EARLY WARNING FRAUD DETERMINANTS IN BANKING INDUSTRIES

Wiwik Utami¹ --- Lucky Nugroho²⁺ --- Ratna Mappanyuki³ --- Venny Yelvionita⁴

^1,2,3,4Universitas Mercu Buana, Jakarta, Indonesia.JL. Meruya Selatan, Kembangan, Jakarta Barat, Indonesia.

Keywords:Information technology, Governance, Income control, Corporate control, Fraud.

JEL Classification:F65; G21; G32; M41; M42.

ARTICLE HISTORY: Received: 21 February 2020, Revised: 3 April 2020, Accepted: 7 May 2020, Published: 28 May 2020

Contribution/ Originality: This research provided empirical evidence about how information technology governance, internal control, and organizational culture can be useful tools in early warning of fraud in banking companies in Indonesia and can be beneficial for banking companies in other countries.

1. BACKGROUND

The national financial industry, especially banking, is currently overshadowed by acts of crime that manipulate information intending to earn profits (fraud) committed by internal and external parties. According to the FICO-Fair Isaac Corporation (2019) there are several issues surrounding fraud in the Asia Pacific (APAC) banks that include:

• 74 percent of Asia Pacific (APAC) banks surveyed believe that cases of fraud in their state will increase moderately or significantly in the future.
• More than 50 percent of APAC banks' continue to block cards on the first fraud alert.
• Only 6 percent will keep the card open while trying to confirm fraud with the customer.
• Overall fraud losses remain the leading indicator for 80 percent of fraud departments at APAC banks.
• Only six percent of APAC banks ranked customer satisfaction as their number one metric.

Three of the four banks in the Asia Pacific anticipate that fraud in their country will increase in 2019. FICO surveyed 50 executives from financial institutions across the region at the Annual Asia Pacific Fraud Forum held in Bali, Indonesia. Of the banks surveyed, 54 percent said there would be a moderate increase in fraud in 2019, while 20 percent said there would be a significant jump. The Financial Services Authority has also noted that there were 108 cases of banking crime for almost two years (2014-2016). The following can be seen from Table 1.

Table-1. Cases of Crime in Banking for the 2014-2016 Period.

Year	Cases	Case type
2014	59 cases	55% Credit Cases 21% Recording Engineering 15% Fundraising 5% Transfer of Fund 4% Asset Procurement
2015	23 cases
2016	26 cases

Source: Audrience (2016).

According to the Executive Chairman of the Banking Supervisor (OJK-financial services authority), Nelson Tampubolon in the Socialization of Banking Crime Management and the Anti-Fraud Forum, banks are an industry that has a high complexity of irregularities, both administratively and leading to criminal acts or fraud (Ariyanti, 2016). Thus, banks must be able to apply the principle of prudentiality so that banks can avoid these problems, and the trust of the people who save funds in banks can be well maintained. The Association of Certified Fraud Examiners (ACFE) Indonesia, in collaboration with the White Collar Crime Research and Prevention Center (P3K2P) in 2016, conducted a survey of fraud in Indonesia. This survey was conducted by distributing questionnaires to Certified Fraud Examiner (CFE) certificate holders and practitioners who were experienced in fraud checks. The results of the studies in Table 2 describes:

Table-2. Case Findings by ACFE 2017 Indonesia.

Number	Fraud Type	Total Cases	Percentage
1	Corruption	178	77%
2	Asset misappropriation	41	19%
3	Financial Statement Fraud	10	4%

Source: ACFE Indonesia (2016).

ACFE Global states that the manipulation of financial statements is the most detrimental fraud. That is because financial statement fraud has significant implications such as information fraud on the stock exchange, and crime due to tax information fraud. By analyzing and examines financial statements, acts of corruption can be detected in less than 12 months (Khurana & Raman, 2004). Acts of corruption can also be identified through reports from internal company employees themselves (Hogan & Wilkins, 2008). Financial institutions need a fraud detection system and should not only rely on early warning.

Indonesia continues to develop technology to detect fraud early (PT Bank Rakyat Indonesia Tbk (BRI)) to anticipate that cases of skimming debit cards will not be repeated (Fadhilah, 2019). Research conducted by Van Der Zee and De Jong (1999) conveyed that information technology governance is the governance process of organizations that align operations with information technology services to support strategic goals and achieve their performance targets.

Research on fraud in the banking industry has been carried out by Meliana and Hartono (2019) about what motivates banking crime in Indonesia. Evidence was taken from various banking crime cases that occurred in Indonesia in 2017 - 2018. The study found that almost 50% of banking fraud occurred in state-owned banks (SOEs-BUMN), and 80% of banking fraud perpetrators was at the management level. There is research related to the implementation of appropriate information technology management conducted by Krisanthi, Sukarsa, and Bayupati (2014) and this study concludes that at present, the control of information technology in the banking industry in Indonesia has not been well established. Hence, there is no clarity regarding governance policies that manage information technology and the feasibility and security of information technology services.
There is also research related to fraud prevention and detection conducted by Maliawan, Sujana, and Diatmika (2017) where internal control has a significant influence on fraud prevention at Bank Mandiri. Thus, internal control is needed to prevent fraud. However, research conducted by Ahriati, Basuki, and Widiastuty (2015) stated that internal control has no significant effect on fraud prevention. Previous research conducted by Geriesh (2003) conveyed that organizational culture significantly influences fraud prevention. That is because the existence of a great organizational culture will impact the awareness and the sense of ownership to all employees involved in managing the organization.  With a high sense of ownership, all employees have a high sense of responsibility so that the incidence of fraud committed by employees and management of the company will lower the chances of it happening. Research related to governance conducted by Curti and Mihov (2018) stated that governance has a significant effect on fraud prevention. The better the application of governance, the lower the chance of fraud.

Based on the phenomena and previous studies, the problems in this study included: (i) Does the governance of information technology affect fraud prevention? (ii) Does internal control affect fraud prevention?; and, (iii) Does organizational culture affect fraud prevention?. This study analyzed the factors that influence fraud prevention from information technology governance aspects, internal control aspects, and aspects of organizational culture.

This research contributes input to stakeholders related to the banking industry to prevent fraud. By knowing the factors that can prevent fraud, it will increase the trust of the public, which will have an impact on the stability of the country's financial system. This research can also be used as a reference for further research on the topic of fraud prevention.

2. LITERATURE REVIEW

2.1. Agency Theory

Agency theory is the representative relationship between shareholders as principals and management as agents. An agent is contracted by the shareholders to manage the company, according to the interests of the shareholders (Jensen & Meckling, 1976). Therefore, management must account for all their work to shareholders (Godfrey, 2005; Utami & Nugroho, 2018). The perspective of agency theory is the basis used to overcome the problems of internal control and organizational culture. In this agency theory, there is a potential for conflict between the agency and the principal because there is information asymmetry as agents and principals have different interests. The difference in interests can be a source of fraud, where agents want to maximize company profits in the short term without regard for the company's long-term sustainability (Nugraha, Nugroho, & Setiawan, 2020; Suryo, Nugraha, & Nugroho, 2019; Utami, Nugroho, & Farida, 2017).

