part of the MENA region. These are Algeria,
Bahrain, Egypt, Iran, Iraq, Israel, Jordan, Kuwait, Lebanon, Libya, Morocco, Oman, Palestine,
Qatar, Saudi Arabia, Syria, Tunisia, UAE and Yemen (www.worldatlas.com/articles/what-are-
the-mena-countries.html).

References
Abuazza, W.O., Mihret, D.G., James, K. and Best, P. (2015), “The perceived scope of internal audit function
in Libyan public enterprises”, Managerial Auditing Journal, Vol. 30 Nos 6/7, pp. 560-581.
Abdullah, W.N. and Said, R. (2019), “Audit and risk committee in financial crime prevention”, Journal of
Financial Crime, Vol. 26 No. 1, pp. 223-234.
Adetiloye, K.A., Olokoyo, F.O. and Taiwo, J.N. (2016), “Fraud prevention and internal control in the
Nigerian Banking System”, International Journal of Economics and Financial Issues, Vol. 6 No. 3.
Alleyne, B. and Amaria, P. (2013), “The effectiveness of corporate culture, auditor education, and
legislation in identifying, preventing, and eliminating corporate fraud”, International Journal of
Business, Accounting, and Finance, Vol. 7 No. 1, pp. 34-62.
Alleyne, P. and Howard, M. (2005), “An exploratory study of auditors’ responsibility for fraud detection
in Barbados”, Managerial Auditing Journal, Vol. 20 No. 3, pp. 284-303.
JFC Al-Tamimi, H.A. and Al-Mazrooei, F. (2007), “Banks’ risk management: a comparison study of UAE
national and foreign banks”, The Journal of Risk Finance, Vol. 8 No. 4, pp. 394-409.
30,2
Al-Twaijry, A.A., Brierley, J.A. and Gwilliam, D.R. (2003), “The development of internal audit in Saudi
Arabia: an institutional theory perspective”, Critical Perspectives on Accounting, Vol. 14 No. 5,
pp. 507-531.
Alzeban, A. and Gwilliam, D. (2014), “Factors affecting the internal audit effectiveness: a survey of the
580 Saudi public sector”, Journal of International Accounting, Auditing and Taxation, Vol. 23 No. 2,
pp. 74-86.
Association of Certified Fraud Examiners (2014), “Report to the nation on occupational fraud and
abuse”, ACFE, Austin, TX.
Association of Certified Fraud Examiners (2016), “Report to the nation on occupational fraud and
abuse”, ACFE, Austin, TX.
Association of Certified Fraud Examiners (2018a), “Report to the nation on occupational fraud and
abuse Middle East and North Africa edition”, available at. www.acfe.com/uploadedFiles/
ACFE_Website/Content/rttn/2018/RTTN-Middle-East-and-North-Africa-Edition.pdf, (accessed
18 June 2019).
Association of Certified Fraud Examiners (2018b), “Report to the nation on occupational fraud and
abuse”, ACFE, Austin, TX.
Baker, C.R., Cohanier, B. and Leo, N.J. (2017), “Breakdowns in internal controls in bank trading
information systems: the case of the fraud at société générale”, International Journal of
Accounting Information Systems, Vol. 26, pp. 20-31.
Beasley, M.S., Clune, R. and Hermanson, D. (2006), The Impact of Enterprise Risk Management on the
Internal Audit Function, Kennesaw, GA: Digital Commons@ Kennesaw State University.
Bento, R.F., Mertins, L. and White, L.F. (2018), Risk Management and Internal Control: A Study of
Management Accounting Practice. Advances in Management Accounting, Emerald Publishing
Limited, pp. 1-25.
Bierstaker, J.L., Brody, R.G. and Pacini, C. (2006), “Accountants’ perceptions regarding fraud detection
and prevention methods”, Managerial Auditing Journal, Vol. 21 No. 5, pp. 520-535.
Central Bank of Libya (2018), “Commercial banks”, available at: https://cbl.gov.ly/en/commercial-
banks/, (accessed 16 August 2018).
Chalmers, K., Hay, D. and Khlif, H. (2019), “Internal control in accounting research: a review”, Journal of
Accounting Literature, Vol. 42, pp. 80-103.
Chambers, A.D. and Odar, M. (2015), “A new vision for internal audit”, Managerial Auditing Journal,
Vol. 30 No. 1, pp. 34-55.
Chang, S.J., Van Witteloostuijn, A. and Eden, L. (2010), From the Editors: Common Method Variance in
International Business Research, Springer.
Chartered Institute of Management Accountants, CIMA (2009), “Fraud risk management: a guide to
good practice”, available at www.cimaglobal.com/Documents/ImportedDocuments/
cid_techguide_fraud_risk_management_feb09.pdf.pdf, (accessed 28 August 2016).
