Beruflich Dokumente
Kultur Dokumente
ABSTRACT
Small business and entrepreneurship has emerged as an important area of research over the past 40 years. This
paper revolves around the issues of the internal controls, risk management, and fraud prevention on SMEs
performance and attempts to evaluate the reliability and validity of the instrument developed. The study sampled 62
owners of SMEs from East Coast of Malaysia. The level of fraud incidence as reported by owners is still at a very low
level and the overall cost incurred is still within expectation. However, there is a question of whether the low
reported rate of fraud is due to adequate preventive actions currently employed by owners, or whether the owners
are reluctant to reveal the truth in order to portray their efficiency and effectiveness in running their businesses. The
results obtained using the Cronbach Alpha measurement showed that the reliability score was between 0.785 and
0.928. The construct validity test result using the principal component analysis showed that most of the items were
convergent to their constructs with acceptable factor loadings. It is also expected that effective internal control,
implementation of risk management and the presence of appropriate fraud preventive measures will help to improve
SMEs performance.
Field of Research: Small and Medium Enterprises; Internal Control; Enterprise Risk Management; Fraud
______________________________________________________________________________________________
1. Introduction
Small and medium enterprises (SMEs) are much more vulnerable proportionally to fraud by employees, and much
less able to absorb these losses than large corporation. The entrepreneurs principal objectives are profitability and
growth, the business is characterised by innovative strategic practices and continued growth and may be seen as
having a different perspective from small business owners in the actual development of their firm (Smith, 1997).
Contribution from SMEs to the Malaysian economy is also very important. They provide indirect support or income
to economic growth. SMEs are also able to provide goods and service the same as large companies albeit in smaller
quantities. SMEs play a vital role in the Malaysian economy and are considered to be backbone of industrial
development in the country (Saleh and Ndubisi, 2006). There is always an increase in number of interest to establish
SMEs because of small firms generating most new employment; the public favouring small business; in small
business entrepreneurship at high schools and colleges; the growing towards self-employment as well as small
business being attractive to people of all ages (Megginson, 1997). The research will be focus on the effect of internal
control, risk management and fraud prevention measure on SMEs performances.
476
2. Research Background
The Association of Certified Fraud Examiners (ACFE) of the United States (1998) reported that businesses employing
less than 100 persons were the most vulnerable to fraud and abuse by employees. KPMGs Fourth Fraud Survey
Report (2009), show that a significant number of respondents believe that fraud is a major problem for businesses in
Malaysia. 61 percent of respondents expect the level of fraud to increase over the next two years. In addition, 89
percent believe that the trend of fraud as well as financial statements fraud (78 percent) will significantly rise as a
result of the current economic crisis which took place in 2008. The value of fraud reported in the survey period was
RM63.95 million. Not all respondents disclosed information on the number of fraud incidents or the value of fraud
detected (15 percent of the 85 respondents who said that they were victims of fraud were unsure of the number of
incidents whereas 53 percent were unsure of the value of financial losses due to fraud).
Hence, this suggests that losses may be far bigger than the disclosed amounts of the 56 percent of respondents who
reported some form of recovery of assets that were misappropriated, 43 percent reported partial recovery while 13
percent reported full recovery. The number of identity fraud victims increased by 12 percent in 2009 and the
amount of fraud increased by 12.5 percent. This is the highest rate of increase in the seven years that the company
has been issuing the report since 2002. New account fraud represents 39 percent of all 2009 fraud cases, versus 33
percent in 2008. Many of these fraudulent accounts were opened online. New account fraud is not limited to credit
card accounts. Fraudulent cell phone accounts make up 29 percent of total new account fraud. Existing credit cards
are also highly targeted, making up 75 percent of fraud attacks on existing accounts. So this means that, fraud and
theft was rampant, and statistics show the rate increasing from year to year (last seven years). If this problem is not
addressed from an early stage then it will lead to huge losses to owners of SMEs.