2.2. IT governance

IT governance determines decision rigidity and accountability frameworks to drive desirable behavior in using IT (Soltani, 2014). Information technology governance is an incorporated part of organizational management that includes leadership, data structure, and organizational processes. This assures that information technology organizations can be used to maintain and expand corporate strategies and objectives (Tallon, Kraemer, & Gurbaxani, 2001). The aim of IT governance, according to Armistead and Simon (1998) and Paul and Pinsonneault (2011) is as follows:

• Align information technology with organizational strategy.
• Utilize IT functions to improve company performance and productivity such as increasing production speed and saving operational costs.
• Give an advantage in competing with competitors so they can take advantage of existing opportunities in the market.
• Using IT appropriately so that the safety and comfort of consumers remain a priority of the company or organization.

The implementation of IT in a company requires good governance. Governance in IT, according to Weill and Ross (2005) requires the following principles:

• There are SOPs related to the use of IT.
• There are documents and plans from the IT architecture.
• There is a user acceptance test on the company's business applications and software.
• There is a continuous development of business applications.
• There is an IT development plan and IT investment by the priorities of the company's business strategy.

IT governance specifies the decision rights and accountability framework to encourage desirable behavior in using IT. Therefore, a financial institution such as banking needs an early warning system to detect fraud. Good governance of information technology (IT) can be achieved by using IT management standards that have been developed by an international standard IT Framework, COBIT, IT-IL Management, COSO, ISO IT Security. Based on the IT Governance structure, all information systems in the company (Business Information Systems) can be directed (regulated) to be in line and support the organization's strategy, so the company can then reduce the risk of using IT and be able to control IT applications. Thus, if the application of IT governance in a company is implemented effectively, then the opportunity for fraud can be prevented early on He, Ma, Zhang, Chen, and Bu (2011). In other words, the adoption of IT governance must support the effectiveness of fraud prevention. 

2.3. Internal Control

Internal controls are designed to provide guarantees related to business activities to achieve goals with measured risks. According to Goh (2009) and Hooks, Kaplan, and Schultz (1994) the elements in internal control include:

• The reliability of financial reporting.
• Effectiveness and efficiency of operations.
• Compliance with applicable laws and regulations.

Haugen and Selin (1999) and Rae and Subramaniam (2008) stated that there are several environments of internal control which include:

• Top management responsibilities that clearly state integrity, values such as activities that cannot be tolerated by the company.
• Risk assessment where the company must be able to identify and analyze the factors that will occur in the company and determine how to manage these risks.
• Controlling and managing activities to reduce fraud, and management must design policies and procedures to identify specific risks faced by the company.
• Deliver information and communications related internal control systems to all employees from top to bottom levels.
• Periodic monitoring of the implementation of internal control so that the initial acts of fraud can be prevented preventively. Also, the initial fraud action report must be reported immediately to top management and the board of commissioners so that adequate evaluation and action can be taken to prevent further company losses.

The primary prevention of fraud is to build an internal control system in every activity of the organization. Internal controls to prevent fraud effectively must be reliable in the design of control structures and sound practices in their implementation. Meliana and Hartono (2019) have conducted exploratory studies related to factors that motivate banking crime in Indonesia using qualitative methods. The results show that the internal control of banks is weak. The low internal control over the banking system is an opportunity to commit criminal actions that will have an impact on decreasing customer trust. Research on internal control with fraud prevention has also been conducted by several researchers that including Higgins (2012); Maliawan et al. (2017) and Sitawati and Mulya (2018). Referring to the previous research, they stated that internal control has significant effects on fraud prevention. The study states, if there is appropriate internal control, it can reduce the tendency for fraud. However, if the internal controls applied are ineffective and not following company conditions, then the likelihood of potential fraud will be higher.

2.4. Organizational Culture

The definition of organizational culture is a set of values ​​held by an organization that is then implemented to all employees in the organization in viewing, thinking and acting, and reacting to various environments (Al-Alawi, Al-Marzooqi, & Mohammed, 2007). Based on this definition, it can be said that an influential culture will support the creation of positive achievements for its members. The great organizational culture will be adhered to by all internal employees of the company as well as by all stakeholders. The organizational culture internalized and exemplified by top management will influence the behavior of subordinates, both within the organization and outside the organization. An excellent example of a leader in implementing organizational culture will have a significant impact on the implementation of organizational culture by all employees. Thus all employees will have a sense of ownership and responsibility for the sustainability of the company (Nugroho, Hidayah, Badawi, & Mastur, 2020; Pierce, Rubenfeld, & Morgan, 1991). Also, according to Sharifirad and Ataei (2012) and Warrick (2017) seven main elements establish an influential organizational culture as follows:

• Ability to innovate and be responsible.
• Having concern for all aspects.
• Having an orientation towards results.
• Having the ability to work in teams.
• Able to respect each other.
• Having a responsive attitude.
• There is a stable working environment.

A great organizational culture is vital in preventing fraud. Preventive actions can be implemented through a well-developed work culture where the corporate culture will produce fundamental ethical values of the organization, such as upholding honesty, integrity, and responsibility (Verhezen, 2010; Warrick, 2017). Thus, a great organizational culture can anticipate fraud that will impact on an excellent performance and ultimately increase customer confidence in the bank. One of the bank's efforts is to maintain a reputation that aims to increase customer confidence. Customer trust is essential for the banking industry because customers trust to put their money in the bank, and if they rush their cash in the bank, the bank will collapse (Nugroho, Villaroel, & Utami, 2017; Nugroho., Badawi, & Hidayah, 2019). Research on organizational culture can prevent fraud according to Purnamasari and Amaliah (2015).

The results of his study show that organizational culture has a significant positive effect on fraud prevention and is also in line with research conducted by McConnell (2013) and Vollmer (2018). Organizational culture reflects the character of the organization, where organizational culture is a guideline for all members of the organization in carrying out their duties. A great organizational culture can be a tool to compete with competitors: if the culture in an organization has bad habits, it will harm the organization itself, making it difficult for organizations to achieve the goals set. The company culture is also a reflection of employee behavior in the company.

2.5. Fraud

Fraud is a deliberate act by a person or persons among management (persons responsible for governance), employees, or third parties, by deceiving to obtain unjustified or illegal profits. According to Saunders and Zucker (1999) fraud is an unlawful act that is intentionally carried out for a specific purpose (manipulating or giving false reports to other parties) committed by people from within or outside the organization to obtain personal or group benefits that are directly or indirectly harming other parties.

Red flags are specific indicators representing potential theft occurrences and the psychology of committing fraud  (Mangala & Kumari, 2015). Red flags are events and conditions indicating motivation and opportunity for potential or actual fraud occurrences. Auditors’ have a responsibility to focus on red flags while auditing. Auditors should conduct brainstorming sessions for a better understanding of the client’s business and the possible occurrence of fraud. A broad literature review has helped Mangala & Kumari, (2015) identify significant red flags in various categories of corporate fraud, as illustrated in Figure 1.

Figure-1. Category-wise significant red flags.

Source: Mangala and Kumari (2015)

2.6. Research Methodology

Following the research objectives, the research design used in this study is causal design. The population was all employees working in Indonesian banking companies. Samples were selected using a combination method, namely, random sampling for bank selection and purposive sampling for respondents who were willing to participate in research. Then respondents were classified based on criteria (purposive sampling).

The selection criteria for the sample were as follows: (a) based on the level of position (the status of a permanent employee), (b) based on experience (minimum length of employment more than one year), and (c) based on education level (minimum vocational degree) Variables were measured by the Likert scale and data analysis was measured using partial least square (PLS). In this study, the author gave a weight assessment of the answers provided by respondents from the questions posed using a Likert scale with the lowest value 1 and the highest 5. Table 3 presents the variables, dimensions and indicators referred to in the literature review.

Table-3. Operationalization variable.