Cho, E. and Kim, S. (2015), “Cronbach’s coefficient alpha: well-known but poorly understood”,
Organizational Research Methods, Vol. 18 No. 2, pp. 207-230.
Committee of Sponsoring Organizations of the Treadway Commission (2017), “Enterprise risk
management: integrating with strategy and performance”, available at www.coso.org/
Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.
pdf (accessed 15 December 2018).
Coram, P., Ferguson, C. and Moroney, R. (2008), “Internal audit, alternative internal audit structures
and the level of misappropriation of assets fraud”, Accounting and Finance, Vol. 48 No. 4,
pp. 543-559.
De Zwaan, L., Stewart, J. and Subramaniam, N. (2011), “Internal audit involvement in enterprise risk Top
management”, Managerial Auditing Journal, Vol. 26 No. 7, pp. 586-604.
management
Drogalas, G., Pazarskis, M., Anagnostopoulou, E. and Papachristou, A. (2017), “The effect of internal
audit effectiveness, auditor responsibility and training in fraud detection”, Journal of Accounting support
and Management Information Systems, Vol. 16 No. 4, pp. 434-454.
Fraser, I. and Henry, W. (2007), “Embedding risk management: structures and approaches”,
Managerial Auditing Journal, Vol. 22 No. 4, pp. 392-409.
Goodwin-Stewart, J. and Kent, P. (2006), “The use of internal audit by Australian companies”, 581
Managerial Auditing Journal, Vol. 21 No. 1, pp. 81-101.
Hair, J.F., Jr, Tomas, G.M.H., Ringle, C.M. and Marko, S. (2017), A Primer on Partial Least Squares
Structural Equation Modelling (PLS-SEM), 2nd Ed., SAGE publishers.
Halbouni, S.S., Obeid, N. and Garbou, A. (2016), “Corporate governance and information technology in
fraud prevention and detection: evidence from the UAE”, Managerial Auditing Journal, Vol. 31
Nos 6/7, pp. 589-628.
Hertzog, M.A. (2008), “Considerations in determining sample size for pilot studies”, Research in Nursing
and Health, Vol. 31 No. 2, pp. 180-191.
Hillison, W., Pacini, C. and Sinason, D. (1999), “The internal auditor as fraud-buster”, Managerial
Auditing Journal, Vol. 14 No. 7, pp. 351-363.
Holmes, S.A., Langford, M., Welch, O.J. and Welch, S.T. (2002), “Associations between internal controls
and organizational citizenship behaviour”, Journal of Managerial Issues, pp. 85-99.
Issa, M. and Al-Azzabi, W. (2018), “Assessing awareness and acceptance of forensic accounting among
the Libyan accounting educators”, International Journal of Economics, Commerce, and
Management. VI, No. 4, pp. 331-348.
Iwasokun, G.B., Akinyede, R.O., Fadamiro, C.F. and Bello, O.A. (2019), “Factor analysis of financial
crime-related issues”, Journal of Financial Crime, Vol. 26 No. 1, pp. 113-130.
Jawher, J. (2017), “Corruption is a disease in the Libyan state”, Asharq Al-wasat News, Arabic Source,
available at https://aawsat.com/home/article/1092141/‫ﺍﻟﻠﻴﺒﻴﺔ‬-‫ﺍﻟﺪﻭﻟﺔ‬-‫ﺃﺟﻬﺰﺓ‬-‫ﻳﻨﺨﺮ‬-‫ﺩﺍﺀ‬-‫ﺍﻟﻔﺴﺎﺩ‬-‫ﺗﻐﻮﻝ‬, (accessed 1
September 2019).
Kabuye, F., Nkundabanyanga, S.K., Opiso, J. and Nakabuye, Z. (2017), “Internal audit organizational
status, competencies, activities and fraud management in the financial services sector”,
Managerial Auditing Journal, Vol. 32 No. 9, pp. 924-944.
Krejcie, R.V. and Morgan, D.W. (1970), “Determining sample size for research activities”, Educational
and Psychological Measurement, Vol. 30 No. 3, pp. 607-610.
Lenz, R. and Hahn, U. (2015), “A synthesis of empirical internal audit effectiveness literature pointing to
new research opportunities”, Managerial Auditing Journal, Vol. 30 No. 1, pp. 5-33.
Law, P. (2011), “Corporate governance and no fraud occurrence in organizations: Hong Kong evidence”,
Managerial Auditing Journal, Vol. 26 No. 6, pp. 501-518.
Mihret, D.G. (2014), “How can we explain internal auditing? The inadequacy of agency theory and a
labor process alternative”, Critical Perspectives on Accounting, Vol. 25 No. 8, pp. 771-782.
