Abstract
Purpose
This paper investigates the relationship between risk management practices and potential fraudulent financial reporting in Malaysia by considering recent regulatory reforms of the Malaysian government on risk management practices.
Design/methodology/approach
The sample of this study was based on 257 firm-year observations during the 2012–2017 period. This study employed panel-least square regressions with period fixed effects.
Findings
This study found a significant association between risk management activities in the disclosure and potential fraudulent financial reporting. Nevertheless, this study found there is insignificant effect of the risk-management committee in reducing potential of fraudulent financial reporting.
Originality/value
This study is a pioneer research that relates firms’ risk management practices with potential fraudulent financial reporting measured by F-score. Thus, this study provides an insight to regulators on the extent of risk-management practices in deterring potential fraudulent financial reporting which can be used as an input for greater enforcement of risk-management regulations.
Keywords
Citation
Madah Marzuki, M., Nik Abdul Majid, W.Z., Abu Bakar, H., Abdul Wahab, E.A. and Mohd Sanusi, Z. (2024), "Risk Management practices and potential fraudulent financial reporting: evidence from Malaysia", Asian Journal of Accounting Research, Vol. 9 No. 2, pp. 116-126. https://doi.org/10.1108/AJAR-01-2022-0017
Publisher
:Emerald Publishing Limited
Copyright © 2024, Marziana Madah Marzuki, Wan Zurina Nik Abdul Majid, Hatinah Abu Bakar, Effiezal Aswadi Abdul Wahab and Zuraidah Mohd Sanusi
License
Published in Asian Journal of Accounting Research. Published by Emerald Publishing Limited. This article is published under the Creative Commons Attribution (CC BY 4.0) licence. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and non-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this licence may be seen at http://creativecommons.org/licences/by/4.0/legalcode
1. Introduction
Discussion on fraud receives a high level of attention from regulators, auditors and the public due to the increase in corporate failures. Most fraud cases occur within organizations rather than in external dealings. Contrary to popular beliefs, 68% of fraud cases occur within organizations by employers and employees, with the rest occurring externally by those in the value chain (KPMG Malaysia's Fraud, Bribery and Corruption Survey, 2014). Fraud consists of three main types which are asset misappropriation, corruption and financial statement fraud (ACFE, 2018). From those three, ACFE (2018) reports that financial statement fraud is the most serious problem for all types of organizations. Among those three, it was reported that financial statement fraud is the least common form of fraud. Despite of that, the type of fraud results in the highest median loss for companies (ACFE, 2020; ACFE, 2022). Fraudulent financial reporting is the intentional misrepresentation of a firm’s financial statements with the aim of giving investors a mistaken impression about the firm’s operating performance and profitability.
The significant impact of fraudulent financial reporting as one type of fraud has led to congressional questions on the role of risk management. For example, the Statement of Auditing Standards (SAS) No. 99 was announced by the American Institute of Certified Public Accountants (AICPA) in October 2002 to curb the weaknesses in fraud detection and thus highlight the importance of assessing fraud risk factors in organization. Iyer and Samociuk (2016) stress that due to exposure of companies to diverse kinds of risks, firms should implement fraud defense strategies which can be achieved through systematic risk management. In Malaysia, a new Malaysian Code on Corporate Governance (MCCG) 2017 was released by the Securities Commission Malaysia to highlight the importance of risk management. The new code took effect on April 26, 2017, replacing the earlier MCCG 2012 code. The new MCCG 2017 introduced several substantial changes and recommendations to raise the standards of corporate governance of firms in Malaysia. Among the recommendations is establishing Risk Management Committee (RMC), which comprises a majority of independent directors to oversee a firm’s risk management framework and policies, and its implementation. As for MCCG 2012, the code recommended firms to establish a clear framework on risk management. Bursa Malaysia has also introduced the Guidelines for Risk Management and Internal Control which is known as The Statement on Risk Management and Internal Control: Guidelines for Directors of Listed Issuers (Guidelines). This statement was published on 31 December, 2012 with the purpose to assist firm directors in preparing appropriate disclosure on risk management and internal control aspects in a firm’s annual report.
Nevertheless, while regulators are concerned with the implementation of risk management practices, studies showed that risk management practices are still lacking (Ishak and Mohamad Nor, 2017). Many studies were done to relate risk management practices with cash flow volatility (Lobo et al., 2019), value creation (Dilling and Harris, 2018), financial crisis (Gonidakis et al., 2020), auditing (Johnstone and Bedard, 2003; White et al., 2020) and taxation (Doyle et al., 2009). Even though extensive studies have been done, there is less evidence on the ability of risk management in deterring fraud. Previous studies have investigated the role of risk management in reducing earnings management (Johnston and Soileau, 2020; Choi et al., 2015; Krishnan et al., 2013). No studies have yet been done to investigate the effect of risk management using financial misstatement prediction method such as F-score. According to Aghghaleh et al. (2016), Dechow financial misstatement prediction model outperforms other models such as Beneish M-score in predicting fraud accurately. They conclude that this model fits more to Malaysian financial statement fraud cases.