No.	Variable	Dimension	Indicator	Measurement Scale
1.	Information Technology Governance (X1) Weill and Ross (2005)	Weill & Ross Model	Principle Designing & Standardization Infrastructure & Detection Innovation & Needs Target & Investment	Interval
2.	Internal Control (X2) Hooks et al. (1994) Goh (2009) Haugen and Selin (1999) Rae and Subramaniam (2008)	Control Environment	Value of integrity and ethics Management philosophy and style of management	Interval
		Risk Assessment	3.   Existence and accuracy 4.   Completeness 5.   Assessment and allocation	Interval
		Control Activities	6.   Job Description 7.   Safeguarding assets 8.   Accounting records	Interval
		Information and Communication Systems	9.   Classification 10. Timeliness	Interval
		Supervision	Frequency of activity evaluation Reconciliation of financial statements	Interval
3.	Organizational culture (X3) Nugroho et al. (2020) Pierce et al. (1991); Sharifirad and Ataei (2012); Warrick (2017)	Seven Primary Characteristics	1. Innovation and risk-taking 2. Pay attention to details 3. Orientation to results 4. Individual orientation 5. Orientation to the team 6. Aggressiveness 7. Stability	Interval
4.	Early Warning Fraud (Y) Wise Significant Red Flag Category (Corporate Fraud) Mangala and Kumari (2015); Saunders and Zucker (1999)	Management characteristics and influence of Control Environment	Compensation pattern Unexpected profit target Aggressive attitude Criminal Background	Interval
		Industry Condition	Adverse regulatory environment High competition Continuous change in the industry	Interval
		Operating and Financial Stability Characteristic	Complex organization structure Third-party transaction A close relationship with the auditor Financially distressed business	Interval
		Susceptibility of Assets to Misappropriation	Poor segregation Inadequate record-keeping Poor job screening	Interval
		Inadequacy Internal Control	Ineffective supervision Poor physical control Weak internal controls	Interval

3. RESULTS AND DISCUSSION

3.1. Results

160 questionnaires made on E-form and non-E-forms were distributed to respondents working for selected Indonesian Banking Companies’ details as can be seen in Table 4.

Table-4. List of number of respondents in Indonesian banking companies

Bank Name	Questionnaire Sent	Return Questionnaire
Bank Rakyat Indonesia (Persero), Tbk	10	7
Bank Mandiri (Persero), Tbk	25	24
Bank Negara Indonesia (Persero), Tbk	15	11
Bank Danamon Indonesia, Tbk	10	1
Bank Central Asia, Tbk	10	4
Bank Mega, Tbk	10	1
Bank OCBC NISP, Tbk	10	1
Bank Jtrust Indonesia, Tbk	10	1
Bank Panin	10	4
Bank CIMB Niaga	10	8
Bank HSBC	10	1
Bank Mayapada Internasional Tbk	10	1
Bank DKI	10	7
Bank BJB	10	1
Total	160	72

There were 72 questionnaires that were returned to the researchers. With 72 questionnaires, it was feasible to begin data processing because the requirements to be used in statistical test applications, namely Partial Least Square (PLS) software were fulfilled, with data of at least 30 and above. Respondents in this study included all employees who worked for Indonesian banking companies, which would later be classified according to Table 5.

Table-5. Profile of banking company respondents.

Classification	Total
Gender
Man	37
Women	35
Study
D3 (vocational)	9
S1	54
>S2	9
Level
Staff	51
Supervisor – Assistant Manager	15
Head of Division/Manager	6
Length of work
1 – 5	44
6 – 10 >11	21 7

3.1.1. Descriptive Statistics

3.1.1.1. Information Technology Governance

Information Technology Governance variables were measured using instruments with six statements from five dimensions. The following were the results of the descriptive statistical test of Information Technology Governance variables (Table 6).

Table-6. Descriptive statistics of information technology governance.

Indicator	Mean	Std. Deviation
Principle
The Information Technology Division produces information systems that are relevant and can meet the needs of every related business process, available in a timely, accurate, easily accessible manner	4.15	0.89
Design & Standardization
The Information Technology Division economically provides information systems, mainly related to the consumption of resources allocated to information technology.	4.09	0.85
Infrastructure & Detection
The Information Technology Division protects and guarantees the security of confidential and sensitive information, especially from those who have no right to know it.	4.37	0.79
Innovation & Needs
The Information Technology Division provides information when needed can be available immediately according to the expected performance, time and capabilities	4.02	0.91
Target & Investment
The Information Technology Division produces information that refers to laws and regulations that apply both nationally and internationally.	4.27	0.79
The Information Technology Division produces information that comes from reliable sources that do not mislead decision-makers.	4.19	0.92
Mean & SD Dimension	4.23	0.85

Table 6 showed that the Information Technology Governance variable with its five dimensions had a mean value of 4.00 and above (very high) and the standard deviation of 0.70 and above. This shows that Information Technology Governance has been used in Indonesian banking companies. Obtaining accurate information as soon as possible is recognized by the organization as an essential tool for competitive survival and is considered as one of the crucial strategic sources (Weill & Ross, 2004).

3.1.1.2. Principle

Based on Table 6, for the Principle statement, the average respondent answered with a mean value of 4.15 and a standard deviation of 0.89. This shows that Indonesian banking companies already have an Information Technology Division that produces information systems that are relevant and can meet the needs of every related business process in a timely, accurate, and easily accessible manner.

3.1.1.3. Design and Standardization

Based on Table 6, for the design statement and standardization, the average respondent answered with a mean value of 4.09 and a standard deviation of 0.85. This shows that the design and standardization of information technology governance in Indonesian banking companies already has an Information Technology Division economically providing information systems, mainly related to the consumption of resources allocated to information technology.

3.1.1.4. Infrastructure and Detection

Based on Table 6, for the infrastructure statement the average respondent answered with a mean value of 4.37 and a standard deviation of 0.79. This shows that infrastructure and discovery of information technology governance in Indonesian banking companies already have an Information Technology Division that protects and guarantees the security of confidential and sensitive information, especially from those who have no right to know it.

3.1.1.5. Innovation and Needs

Based on Table 6., for the statement of innovation the average respondent answered with a mean value of 4.02 and a standard deviation of 0.91. This shows that innovation and needs in information technology governance in Indonesian banking companies already have an Information Technology Division providing information when needed can be immediately available according to the expected performance, time, and capabilities.

3.1.1.6. Target and Investment

Based on Table 6., for the target statement and investment, the average respondent answered with a mean value of 4.23 and a standard deviation of 0.85. This shows that the target and investment in information technology governance in Indonesian banking companies already have an Information Technology Division producing information that refers to applicable laws and regulations both nationally and internationally, and the Information Technology Division provides information that comes from reliable sources so that it is not misleading decision-makers.

3.1.1.7. Internal Control

Internal Control variables were measured using instruments from 12 statements with five dimensions. The results from the descriptive statistical test of Internal Control variables can be seen in Table 7.

Table-7. Internal control of descriptive statistics.

