034 168 3rdICBER2012 Proceeding PG0475 0494

475
3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

RESEARCH ( 3rd ICBER 2012 ) PROCEEDING
12 - 13 MARCH 2012. GOLDEN FLOWER HOTEL, BANDUNG, INDONESIA
ISBN: 978-967-5705-05-2. WEBSITE: www.internationalconference.com.my
INTERNAL CONTROL, RISK MANAGEMENT AND FRAUD PREVENTION MEASURES ON

SMES: RELIABILITY AND VALIDITY OF RESEARCH INSTRUMENT
Jaya Kumar Shanmugam1, Azwadi Ali2, Mohd Hassan Che Haat3,
Universiti Malaysia Terengganu
jaya_jkumar@yahoo.com, azwadi@umt.edu.my, hassan@umt.edu.my
ABSTRACT
Small business and entrepreneurship has emerged as an important area of research over the past 40 years. This
paper revolves around the issues of the internal controls, risk management, and fraud prevention on SMEs
performance and attempts to evaluate the reliability and validity of the instrument developed. The study sampled 62
owners of SMEs from East Coast of Malaysia. The level of fraud incidence as reported by owners is still at a very low
level and the overall cost incurred is still within expectation. However, there is a question of whether the low
reported rate of fraud is due to adequate preventive actions currently employed by owners, or whether the owners
are reluctant to reveal the truth in order to portray their efficiency and effectiveness in running their businesses. The
results obtained using the Cronbach Alpha measurement showed that the reliability score was between 0.785 and
0.928. The construct validity test result using the principal component analysis showed that most of the items were
convergent to their constructs with acceptable factor loadings. It is also expected that effective internal control,
implementation of risk management and the presence of appropriate fraud preventive measures will help to improve
SMEs performance.
Field of Research: Small and Medium Enterprises; Internal Control; Enterprise Risk Management; Fraud
______________________________________________________________________________________________
1. Introduction
Small and medium enterprises (SMEs) are much more vulnerable proportionally to fraud by employees, and much
less able to absorb these losses than large corporation. The entrepreneurs principal objectives are profitability and
growth, the business is characterised by innovative strategic practices and continued growth and may be seen as
having a different perspective from small business owners in the actual development of their firm (Smith, 1997).
Contribution from SMEs to the Malaysian economy is also very important. They provide indirect support or income
to economic growth. SMEs are also able to provide goods and service the same as large companies albeit in smaller
quantities. SMEs play a vital role in the Malaysian economy and are considered to be backbone of industrial
development in the country (Saleh and Ndubisi, 2006). There is always an increase in number of interest to establish
SMEs because of small firms generating most new employment; the public favouring small business; in small
business entrepreneurship at high schools and colleges; the growing towards self-employment as well as small
business being attractive to people of all ages (Megginson, 1997). The research will be focus on the effect of internal
control, risk management and fraud prevention measure on SMEs performances.
476

2. Research Background
The Association of Certified Fraud Examiners (ACFE) of the United States (1998) reported that businesses employing
less than 100 persons were the most vulnerable to fraud and abuse by employees. KPMGs Fourth Fraud Survey
Report (2009), show that a significant number of respondents believe that fraud is a major problem for businesses in
Malaysia. 61 percent of respondents expect the level of fraud to increase over the next two years. In addition, 89
percent believe that the trend of fraud as well as financial statements fraud (78 percent) will significantly rise as a
result of the current economic crisis which took place in 2008. The value of fraud reported in the survey period was
RM63.95 million. Not all respondents disclosed information on the number of fraud incidents or the value of fraud
detected (15 percent of the 85 respondents who said that they were victims of fraud were unsure of the number of
incidents whereas 53 percent were unsure of the value of financial losses due to fraud).
Hence, this suggests that losses may be far bigger than the disclosed amounts of the 56 percent of respondents who
reported some form of recovery of assets that were misappropriated, 43 percent reported partial recovery while 13
percent reported full recovery. The number of identity fraud victims increased by 12 percent in 2009 and the
amount of fraud increased by 12.5 percent. This is the highest rate of increase in the seven years that the company
has been issuing the report since 2002. New account fraud represents 39 percent of all 2009 fraud cases, versus 33
percent in 2008. Many of these fraudulent accounts were opened online. New account fraud is not limited to credit
card accounts. Fraudulent cell phone accounts make up 29 percent of total new account fraud. Existing credit cards
are also highly targeted, making up 75 percent of fraud attacks on existing accounts. So this means that, fraud and
theft was rampant, and statistics show the rate increasing from year to year (last seven years). If this problem is not
addressed from an early stage then it will lead to huge losses to owners of SMEs.
2.1 Definition of SMEs
Most of the studies and researches done on internal control, risk management and fraud against SMEs were mainly
US-based. Not many studies have been conducted on the Malaysian environment. The total numbers of SMEs in
Malaysia in the year of 2005 based on survey was conducted by the Department of Statistics; SME Corp Malaysia,
showed that there were 514,079 active establishments in the manufacturing and services sectors out of the 552,849
companies registered with the Companies Commission of Malaysia (CCM).
Type
Micro
Small
Medium
Total SMEs
Large
Total
Number of Establishment
434,939
100,608
12,720
548,267
4,582
552,849
Share (%)
78.7
18.2
2.3
99.2
0.8
100
Source: Census of Establishment and Enterprises, 2005 by Department of Statistics, Malaysia
Table 1: Number of Establishment of SMEs