Mohd-Sanusi, Z., Rameli, M.N.F., Omar, N. and Ozawa, M. (2015), “Governance mechanisms 16 in the
Malaysian banking sector: Mitigation of fraud occurrence”, Asian Journal of Criminology, Vol. 10
No. 3, pp. 231-249.
Perry, L.M. and Bryan, B.J. (1997), “Heightened responsibilities of the internal auditor in the detection of
fraud”, Managerial Finance, Vol. 23 No. 12, pp. 38-43.
Podsakoff, P.M., MacKenzie, S.B., Lee, J.Y. and Podsakoff, N.P. (2003), “Common method biases in
behavioural research: a critical review of the literature and recommended remedies”, Journal of
Applied Psychology, Vol. 88 No. 5, p. 879.
Power, M. (2009), “The risk management of nothing”, Accounting, Organizations and Society, Vol. 34
Nos 6/7, pp. 849-855.
JFC Power, M. (2013), “The apparatus of fraud risk”, Accounting, Organizations and Society, Vol. 38 Nos 6/7,
pp. 525-543.
30,2
PWC (2014), “Economic Crime in the Arab World”, PwC Middle East Economic Crime Survey, pp. 1-31,
available at: www.pwc.com/m1/en/publications/gecs2014reportme.pdf (accessed 3 July 2019).
Rae, K. and Subramaniam, N. (2008), “Quality of internal control procedures: antecedents and
moderating effect on organizational justice and employee fraud”, Managerial Auditing Journal,
Vol. 23 No. 2, pp. 104-124.
582
Rae, K., Subramaniam, N. and Sands, J. (2008), “Risk management and ethical environment: effects on
internal audit and accounting control procedures”, Journal of Applied Management Accounting
Research, Vol. 6 No. 1, p. 11.
Salameh, R., Al-Weshah, G. and Al-Nsour, M. and A-Hiyari., A. (2011), “Alternative internal audit
structures and perceived effectiveness of internal audit in fraud prevention: evidence from
Jordanian banking industry/les structures alternative D’audit interne et L’efficacite percue De
L’audit intrene dans La prevention contre La fraude: Une prevue dans L’industrie bancaire
jordanienne”, Canadian Social Science, Vol. 7 No. 3, p. 40.
Sarens, G., M.J., Abdolmohammadi, M.J. and Lenz, R. (2012), “Factors associated with the internal audit
function’s role in corporate governance”, Journal of Applied Accounting Research, Vol. 13 No. 2,
pp. 191-204.
Sarens, G. and De Beelde, I. (2006), “Internal auditors’ perception about their role in risk management: a
comparison between US and Belgian companies”, Managerial Auditing Journal, Vol. 21 No. 1,
pp. 63-80.
Sekaran, U. and Bougie, B. (2010), Research Methods for Business, a Skill-Building Approach, A John
Wiley and Sons Ltd, Publication.
Sinha, V.K. and Arena, M. (2018), “Manifold conceptions of the internal auditing of risk culture in the
financial sector”, Journal of Business Ethics, pp. 1-22.
Soh, D.S. and Martinov-Bennie, N. (2011), “The internal audit function: perceptions of internal audit
roles, effectiveness and evaluation”, Managerial Auditing Journal, Vol. 26 No. 7, pp. 605-622.
Spira, L.F. and Page, M. (2003), “Risk management: the reinvention of internal control and the changing
role of internal audit”, Accounting, Auditing and Accountability Journal, Vol. 16 No. 4, pp. 640-661.
Stead, W.E., Worrell, D.L. and Stead, J.G. (1990), “An integrative model for understanding and managing
ethical behavior in business organizations”, Journal of Business Ethics, Vol. 9 No. 3, pp. 233-242.
The Institute of Internal Auditors (2018), International Standards for The Professional Practice of
Internal Auditing (Standards), Altamonte Springs, FL, pp. 1-26.
Venter, A.C. (2007), “A procurement fraud risk management model”, Meditari Accountancy Research,
Vol. 15 No. 2, pp. 77-93.
Yee, C.S., Sujan, A., James, K. and Leung, J.K. (2010), “Perceptions of Singaporean internal audit
customers regarding the role and effectiveness of internal audit”, Asian Journal of Business and
Accounting, Vol. 1 No. 2.
Zainal Abidin, N.H. (2017), “Factors influencing the implementation of risk-based auditing”, Asian
Review of Accounting, Vol. 25 No. 3, pp. 361-375.

Corresponding author
Waled Younes E. Alazzabi can be contacted at: waled_az22@yahoo.com

For instructions on how to order reprints of this article, please visit our website:
www.emeraldgrouppublishing.com/licensing/reprints.htm
Or contact us for further details: permissions@emeraldinsight.com