Indicator	Mean	Std. Deviation
Control Environment
The company has adequate standards of behavior and ethics	4.26	0.88
The company has a control structure that covers the framework of planning, implementation, control, and supervision in achieving its objectives	4.20	0.90
Mean & SD Dimensi	4.23	0.89
Risk Assessment
Management has a way or technique to control the risks that occur and run effectively	4.18	0.89
The company has a part to identify risks to strengthen the internal control system	4.23	0.74
The company can assess significant changes that can affect the internal control system	4.05	0.83
Mean & SD Dimensi	4.15	0.82
Control Activities
The company has a clear organizational structure in reflecting tasks for achieving company goals	4.11	0.94
The company applies specific procedures to provide physical security relating to assets	4.27	0.77
The company requires the use of accounting documents to ensure that every accounting transaction is appropriately recorded	4.27	0.90
Mean & SD Dimensi	4.21	0.87
Information and Communication Systems
The company requires that every transaction and activity that occurs has adequately been summarized	4.27	0.84
The company has imposed a rule that every transaction and activity that occurs must be recorded on the appropriate date	4.37	0.79
Mean & SD Dimensi	4.32	0.81
Monitoring
The leader communicates the lack of internal control to the responsible party	4.16	0.78
The company's management conducts sudden checks on operations, accounting records and reports in an unspecified time	4.11	0.88
Mean & SD Dimension	4.13	0.83

3.1.1.8. Control Environment

Based on Table 7 for statements about the control environment, the average respondent answered with a mean value of 4.23 and a standard deviation of 0.89. This shows that the control environment in Indonesian banking companies already has adequate standards of behavior and ethics and has a control structure that covers the framework of planning, implementation, control, and supervision in achieving objectives. The control environment is the responsibility of top management who need clearly state the values ​​of integrity and unethical activities that cannot be tolerated.

3.1.1.9. Risk Assessment

The company must identify and analyze the factors that create business risk and must determine how to manage these risks. Based on Table 7., for the statement of the average risk assessment, the respondents answered with a mean value of 4.15 and a standard deviation of 0.82. This shows that with regards to risk assessment, Indonesian banking companies already have a method or technique to control risks that occur and run effectively, has a part to identify risks or a portion of Risk Management, and can assess significant changes that can affect the internal control system.

3.1.1.10. Control Activities

Control activities to reduce the occurrence of fraud, management must design policies and procedures to identify specific risks faced by the company. Based on Table 7., for the statement of the dimensions of control activities, the average respondent answered with a mean value of 4.21 and a standard deviation of 0.87. This shows that control activities in Indonesian banking companies already have a clear organizational structure in reflecting tasks for achieving company goals, implementing specific procedures to provide physical security relating to assets, and requiring the use of accounting documents to ensure that each accounting transaction is recorded correctly.

3.1.1.11. Information and Communication Systems

The internal control system must be communicated to all company employees. Based on Table 7., for the statement of the dimensions of information and communication systems, the average respondent answered with a mean value of 4.32 and a standard deviation of 0.81. This shows that the information and communication system in Indonesian banking companies has been classified by requiring that every transaction and activity that occurs has been summarized correctly and on time, which has imposed a rule that each transaction and activity that happens must be recorded on the appropriate date.

3.1.1.12. Monitoring

The internal control system must be monitored regularly. If there is a significant shortfall, it must be immediately reported to top management or to the board of commissioners. Based on Table 7 for the statement of the average supervision dimension, the respondents answered with a mean value of 4.13 and a standard deviation of 0.83. This shows that the supervision of Indonesian banking companies has communicated the lack of internal control to the responsible parties and that the company's management has carried out sudden checks on operations, accounting records, and reports in an unspecified time.

3.1.1.13. Organizational Culture

Organizational Culture Variables are measured using instruments with seven statements, from seven indicators. The results from the descriptive statistical test of Organizational Culture variables can be seen in Table 8.

Table-8. Organizational culture descriptive statistics.

Indicator	Mean	Std. Deviation
Innovation and Risk-Taking
The leadership encourages employees to express conflict openly as a media to make improvements or change strategies to achieve goals	3.90	0.84
Pay attention to details
The leadership encourages organizational units to work in a coordinated way to improve the quality and quantity of work produced	4.11	0.84
Orientation to Results
Leaders can explain the expectations of the organization to members/employees to help achieve the mission of the leadership/organization to improve performance	4.06	0.86
Individual Orientation
The leader can appreciate the freedom of each individual in expressing his opinion ideas for the progress of the organization/leadership	4.09	0.90
Orientation to the Team
The leader can explain the purpose of the organization to members/employees to help achieve the vision of the leadership/organization to improve the performance of the organization/leadership	4.15	0.91
Aggressiveness
Leaders tolerate members/employees to act aggressively in advancing the organization/leadership	3.83	1.02
Stability
Leaders give equal tolerance to members/employees freely and stably to advance the organization/leadership	3.97	0.91

Table 8 shows that the Organizational Culture variable with the seven indicators had a mean value of 3.00 and above (high) and a standard deviation of 0.80 and above. This shows that the Organizational Culture in Indonesian banking companies is high on the beliefs, values, norms, habits, attitudes, and behavior of members in an organization created or developed by a group of people who become joint guidelines for organizational interaction to solve internal and external problems, as well as differentiating between one organization and another.

3.1.1.14. Innovation and Risk-Taking

Based on Table 8, for the statement of indicators of innovation and risk-taking, the average respondent answered with a mean value of 3.90 (High) and a standard deviation of 0.84. This shows that innovation and risk-taking in Indonesian banking companies has encouraged employees to openly express conflict as a medium to make improvements or change strategies to achieve goals.

3.1.1.15. Attention to Details

Based on Table 8, for statements from the indicators of recognition to detail, the average respondent answered with a mean value of 4.11 (Very High) and a standard deviation of 0.84. This shows that in terms ofattention to detail, Indonesian banking companies have encouraged organizational units to work in a coordinated way to improve the quality and quantity of work produced.

3.1.1.16. Orientation on Results

Based on Table 3.5, for statements from orientation indicators on the average results, the respondents answered with a mean value of 4.06 (Very High) and a standard deviation of 0.86. In terms of orientation of the results this shows that Indonesian banking companies have been able to explain the expectations of the organization to members/employees to help achieve the mission of the leadership/organization to improve performance.

Table-9. Descriptive statistics early warning fraud.

Indicator	Mean	Std. Deviation
Management characteristics and influence of Control Environment
The company carries out professional compensation programs for all employees	4.05	0.94
The company can create a climate of honest culture, openness, and mutual assistance between fellow employees and company management	4.04	0.84
The company applies rules of conduct and codes of ethics in employees that are clear, easy to understand and adhere to	4.13	0.87
The company has a policy for the recruitment of new employees in terms of background checks, verification of education, employment history, as well as personal references to prospective employees, including references to character and integrity	4.12	0.94
Mean & SD Dimensi	4.08	0.89
Industry Condition
The company carries out an objective evaluation of compliance with company values and standards of behavior, and each violation is dealt with immediately	4.05	0.91
The company can provide recognition and reward systems following the goals and results of performance, as well as equal opportunities for all employees	4.13	0.92
The company carries out periodic, objective evaluations of compliance with company values	4.06	0.89
Mean & SD Dimensi	4.08	0.90
Operating and Financial Stability Characteristic
The company has a complex organization and a clear separation of functions	3.97	0.90
The company cooperates with the Independent Examination Committee in combating fraud	4.26	0.90
The company is transparent and does not limit the auditor to access the information needed	4.16	0.88
The company has an assistance program for employees who have difficulties in financial problems due to the existing economic pressure	4.00	0.90
Mean & SD Dimensi	4.09	0.89
Susceptibility of Assets to Misappropriation
The company provides training in fraud awareness regarding the ethical behavior of employees and management	4.18	0.86
The company can avoid and not tolerate any late reconciliation of financial statements	4.05	0.97
The company applies periodic checks to employees and company management regularly	4.05	0.91
Mean & SD Dimensi	4.09	0.91
Inadequacy Internal Control
The company conducts training regularly for all employees regarding company values and rules of behavior	4.18	0.84
The company routinely imposes employee rotation on certain parts such as the Asset and Cash section	3.91	0.94
The company instilled the impression that every fraud would get sanctions	4.31	0.81
Mean & SD Dimension	4.13	0.86

3.1.1.17. Individual Orientation

Based on Table 8, for statements from different orientation indicators, the average respondent answered with a mean value of 4.15 (Very High) and a standard deviation of 0.91. With regard to the orientation of individuals, Indonesian banking companies have been able to appreciate the freedom of each individual in expressing their ideas for the progress of the organization/leadership.

