(USED) Corporate Governance Fraud Prevention in UEA

Managerial Auditing Journal
Corporate governance and information technology in fraud prevention and detection: evidence from the
UAE
Sawsan Saadi Halbouni Nada Obeid Abeer Garbou
Article information:
To cite this document:
Sawsan Saadi Halbouni Nada Obeid Abeer Garbou , (2016),"Corporate governance and information technology in fraud
prevention and detection: evidence from the UAE", Managerial Auditing Journal, Vol. 31 Iss 6/7 pp. -
Permanent link to this document:
http://dx.doi.org/10.1108/MAJ-02-2015-1163
Downloaded on: 09 May 2016, At: 23:18 (PT)
References: this document contains references to 0 other documents.
To copy this document: permissions@emeraldinsight.com
The fulltext of this document has been downloaded 7 times since 2016*
Access to this document was granted through an Emerald subscription provided by emerald-srm:121184 []
Downloaded by University of Pittsburgh At 23:18 09 May 2016 (PT)
For Authors
If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service
information about how to choose which publication to write for and submission guidelines are available for all. Please
visit www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com
Emerald is a global publisher linking research and practice to the benefit of society. The company manages a portfolio of
more than 290 journals and over 2,350 books and book series volumes, as well as providing an extensive range of online
products and additional customer resources and services.
Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee on Publication
Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive preservation.
*Related content and download information correct at time of download.

CORPORATE GOVERNANCE AND INFORMATION
TECHNOLOGY IN FRAUD PREVENTION AND DETECTION:
EVIDENCE FROM THE UAE
Sawsan Saadi Halbouni *