Therefore, the objective of this study is to investigate the extent of risk management practices among public-listed firms in Malaysia since the framework for risk management was introduced in 2012 till the new amendment of MCCG 2017. For this purpose, we used risk management activities disclosure together with the establishment of risk management committee in measuring risk management practices. Even though the practices is on general risks, we believe that this study will provide an initial evidence on the role of risk management practices in mitigating potential fraudulent financial reporting.
Malaysia provides a unique institutional setting to be studied as fraud cases keep on increasing despite the introduction of risk management practices. According to a survey report by PricewaterhouseCoopers (PwC) (2018), the number of Malaysian organizations’ fraud victims that reported losses exceeding US$1m had increased by 9% as the percentage showed 22% during the year 2018 compared to 13% in the year 2016. PwC’s report in (2020) also indicated that the incident of fraud in Malaysia remains high with almost half of their survey respondents being a victim of fraud. The report reveals that in 2020, Malaysia was ranked the fifth highest in the count of fraud in the Asia Pacific region and surprisingly, the percentage increased in 2022 which makes Malaysia ranked third with the highest count of fraud in Asia Pacific region (PwC, 2022). The report highlighted that the incident of fraud in Malaysia is 41% in the year 2018 and increased to 54% in 2021. This is worrying enough as other Southeast Asian countries showed a decrease in the level of fraud (from 40% to 29%) between 2020 and 2022. In addition, Malaysia provides an appealing institutional setting which can be characterized as family connected (Abdul Rahman and Mohamed Ali, 2006), rich people connected (Sriram et al., 2021) and politically connected (Sun et al., 2012) which may influence the less enforcement of regulations in this country. This setting may influence fraud risks differently. According to Ishak and Mohamad Nor (2017), while regulators are concerned on firms' risk management disclosure and practices, studies show that corporate governance disclosure, especially on risk reporting among firms, is still lacking (Ishak and Mohamad Nor, 2017). A study done by Bursa Malaysia indicated that although the quality of disclosure has increased, many firms keep publishing general disclosures in the Statement of Risk Management and Internal Control (The Star, 2016).
Our findings show that risk management practices in terms of risk activities disclosure can significantly reduce the likelihood of fraud. Nevertheless, the result for the risk management committee is insignificant. The result also indicates that family firms are more protective of the firms’ value, thus reducing the likelihood of fraud. In addition, the result shows that having a more independent board can also reduce the possibility of fraud in the firms.
The paper is organized as follows. Section 2 describes the requirement of risk management practices. Section 3 explains the literature review and hypotheses development of this study followed by the research methodology in Section 4. We present the result of the study in Section 5 and conclude its implications in the last section of the paper.
2. Literature review and hypotheses development
Due to some very notorious fraud cases and international scandals such as the Enron case, WorldCom and Lehman Brothers, organizations, in general, are facing legal requirements by the authorities and regulators that demand the implementation of increasingly more sophisticated risk management practices. Moreover, as technology helps organizations to be more efficient, it has also exposed them to different sorts of new significant threats. Thus, the practice of risk management process and the establishment of RMC are important to mitigate threats to firms before they actually happen.
Risk management is the key element in making stakeholders’ investment decisions (Nahar et al., 2016). According to agency theory, larger firms need to disclose more information to different users to reduce costs and mitigate the risk of information asymmetries (Watts and Zimmerman, 1983; Inchausti, 1997) [1]. Kaiser (1999) demonstrated that agency theory also focuses on the ways principals try to mitigate the problem by selecting certain types of monitoring action formed by using various amounts and types of positive and negative sanctions. One of them is through the establishment of a risk management process. Thus, by having a systematic process, managers and directors have implicit obligations to ensure that firms run smoothly to meet shareholders’ interests.
Brealey and Myers (2002) and Block and Hirt (2000) agreed that shareholders' wealth maximization should be the overall goal of every corporate entity. Based on the agency theory, risk management implemented by the management as an agent to shareholders can help shareholders to achieve its business objectives and, ultimately, maximize their firms’ value (Bowen et al., 2006). Allayannis and Weston (2001) suggested that active risk management practices contribute to shareholders' value. Risk management adds value to individual firms and supports overall economic growth by lowering the cost of capital and reducing uncertainties in commercial activities. Shenkir and Walker (2006) stated that according to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the widely-used Enterprise Risk Management (ERM) model requires executive management commitment for its rigorous implementation. It is suggested that firms’ key executives should be eager to commit to ERM because they are ultimately responsible for the overall protection, creation and enhancement of shareholders' value.