2.1 Definition of SMEs
Most of the studies and researches done on internal control, risk management and fraud against SMEs were mainly
US-based. Not many studies have been conducted on the Malaysian environment. The total numbers of SMEs in
Malaysia in the year of 2005 based on survey was conducted by the Department of Statistics; SME Corp Malaysia,
showed that there were 514,079 active establishments in the manufacturing and services sectors out of the 552,849
companies registered with the Companies Commission of Malaysia (CCM).
Type
Micro
Small
Medium
Total SMEs
Large
Total
Number of Establishment
434,939
100,608
12,720
548,267
4,582
552,849
Share (%)
78.7
18.2
2.3
99.2
0.8
100
477
(consists of textiles and apparels, metal and non-metallic products and food and beverages) while the agriculture
sector is made up from 6.2 percent (includes plantation and horticulture, fishery and poultry farming).
An appropriate definition of SMEs is essential as it will give various advantages to SMEs as well as for policy makers
and supporting agencies in nurturing the SMEs sectors. In determining the best SMEs definition, both quantitative
and qualitative criteria should be met in order to represent the true nature of SMEs (Mohd. Khairuddin and Mat
Saad, 1999). According to Small Medium Enterprises Corporation Malaysia, SMECorp (previously known as SMIDEC),
Malaysian SMEs can be defined according to size, annual sales turnover, number of full time employees as well as
the activities run by the enterprises. Besides that, SMEs are divided into three categories; namely Micro-enterprise,
Small-enterprise, and Medium-enterprises. The detail is depicted in Table 2:
Category
Manufacturing,
manufacturingservices
and
industries
Micro-enterprise
Sales turnover of less
than RM250, 000 OR
fewer than five full-time
employees.
Small-enterprise
Sales
turnover
between
RM250, 000 and RM10
million OR between five and
50 full-time employees.
Medium-enterprise
Sales turnover between RM10
million and RM25 million OR
between 51 and 150 full-time
employees.
Sales
turnover
between
RM200, 000 and RM1 million
OR between five and 19 fulltime employees.
related
agro-based
478
over their business lifecycle. In other words, this study is able to enhance the understanding of the public at large
and more specifically the owners of SMEs toward fraud and how to tackle the issue accordingly.
3.1 Internal Control
Internal control is a broad term with a wide area of operation (Kumar and Sharma, 2005). It includes a number of
methods and measures, which are exercised by the management to ensure smooth and economic functioning of
business entity. It assists the management in the performance of various functions. Internal control also facilitates
external audit as it assures the external auditors that the information supplied to them is accurate and reliable. It
also defines as the system of internal control as the whole systems of controls, financial and otherwise, established
by the management in the conduct of a business including internal check, internal audit and other forms of control.
Thus, it is apparent that internal control expression is used in a wide sense and includes internal check and internal
audit besides other forms of controls. Besides that, Jubb (2008) defines internal control is a process designed and
affected by those charge with governance, management and other personnel to provide reasonable assurance
about the achievement of the entitys objectives with regard to reliability of financial reporting, effectiveness and
efficiency of operation and compliances with applicable laws and regulations. It follows that internal control is
designed and implemented to address identified business risks that threaten the achievement of any these
objectives.
Similar definition was stated by Committee of Sponsoring Organisations (COSO) of the Treadway Commision issued
a report in 1992 entitled Internal Control - Integrated Framework (Leung, Coram and Copper, 2007). Internal control
system provides a way to meet its stewardship or agency responsibilities. For example, management must maintain
controls that provide reasonable assurance that adequate control exist over the entitys assets and record. This can
be accomplished by developing internal controls that require employees to follow company policies and procedures
such as proper authorisation for transactions. Such internal control system not only ensures that assets and records
are safeguarded but also creates an environment in which efficiency and effectiveness is encouraged and
monitored. This is becoming more important as entities automate their information system and they operate more
globally (Messier and Boh, 2002).