Assistant Professor of Accounting
Canadian University-Dubai
School of Business Administration
Accounting and Finance Department
Dubai, UAE, PO Box 117781
sawsan.halbouni@cud.ac.ae
Nada Obeid
University of Sharjah
College of Business Administration
Accounting Department
Sharjah, UAE, PO Box 27272
Abeer Garbou
University of Sharjah,
College of Business Administration
Finance & Economics Department
Sharjah, UAE, PO Box 27272
* Corresponding author
1
Abstract
Purpose: This study investigates the role of corporate governance and information technology in fraud
prevention and detection within the United Arab Emirates.
Design/methodology/approach: This study uses a survey of financial accountants and internal and
external auditors to assess their perceptions of the effectiveness of IT and corporate governance as
measured in terms of the audit committee’s effectiveness, internal audit functions, external audit
functions, culture of honesty and employee training programmes in preventing and detecting fraud in the
UAE.
Findings: The results indicate that corporate governance has a moderate role in preventing and detecting
fraud in the UAE and that IT has the same role as traditional fraud prevention and detection techniques.
The results also show no significant difference between internal and external auditors in their use of
technological and traditional techniques during the course of audits.
Research implications/limitations: The findings suggest that the senior management and boards of
directors must better understand the importance of their oversight function. The finding that a culture of
honesty has a low positive impact on fraud prevention and detection in the UAE indicates that chief
executive officers and boards of directors must make more efforts to set the ‘tone at the top’ to improve
the corporate environment in terms of integrity and ethics, among other factors. Furthermore, as IT and
traditional techniques provide the same function, senior management and boards of directors must be
alerted to the importance of developing systematic approaches to fraud investigation that involve greater
reliance on technological approaches.
Practical implications: The moderate role of corporate governance suggests that senior management and
boards of directors must better understand the importance of their oversight function to meet their
obligations and fiduciary responsibilities to stakeholders. Furthermore, greater adoption of IT to detect
and prevent fraud contributes to developing a systematic approach to fraud investigation, capable of
identifying unusual activity using effective software.
Originality/value: This study contributes to the literature on the role of corporate governance and IT in
preventing and detecting fraud, particularly for Middle Eastern countries and other emerging nations. The
study may provide insights to academics and practitioners in the UAE and their international counterparts.
Keywords: Corporate governance, Fraud prevention techniques, Fraud detection techniques, Internal
auditor, External auditor, United Arab Emirates.
Paper type – Research paper
2
1. INTRODUCTION
The International Standards on Auditing (ISA 240, 2009, p.167) states that fraudulent financial
reporting involves intentional misstatements, including material omissions or disclosures
intended to deceive financial statement users. Fraud impairs efficiency, productivity, and
innovation because it shifts resources to unconstructive activities, limits the organization’s ability
to grow, may decrease the company’s stock value, and puts the company at risk of being delisted
from national stock exchanges (Glover and Aono, 1995; Beasley et al. 1999; Rezaee, 2005). Fich
and Shivdasani (2007) raise concerns about the quality of corporate governance and argue that
massive deficiencies in its effectiveness have caused a wave of corporate financial scandals.
The Association of Certified Fraud Examiners (ACFE, 2008) in the US finds that the total
cost associated with 2,608 reported fraud cases over the last 10 years was US$ 15 billion
(Owusu-Ansah et al., 2002). As a result, regulators in the US, such as the Securities Exchange
Commission (SEC), New York Stock Exchange (NYSE), and NASDAQ, among others, have
actively promoted extensive agendas aimed at reforming the quality of corporate governance in
public organizations (Fich and Shivdasani, 2007). Witherell (2004) argues that good corporate
governance should be senior managers’ core objective, since poor corporate governance has a
negative impact on a company’s potential and paves the way for financial difficulties, and even
fraud.
A recent study by PricewaterhouseCoopers (PwC, 2014) in the UAE finds that 27% of those
surveyed were victims of economic crime in the past 2 years. Amold (2014) points out that
PwC’s (2014) findings indicate that economic crime in the region continues to be a significant
threat, affecting every industry and both large and small organizations. Coderre (2000) points out
that as more business operations used computerised information, frauds are increasingly being
committed using computer-assisted means. However, he argues that the same technology that
enables this type of fraud provides auditors with more sophisticated detection techniques.
Moreover, PwC (2014) highlights the need for better fraud detection techniques at UAE
companies.
The main objective of this research is to investigate financial accountants and practitioners’
(internal and external auditors) perceptions of fraud, the role of corporate governance, IT and
traditional prevention and detection techniques, in preventing and detecting fraud by UAE
3
companies. It also seeks to investigate the impact of demographic variables on their perceptions
of fraud and prevention.
There are several reasons for choosing UAE for this study. First, despite extensive research
on the role of corporate governance and information technology in fraud prevention and
detection in developed countries (Bierstaker et al., 2006; McKee, 2006; Grove and Basilico,
2008; Janvrin et al., 2008; Krambia-Kapardis, 2010; Ngai et al., 2011; Zhou and Kapoor, 2011;
Sharma and Panigrahi, 2012; and Chen et al., 2014), to the researchers’ best knowledge, few
empirical studies (e.g. Halbouni, 2015) have been conducted on this issue in the UAE. The
extensive findings about developed countries may not be applicable to emerging countries
because of differences in culture, society, institutional settings, legal systems and economies.
The second reason for choosing the UAE is that its most populous city—Dubai—seeks to
become a global trade and logistics powerhouse, and through such initiatives as Dubai World
Central, the government of Dubai is looking to transform the emirate into a smart city (George,
2013). The third reason in favour of setting the study in the UAE is that by mid-2009, the UAE
government introduced a code of corporate governance that provides a useful framework for this
study.
This study of the role of corporate governance and IT in preventing and detecting fraud adds
to the scant research on this topic, particularly in the Middle Eastern and emerging nations.
There are significant consequences for UAE companies due to the lack of fraud prevention and
detection practices. Therefore, this study’s results could provide more information to these
companies’ senior management and boards of directors, so that they are more aware of the
importance of their oversight functions, ethical conduct, their own behaviour and tone, and
effective corporate governance to avoid future company failures (Law, 2011). Moreover, the
results provide insights for academics and practitioners beyond the UAE.
The rest of this paper is organized as follows. Section 2 reviews the relevant literature and
develops research hypotheses. Section 3 describes the study’s research design and data collection
methods. The empirical results and analyses are discussed in Section 4. Section 5 concludes,
provides additional discussions, and describes the study’s limitations and avenues for future
research.
4
2. LITERATURE REVIEW AND HYPOTHESES DEVELOPMENT
Fraud may be one of the most serious problems and challenges in the current business
environment (Law, 2011). Organizations cannot remain healthy and competitive if fraud goes
undetected (Glover and Aono, 1995). Kelly and Chicken (2013) argue that an effective fraud
strategy prioritizes prevention and has an effective risk management policy in place in the event
that an incident occurs. Ngai et al. (2011) point out that financial fraud detection enables
decision makers to develop appropriate strategies to decrease the impact of frauds and create an
average annual increase in profit of between 10% and 40%. Law (2011) and Hopwood et al.
(2012) argue that the long-term benefits of conducting and implementing controls to prevent and
detect fraud exceed their associated costs.