Due to the role of risk management, it has been investigated to relate it with fraud particularly financial reporting fraud. Jaswadi et al. (2022) investigated cases of fraudulent financial statements that have occurred in Indonesia and found that publication of fraud cases is limited since the introduction of risk-based supervision. The study highlighted how risk-based supervision can mitigate the occurrence of fraud cases. Brazel et al. (2015) highlighted that investors who emphasize the importance of fraud risk assessment to avoid fraud red flags can avoid fraudulent investments. Leech and Leech (2011) stressed that the Sarbanes–Oxley Section 404 calls for opinions from CEOs, CFOs and external auditors of US listed companies on control effectiveness over financial reporting which has almost certainly proven to be the costliest regulatory intervention. Thus, they recommended that US Congress enacts an amendment to Section 404 that requires the opinions of CEO, CFO and external auditor on the “effectiveness of risk management processes” instead of “control effectiveness”. This is because a risk management process that requires a true risk-based approach would allocate resources to the most statistically probable root causes of materially wrong financial statements which can lead to fraud cases.
According to Ko et al. (2019), an institution like a bank may incur significant losses as a result of increased operational risk. Therefore, to avoid losses, the banks may manipulate accounting data to make their performance more outstanding. Given that fraudulent acts are often hidden and rarely made public, firms need to manage their operational risks, which include the process of identification, assessment, analysis, monitoring and control of operational risks with good sound of corporate governance. Meanwhile, Novatiani et al. (2022) highlighted that the establishment of risk management committee (RMC) provides oversight role of organization’s risk management strategies, policies and processes which can serve as an important governance support mechanism. Their result found that risk management can prevent false financial reporting as good risk management creates innovation, embeds courage to take risks and inculcates attention to detail.
Rahman and Al-Dhaimesh (2018) investigated the impact of risk management based on COSO (Committee of Sponsoring Organizations of the Treadway Commission) framework which consists of five components of internal controls in bank in Damascus, Jordan and their result revealed that risk management can reduce internal control risks and hence reduce fraudulent financial reporting. Based on their study, among the components of risk management that significantly affect fraudulent financial reporting are internal environment variable, events identification, risk assessment, response variable and control activities. Their result found that monitoring, communication and information system variables have no effect in reducing the fraudulent financial reporting in Damascus, Jordan.
Generally, previous literature has indicated that due to operational risks, firms are exposed to losses and hence are more exposed to the possibility of manipulating data in financial statements to show good performance. As such, having risk management practices can help to reduce operational risks and the potential of fraudulent financial reporting. Thus, we hypothesize that:
There is a negative relationship between risk management practices and potential fraudulent financial statement.
3. Research methodology
3.1 Sample selection
Our sample consisted of all Malaysian firms that were listed in the main board of Bursa Malaysia from 2012 to 2017 which consisted of 667 firms. Thus, the sample included 4,002 firm-year observations over the period of 2012–2017. We started with the year 2012 since during that year, the MCCG recommended firms to establish a clear framework on risk management. We excluded 2,838 observations due to missing data in calculating F-score as our dependent variable. We also excluded 89 observations due to non-disclosure of risk management (the companies do not disclose anything about risk management) and 361 observations due to non-disclosure of risk management committees. Finally, we excluded 163 and 294 observations due to missing data of control variables and outliers, respectively, which yielded a final sample of 257 observations. Even though the exclusion of these non-disclosures and missing data led to small sample size, the exclusion is important in order to allow the investigation to capture unique characteristics of firms that have high probability of fraudulent financial reporting with the same firm and corporate governance characteristics. The distribution of observations is presented in Table 1 (available online at: https://docs.google.com/document/d/1ZffaPyczpuurWJqCNYRhLp2WdYDnE2K1?rtpof=true&authuser=marzianamarzuki%40gmail.com&usp=drive_fs).
3.2 Data collection and variable measurements
3.2.1 Dependent variable
This study’s dependent variable is potential fraudulent financial reporting model as measured by Dechow F-Score and developed by Dechow et al. (2011). Dechow et al.’s (2011) model is a fraud risk assessment tool used to generate an output known as “F-score” which indicates the possibility of fraudulent financial reporting. The details of F-Score model are outlined in Appendix 1 (available online at: https://docs.google.com/document/d/1ZffaPyczpuurWJqCNYRhLp2WdYDnE2K1?rtpof=true&authuser=marzianamarzuki%40gmail.com&usp=drive_fs).