Good internal controls are essential no matter how small the company, for many valid reasons. Fraud prevention,
embezzlement detection, and accurate financials are all reasons to follow good internal control practices.
Implementing controls into the financial accounting software alone is not enough to ensure compliance; it takes
some people power too. Since most small business owners have very little accounting background, accountants are
expected to play a key advisory role in helping a business design and implement sound internal controls. Many
private companies are benefited from implementing internal control provisions relating to accountability,
independent audits, internal controls and document retention.
3.2 Enterprise Risk Management
The ISO 31000 (2009) /ISO Guide 73 definition of risk is the effect of uncertainty on objectives In this definition,
uncertainties include events (which may or may not happen) and uncertainties caused by a lack of information or
ambiguity. This definition also includes both negative and positive impacts on objectives. Besides that, it is a
479
probability or threat of a damage, injury, liability, loss, or other negative occurrence that is caused by external or
internal vulnerabilities, and that may be neutralized through pre-emptive action. Risk is the possibility of suffering
harm or loss. Applied to business risk translates into the possibility of losses associated with the assets and the
earnings potential of the firm. Here, the term assets include not only inventory and equipment but also such factors
as the firms employees, its customers, and its reputation. Risk is essential to a small business organisation, because
it is inherent in the pursuit of opportunities to earn returns to its owners. Striking the balance between risk and
reward is the key to maximizing these returns (ICAEW, 1997).
Risk management can be described as the performance of activities designed to minimize the negative impact (cost)
of uncertainty (risk) regarding possible losses. It is a method of identifying, analysing, treating and monitoring the
risk involved in any activity or process. Furthermore, risk management is the identification, assessment, and
prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and
control the probability and impact of unfortunate events or to maximize the realization of opportunities. Risks can
come from uncertainty in financial markets, project failures, legal liabilities, credit risk, accidents, natural causes and
disasters as well as deliberate attacks from an adversary. Risk management is a central part of any organizations
strategic management. It is the process whereby organizations methodically address the risks attached to their
activities with the goal of achieving sustained benefit within each activity and across the portfolio of all activities.
Risk management consists of all efforts to preserves the assets and earnings power of a business (Moore, 2008).
Since risk management has grown out of insurance management, the two terms are often used interchangeably.
However, risk management has a much broader meaning, covering both insurable and uninsurable risks and
including non-insurance approaches to reducing all types of risk. Risk management involves more than trying to
obtain the most insurance for each dollar spent; it is concerned with finding the best way possible to reduce the cost
of dealing with risk. Insurance is only one of several approaches to minimizing the pure risks that may be
encountered by a firm.
SMEs by nature manage risks and have a variety of existing departments or functions (also known as "risk
functions") that identify and manage particular risks. However, each risk function varies in capability and how it
coordinates with other risk functions. A central goal and challenge of enterprise risk management in SMEs is
improving this capability and coordination, while integrating the output to provide a unified picture of risk for
stakeholders and improving the organisation's ability to manage the risks effectively.
3.3 Fraud
According to the Institute of Chartered Accountants of England and Wales (ICAEW), fraud is generally defined in the
law as an intentional misrepresentation of material existing fact made by one person to another with knowledge of
its falsity and for the purpose of inducing the other person to act, and upon which the other person relies with
resulting injury or damage. Fraud may also be made by an omission or purposeful failure to state material facts,
which nondisclosure makes other statements misleading. Fraud, however, is not an easily defined term. According
to District Judges Association US, the definition may change depending upon the statute in which the word appears.
For example, in the crime of conspiracy to defraud the United States, defraud is uniquely defined to include a
dishonest obstruction of a government agency (Henkel, 1991). The definition can also be reflective of particular
precedent in a jurisdiction. In some cases the definition of fraud may not be limited to fraud methodology, but may
480
also include the harm or consequences of the fraudulent conduct. For example, some courts explicitly state that
merely having a scheme to deceive is not the same as a scheme to defraud.