3.1.1.18. Organization on the Team

Based on Table 8, for statements from orientation indicators on the average team, the respondents answered with a mean value of 4.09 (Very High) and a standard deviation of 0.90. With regard to the orientation of the team the Indonesian banking company has been able to explain the goals of the organization to members/employees to help achieve the vision of the leader/organization to improve organizational performance/leadership.

3.1.1.19. Aggressiveness

Based on Table 8, for statements from aggressive indicators, the average respondent answered with a mean value of 3.83 (High) and a standard deviation of 1.02. This shows that Indonesian banking companies have tolerated members/employees acting aggressively in advancing the organization/leadership.

3.1.1.20. Stability

Based on Table 8, for the statement of the indicators of the average stability, the respondents answered stability with a mean value of 3.97 (High) and a standard deviation of 0.91. This shows that Indonesian banking companies have given equal tolerance to members/employees freely and steadily to advance the organization/leadership.

3.1.1.21. Early Warning Fraud

Variable Early Warning Fraud was measured using instruments with 17 statements from 5 dimensions. The results from the descriptive statistical test of Organizational Culture variables can be seen in Table 9.
Table 9 showed that the Early Warning Fraud variable with the 17 indicators had a mean value of 3.00 and above (High) and a standard deviation of 0.70 and above. This showed that the Early Warning Fraud in Indonesian banking companies is high on integrated efforts that can reduce the occurrence of the causes of the Red Flags Category. Cheating means a deviation and illegal act, which is done intentionally for specific purposes such as deceiving or misleading (mislead) to other parties, carried out by people both from within and from outside the organization.

3.1.1.22. Management Characteristics and Influence of Control Environment

Based on Table 9, for statements from the dimensions of management characteristic and influence over the average control environment, the respondents answered with a mean value of 4.08 (Very High) and a standard deviation of 0.89. This shows that Indonesian banking companies have carried out professional compensation programs for all employees, can create a climate of honest culture, openness and mutual assistance between fellow employees and company management, enforcing codes of conduct and codes of ethics in the environment employees who are clear, easy to understand and adhere to and have policies for the recruitment of new employees in terms of background checks, education verification, work history, and prospective employee personal references, including references to character and integrity.

3.1.1.23. Industry Condition

Based on Table 9., for statements from the dimensions of Industry Condition, the average respondent answered with a mean value of 4.08 (Very High) and a standard deviation of 0.90. This shows that Indonesian banking companies have carried out objective evaluations of compliance with company values ​​and standards of behavior, and every violation was handled immediately, able to provide recognition and reward systems following the goals and results of performance, and equal opportunities for all employees and carry out periodic, objective evaluations of compliance with company values.

3.1.1.24. Operating and Financial Stability Characteristic

Based on Table 9, for statements from the Operating and Financial Stability Characteristic dimension, the average respondent answered with a mean value of 4.09 (Very High) and a standard deviation of 0.91. This shows that Indonesian banking companies already have complex organizations. Clear separation of functions has collaborated with the Independent Audit Committee in combating fraud, transparency by not restricting auditors from accessing information needed, and having assistance programs to employees who had difficulties in financial problems due to the existing economic pressure.

3.1.1.25. Susceptibility of Assets to Misappropriation

Based on Table 9., for the statement from the Susceptibility of Assets to Misappropriation dimension, the average respondent answered with a mean value of 4.09 (Very High) and a standard deviation of 0.89. This shows that the susceptibility of assets to misappropriation in Indonesian banking companies has provided training in fraud awareness regarding the ethical behavior of employees and management, can avoid and not tolerate the late reconciliation of financial statements and impose sudden checks on employees and company management regularly.

3.1.1.26. Inadequacy Internal Control

Based on Table 9, for statements from the dimensions of Inadequacy Internal Control, the average respondent answered with a mean value of 4.13 (Very High) and a standard deviation of 0.86. This shows that internal inadequacy control in Indonesian banking companies has routinely conducted training for all employees regarding company values ​​and rules of conduct, regularly imposes employee rotations on certain parts such as the Asset and Cash section, and implies the impression that every fraud will get sanctions.

3.1.2. Outer Models or Measurement Models

In this study, hypothesis testing used Partial Least Square (PLS) analysis techniques with the smart PLS 3.0 program. The following is a schematic of the PLS program model tested, which can be seen in Figure 2.

Information Technology Governance (X1) variable consists of 5 dimensions with 6 statement indicators. The results of data processing can be seen in Table 10.

Table-10. Outer loading (convergent validity) information technology governance variable (X1).

Indicator	Loading factor
X1.1	0.81
X1.2	0.84
X1.3	0.76
X1.4	0.80
X1.5	0.81

Based on the results of data processing using SmartPLS 3.0, as seen in Table 10, that of the six indicators has a value of loading factor> 7.0. Thus, there are no indicators that were eliminated from the Information Technology Governance (X1) variable model because the value of loading factors must be greater than 0.7 for confirmatory studies. The internal Control variable (X2) consists of 5 dimensions with 12 statement indicators. The results of data processing can be seen in Table 11.

Figure-2. Display of PLS algorithm results.

Table-11. Outer loading (convergent validity) variable internal control (X2).

Indicator	Loading Factor
X2.1	0.85
X2.2	0.90
X2.3	0.89
X2.4	0.75
X2.5	0.89
X2.6	0.88
X2.7	0.73
X2.8	0.88
X2.9	0.83
X2.10	0.71
X2.11	0.86
X2.12	0.80

Based on the results of data processing using SmartPLS 3.0 as seen in Table 11, that of the 12 indicators has a value of loading factor> 7.0. Thus, there were no indicators that were eliminated from the Internal Control (X2) variable model. The Organizational Culture Variable (X3) consists of 7 question indicators. The results of processing data can be seen in Table 12.

Table-12 . Outer loading (convergent validity) Organizational Culture (X3).

Indikator	Loading Factor
X3.1	0.79
X3.2	0.90
X3.3	0.92
X3.4	0.92
X3.5	0.93
X3.6	0.85
X3.7	0.91

Based on the results of data processing using Smart PLS 3.0 as seen in Table 12, that of the seven indicators has a value of loading factor> 7.0. Thus, there are no indicators that are eliminated from the Organizational Culture (X3) variable model. Variable Early Warning Fraud (Y) consists of 5 dimensions with 17 question indicators. The results of data processing can be seen in Table 13.

Table-13. Outer loading (convergent validity) early warning fraud (Y).

Indicator	Loading Factor
Y1	0.86
Y2	0.87
Y3	0.89
Y4	0.91
Y5	0.90
Y6	0.88
Y7	0.91
Y8	0.87
Y9	0.89
Y10	0.86
Y11	0.81
Y12	0.86
Y13	0.76
Y14	0.81
Y15	0.86
Y16	0.72
Y17	0.81

Based on the results of data processing using SmartPLS 3.0 as seen in Table 13, that none of the 17 indicators had a value of loading factor> 7.0. Thus, there were no indicators that were eliminated from the Early Warning Fraud (Y) variable model. The results of discriminant validity testing obtained results, namely, cross-loading variable> 0.70 seen in Table 14.