Based on Table 1, the total number of establishment was 552,849, and 99.2 percent were SMEs. Out of this number,
a total of 86.6 percent is made up from services sector (comprises of wholesale and retail, restaurant and hotel,
professional services, transportation and communication). It is followed by the manufacturing sector by 7.2 percent
477

(consists of textiles and apparels, metal and non-metallic products and food and beverages) while the agriculture
sector is made up from 6.2 percent (includes plantation and horticulture, fishery and poultry farming).
An appropriate definition of SMEs is essential as it will give various advantages to SMEs as well as for policy makers
and supporting agencies in nurturing the SMEs sectors. In determining the best SMEs definition, both quantitative
and qualitative criteria should be met in order to represent the true nature of SMEs (Mohd. Khairuddin and Mat
Saad, 1999). According to Small Medium Enterprises Corporation Malaysia, SMECorp (previously known as SMIDEC),
Malaysian SMEs can be defined according to size, annual sales turnover, number of full time employees as well as
the activities run by the enterprises. Besides that, SMEs are divided into three categories; namely Micro-enterprise,
Small-enterprise, and Medium-enterprises. The detail is depicted in Table 2:
Category
Manufacturing,
manufacturingservices
and
industries
Micro-enterprise
Sales turnover of less
than RM250, 000 OR
fewer than five full-time
employees.
Small-enterprise
Sales
turnover
between
RM250, 000 and RM10
million OR between five and
50 full-time employees.
Medium-enterprise
Sales turnover between RM10
million and RM25 million OR
between 51 and 150 full-time
employees.
Services, primary agriculture Sales turnover of less

and
information
and than RM200, 000 OR
communication
technology fewer than five full-time
(ICT).
employees.
Source: SMECorp (Formally known as SMIDEC), (2000)
Sales
turnover
between
RM200, 000 and RM1 million
OR between five and 19 fulltime employees.
Sales turnover between RM 1

million and RM 5 million OR
between 20 and 50 full-time
employees.
related
agro-based
Table 2: Definition of SMEs in Malaysia

Internal control, risk management and fraud can be considered as emerging issues among SMEs. It is worth to note
that fraud is not actually a new issue. It has been a problem to SMEs before and continues to be until now. In other
words, it is an old issue, but the form of fraud in SMEs has evolved over time. There might be some differences
between frauds perpetrated in 1970s and those committed in 1990s and in 21st century especially due to extensive
use of sophisticated information and communication technology (ICT). Further details on internal control, risk
management and fraud will be discussed in the following section.
3. Literature Review
Slade and Gadenne (2000) emphasised that the one factor that is rarely examined as having a possible impact on
failure of SMEs is fraud. In Malaysia, research related to this area is still at a primitive stage. This issue is rarely
highlighted and Malaysians seem to regard this as a sensitive one. Furthermore, the topic of risk management in
small businesses also can be countable research on Malaysian evidence. As a result, they tend to put this matter
aside, even though the real problem of fraud does exist in the Malaysian business environment. The purpose of this
paper to gather literature to propose an appropriate study on internal control, risk management and fraud
prevention measures in Malaysia. It is also hoped that the paper could help to identify the level of SMEs owners
awareness on fraud and to assess how serious is the fraud affecting the Malaysia SMEs. If this issue is neglected, it
may badly affect the performance of SMEs. This would result in an unhealthy phenomenon in this country, which
could harm the growth of SMEs. Consequently, the root of the problem which contributes to the insolvency of SMEs
will not be uncovered and the owners of the businesses are unaware that they are repeating the same mistakes
478

over their business lifecycle. In other words, this study is able to enhance the understanding of the public at large
and more specifically the owners of SMEs toward fraud and how to tackle the issue accordingly.
3.1 Internal Control
Internal control is a broad term with a wide area of operation (Kumar and Sharma, 2005). It includes a number of
methods and measures, which are exercised by the management to ensure smooth and economic functioning of
business entity. It assists the management in the performance of various functions. Internal control also facilitates
external audit as it assures the external auditors that the information supplied to them is accurate and reliable. It
also defines as the system of internal control as the whole systems of controls, financial and otherwise, established
by the management in the conduct of a business including internal check, internal audit and other forms of control.
Thus, it is apparent that internal control expression is used in a wide sense and includes internal check and internal
audit besides other forms of controls. Besides that, Jubb (2008) defines internal control is a process designed and
affected by those charge with governance, management and other personnel to provide reasonable assurance
about the achievement of the entitys objectives with regard to reliability of financial reporting, effectiveness and
efficiency of operation and compliances with applicable laws and regulations. It follows that internal control is
designed and implemented to address identified business risks that threaten the achievement of any these
objectives.
Similar definition was stated by Committee of Sponsoring Organisations (COSO) of the Treadway Commision issued
a report in 1992 entitled Internal Control - Integrated Framework (Leung, Coram and Copper, 2007). Internal control
system provides a way to meet its stewardship or agency responsibilities. For example, management must maintain
controls that provide reasonable assurance that adequate control exist over the entitys assets and record. This can
be accomplished by developing internal controls that require employees to follow company policies and procedures
such as proper authorisation for transactions. Such internal control system not only ensures that assets and records
are safeguarded but also creates an environment in which efficiency and effectiveness is encouraged and
monitored. This is becoming more important as entities automate their information system and they operate more
globally (Messier and Boh, 2002).
Good internal controls are essential no matter how small the company, for many valid reasons. Fraud prevention,
embezzlement detection, and accurate financials are all reasons to follow good internal control practices.
Implementing controls into the financial accounting software alone is not enough to ensure compliance; it takes
some people power too. Since most small business owners have very little accounting background, accountants are
expected to play a key advisory role in helping a business design and implement sound internal controls. Many
private companies are benefited from implementing internal control provisions relating to accountability,
independent audits, internal controls and document retention.
3.2 Enterprise Risk Management
The ISO 31000 (2009) /ISO Guide 73 definition of risk is the effect of uncertainty on objectives In this definition,
uncertainties include events (which may or may not happen) and uncertainties caused by a lack of information or
ambiguity. This definition also includes both negative and positive impacts on objectives. Besides that, it is a
479