According to Wells (2001), employee in SMEs will take an opportunity and will commit in fraud. Wells (2001) also
reported that there are two separate but related theories about why employees commit fraud. Wells (2001) quoted
based on the study conducted by Hollinger and Clark on 12,000 employees in the workforce, found that nearly 90
percent engaged in workplace deviant, which included behaviour such as goldbricking, workplace slowdowns, sick
time abuses and pilferage. In addition, one-third of employees actually had stolen money or merchandise on the
job. A second theory about why employees commit fraud is related to financial pressure. In the late 1940s
criminologist Donald R. Cressey interviewed nearly 200 incarcerated embezzlers, including convicted executives. He
found that, majority committed fraud to meet their financial obligations. Cressey observed that two other factors
had to be present for employees to commit fraud. They must perceive an opportunity to commit and conceal their
crimes, and able to rationalise their offenses as something other than criminal activity.
The most prevalent types of fraud are likely to be those that impact on the profit and loss account as a result of the
overstatement of expenses or the understatement of income. These may not necessarily be large and so they may
be difficult to identify. A time when an SME is particularly vulnerable to fraud is during a period of rapid expansion.
The dynamics of the situation may mean that it is more difficult for managers to have an overview of the business.
Advances in technological developments mean that all organisations that are connected to the internet are
vulnerable to attack from outside. Whilst larger organisations may have the technical knowledge to minimise this
threat, SMEs may not even recognise the risks. Whilst SMEs may not be able to have as many internal controls as
larger organisations, it is imperative that their managers evaluate the risks that their businesses face and ensure
that they at least have defenses in their key areas.
3.4 Current Trends on Fraud
Apart from traditional forms of fraud in small businesses, computer-related fraud comes into the pictures as a
phenomenon brought about by advances in information-processing technologies. Before the invention of
computers, fraud did occur but in different forms. According to Bologna and Lindquist (1987), the computer did not
usher in a new wave of fraud, but it merely changed the form of older frauds, for example embezzlers can now steal
by making electronic entries in books of accounts rather than pen and ink or electro-mechanical entries.
Corbitt (1998) added that the largest threat to a computer system comes from within, with 85 percent of frauds
being perpetuated by staff. A study in US estimated the annual loss from computer fraud at $ 3-5 billion annually
(Coutorie, 1995). In order survey of 1,200 security managers in US, it was found that nearly 20 percent of the
companies had detected a computer fraud within the five years covered, and that the rate of these frauds was
directly related to the number of employees using computers (Albanese and Parsley, 1993). This shows that
employee fraud by using computers is a serious threat to businesses nowadays.
Owners of SMEs should be alert on current trends of fraud especially fraud related to computer and technologies.
Most of the owners of SMEs did not updating their knowledge on information technologies on fraud tactics that
could lead to failure of the businesses.
481
482
Independent Variables
Internal Control
H1
Dependent Variable
H2
SMEs Performance
Risk Management
Fraud
H3a
Owners Concern
H3b
Fraud Preventive
Measures
Apart from that, the following hypotheses has been developed to test the statically results.
H1: There is a significant positive relationship between internal control and SMEs performance.
H2: There is a significant positive relationship between enterprise risk management and SMEs performance.
H3a: A high frequency of common fraudulent activities occurred in the past will lead to the high level of owners
concern on those fraudulent activities.
H3b: A high level of owners concern on common fraudulent activities will lead to the high preventive actions to be
taken by the owners.
There are several expected outcomes could be obtained from this study. The first possible outcome could be to
prove that there is significant positive relationship between internal control and SMEs performance. This means
that, good internal control will lead to high SMEs performance. In addition, significant positive relationship between
enterprise risk management and SMEs performance could also be expected. An efficient risk management will lead
to good SMEs performance. It is expected that, a high frequency of common fraudulent activities occurred in the
past will lead to high level of owners concern on it. Thus, high level of owners concern on common fraudulent
activities will lead to high preventive actions to be taken by the owners.