3.2.2 Independent variable
Since MCCG 2012 requires firms to disclose risk management framework which is usually described as risk activities and MCCG 2017 requires firms to establish risk management committee, we use both risk management activities disclosure and risk management committees to be a proxy for risk management practices among the listed firms in Malaysia. The use of these two applications of MCCG 2012; 2017 is able to highlight whether risk management practices are significant in reducing the likelihood of fraud.
Following Abdullah et al. (2017), risk management activities are measured by using dummy variable 1 if firms conduct risk management activities such as conduct risk meeting, risk identification and risk assessment as well as risk monitoring, and 0 if otherwise. We also used dummy variables for risk management committee by using dummy variable 1 if firms establish RMC to assist their risk operation and activities, and 0 if otherwise. All the data are hand-collected from firms' annual reports from the years 2012–2017.
To produce a robust model for this study, we used several control variables which included board of directors’ structure, financial and institutional variables that are related to Malaysian political-economic setting. The inclusion of control variables is made to provide a more robust result by taking into account the factors that might influence potential fraudulent financial reporting other than risk management. Table 2 (available online at: https://docs.google.com/document/d/1ZffaPyczpuurWJqCNYRhLp2WdYDnE2K1?rtpof=true&authuser=marzianamarzuki%40gmail.com&usp=drive_fs) provides operational definition of the variables used in this study.
3.3 Empirical model and data analysis
In order to test the relationship between potential of fraudulent financial reporting and risk management practices, we used the following model:
The data were analyzed using panel data analysis. Considering the cross-sectional time series effects, panel data analysis is a more appropriate method than pooled ordinary least squares (OLS), which ignores the panel structure of the data and treats observations as being serially uncorrelated for a given firm, with homoscedastic errors across firms and time periods.
4. Empirical findings
4.1 Descriptive analysis and correlation analysis
Table 3 (available online at: https://docs.google.com/document/d/1ZffaPyczpuurWJqCNYRhLp2WdYDnE2K1?rtpof=true&authuser=marzianamarzuki%40gmail.com&usp=drive_fs) presents descriptive statistics for the variables being used. Our analysis in Panel A reveals that 42.4% of our samples were involved in potential fraudulent financial reporting. About 96.9% of the firms implemented risk activities. Nevertheless, only 40.9% of the samples established risk management committee to operate their risk activities. The result highlighted that the percentage of firms which established risk management committee has increased as compared to the findings by Abdullah et al. (2017) as their finding indicated only 34.6% of Malaysian firms established risk management committee in 2011. A possible reason for having a lower risk management committee may be due to the reason that some firms allocate this function under the Audit Committee rather than establishing a separate risk management committee. Panel B of Table 3 tabulates the descriptive results for the control variables of board of directors' structures and expertise. The average board size among the sample was 8, and 50% of the board was mostly independent. In terms of expertise, 26.8% of the board was financially literate where most of them have accounting background while 73.2% had no accounting and finance background. Only 11.9% of the board in the samples were women directors which indicates that women representation on the board of directors in Malaysia is still low but below the 30% as required by the government. For financial indicator variables, the mean values (median) for leverage and revenue were 11.940 (12.055) and 13.396 (13.099). Meanwhile, the mean (median) for firm size was 13.770 (13.782). Panel D of Table 3 indicates that 28.8% of the samples were family-connected firms and 10.9% of the firms were politically-connected.
We also tabulated the correlation analysis for the variables used in this study. The result in Table 4 (available online at: https://docs.google.com/document/d/1ZffaPyczpuurWJqCNYRhLp2WdYDnE2K1?rtpof=true&authuser=marzianamarzuki%40gmail.com&usp=drive_fs) indicates that there is a negative and significant correlation between F_SCORE and FAMILY_CONN using both Pearson and Spearman correlation (−0.163, p < 0.001), which provided alignment effects that family-connected firms protect the firms’ value and thus reduce potential fraudulent financial reporting. Nevertheless, there is an insignificant relationship between F-SCORE and risk variables which is referred to as RISK_ACTIVITIES and RISK_COMM. The correlation between F_SCORE and other control variables is also insignificant. In terms of risk management practices, the result indicates that family firms have less risk activities and it is significant for both ordinary and Spearman correlations (−0.232, p < 0.001). A larger board and firm size have a larger risk management committee. A larger risk management committee consists of more non-accounting expertise, produces more revenue and at the same time, more leverage. The results are all significant when using both ordinary and Spearman correlations. Overall, the correlations between variables suggest that there is no serious multicollinearity issue. We also ran Variation Inflation Factor (VIF) to evaluate the problem of multicollinearity. The result of VIF indicated that all the values of the variables are below 10; indicating that multicollinearity is not likely a serious problem in this study.