probability or threat of a damage, injury, liability, loss, or other negative occurrence that is caused by external or
internal vulnerabilities, and that may be neutralized through pre-emptive action. Risk is the possibility of suffering
harm or loss. Applied to business risk translates into the possibility of losses associated with the assets and the
earnings potential of the firm. Here, the term assets include not only inventory and equipment but also such factors
as the firms employees, its customers, and its reputation. Risk is essential to a small business organisation, because
it is inherent in the pursuit of opportunities to earn returns to its owners. Striking the balance between risk and
reward is the key to maximizing these returns (ICAEW, 1997).
Risk management can be described as the performance of activities designed to minimize the negative impact (cost)
of uncertainty (risk) regarding possible losses. It is a method of identifying, analysing, treating and monitoring the
risk involved in any activity or process. Furthermore, risk management is the identification, assessment, and
prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and
control the probability and impact of unfortunate events or to maximize the realization of opportunities. Risks can
come from uncertainty in financial markets, project failures, legal liabilities, credit risk, accidents, natural causes and
disasters as well as deliberate attacks from an adversary. Risk management is a central part of any organizations
strategic management. It is the process whereby organizations methodically address the risks attached to their
activities with the goal of achieving sustained benefit within each activity and across the portfolio of all activities.
Risk management consists of all efforts to preserves the assets and earnings power of a business (Moore, 2008).
Since risk management has grown out of insurance management, the two terms are often used interchangeably.
However, risk management has a much broader meaning, covering both insurable and uninsurable risks and
including non-insurance approaches to reducing all types of risk. Risk management involves more than trying to
obtain the most insurance for each dollar spent; it is concerned with finding the best way possible to reduce the cost
of dealing with risk. Insurance is only one of several approaches to minimizing the pure risks that may be
encountered by a firm.
SMEs by nature manage risks and have a variety of existing departments or functions (also known as "risk
functions") that identify and manage particular risks. However, each risk function varies in capability and how it
coordinates with other risk functions. A central goal and challenge of enterprise risk management in SMEs is
improving this capability and coordination, while integrating the output to provide a unified picture of risk for
stakeholders and improving the organisation's ability to manage the risks effectively.
3.3 Fraud
According to the Institute of Chartered Accountants of England and Wales (ICAEW), fraud is generally defined in the
law as an intentional misrepresentation of material existing fact made by one person to another with knowledge of
its falsity and for the purpose of inducing the other person to act, and upon which the other person relies with
resulting injury or damage. Fraud may also be made by an omission or purposeful failure to state material facts,
which nondisclosure makes other statements misleading. Fraud, however, is not an easily defined term. According
to District Judges Association US, the definition may change depending upon the statute in which the word appears.
For example, in the crime of conspiracy to defraud the United States, defraud is uniquely defined to include a
dishonest obstruction of a government agency (Henkel, 1991). The definition can also be reflective of particular
precedent in a jurisdiction. In some cases the definition of fraud may not be limited to fraud methodology, but may
480