5. Research Method
This study adopts positivism survey approach. This preliminary study was conducted with the cooperation and
support from the selected respondent. A support letter was issued by the SMECorp Malaysia. This was to encourage
the respondents to participate in this study. In distributing the questionnaires to the respondents, an official cover
letter issued by the researcher and the support letter from the SMECorp Malaysia were attached.
483
484
required for the factor analysis. As for the construct validity test, the Principal Component Analysis was applied,
which includes Kaiser-Meyer-Olkin (KMO) that requires a valid value of greater than 0.60. Bartlett test, with a high
chi-square and a significant value, was also applied in this preliminary study.
6. Results and Discussion
6.1 Sample Characteristics
Cumulative
Descriptive Items
Frequency
Percent
Valid Percent
Percent
Male
Female
33
29
53.2
46.8
53.2
46.8
53.2
100
Total
62
100
100
Age
25 or under
12
19.4
19.4
19.4
26-35
19
30.6
30.6
50
36-45
46-55
15
12
24.2
19.4
24.2
19.4
74.2
93.5
56 or older
6.5
6.5
100
Total
62
100
100
5 or under
6-10
11-20
20
20
16
32.3
32.3
25.8
32.3
32.3
25.8
32.3
64.5
90.3
21 or older
9.7
9.7
100
Total
62
100
100
32
51.6
51.6
51.6
26-35
24
38.7
38.7
90.3
36-45
6.5
6.5
96.8
46-55
1.6
1.6
98.4
56 or older
Total
1
62
1.6
100
1.6
100
100
Founder
Family Business
20
27
32.3
43.5
32.3
43.5
32.3
75.8
Married Into
11.3
11.3
87.1
Gender
Business Age
Business Associated
485
Bought Firm
6.5
6.5
93.5
Other
6.5
6.5
100
Total
62
100
100
Years in Business
5 or less
6-10
23
27
37.1
43.5
37.1
43.5
37.1
80.6
11 or more
12
19.4
19.4
100
Total
62
100
100
10 or less
11-25
18
23
29
37.1
29
37.1
29
66.1
26-50
19
30.6
30.6
96.8
51 or more
Total
2
62
3.2
100
3.2
100
100
SRP/PMR/LCE
SPM/MCE
4
15
6.5
24.2
6.5
24.2
6.5
30.6
Diploma/STPM
19
30.6
30.6
61.3
First Degree
Master Degree
23
1
37.1
1.6
37.1
1.6
98.4
100
Total
62
100
100
Annual Profit
Less than RM100,000
24
38.7
38.7
38.7
RM101,000-RM500,000
33
53.2
53.2
91.9
RM501,000-RM1 million
RM2 million or more
4
1
6.5
1.6
6.5
1.6
98.4
100
Total
62
100
100
Number of Employees
Educational Background
486
Menengah Rendah) 4 (6.5%) respectively. The annual profit of their business ranged from RM100, 000 to RM2
million, with an average of RM200, 000.
6.2 Reliability and Construct Validity
Prior to research variable measurement, the draft of measurement instrument was evaluated for content validity.
To provide content validity, the questionnaire was revived and pre-tested, requesting the advice and
recommendation from the experts. A few lecturers from the accounting field from two public universities in east
coast Malaysia were requested to participate for the validity content. Any comments were used to improve the
wording and flow of the terms in the questionnaire.
The proposed theoretical framework consist of three predictors (internal control, risk management and fraud
whereas sub-divided to fraud experience and owners concern) and a dependent variable (SMEs performance
measurement). The results of reliability and validity testing are presented accordingly in the Table 4 below.
No
Variables
Items
Item
KMO
Loading
Bartlett Test
Chi-
Signs.
Square (X)
1
Cronbach
Details
Current
Study
Internal Control
(Internal control on
IC1
0.820
IC2
0.710
records)
IC3
0.709
total of 21 items.