4.2 Multivariate analysis
Table 5 (available online at: https://docs.google.com/document/d/1ZffaPyczpuurWJqCNYRhLp2WdYDnE2K1?rtpof=true&authuser=marzianamarzuki%40gmail.com&usp=drive_fs) reports the regression results for the effect of risk activities, risk management committee and control variables on F_SCOREit. We present models 1 to 4 to show the effect of each variable on the potential fraudulent financial reporting as measured by F_SCORE. The obtained p-value for likelihood ratio statistic (LR statistic) showed that the significance of model is less than 0.05. Therefore, the null hypothesis is rejected, and this shows the regression model is totally significant. The result for the LR statistic is robust and significant as we added more control variables. Our final model (model 4) indicated that there is a significant and negative relationship between RISK_ACTIVITIESit and F_SCOREit (−0.847, z = −1.739, p < 0.10). This finding supported the notion that risky activities can reduce potential fraudulent financial reporting. The result is consistent with the roles of firms’ risk management which are generally to protect, create and enhance shareholders’ value (KPMG, 2014). The activities of firms in managing risks help the firms to identify, assess and control risks; thus, assist the managers to gain a better understanding of firm processes (Johnsone and Soileau, 2020). As a result, firms can prevent any risks of financial misstatements and the possibility of fraud cases. Nevertheless, the result for the risk management committee is insignificant for this regression. We provide several possible reasons for the insignificant result. First, the result of descriptive statistics have shown that the establishment of risk management committee among Malaysian listed firms is still low. Second, the insignificant result highlights the insignificant role of risk management committee since some firms combine the role of risk management committee with audit committee. The result is consistent with the findings of Adedayo et al. (2019) which found that by having a chief risk officer or independent risk management committee alone cannot reduce discretionary accruals. For control variables, the result indicated that a highly independent board can reduce the potential of fraudulent financial reporting (−0.014, z = −1.932, p < 0.10). The result is consistent with the findings of Adedayo et al. (2019) which found that having a chief risk officer or independent risk management committee alone cannot reduce discretionary accruals. Consistent with the correlation and univariate analysis, the regression analysis result supported that there is a significant negative relationship between FAM_CONNit and F_SCOREit (−0.416, z = −1.968, p < 0.05). The finding provided support that family-connected firms have a lower likelihood of fraud, supporting the alignment effect of having family firms with the firms’ value. For financial indicators, the results of main regression found evidence that a larger firm size has a higher potential fraudulent financial reporting (0.236, z = 1.889, p < 0.10). In addition, having a larger revenue can reduce the tendency of firms to be involved in potential fraudulent financial reporting (−0.256, z = −2.306, p < 0.05).
4.3 Robustness test
Following Tarjo et al. (2023), we have also performed robustness test using the actual values of F-score for robustness test. The result of our ordinary least squares regression is consistent with our multivariate analysis which indicates there is significant negative relationship between potential fraudulent financial reporting and risk activities ((−0.317, z = −1.719, p < 0.10). Meanwhile, there is insignificant relationship between potential fraudulent financial reporting and risk management committee.
5. Conclusion
Based on a sample of 257 listed firms, we examined the association between risk management practices and potential fraudulent financial reporting in Malaysia. We focused on risk management practices due to recent regulatory reforms by the Malaysian government on the Guidelines for Risk Management and Internal Control. The reform was made by the government since the risk management system is promoted as a mechanism to help firms to proactively manage risk and perform monitoring in a continuous and conscious way to ensure that the strategic objectives are achieved. Despite the recent reforms made by the Malaysian government, research on the effect of firm’s risk management practices is relatively scarce. Thus, this study fills the gap.
Our findings indicate that risk management practices as measured by risk management activities in the disclosure can reduce the potential of fraudulent financial reporting. The result supports the role of risk management activities in managing firms’ risks, reducing firms’ operational risks such as losses and hence reducing the potential of fraudulent financial reporting. Nevertheless, the result indicates that having a risk management committee has an insignificant effect on the likelihood of fraud. The result may be due to the lower rate of firms that establishes risk management committees. The combination role of risk management committee with audit committee by some firms might also lessen the efficiency of risk management committee and thus have insignificant role in managing risks. Our results provide implications to regulators as to have severe enforcement on the implementation of systematic risk management system. In addition, the government should make it mandatory for the companies to establish risk management committee in separation with other committees. The establishment of this committee is important in order to have well-trained and well-versed committees in identifying and managing risk which at the end can mitigate unexpected events such as fraud.