also include the harm or consequences of the fraudulent conduct. For example, some courts explicitly state that
merely having a scheme to deceive is not the same as a scheme to defraud.
According to Wells (2001), employee in SMEs will take an opportunity and will commit in fraud. Wells (2001) also
reported that there are two separate but related theories about why employees commit fraud. Wells (2001) quoted
based on the study conducted by Hollinger and Clark on 12,000 employees in the workforce, found that nearly 90
percent engaged in workplace deviant, which included behaviour such as goldbricking, workplace slowdowns, sick
time abuses and pilferage. In addition, one-third of employees actually had stolen money or merchandise on the
job. A second theory about why employees commit fraud is related to financial pressure. In the late 1940s
criminologist Donald R. Cressey interviewed nearly 200 incarcerated embezzlers, including convicted executives. He
found that, majority committed fraud to meet their financial obligations. Cressey observed that two other factors
had to be present for employees to commit fraud. They must perceive an opportunity to commit and conceal their
crimes, and able to rationalise their offenses as something other than criminal activity.
The most prevalent types of fraud are likely to be those that impact on the profit and loss account as a result of the
overstatement of expenses or the understatement of income. These may not necessarily be large and so they may
be difficult to identify. A time when an SME is particularly vulnerable to fraud is during a period of rapid expansion.
The dynamics of the situation may mean that it is more difficult for managers to have an overview of the business.
Advances in technological developments mean that all organisations that are connected to the internet are
vulnerable to attack from outside. Whilst larger organisations may have the technical knowledge to minimise this
threat, SMEs may not even recognise the risks. Whilst SMEs may not be able to have as many internal controls as
larger organisations, it is imperative that their managers evaluate the risks that their businesses face and ensure
that they at least have defenses in their key areas.
3.4 Current Trends on Fraud
Apart from traditional forms of fraud in small businesses, computer-related fraud comes into the pictures as a
phenomenon brought about by advances in information-processing technologies. Before the invention of
computers, fraud did occur but in different forms. According to Bologna and Lindquist (1987), the computer did not
usher in a new wave of fraud, but it merely changed the form of older frauds, for example embezzlers can now steal
by making electronic entries in books of accounts rather than pen and ink or electro-mechanical entries.
Corbitt (1998) added that the largest threat to a computer system comes from within, with 85 percent of frauds
being perpetuated by staff. A study in US estimated the annual loss from computer fraud at $ 3-5 billion annually
(Coutorie, 1995). In order survey of 1,200 security managers in US, it was found that nearly 20 percent of the
companies had detected a computer fraud within the five years covered, and that the rate of these frauds was
directly related to the number of employees using computers (Albanese and Parsley, 1993). This shows that
employee fraud by using computers is a serious threat to businesses nowadays.
Owners of SMEs should be alert on current trends of fraud especially fraud related to computer and technologies.
Most of the owners of SMEs did not updating their knowledge on information technologies on fraud tactics that
could lead to failure of the businesses.
481

3.5 Business Crime Prevention

In order to prevent fraud in small business organisations, most previous literature suggested reviews on fraud
prevention policy within company (Johnnson, 1999), companys internal control and attention on code of ethics
amongst members of organisation (Welton and Davies, 1993; Taylor and OPrien, 1998). In addition, some
researches go further by proposing new things such as the implementation of fraud auditing and forensic
accounting. These are attempts to minimise the likelihood of crime from occurring in small business organisations.
Adams (2006) stated that, the greatest financial impact of fraud can occur in a small-business environment. A loss of
6% of revenues is significant for any company, however large, but a small operation whose margins are thin and
reserves nonexistent will go out of business. Even if an operation survives the fiscal loss, its business continuity can
be in jeopardy and it may no longer be able to function as an independent entity. Failing to address these issues
places a company at a competitive disadvantage when fraud becomes a cost of doing business. Through cost
avoidance, this impact becomes doubly significant because competitors can lower their product or service costs to
their customers as their revenue yield and unaffected, through fraud prevention is higher.
Johnnson (1999) stated that fraud is a business risk in just the same way as an organisation faces the risk of a
customer becoming insolvent and unable to pay their debts. The absence of an established policy means no position
has been taken by the business. Therefore, the company has to come out with fraud prevention policy, for the
business to communicate to its employees what is expected of them in terms of preventing, deterring and detecting
fraud. Such a policy is essential as fraud prevention must always be proactive.
When small businesses are victims of crime, they often react by changing their hours of operation, raising their
prices to cover their losses, relocating outside the community, or simply closing. Fear of crime isolates businesses,
much like fear isolates individuals and this isolation increases vulnerability to crime. SMEs owners should take a hard
look at their businesses in areas such as physical layout, number of employees, hiring practices, and overall security
to determine vulnerability to various kinds of crime, from burglary to embezzlement.
4. Theoretical Framework and Hypotheses Development
This study employs a non-experimental, quantitative research design; specifically a survey design. This research
design lends itself to the investigation of relationships that may exist between two or more variables, especially in a
realistic setting (McMillian & Schumacher, 2001). A basic approach was used to determine the relationship between
SMEs performance as a dependent variable whereas internal control, risk management and fraud as independent
variables. The relationship between past fraud experience and level of owners concern and fraud preventive
measures to be taken by owners of SMEs to prevent fraudulent activities in their business also stated in the
theoretical framework in Figure 1 below. If the data suggests that there is sufficient evidence to reject the
hypothesis, then it cannot be deduced that SMEs performances do have a significant influence to internal control,
risk management and fraud.
482

Independent Variables
Internal Control
H1
Dependent Variable
H2
SMEs Performance
Risk Management
Fraud
H3a
Owners Concern
H3b
Fraud Preventive
Measures
Figure 1: Theoretical Framework
Apart from that, the following hypotheses has been developed to test the statically results.
H1: There is a significant positive relationship between internal control and SMEs performance.
H2: There is a significant positive relationship between enterprise risk management and SMEs performance.
H3a: A high frequency of common fraudulent activities occurred in the past will lead to the high level of owners
concern on those fraudulent activities.
H3b: A high level of owners concern on common fraudulent activities will lead to the high preventive actions to be
taken by the owners.
There are several expected outcomes could be obtained from this study. The first possible outcome could be to
prove that there is significant positive relationship between internal control and SMEs performance. This means
that, good internal control will lead to high SMEs performance. In addition, significant positive relationship between
enterprise risk management and SMEs performance could also be expected. An efficient risk management will lead
to good SMEs performance. It is expected that, a high frequency of common fraudulent activities occurred in the
past will lead to high level of owners concern on it. Thus, high level of owners concern on common fraudulent
activities will lead to high preventive actions to be taken by the owners.
5. Research Method
This study adopts positivism survey approach. This preliminary study was conducted with the cooperation and
support from the selected respondent. A support letter was issued by the SMECorp Malaysia. This was to encourage
the respondents to participate in this study. In distributing the questionnaires to the respondents, an official cover
letter issued by the researcher and the support letter from the SMECorp Malaysia were attached.
483