IC4
0.679
IC5
0.671
IC6
0.657
IC7
0.626
IC8
0.556
(Internal control on
IC9
0.749
IC10
0.746
ICT)
IC11
0.738
IC12
0.698
IC13
0.673
IC14
0.604
IC15
0.594
RM1
0.927
RM2
0.910
RM3
0.906
Risk Management
0.795
0.896
761.146
569.474
0.000
0.000
0.875
0.894
487
RM4
0.889
RM5
0.849
RM6
0.832
RM7
0.829
RM8
0.811
RM9
0.798
Performance
PM1
0.891
Measurement
PM2
0.873
PM3
0.864
PM4
0.831
PM5
0.825
PM6
0.774
PM7
0.760
PM8
0.671
FE1
0.872
FE2
0.814
FE3
FE4
0.814
0.648
FE5
0.621
(Internal Fraud)
FE6
0.856
FE7
0.564
(Other)
FE8
0.653
FE9
0.838
OC1
0.886
OC2
0.868
OC3
0.606
OC4
0.538
OC5
0.852
OC6
0.815
OC7
0.544
OC8
0.886
OC9
0.600
393.158
0.000
0.928
Fraud Experiences
(External Fraud)
0.867
0.617
228.347
0.000
0.785
Owners' Concern on
Fraud Experiences
(Internal Concern)
(External Concern)
(Other)
0.720
205.354
0.000
0.827
488
The results of reliability test showed that the Cronbach Alpha value of this study ranged between 0.785 and 0.928.
Nunnally (1978) suggest that. it is acceptable if the minimum level of internal consistency reliability value is 0.7 for
preliminary research, 0.8 for basic research and 0.9 for applied research. Thus, with the Cronbach Alpha scores for
all variables were above 0.70 for this preliminary study, this mean that the scores were acceptable to further run for
a more robust analysis. As for the loading factor, all items had high loading in their construct validity values expect
for item eight and fifteen in internal control variable. The items are about the cheques received made payable to the
organization and need for password security reinforced to organisation staff. Castello and Osborne (2005) stated
that items with factor loading of more than 0.40 can be retained since this would likely increase the reliability of the
scale. Therefore it will be retained in this preliminary study. Results of other items in each variable indicate that the
loading items were convergent towards their component. Notably, Bartlett test of sphericity and the Kaiser-MeyerOlkin (KMO) are both test that can be used to determine the factorability of the matrix as a whole. In this
preliminary study, all variables for the Bartlett test of sphericity were large and significant. In addition, the KaiserMeyer-Olkin measure of sampling adequacy was far greater than 0.60. Referring to the analysis results indicated
above, all items in each individual predictor were valid and reliable for this preliminary study.
7. Conclusion
This preliminary study examines the reliability validity of the research instrument for internal control, risk
management and fraud prevention measures on SMEs. Overall, the results suggest that the behavioural model,
although a reduced version, was able to provide a reasonable explanation of the instrument developed for
acceptance and satisfaction in the study. It has shown that all the items were reliable, which were indicated by
Cronbach Alpha value between 0.785 and 0.984. The construct validity with Kaiser-Meyer-Olkin and Bartlett tests
was convergent and valid accordingly. The study framework involves four variables; internal control, risk
management, fraud (fraud experience and owners concern) and performance measurement. From the present
preliminary study analysis, the study will adopt all items in the variables for further empirical research.
Internal control, enterprise risk management and fraud prevention measures play a vital role and could have
influence on SMEs performance. SMEs much more vulnerable to fraud by employees because it is considered as a
small scale of businesses where the owners invested only small amount of capital. Government, regulators, policymakers, academicians, and other stakeholders should be aware that SMEs are considered as the backbone of
industrial development in Malaysian economy and should be more concerned towards the future growth and its
contribution to the whole economy.