Our result also supports that family firms face less potential fraudulent financial reporting due to the alignment effects of these firms in reducing Type I agency conflicts between owners and managers; thus, reducing managers' incentives to report accounting information that deviates from the underlying firm’s economic performance. The result for other control variables indicates that firms involved in potential fraudulent financial reporting are characterized as large firms and have less revenue. Furthermore, this study provides caution to regulators that having more accounting expertise can lead to potential fraudulent financial reporting as they might use their expertise to falsify accounting information.
This study has some limitations. First, the study was only limited to firms that have complete data to calculate F-score as the score requires a lot of financial variables to be included. We considered the possibility of selection bias as a potential limitation of using F-score as measurement of fraudulent financial reporting (FFR). F-score may reflect a specific type of FFR and if so, the measurements may not produce a representative sample of fraudulent financial reporting. Despite the limitation, previous study has shown its strength as the measurement of fraudulent financial reporting. Based on the recent study by Aghghaleh et al. (2016), their findings showed that both Beneish M-score and Dechow F-score are relevant in predicting fraudulent financial reporting. However, based on the comparison of their results, they indicated that Dechow F-score is more precise in predicting fraud in the financial statement. Second, this study only focused on the disclosure of risk management practices and the existence of risk management committee. It did not take into consideration the different characteristics of risk management committee such as its meetings, expertise, ethnicity and gender. Future research may extend the research by incorporating different characteristics of risk management committee and the level of risk disclosure in determining the effect of risk management.
Note
The theory is defined as a contractual relationship of two or more parties, in which one party, designated as the principal, engages another party, designated as the agent, to perform some forms of services on behalf of the principal (Ross, 1973; Jensen and Meckling, 1976). In return for his or her efforts, the agent is usually given some payment from the principal.
Declaration of conflicting interest: The Author(s) declare(s) that there is no conflict of interest.
Consent statement: All authors agree upon the presentation of the table in a repository link.
Note: Supplementary materials that are included in the article are available online.
References
Abdullah, M., Shukor, Z.A. and Rahmat, M.M. (2017), “The influences of risk management committee and audit committee towards voluntary risk management disclosure”, Jurnal Pengurusan, Vol. 50, pp. 83-95, doi: 10.17576/pengurusan-2017-50-08.
Abdul Rahman, R. and Mohamed Ali, F.H. (2006), “Board, audit committee, culture and earnings management: malaysian evidence”, Managerial Auditing Journal, Vol. 21 No. 7, pp. 783-804, doi: 10.1108/02686900610680549.
ACFE (Association of Certified Fraud Examiner) (2018), Report to the Nations 2018 Global Study on Occupational Fraud and Abuse, ACFE, available at: https://s3-us-west-2.amazonaws.com/acfepublic/2018-report-to-the-nations.pdf (accessed 16 April 2023).
ACFE (Association of Certified Fraud Examiner) (2022), Occupational Fraud 2022: A Report to the nations, available at: https://acfepublic.s3.us-west 2.amazonaws.com/2022+Report+to+the+Nations.pdf (accessed 17 April 2023).
ACFE (Association of Certified Fraud Examiner) (2020), Report to the Nations 2020 Global Study on Occupational Fraud and Abuse, ACFE, available at: https://acfepublic.s3-us-west-2.amazonaws.com/2020-Report-to-the-Nations.pdf (accessed 17 April 2023).
Adedayo, E.O., Sylvester, E., Amiolemen, O.O., Ranti Uwuigbe, O. and Osereme Amiolemen, O. (2019), “Does enterprise risk management impact accounting quality? Evidence from the Nigerian financial institutions”, Investment Management and Financial Innovations, Vol. 16 No. 4, pp. 16-27, available at: http://dx.doi.org/10.21511/imfi.16(4).2019.02
Aghghaleh, S.F., Mohamed, Z.M. and Rahmat, M.M. (2016), “Detecting financial statement frauds in Malaysia: comparing the abilities of beneish and Dechow models”, Asian Journal of Accounting and Governance, Vol. 7, pp. 57-65, doi: 10.17576/AJAG-2016-07-05.
Allayannis, G. and Weston, J. (2001), “The use of foreign exchange derivatives and firm market value”, The Review of Financial Studies, Vol. 14 No. 1, pp. 243-276, doi: 10.1093/rfs/14.1.243.
Block, S.B. and Hirt, G.A. (2000), Foundations of Financial Management, 31st ed., Irwin, New York.