5.1 Survey Instrument

The study used a questionnaire as a tool to obtain feedbacks from respondents. Items measuring these activities
were largely derived from Kuratko (2000) and Che Haat (2001).The questionnaire is divided into some sections. In
the first section, questions on demographic information such as gender, business age and number of employees
could be asked to get detail basic information of their businesses. The next section could be on internal controls
activities that are suggested to be in place in small and medium enterprises (see appendix 1). The purpose of this
section is to identify types of internal control that have been implemented by the respondents.
A specific section could be provided for enterprise risk management actions normally taken by owners of small
business to reduce or to minimise the risk that may occur to their businesses (see appendix 2). Apart from that, the
following section will contain items on SMEs performance measurements (see appendix 3). The next part involves
with common fraudulent activities by employees in small and medium enterprises and the purpose of this section to
indicate the level of owners concern on the type of fraudulent activities that occurred within their businesses (see
appendix 4). Another section will deal with the best preventive actions taken by owners of SMEs that could prevent
fraudulent activities within their business organisations. Lastly, a section contains an open-ended question that
requires respondents suggestions on the crime preventive measures for small businesses.
5.2 Data Collection
The survey instrument was made available to the participant through personally administered on December 2011
and its focus on small businesses that related with manufacturing activities. According to Morley and Scott (2010),
the most common fraud in SMEs is theft of inventory and cash. Therefore, this sector of the business is more
vulnerable to fraud and is expose to risk if the inventory is not managed properly. In addition, this sector of business
is also involved more on cash transactions. The respondent companies for the related sector have been selected
from the database of Small and Medium Enterprises Corporation (SMECorp). The small business profile obtained
mainly from the SMEcorp website (http://www.smecorp.gov.my). This database provides a complete list of SMEs
companies according to sectors. The headquarters of SMECorp is contacted to get the official address for the
selected SMEs companies. This present research is a preliminary study, which covers developing and to some extent,
testing the draft of the research instrument, as well as presenting and analyzing the result of content validity, test of
reliability and construct validity. A total number of 62 questionnaires were personally administered in the city of
Kuantan and Kuala Terengganu, state of Pahang and Terengganu respectively on East Coast Region, Malaysia.
5.3 Data Analysis Procedure
The Statistical Package for the Social Sciences (SPSS) version 18.0 was used in assisting the statistical technique for
the analysis in this preliminary study. Internal control, enterprise risk management and fraud are the predictors.
SMEs performance is identified as the observed variable, which has eight dimensions; increase in profitability,
improvement in sales revenue, growth of sales, overall improvement in performance relative to competitors, return
on investment, improvement in recruitment level, growth in market share and reputation. In testing the
measurement instrument reliability, this study used Cronbach Alpha, including the Item Point Biserial (corrected
item-total correlation) measure. In examining the factor analysis, a minimum of five subjects per variable were
required (Sheridan et al., 2006). In this study, there were five variables and a minimum number of 57 subjects
484

required for the factor analysis. As for the construct validity test, the Principal Component Analysis was applied,
which includes Kaiser-Meyer-Olkin (KMO) that requires a valid value of greater than 0.60. Bartlett test, with a high
chi-square and a significant value, was also applied in this preliminary study.
6. Results and Discussion
6.1 Sample Characteristics
Cumulative
Descriptive Items
Frequency
Percent
Valid Percent
Percent
Male
Female
33
29
53.2
46.8
53.2
46.8
53.2
100
Total
62
100
100
Age
25 or under
12
19.4
19.4
19.4
26-35
19
30.6
30.6
50
36-45
46-55
15
12
24.2
19.4
24.2
19.4
74.2
93.5
56 or older
6.5
6.5
100
Total
62
100
100
5 or under
6-10
11-20
20
20
16
32.3
32.3
25.8
32.3
32.3
25.8
32.3
64.5
90.3
21 or older
9.7
9.7
100
Total
62
100
100
Age Upon Founding Business

25 or under
32
51.6
51.6
51.6
26-35
24
38.7
38.7
90.3
36-45
6.5
6.5
96.8
46-55
1.6
1.6
98.4
56 or older
Total
1
62
1.6
100
1.6
100
100
Founder
Family Business
20
27
32.3
43.5
32.3
43.5
32.3
75.8
Married Into
11.3
11.3
87.1
Gender
Business Age
Business Associated
485