Table-14. Discriminant validity.

Variable	IT Gov. (X1	IC (X2)	OC (X3)	EWF (Y)
IT Gov. (X1)	0.81	0.84	0.77	0.83
IC (X2)		0.83	0.88	0.93
OC (X3)			0.89 EWF
EWF (Y)			0.89	0.85

Another way to test discriminant validity is to compare the square root of AVE for each construct with the correlation value between constructs in the model. A good AVE is assumed to have a value greater than 0.5. The result of AVE testing was that all contracts in the research model met the validity requirements. The test results are shown in Table 15.

Table-15. Average variance extracted (AVE).

Variable	Average Variance Extracted (AVE)
IT Governance (X1)	0.67
Internal Control (X2)	0.70
Organizational Culture (X3)	0.80
Early Warning Fraud (Y)	0.73

Based on the results of data analysis using PLS, the value of Cronbach's alpha for Information Technology Governance, Internal Control, Organizational Culture, and Early Warning Fraud variables showed values above 0.7. This meant that the contract was declared reliable. The results of the study are presented in Table 16:

Table-16. Composite reliability dan cronbachs alpha.

Variable	Composite Reliability	Cronbachs Alpha
IT Governance (X1)	0.92	0.90
Internal Control (X2)	0.96	0.96
Organizational Culture (X3)	0.96	0.95
Early Warning Fraud (Y)	0.97	0.97

3.1.3. Inner Models or Structural Models

The structural model of this research can be seen in Figure 3:

Figure-3. Display of Bootstrapping PLS Results.

The coefficient of determination aims to measure how far the ability of the model can go in explaining the variance of the dependent variable. If the value of the coefficient of determination is small or value below 0.500 (R2 ≤ 0.500) it means that the ability of independent variables to explain the dependent variable is minimal. Whereas if the determination coefficient value is greater than 0.500 (R2> 0.500), it means that the ability of the independent variables provides almost all the information needed to predict the variation of the dependent variable. The results are presented in Table 17.

Table-17. R-Square.

Variable	R Square	R Square Adj.
Early Warning Fraud	0,89	0,88

Table 17 shows the R-square value of 0.89 for Variable Y (Early Warning Fraud), can be interpreted by X1 (Information Technology Management), X2 (Internal Control) and X3 (Organizational Culture) then it can explain Y (Early Warning Fraud) of 89%.

3.1.4. Hypothesis Testing

Hypothesis testing can be seen from the value of t-statistics provided that if the t-statistic value is> 1.96, then the hypothesis can be accepted. If the t-statistic value is below 1.96, the hypothesis will be rejected or, in other words, accept the null hypothesis (H0). The results of t-statistics can be seen in Table 18.

Table-18. Path Coefficient (mean, STDEV, T-Values).

Variable	Original Sample (O)	Sample Mean (M)	STDEV	T-Statistic	P-Value
Information Technology Governance (X1) - Early Warning Fraud (Y)	0.148	0.146	0.088	1.685	0.093
Internal Control (X2) - Early Warning Fraud (Y)	0.534	0.536	0.113	4.731	0.000
Organizational Culture (X3) - Early Warning Fraud (Y)	0.305	0.304	0.100	3.035	0.003

According to Table 18 above, information technology governance had an insignificant effect on early warning fraud. That was because the P-Value of the information technology governance variable was 0.093 or > 0.05. However, internal control variables and organizational culture significantly influence early warning fraud due to the P-Value of the two variables <0.05.

3.2. Discussion

The results of data processing using the SmartPLS 3.0 program statistical tool where IT governance in the banking industry in Indonesia had an insignificant effect on early warning fraud, indicated that the banking industry in Indonesia has not yet empowered technology in its business activities. This is in line with statements made by Nugroho (2020); Wahyudi (2009) and Basuki and Husein (2018) that the banking industry, especially Islamic banking needs to increase investment in IT, to reach out and provide services to the public following the needs and desires under the current digital era as well as to maintain the internal security of banks. Thus, the information system found in the banking industry in Indonesia is still manual when compared to the information system found in developed countries.

The results of this study also showed the low level of innovation in the IT aspect in the banking industry in Indonesia. According to the results of the study, the innovation & needs indicator as to the lowest score.  The score of the innovation & needs indicator was 4.02 and the design & standardization indicator was 4.09 as seen in Table 6. Therefore, IT governance in the banking industry in developing countries has a very significant influence on early warning fraud. The banking industry in developed countries already has system information and IT system that is integrated with all business activities (Weill & Ross, 2005; Weill & Ross, 2004). Therefore, the results of this research produced information that is different from the studies conducted in other countries and it states that IT governance has a positive and significant effect on early warning fraud (Luo, Li, Zhang, & Shim, 2010; Panigrahi, Kundu, Sural, & Majumdar, 2009).

The banking industry is an industry that has high regulation. That is because banks are financial institutions that function to collect funds from the public and channel them back to the community. Thus, the bank must maintain the trust of the people who hold funds in the bank. Therefore, if there is a fraud, it will lead to a decline in public confidence in the bank, which can result in the withdrawal of funds at the bank (Abduh, 2011; Nugroho & Bararah, 2018). Nevertheless, to prevent the massive withdrawal from the customer, internal control is needed as an early warning for fraud. Fraud committed by internal banks can be prevented early on.
Internal control is a mechanism contained in a bank institution that aims to ensure all activities and operational activities are following applicable procedures and regulations (Agbejule & Jokipii, 2009; Nugraha et al., 2020). The government, as a regulator, also has an interest in preventing fraud in internal banks. However, banks are also required to report activities related to anti-money laundering (AML) and counter-terrorism financing (CTF) (Favarel-Garrigues, Godefroy, & Lascoumes, 2011).

The implementation of internal control is carried out by an internal audit that checks all bank work units. Thus, the results in this study are also in line with research where internal control has a positive and significant effect on early warning fraud. The excellent implementation of internal controls in the banking industry in Indonesia is shown by the significant scores of all internal control components in Table 7 which include: Control Environment (4.23); Risk Assessment (4.15); Control Activities (4.21), Information and Communication Systems (4.32), and Monitoring (4.13). With the application of excellent internal control, fraud can be detected early.
The internal audit works closely with the audit committee to prevent fraud committed by management. The higher the employee position in an institution, the higher the risk of fraud and also the significant impact on the losses of the banks. Therefore, the focus of examining the financial condition and operational activities of the bank is not only in the scope of daily activities but also includes the activities of board management. The more scheduled audits carried out by internal audits and audit committees, the better the early warning of fraud at the bank (Krishnan, 2005).

Implementation of organizational culture in a company made a vital contribution in increasing the sense of responsibility and ownership of all employees. Leaders must set a good example and concern to the welfare of all employees so that the employees at the company feel valued and have a sense of ownership (Berson, Oreg, & Dvir, 2008; Nugroho et al., 2020). Thus, all employees will have a concern for things that will harm and prevent adverse actions for the organization or the company. Regarding the results of this study, the leadership aspect had the highest score of 4.15 and was followed by the pay attention to detail aspect with a score of 4.11 as seen in Table 8. Cultural organizations contribute to directing the behavior of individuals within the organization, whether the behavior is following the code of conduct and ethical or unethical according to the rules that apply to the organization or company (McConnell, 2013; Urumsah, Wicaksono, & Hardianto, 2018; Vollmer, 2018; Wicaksono & Urumsah, 2017).