Bowen, J.K., Cassel, R., Dickson, K., Fleet, M., & Ingram, D. (2006), “Enterprise risk management specialty guide (ERMSG)”.
Brazel, J.F., Jones, K.L., Thayer, J. and Warne, R.C. (2015), “Understanding investor perceptions of financial statement fraud and their use of red flags: evidence from the field”, Review of Accounting Studies, Vol. 20 No. 4, pp. 1373-1406, doi: 10.1007/s11142-015-9326-y.
Brealey, R.A. and Myers, S.C. (2002), Principles of Corporate Finance, 7th ed., MacGrawMcGraw-Hill/Irwin, London.
Choi, J.J., Mao, C.X. and Upadhyay, A.D. (2015), “Earnings management and derivative hedging with fair valuation: evidence from the effects of FAS 133”, The Accounting Review, Vol. 90 No. 4, pp. 1437-1467, doi: 10.2308/accr-50972.
Dechow, P.M., Ge, W., Larson, C.R. and Sloan, R.G. (2011), “Predicting material accounting misstatements”, Contemporary Accounting Research, Vol. 28 No. 1, pp. 17-82.
Dilling, P.F. and Harris, P. (2018), “Reporting on long-term value creation by Canadian companies: a longitudinal assessment”, Journal of Cleaner Production, Vol. 191, pp. 350-360, doi: 10.1016/j.jclepro.2018.03.286.
Doyle, E.M., Hughes, J.F. and Glaister, K.W. (2009), “Linking ethics and risk management in taxation: evidence from an exploratory study in Ireland and the UK”, Journal of Business Ethics, Vol. 86, pp. 177-198.
Gonidakis, F.K., Koutoupis, A.G., Tsamis, A.D. and Agoraki, M.E.K. (2020), “Risk disclosure in listed Greek companies: the effects of the financial crisis”, Accounting Research Journal, Vol. 33 Nos 4/5, pp. 615-633, doi: 10.1108/ARJ-03-2020-0050.
Inchausti, B.G. (1997), “The influence of company characteristics and accounting regulation on information disclosed by Spanish firms”, European Accounting Review, Vol. 6 No. 1, pp. 45-68, doi: 10.1080/096381897336863.
Ishak, S. and Mohamad Nor, M.M. (2017), “The Relationship between board of directors and risk management committee in Malaysia”, International Journal of Economic Research, Vol. 14 No. 10, pp. 77-87.
Iyer, N. and Samociuk, M. (2016), Fraud and Corruption: Prevention and Detection, Routledge.
Jaswadi, J., Purnomo, H. and Sumiadji, S. (2022), “Financial statement fraud in Indonesia: a longitudinal study of financial misstatement in the pre-and post-establishment of financial services authority”, Journal of Financial Reporting and Accounting, forthcoming. doi: 10.1108/JFRA-10-2021-0336.
Jensen, M.C. and Meckling, W.H. (1976), “Theory of the firm: managerial behavior, agency costs and ownership structure”, Journal of Financial Economics, Vol. 3 No. 4, pp. 305-360.
Johnston, J. and Soileau, J. (2020), “Enterprise risk management and accruals estimation error”, Journal of Contemporary Accounting and Economics, Vol. 16 No. 3, pp. 1-15, doi: 10.1016/j.jcae.2020.100209.
Johnstone, K.M. and Bedard, J.C. (2003), “Risk management in client acceptance decisions”, The Accounting Review, Vol. 78 No. 4, pp. 1003-1025, doi: 10.2308/accr.2003.78.4.1003.
Kaiser, E. (1999), “Comparing varieties of agency theory in economics, political science and sociology: an illustration from state policy implementation”, Society Theory, Vol. 17 No. 2, pp. 146-170, doi: 10.1111/0735-2751.00073.
Ko, C., Lee, P. and Anandarajan, A. (2019), “The impact of operational risk incidents and moderating influence of corporate governance on credit risk and firm performance”, International Journal of Accounting and Information Management, Vol. 27 No. 1, pp. 96-110, doi: 10.1108/ijaim-05-2017-0070.
KPMG Forensic (2014), KPMG Malaysia Fraud, Bribery and Corruption Survey 2013, KPMG, available at: https://www.academia.edu/7301608/KPMG_Malaysia_Fraud_Bribery_and_Corruption_Survey_2013 (accessed 15 February 2019).
Krishnan, G.V., Sun, L., Wang, Q. and Yang, R. (2013), “Client risk management: a pecking order analysis of auditor response to upward earnings management risk”, Auditing: A Journal of Practice and Theory, Vol. 32 No. 2, pp. 147-169, doi: 10.2308/ajpt-50372.