Bought Firm
6.5
6.5
93.5
Other
6.5
6.5
100
Total
62
100
100
Years in Business
5 or less
6-10
23
27
37.1
43.5
37.1
43.5
37.1
80.6
11 or more
12
19.4
19.4
100
Total
62
100
100
10 or less
11-25
18
23
29
37.1
29
37.1
29
66.1
26-50
19
30.6
30.6
96.8
51 or more
Total
2
62
3.2
100
3.2
100
100
SRP/PMR/LCE
SPM/MCE
4
15
6.5
24.2
6.5
24.2
6.5
30.6
Diploma/STPM
19
30.6
30.6
61.3
First Degree
Master Degree
23
1
37.1
1.6
37.1
1.6
98.4
100
Total
62
100
100
Annual Profit
Less than RM100,000
24
38.7
38.7
38.7
RM101,000-RM500,000
33
53.2
53.2
91.9
RM501,000-RM1 million
RM2 million or more
4
1
6.5
1.6
6.5
1.6
98.4
100
Total
62
100
100
Number of Employees
Educational Background
Table 3: Descriptive Statistics

Base on Table 3, it was found that 33 (53.2%) were males and 29 (46.8%) were females. The age of respondents
ranged from 25 to 56 years old, with an average of 36 years. While, the age of their business ranged from 5 to 21
years old, with an average of 6 years. However, 20 (32.3%) of them associated in business as a founder, 27(43.5%)
associated in family business, 7 (11.3%) married into, 4 (6.5%) bought firm and remain 4 (6.5 %) as other. It is
showed that, most of them are associated in family business. The number of employees ranged from 10 to 51, with
an average of 25 employees. Based on the respondents level of education, majority of the respondent (23 or 37.1%)
were university graduates, 19 (30.6%) were Diploma/ Malaysian Highest School Certificate (Sijil Tinggi Persekolahan
Malaysia) holder. 15 (24.2%) of them acquired the Malaysian Certificate of Education (Sijil Pelajaran Malaysia). The
remaining 5 respondents were possessed with Master Degree 1(1.6%) and Lower Secondary Evaluation (Penilaian
486

Menengah Rendah) 4 (6.5%) respectively. The annual profit of their business ranged from RM100, 000 to RM2
million, with an average of RM200, 000.
6.2 Reliability and Construct Validity
Prior to research variable measurement, the draft of measurement instrument was evaluated for content validity.
To provide content validity, the questionnaire was revived and pre-tested, requesting the advice and
recommendation from the experts. A few lecturers from the accounting field from two public universities in east
coast Malaysia were requested to participate for the validity content. Any comments were used to improve the
wording and flow of the terms in the questionnaire.
The proposed theoretical framework consist of three predictors (internal control, risk management and fraud
whereas sub-divided to fraud experience and owners concern) and a dependent variable (SMEs performance
measurement). The results of reliability and validity testing are presented accordingly in the Table 4 below.
No
Variables
Items
Item
KMO
Loading
Bartlett Test
Chi-
Signs.
Square (X)
1
Cronbach
Details
Current
Study
Internal Control
(Internal control on
IC1
0.820
cash and accounting
IC2
0.710
deleted from the
records)
IC3
0.709
total of 21 items.
IC4
0.679
Balance items are
IC5
0.671
valid & reliable.
IC6
0.657
IC7
0.626
IC8
0.556
(Internal control on
IC9
0.749
staff time records and
IC10
0.746
ICT)
IC11
0.738
IC12
0.698
IC13
0.673
IC14
0.604
IC15
0.594
RM1
0.927
RM2
0.910
RM3
0.906
Risk Management
0.795
0.896
761.146
569.474
0.000
0.000
0.875
0.894
6 items has been
All items are

valid & reliable.
487

RM4
0.889
RM5
0.849
RM6
0.832
RM7
0.829
RM8
0.811
RM9
0.798
Performance
PM1
0.891
Measurement
PM2
0.873
PM3
0.864
PM4
0.831
PM5
0.825
PM6
0.774
PM7
0.760
PM8
0.671
FE1
0.872
FE2
0.814
FE3
FE4
0.814
0.648
FE5
0.621
(Internal Fraud)
FE6
0.856
FE7
0.564
(Other)
FE8
0.653
FE9
0.838
OC1
0.886
OC2
0.868
OC3
0.606
OC4
0.538
OC5
0.852
OC6
0.815
OC7
0.544
OC8
0.886
OC9
0.600
393.158
0.000
0.928
All items are

valid & reliable.
Fraud Experiences
(External Fraud)
0.867
0.617
228.347
0.000
0.785
All items are

valid & reliable.
Owners' Concern on
Fraud Experiences
(Internal Concern)
(External Concern)
(Other)
0.720
205.354
0.000
Table 4: Results of Reliability and Construct Validity
0.827
All items are