There are several expected outcomes could be obtained from this study in further research. The first possible
outcome could be to prove that there is significant positive relationship between internal control and SMEs
performance. This means that, good internal control will lead to high SMEs performance. In addition, significant
positive relationship between enterprise risk management and SMEs performance could also be expected. An
efficient risk management will lead to good SMEs performance. It is expected that, a high frequency of common
fraudulent activities occurred in the past will lead to high level of owners concern on it. Thus, high level of owners
concern on common fraudulent activities will lead to high preventive actions to be taken by the owners.
489
Acknowledgements
Greatly indebted to Ministry of Higher Education for giving a research grant under Fundamental Research Grants
Scheme (FRGS) enabling a research on internal control, risk management and fraud prevention measures to be
conducted at UMT. Special thanks to Dr. Zalailah Salleh, Dr. Mohd Zulkifli Mokhtar and other for giving their
comments and ideas to improve this study.
References
Adams, G. W. (2006). A Theoretical Comparison of the Models of Prevention of Research Misconduct. Accountability
in Research: Policies and Quality Assurance, pp. 51 66.
Bologna, G.J. and Lindquist, R.J. (1987). Fraud Auditing and Forensic Accounting: New Tools and Techniques, John
Wiley & Sons, pp. 5-90.
Castello, A.B., & J.W. Osborne (2005), Best practices in exploratory factor analysis: Four recommendations for
getting the most from your analysis, Practical Assessment, Research & Evaluation, pp.1-9.
Che Haat, M. H. (2001). Petty Crime and Small Business in The Klang Valley : An Exploratory Study of Cost and
Prevention Issues.
Corbitt, T. (1998). Detecting Computer Fraud, African Business.
Coutorie, L. E. (1995). The Future of High Technology Crime: A Parallel Delphi Study, Journal of Criminal Justice,
pp. 13-27.
Henkel, H.V. (1991). For The Purpose Of Impairing, Obstructing or Defeating the Lawful Function of Any
Government Department 216, pp. 462-479.
Johnnson, P. (1999). Preventing Fraud, Accountancy Ireland, Dublin.
Jubb, C.(2008). Assurance & Auditing Concepts for a Changing Environment, Thomson South-Western.
Kumar, R., & Sharma, V. (2005). Auditing Principles and Practice, Prentice-Hall of India Private Limited.
Kuratko, D. F.(2000). Crime and Small Business: An Exploratory Study of Cost and Prevention Issues in US Firms,
Journal of Small Business Management.
Leung, P., Coram, P. & Copper, B. J. (2007). Modern Auditing & Assurance Services, Wiley John Wiley & Sons, Inc.
McMillian, J. & Schumacher, S. (2001). Research in education: A conceptual introduction. Longman.
Megginson, W.L. (1997). Small Business Management. The McGraw-Hill.
Messier, W.F. & Boh. M. (2002). Auditing and Assurance in Malaysia, McGraw-Hill.
Mohd. Khairuddin Hashim. (1999). Working Paper in Rural Small and Medium Scale Industries in the Global Era:
Critical Success Factors for SMEs in Malaysia: A Strategic Perpective. Malaysia.
Mohd. Khairuddin Hashim & Mat Saad Abdullah (1999). Working Paper in International Conference on Small and
Medium Enterprises at New Crossroad: Challenges and Prospects. Malaysia.
Moore, C.W. (2008). Risk Management, Integrated For Small Business, Wiley John Wiley & Sons, Inc.
Moore, C.W.(2008), Managing Small Business, an Entrepreneurial Emphasis, South-Western Cengage Learning.
Morley & Scott. (2010), Fraud Hits Small Firms, http://www.fraudadvisorypanel.org.
Nunnaly, J.C. (1978). Psychometric Theory, McGraw-Hill.
Saleh, A. S. and Ndubisi, N. O. (2006). Small & Medium Enterprises (SMEs): Malaysian & Global Perspectives,
Pearson Prentice Hall.
Slade, P. & Gadenne, D. (2000). Factors Associated With Small Business Burglary, International Small Business
Journal.