4. CONCLUSIONS AND IMPLICATIONS

4.1. Conclusions

The dynamics of the development of IT use in the banking industry require banks to have good IT governance to prevent fraud from happening early. However, the results of this study state that IT governance in the banking industry has an insignificant influence on early warning for fraud. This is due to the still low use of IT in the banking industry in Indonesia. However, the banking industry has adequate internal controls because banking is a high-regulated business. This was indicated by the results of this study, which states that internal control has a positive and significant influence on early warning fraud. An organizational culture that shows professionalism in carrying out duties following the provisions in force has a substantial and positive impact on early warning fraud.

4.2. Implication

• Information technology governance must be a concern for Indonesian banks because the overall business process has used information technology and the role of management to continue to provide and strengthen its information system.
• Banks need to carry out continue evaluating to take care of the quality of the existing internal control systems because the technological development can make the internal control system that was once considered strong turn weak.
• Organizational culture is an important key to maintaining the sustainability of the bank. Technological sophistication is not able to provide opportunities to commit fraud if bank employees have high integrity.

Funding: We received grant funding from the Ministry of Research and Technology / National Research and Innovation Agency.

Competing Interests: The authors declare that they have no competing interests.

Acknowledgement: Our thanks to the Universitas Mercu Buana Research Center for providing support and motivation.

REFERENCES

Abduh, M. (2011). Islamic banking service quality and withdrawal risk: The Indonesian experience. International Journal of Excellence in Islamic Banking and Finance, 182(2842), 1-15.

ACFE Indonesia. (2016). Survai fraud Indonesia. Association of Certified Fraud Examiners.

Agbejule, A., & Jokipii, A. (2009). Strategy, control activities, monitoring and effectiveness. Managerial Auditing Journal, 24(6), 500–522.Available at: https://doi.org/10.1108/02686900910966503.

Ahriati, D., Basuki, P., & Widiastuty, E. (2015). Analysis of the influence of internal control systems, information asymmetry, unethical behavior and compensation compliance with accounting fraud tendencies in the regional government of East Lombok Regency. Journal of Investment, 11(1), 41–55.

Al-Alawi, A. I., Al-Marzooqi, N. Y., & Mohammed, Y. F. (2007). Organizational culture and knowledge sharing: Critical success factors. Journal of Knowledge Management, 11(2), 22-42.Available at: https://doi.org/10.1108/13673270710738898.

Ariyanti, F. (2016). In 2 Years, there are 108 cases of banking crimes - Bisnis Liputan6.com. Retrieved from https://www.liputan6.com/bisnis/read/2651413/in-2-tahun-ada-108-kasus-ccrime-sacrifice . [Accessed March 20, 2020].

Armistead, C., & Simon, M. (1998). Business process management: Implications for productivity in multi-stage service networks. International Journal of Service Industry Management, 9(4), 323-336.Available at: https://doi.org/10.1108/09564239810228849.

Audrience, D. (2016). Since 2014, OJK has decisively 108 cases of banking crimes. Retrieved from https://www.cnnindonesia.com/ekonomi/20161114120838-78-172491/sejak-2014-ojk-action-assertion-108-cases-crime-sacrifice . [Accessed March 20, 2020].

Basuki, F. H., & Husein, H. (2018). SWOT analysis of financial technology in the banking world in Ambon City (Survey of Banks in Ambon City). Sweet Journal, 2(1), 60–74.

Berson, Y., Oreg, S., & Dvir, T. (2008). CEO values, organizational culture and firm outcomes. Journal of Organizational Behavior, 29(5), 615-633.Available at: https://doi.org/10.1002/job.499.

Curti, F., & Mihov, A. (2018). Fraud recovery and the quality of country governance. Journal of Banking & Finance, 87, 446-461.Available at: https://doi.org/10.1016/j.jbankfin.2017.11.009.

Fadhilah, A. (2019). CRIME ATM: Effects of bank reputation & handling problems with customer loyalty with satisfaction as moderating variables in BRI bank Kediri in the South-East Java Post case of ATM Skimming. At-Tamwil: Sharia Economic Study, 1(1), 1–16.

Favarel-Garrigues, G., Godefroy, T., & Lascoumes, P. (2011). Reluctant partners? Banks in the fight against money laundering and terrorism financing in France. Security Dialogue, 42(2), 179-196.Available at: https://doi.org/10.1177/0967010611399615.

FICO-Fair Isaac Corporation. (2019). FICO survey: 3 in 4 APAC banks believe fraud will increase in 2019. Retrieved from https://www.prnewswire.com/news-releases/fico-survey-3-in-4-apac-banks-believe-fraud-will-increase-in-2019-300831921.html . [Accessed March 20, 2020].

Geriesh, L. (2003). Organizational culture and fraudulent financial reporting. CPA Journal, 73(3), 28.

Godfrey, P. C. (2005). The relationship between corporate philanthropy and shareholder wealth: A risk management perspective. Academy of Management Review, 30(4), 777-798.Available at: https://doi.org/10.5465/amr.2005.18378878.

Goh, B. W. (2009). Audit committees, boards of directors, and remediation of material weaknesses in internal control. Contemporary Accounting Research, 26(2), 549-579.Available at: https://doi.org/10.1506/car.26.2.9.

Haugen, S., & Selin, J. R. (1999). Identifying and controlling computer crime and employee fraud. Industrial Management & Data Systems, 99(8), 340-344.Available at: https://doi.org/10.1108/02635579910262544.

He, D., Ma, M., Zhang, Y., Chen, C., & Bu, J. (2011). A strong user authentication scheme with smart cards for wireless communications. Computer Communications, 34(3), 367-374.Available at: https://doi.org/10.1016/j.comcom.2010.02.031.

Higgins, H. N. (2012). Learning internal controls from a fraud case at Bank of China. Issues in Accounting Education, 27(4), 1171-1192.Available at: https://doi.org/10.2308/iace-50177.

Hogan, C. E., & Wilkins, M. S. (2008). Evidence on the audit risk model: Do auditors increase audit fees in the presence of internal control deficiencies? Contemporary Accounting Research, 25(1), 219-242.Available at: https://doi.org/10.1506/car.25.1.9.

Hooks, K. L., Kaplan, S. E., & Schultz, J. J. (1994). Enhancing communication to assist in fraud prevention and detection. Auditing-a Journal of Practice & Theory, 13(2), 86–117.

Jensen, M., & Meckling, W. (1976). Theory of the firm: Managerial behaviour, agency costs and ownership. Strategic Management Journal, 21(4), 1215–1224.

Khurana, I. K., & Raman, K. (2004). Litigation risk and the financial reporting credibility of big 4 versus non-big 4 audits: Evidence from Anglo-American countries. The Accounting Review, 79(2), 473-495.Available at: https://doi.org/10.2308/accr.2004.79.2.473.

Krisanthi, G. A. T., Sukarsa, I. M., & Bayupati, I. P. A. (2014). Governance audit of application procurement. Journal of Theoretical and Applied Information Technology, 59(2), 342–351.

Krishnan, J. (2005). Audit committee quality and internal control: An empirical analysis. The Accounting Review, 80(2), 649-675.Available at: https://doi.org/10.2308/accr.2005.80.2.649.