Leech, T. and Leech, L. (2011), “Preventing the next wave of unreliable financial reporting: why US Congress should amend Section 404 of the Sarbanes–Oxley Act”, International Journal of Disclosure and Governance, Vol. 8 No. 4, pp. 295-322, doi: 10.1057/jdg.2011.18.
Lobo, G.J., Siqueira, W.Z., Tam, K. and Zhou, J. (2019), “Does SEC FRR No. 48 disclosure communicate risk management effectiveness?”, Journal of Accounting and Public Policy, Vol. 38 No. 6, pp. 1-26, doi: 10.1016/j.jaccpubpol.2019.106696.
Nahar, S., Jubb, C. and Azim, M.I. (2016), “Risk governance and performance: a developing country perspective”, Managerial Auditing Journal, Vol. 31 No. 3, pp. 250-268, doi: 10.1108/MAJ-02-2015-1158.
Novatiani, R.A., Afiah, N.N. and Sumantri, R. (2022), “Risk management and other factors preventing fraudulent financial reporting by state-owned enterprises in Indonesia”, Asian Economic and Financial Review, Vol. 12 No. 8, pp. 686-711, doi: 10.55493/5002.v12i8.4587.
PricewaterhouseCoopers (PwC) (2018), Global Economic Crime and Fraud Survey 2018: Malaysia Report, available at: https://www.pwc.com/my/en/publications/2018-gecfs-malaysia.html (accessed 20 April 2023).
PwC (2020), “PwC's COVID-19 CFO pulse: insights from global finance leaders on the crisis and response”, 15 June 2020, available at: https://www.pwc.com/gx/en/issues/crisis-solutions/covid-19/global-cfo-pulse.html (accessed 17 April 2023).
PricewaterhouseCoopers (PwC) (2022), Global Economic Crime and Fraud Survey 2018: Malaysia Report, available at: https://www.pwc.com/gx/en/forensics/gecsm-2022/pdf/PwC%E2%80%99s-Global-Economic-Crime-and-Fraud-Survey-2022.pdf (accessed 20 April 2023).
Rahman, A.A.A.A. and Al-Dhaimesh, O.H.A. (2018), “The effect of applying COSO-ERM model on reducing fraudulent financial reporting of commercial banks in Jordan”, Banks and Bank Systems, Vol. 13 No. 2, pp. 107-115, doi: 10.21511/bbs.13(2).2018.09.
Ross, S.A (1973), “The economic theory of agency: the principal’s problem”, The American Economic Review, Vol. 63 No. 2, pp. 134-139.
Shenkir, W.G. and Walker, P.L. (2006), “Enterprise risk management and the strategy-risk-focused organization”, Journal of Cost Management, Vol. 20 No. 3, pp. 32-38.
Sriram, A.P.R., Yusoff, W.S., Salleh, M.F.M., Ibrahim, S., Rashid, I.M.A. and Azmin, A.A. (2021), “Business elites and earnings management in Malaysian public listed companies”, AIP Conference Proceedings, Vol. 2347 No. 1.
Sun, P., Mellahi, K. and Wright, M. (2012), “The contingent value of corporate political ties”, Academy of Management Perspectives, Vol. 26 No. 3, pp. 68-82, doi: 10.5465/amp.2011.0164.
Tarjo, T., Prasetyono, P., Sakti, E., Mat-Isa, Y. and Safkaur, O. (2023), “Predicting fraudulent financial statement using cash flow shenanigans”, Business: Theory and Practice, Vol. 24 No. 1, pp. 33-46, doi: 10.3846/btp.2023.15283.
The Star (2016), “Listed companies show progress in corporate governance disclosures”, available at: http://www.thestar.com.my/business/business-news/2016/12/22/listed-companies-show-progress-in-corporategovernance-disclosures---bursa-malaysia/#5wQ2cuwVfOD4Lc3Y.99
Watts, R.L. and Zimmerman, J.L. (1983), “Agency problems, auditing, and the theory of the firm: some evidence”, The Journal of Law and Economics, Vol. 26 No. 3, pp. 613-633, doi: 10.1086/467051.
White, S., Bailey, S. and Asenova, D. (2020), “Blurred lines: exploring internal auditor involvement in the local authority risk management function”, Public Money and Management, Vol. 40 No. 2, pp. 102-112, doi: 10.1080/09540962.2019.1667682.
Acknowledgements
The authors wish to express their gratitude to the Accounting Research Institute (ARI) for funding this research project through ARI Seed Grant (600-IRMI/ARI 5/3(033/2019) and Universiti Teknologi MARA (UiTM) Cawangan Kelantan for the administrative support.