valid & reliable
488

The results of reliability test showed that the Cronbach Alpha value of this study ranged between 0.785 and 0.928.
Nunnally (1978) suggest that. it is acceptable if the minimum level of internal consistency reliability value is 0.7 for
preliminary research, 0.8 for basic research and 0.9 for applied research. Thus, with the Cronbach Alpha scores for
all variables were above 0.70 for this preliminary study, this mean that the scores were acceptable to further run for
a more robust analysis. As for the loading factor, all items had high loading in their construct validity values expect
for item eight and fifteen in internal control variable. The items are about the cheques received made payable to the
organization and need for password security reinforced to organisation staff. Castello and Osborne (2005) stated
that items with factor loading of more than 0.40 can be retained since this would likely increase the reliability of the
scale. Therefore it will be retained in this preliminary study. Results of other items in each variable indicate that the
loading items were convergent towards their component. Notably, Bartlett test of sphericity and the Kaiser-MeyerOlkin (KMO) are both test that can be used to determine the factorability of the matrix as a whole. In this
preliminary study, all variables for the Bartlett test of sphericity were large and significant. In addition, the KaiserMeyer-Olkin measure of sampling adequacy was far greater than 0.60. Referring to the analysis results indicated
above, all items in each individual predictor were valid and reliable for this preliminary study.
7. Conclusion
This preliminary study examines the reliability validity of the research instrument for internal control, risk
management and fraud prevention measures on SMEs. Overall, the results suggest that the behavioural model,
although a reduced version, was able to provide a reasonable explanation of the instrument developed for
acceptance and satisfaction in the study. It has shown that all the items were reliable, which were indicated by
Cronbach Alpha value between 0.785 and 0.984. The construct validity with Kaiser-Meyer-Olkin and Bartlett tests
was convergent and valid accordingly. The study framework involves four variables; internal control, risk
management, fraud (fraud experience and owners concern) and performance measurement. From the present
preliminary study analysis, the study will adopt all items in the variables for further empirical research.
Internal control, enterprise risk management and fraud prevention measures play a vital role and could have
influence on SMEs performance. SMEs much more vulnerable to fraud by employees because it is considered as a
small scale of businesses where the owners invested only small amount of capital. Government, regulators, policymakers, academicians, and other stakeholders should be aware that SMEs are considered as the backbone of
industrial development in Malaysian economy and should be more concerned towards the future growth and its
contribution to the whole economy.
There are several expected outcomes could be obtained from this study in further research. The first possible
outcome could be to prove that there is significant positive relationship between internal control and SMEs
performance. This means that, good internal control will lead to high SMEs performance. In addition, significant
positive relationship between enterprise risk management and SMEs performance could also be expected. An
efficient risk management will lead to good SMEs performance. It is expected that, a high frequency of common
fraudulent activities occurred in the past will lead to high level of owners concern on it. Thus, high level of owners
concern on common fraudulent activities will lead to high preventive actions to be taken by the owners.
489

Acknowledgements
Greatly indebted to Ministry of Higher Education for giving a research grant under Fundamental Research Grants
Scheme (FRGS) enabling a research on internal control, risk management and fraud prevention measures to be
conducted at UMT. Special thanks to Dr. Zalailah Salleh, Dr. Mohd Zulkifli Mokhtar and other for giving their
comments and ideas to improve this study.
References
Adams, G. W. (2006). A Theoretical Comparison of the Models of Prevention of Research Misconduct. Accountability
in Research: Policies and Quality Assurance, pp. 51 66.
Bologna, G.J. and Lindquist, R.J. (1987). Fraud Auditing and Forensic Accounting: New Tools and Techniques, John
Wiley & Sons, pp. 5-90.
Castello, A.B., & J.W. Osborne (2005), Best practices in exploratory factor analysis: Four recommendations for
getting the most from your analysis, Practical Assessment, Research & Evaluation, pp.1-9.
Che Haat, M. H. (2001). Petty Crime and Small Business in The Klang Valley : An Exploratory Study of Cost and
Prevention Issues.
Corbitt, T. (1998). Detecting Computer Fraud, African Business.
Coutorie, L. E. (1995). The Future of High Technology Crime: A Parallel Delphi Study, Journal of Criminal Justice,
pp. 13-27.
Henkel, H.V. (1991). For The Purpose Of Impairing, Obstructing or Defeating the Lawful Function of Any
Government Department 216, pp. 462-479.
Johnnson, P. (1999). Preventing Fraud, Accountancy Ireland, Dublin.
Jubb, C.(2008). Assurance & Auditing Concepts for a Changing Environment, Thomson South-Western.
Kumar, R., & Sharma, V. (2005). Auditing Principles and Practice, Prentice-Hall of India Private Limited.
Kuratko, D. F.(2000). Crime and Small Business: An Exploratory Study of Cost and Prevention Issues in US Firms,
Journal of Small Business Management.
Leung, P., Coram, P. & Copper, B. J. (2007). Modern Auditing & Assurance Services, Wiley John Wiley & Sons, Inc.
McMillian, J. & Schumacher, S. (2001). Research in education: A conceptual introduction. Longman.
Megginson, W.L. (1997). Small Business Management. The McGraw-Hill.
Messier, W.F. & Boh. M. (2002). Auditing and Assurance in Malaysia, McGraw-Hill.
Mohd. Khairuddin Hashim. (1999). Working Paper in Rural Small and Medium Scale Industries in the Global Era:
Critical Success Factors for SMEs in Malaysia: A Strategic Perpective. Malaysia.
Mohd. Khairuddin Hashim & Mat Saad Abdullah (1999). Working Paper in International Conference on Small and
Medium Enterprises at New Crossroad: Challenges and Prospects. Malaysia.
Moore, C.W. (2008). Risk Management, Integrated For Small Business, Wiley John Wiley & Sons, Inc.
Moore, C.W.(2008), Managing Small Business, an Entrepreneurial Emphasis, South-Western Cengage Learning.
Morley & Scott. (2010), Fraud Hits Small Firms, http://www.fraudadvisorypanel.org.
Nunnaly, J.C. (1978). Psychometric Theory, McGraw-Hill.
Saleh, A. S. and Ndubisi, N. O. (2006). Small & Medium Enterprises (SMEs): Malaysian & Global Perspectives,
Pearson Prentice Hall.
Slade, P. & Gadenne, D. (2000). Factors Associated With Small Business Burglary, International Small Business
Journal.
490