Luo, X., Li, H., Zhang, J., & Shim, J. P. (2010). Examining multi-dimensional trust and multi-faceted risk in initial acceptance of emerging technologies: An empirical study of mobile banking services. Decision Support Systems, 49(2), 222-234.Available at: https://doi.org/10.1016/j.dss.2010.02.008.

Maliawan, I. B. D., Sujana, E., & Diatmika, I. P. G. (2017). The effect of internal audit and the effectiveness of Internal control on fraud prevention. S1 E-Journal of Ganesha University Accounting, 8(2), 1–11.

Mangala, D., & Kumari, P. (2015). Corporate fraud prevention and detection: Revisiting the literature. Journal of Commerce & Accounting Research, 4(1), 35-45.Available at: https://doi.org/10.21863/jcar/2015.4.1.006.

McConnell, P. J. (2013). A risk culture framework for systemically important banks. Journal of Risk and Governance, 3(1), 23–66.

Meliana, M., & Hartono, T. R. (2019). Indonesian banking fraud: Exploration study. Paper presented at the Expert National Seminar.

Nugraha, E., Nugroho, L., & Setiawan, A. (2020). Discourses of determinants factor in audit quality. Paper presented at the 1st Annual Conference Economics, Business, and Social Sciences.

Nugroho, L. (2020). Shariah bank and financial technology (Fintech) dynamics In the Era of the Iindustrial revolution 4.0. In U. Saripudin (Ed.), The existence of Islamic business in the Era of the Industrial Revolution 4.0 (pp. 153–181): Dropdown.

Nugroho, L., & Bararah, H. N. (2018). The effect of good corporate governance and operational costs and operating income (BOPO) on the financial stability of Islamic banks in Indonesia in 2012-2017. Inovbiz: Journal of Business Innovation, 6(2), 160–169.

Nugroho, L., Hidayah, N., Badawi, A., & Mastur, A. A. (2020). The urgency of leadership in islamic banking industries performance. Paper presented at the 1st Annual Conference Economics, Business, and Social Sciences.

Nugroho, L., Villaroel, W., & Utami, W. (2017). The challenges of bad debt monitoring practices in islamic micro banking. European Journal of Islamic Finance, 11, 1–11.

Nugroho., L., Badawi, A., & Hidayah, N. (2019). Discourses of sustainable finance implementation in Islamic bank (Cases studies in Bank Mandiri Syariah 2018). International Journal of Financial Research, 10(6), 108-117.Available at: https://doi.org/10.5430/ijfr.v10n6p108.

Panigrahi, S., Kundu, A., Sural, S., & Majumdar, A. K. (2009). Credit card fraud detection: A fusion approach using Dempster–Shafer theory and Bayesian learning. Information Fusion, 10(4), 354-363.Available at: https://doi.org/10.1016/j.inffus.2008.04.001.

Paul, T. P., & Pinsonneault, A. (2011). Competing perspectives on the link between strategic information technology alignment and organizational agility: Insights from a mediation model. MIS Quarterly, 35(2), 463-484.Available at: https://doi.org/10.2307/23044052.

Pierce, J. L., Rubenfeld, S. A., & Morgan, S. (1991). Employee ownership: A conceptual model of process and effects. Academy of Management Review, 16(1), 121-144.Available at: https://doi.org/10.2307/258609.

Purnamasari, P., & Amaliah, I. (2015). Fraud prevention: Relevance to religiosity and spirituality in the workplace. Procedia-Social and Behavioral Sciences, 211, 827-835.Available at: https://doi.org/10.1016/j.sbspro.2015.11.109.

Rae, K., & Subramaniam, N. (2008). Quality of internal control procedures: Antecedents and moderating effect on organisational justice and employee fraud. Managerial Auditing Journal, 23(2), 104-124.Available at: https://doi.org/10.1108/02686900810839820.

Saunders, K. M., & Zucker, B. (1999). Counteracting identity fraud in the information age: The identity theft and assumption deterrence act. International Review of Law, Computers & Technology, 13(2), 183–192.Available at: https://doi.org/10.1080/13600869955134.

Sharifirad, M. S., & Ataei, V. (2012). Organizational culture and innovation culture: Exploring the relationships between constructs. Leadership and Organization Development Journal, 33(5), 494-517.Available at: https://doi.org/10.1108/01437731211241274.

Sitawati, S., & Mulya, H. (2018). The role of the implementation of internal control in the prevention of fraud in the management of pharmaceutical supplies in "dharmais" cancer hospital. Journal of Economics KIAT, 29(2), 25-30.

Soltani, B. (2014). The anatomy of corporate fraud: A comparative analysis of high profile American and European corporate scandals. Journal of Business Ethics, 120(2), 251-274.Available at: https://doi.org/10.1007/s10551-013-1660-z.

Suryo, M., Nugraha, E., & Nugroho, L. (2019). The importance of going concern audit opinions and their determination. Inovbiz: Journal of Business Innovation, 7(2), 123-130.

Tallon, P. P., Kraemer, K. L., & Gurbaxani, V. (2001). Executives’ perceptions of the business value of information technology: A process-oriented approach. Journal of Management Information Systems, 6(4), 145–173.

Urumsah, D., Wicaksono, A. P., & Hardianto, W. (2018). Is the value of religiosity and organizational culture to reduce fraud? Journal of Multiparadigm Accounting, 9(1), 156–172.Available at: https://doi.org/10.18202/jamal.2018.04.9010.

Utami, W., & Nugroho, L. (2018). Potential big nath accounting practice in CEO changes (Study on Manufacturing Companies Listed in Indonesia Stock Exchange). International Journal of Accounting and Finance Studies, 1(2), 202–215.Available at: https://doi.org/10.22158/ijafs.v1n2p202.

Utami, W., Nugroho, L., & Farida. (2017). Fundamental versus technical analysis of investment: Case study of investors decision in Indonesia stock exchange. Journal of Internet Banking and Commerce, 22(s8), 1–18.

Van Der Zee, J. T. M., & De Jong, B. (1999). Alignment is not enough: Integrating business and information technology management with the balanced business scorecard. Journal of Management Information Systems, 16(2), 137–156.Available at: https://doi.org/10.1080/07421222.1999.11518249.

Verhezen, P. (2010). Giving voice in a culture of silence. From a culture of compliance to a culture of integrity. Journal of Business Ethics, 96(2), 187-206.Available at: https://doi.org/10.1007/s10551-010-0458-5.

Vollmer, S. (2018). The board's role in promoting an ethical culture. Journal of Accountancy, 226(1), 24-27.

Wahyudi, A. (2009). Use of information technology in the world of business and banking. Journal of Accounting and Information Technology Systems, 7(1), 12-18.

Warrick, D. (2017). What leaders need to know about organizational culture. Business Horizons, 60(3), 395-404.Available at: https://doi.org/10.1016/j.bushor.2017.01.011.

Weill, P., & Ross, J. (2005). A matrixed approach to designing IT governance. MIT Sloan Management Review, 46(2), 1–26.

Weill, P., & Ross, J. W. (2004). IT governance: How top performers manage IT decision rights for superior results. Harvard: Harvard Business Press.

Wicaksono, A. P., & Urumsah, D. (2017). Factors influencing employees to commit fraud in workplace empirical study in Indonesian hospitals. Asia Pacific Fraud Journal, 1(1), 1-18.Available at: https://doi.org/10.21532/apfj.001.16.01.01.01.

Views and opinions expressed in this article are the views and opinions of the author(s), Asian Economic and Financial Review shall not be responsible or answerable for any loss, damage or liability etc. caused in relation to/arising out of the use of the content.