490
Smith,E.S. (1997). Franchising As a Small Business Growth Strategy: A Resource Based View of Organisational
Development, International Small Business Journal.
Sheridan, J. C., Steed, L., & Dzidic, P. (2006). SPSS version 13.0 for Windows Analysis without Anguish. Melbourne:
John Wiley & Sons.
Taylor, R.R, and OPrien K. (1998), Preventing Employee Theft: A Behavioral Approach, Business Perspective,
Memphis.
Wells, J.T. (2001), Why Employees Commit Fraud, Journal of Accountancy.
Welton, R.E. & Davis, J.R. (1993). Understanding Ethics Development and Employee Behavior, Internal Auditing,
Winter.
Author Bibliography
Correspondent Author
Jaya Kumar Shanmugam is currently engaged as a M.Sc. Accounting student, registered with Department of
Accounting and Finance, Faculty of Economics and Management, Universiti Malaysia Terengganu. He has completed
his Bachelor in Accounting (Hons.) from Universiti Malaysia Terengganu in 2010.
491
Appendix 1
Measurement Items for Internal Control
No
Question
IC1
IC2
IC3
IC4
IC5
IC6
IC8
Are current job descriptions on file for each employee in the organization.
Are the cheques received made payable to the name of the organization.
Is the mail opened by someone independent of the accounting function.
When the mail is opened, is an independent listing prepared of all cheques received.
Are deposits made daily.
Are deposits made by someone independent of the accounting and cashiering functions.
Are petty cash funds kept in secure storage.
IC9
Is responsibility for each petty cash fund assigned to a specific responsible individual.
Are these individuals independent of employees who handle cash receipts and accounting
records.
Is there a prohibition against petty cash disbursements over a specified amounts.
Are surprise cash counts of organisation petty cash and change funds performed on a regular,
random, and unannounced basis.
Are the authorisation, processing, check signing, recording and clearly segregated.
Have ringgit limits been established for one signature cheques.
Are all staff time records reviewed and authorized by an appropriate senior official.
Are copies of timekeeping records retained on file.
Are reported overtime hours verified for reasonableness and proper pre-approval.
Are labor distribution and vacation/sick accrual reports reviewed for reasonableness each pay
period by a senior official.
Is the need for password security reinforced to organization staff.
Are computer applications logged-off when the user is away from the terminal or PC.
Are all staff members required to take one full week of continuous vacation time annually,
IC10
IC11
IC12
IC13
IC14
IC15
IC16
IC17
IC18
IC19
IC20
IC21
492
Appendix 2
Measurement Items for Risk Management
No
Question
RM1
RM2
RM3
RM4
RM5
RM6
RM7
RM8
Risk management strategy (ies) taken in our business are sufficient (such as insurance coverage).
A unit/ management team is needed to deal with risk management.
A person should be is responsible for businesses risk management strategy in this organizations.
The responsible person should deal with any complaints arise from the staff.
A complaint should be registered in file.
An audit process should be routinely carried out.
New members / staff are provided with some trainings and orientation programmes.
Staff progress must be regularly assessed.
Procedures of handling hazardous events including fire, accident and inappropriate physical
access must clearly be disseminated to all staff.
RM9
493
Appendix 3
Measurement Items for Fraud Experience and Owners Concern
No
PM1
PM2
PM3
PM4
PM5
PM6
PM7
PM8
Question
Retain Profitable
Sales
Sales Growth
Cost Saving
Return on Investment
Return on Assets
Market Share
Reputation
494
Appendix 4
No
FE/OC1
FE/OC2
FE/OC3
FE/OC4
FE/OC5
FE/OC6
FE/OC7
FE/OC8
FE/OC9
Question
Burglary/ Robbery
Cheque Deception
Credit Card Fraud
Misappropriation of Entrusted Property
Employee Monetary Theft (cash and cash equilvalent)
Employee Merchandise Theft (Inventory)
Shoplifting
Disclosures of Trade Secrets
Vandalism