Smith,E.S. (1997). Franchising As a Small Business Growth Strategy: A Resource Based View of Organisational
Development, International Small Business Journal.
Sheridan, J. C., Steed, L., & Dzidic, P. (2006). SPSS version 13.0 for Windows Analysis without Anguish. Melbourne:
John Wiley & Sons.
Taylor, R.R, and OPrien K. (1998), Preventing Employee Theft: A Behavioral Approach, Business Perspective,
Memphis.
Wells, J.T. (2001), Why Employees Commit Fraud, Journal of Accountancy.
Welton, R.E. & Davis, J.R. (1993). Understanding Ethics Development and Employee Behavior, Internal Auditing,
Winter.
Author Bibliography
Correspondent Author
Jaya Kumar Shanmugam is currently engaged as a M.Sc. Accounting student, registered with Department of
Accounting and Finance, Faculty of Economics and Management, Universiti Malaysia Terengganu. He has completed
his Bachelor in Accounting (Hons.) from Universiti Malaysia Terengganu in 2010.
491

Appendix 1
Measurement Items for Internal Control
No
Question
IC1
IC2
IC3
IC4
IC5
IC6
IC8
Are current job descriptions on file for each employee in the organization.
Are the cheques received made payable to the name of the organization.
Is the mail opened by someone independent of the accounting function.
When the mail is opened, is an independent listing prepared of all cheques received.
Are deposits made daily.
Are deposits made by someone independent of the accounting and cashiering functions.
Are petty cash funds kept in secure storage.
IC9
Is responsibility for each petty cash fund assigned to a specific responsible individual.
Are these individuals independent of employees who handle cash receipts and accounting
records.
Is there a prohibition against petty cash disbursements over a specified amounts.
Are surprise cash counts of organisation petty cash and change funds performed on a regular,
random, and unannounced basis.
Are the authorisation, processing, check signing, recording and clearly segregated.
Have ringgit limits been established for one signature cheques.
Are all staff time records reviewed and authorized by an appropriate senior official.
Are copies of timekeeping records retained on file.
Are reported overtime hours verified for reasonableness and proper pre-approval.
Are labor distribution and vacation/sick accrual reports reviewed for reasonableness each pay
period by a senior official.
Is the need for password security reinforced to organization staff.
Are computer applications logged-off when the user is away from the terminal or PC.
Are all staff members required to take one full week of continuous vacation time annually,
IC10
IC11
IC12
IC13
IC14
IC15
IC16
IC17
IC18
IC19
IC20
IC21
492

Appendix 2
Measurement Items for Risk Management
No
Question
RM1
RM2
RM3
RM4
RM5
RM6
RM7
RM8
Risk management strategy (ies) taken in our business are sufficient (such as insurance coverage).
A unit/ management team is needed to deal with risk management.
A person should be is responsible for businesses risk management strategy in this organizations.
The responsible person should deal with any complaints arise from the staff.
A complaint should be registered in file.
An audit process should be routinely carried out.
New members / staff are provided with some trainings and orientation programmes.
Staff progress must be regularly assessed.
Procedures of handling hazardous events including fire, accident and inappropriate physical
access must clearly be disseminated to all staff.
RM9
493

Appendix 3
Measurement Items for Fraud Experience and Owners Concern
No
PM1
PM2
PM3
PM4
PM5
PM6
PM7
PM8
Question
Retain Profitable
Sales
Sales Growth
Cost Saving
Return on Investment
Return on Assets
Market Share
Reputation
494

Appendix 4
No
FE/OC1
FE/OC2
FE/OC3
FE/OC4
FE/OC5
FE/OC6
FE/OC7
FE/OC8
FE/OC9
Question
Burglary/ Robbery
Cheque Deception
Credit Card Fraud
Misappropriation of Entrusted Property
Employee Monetary Theft (cash and cash equilvalent)
Employee Merchandise Theft (Inventory)
Shoplifting
Disclosures of Trade Secrets
Vandalism

034 168 3rdICBER2012 Proceeding PG0475 0494

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

034 168 3rdICBER2012 Proceeding PG0475 0494

Hochgeladen von

Copyright:

Verfügbare Formate

475

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

INTERNAL CONTROL, RISK MANAGEMENT AND FRAUD PREVENTION MEASURES ON

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

Source: Census of Establishment and Enterprises, 2005 by Department of Statistics, Malaysia

Table 1: Number of Establishment of SMEs

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

Services, primary agriculture Sales turnover of less

Sales turnover between RM 1

Table 2: Definition of SMEs in Malaysia

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

3.5 Business Crime Prevention

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

Figure 1: Theoretical Framework

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

5.1 Survey Instrument

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

Age Upon Founding Business

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

Table 3: Descriptive Statistics

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

cash and accounting

deleted from the

Balance items are

valid & reliable.

staff time records and

6 items has been

All items are

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

All items are

All items are

Table 4: Results of Reliability and Construct Validity

All items are

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

3rd INTERNATIONAL CONFERENCE ON BUSINESS AND ECONOMIC

Das könnte Ihnen auch gefallen