Kusnierz (2006) argues that organizations are unable to prohibit systematic fraud unless they
implement processes and technologies that automatically highlight suspicious activity. Farber
(2005) examines the association between the credibility of the financial reporting system and the
quality of governance mechanisms and finds that firms with occurrences of fraud have poor
governance. He adds that, in response to the flurry of highly publicized financial reporting frauds
(e.g. Enron), regulators have enacted rules intended to strengthen the quality of corporate
governance. Grove and Basilco (2008) confirm that corporate governance indicators appear to be
most effective for detecting fraudulent financial reporting.
2.1 Existence of Fraud in the UAE

In the UAE, the State Audit Institution (SAI) points out that authorities are currently seeking to
recover more than AED 1 billion (USD 272.4 million) lost due to business fraud (SME Advisor,
2012). It adds that more than two thirds of Interpol warrants issued by the UAE are for fraud
cases, suggesting that this is a significant problem. The 2014 PWC Global Economic Crime
Survey indicates that the UAE was ranked 27th out of 177 countries in the corruption perception
index in 2012, and 26th in 2013. Moreover, The Abu Dhabi Education Council (2014) indicates
that in the Gulf Cooperation Council (GCC) region, information theft, loss, or attack represented
35% of all fraud incidents; vendor, supplier, or procurement fraud, 30%; market collusion, 28%;
managerial conflict of interest, 24%; internal financial fraud or theft, 17%; and theft of physical
5
assets or stock, 17% (Halbouni, 2015). The first proposed hypothesis addresses possible
differences in fraud perceptions between financial statements’ preparers and auditors.
H1: There is a significant difference in the fraud perceptions of financial accountants,

and internal and external auditors.
This corresponds to the extent to which corporate governance effectively prevents and
detects fraud.
2.2 Corporate Governance Indicators to Prevent and Detect Fraud

According to Rezaee (2005), corporate governance determines how a corporation is governed
through proper accountability for managerial and financial performance. It is defined by Tuŝek,
and Klikovac (2012, p. 60) as ‘a process in which all participants contribute to the detection and
prevention of fraud, with an objective to ensure long-term profitability and prosperity of a
company, which in turn contributes to creating an added value for shareholders and to the
protection of other stakeholders of company’s financial reports.’
Rezaee (2005) and Hogan et al. (2008) believe that ineffective corporate governance is
associated with the folding of high-profile companies (e.g. Enron, WorldCom, and Global
Crossing) and consequently raise questions about the integrity and ethical conduct of top
executives, the adequacy and effectiveness of internal controls, the reliability of financial reports,
the quality of internal and external audits, and the veracity of stock markets. Saidi (2011) points
out that corporate governance reform in developed capital markets is often driven by investors,
whereas in the GCC, the burden of improving corporate governance is on regulators because of
companies’ ownership structures (mainly family or state) and the availability of liquidity and
financing form regional banks.
In the UAE, the Securities and Commodities Authority (SCA) issued a new Corporate
Governance Code in 2009 based on international standards aimed at improving the effectiveness
of corporate governance (Bainbridge, 2011). The code took effect on 30 April 2010 and requires
compliance from all listed companies by completing a predetermined comprehensive template
and clearly identifying areas of non-compliance.
6
The American Institute of Certified Public Accountants (AICPA, 2010), among others, have
applied various indicators measuring the effectiveness of corporate governance in preventing and
detecting fraud (Campbell and Lindsay, 1994; Gramling and Myers, 2003; Harrast and Olsen,
2007; Christopher et al., 2009; Goh, 2009; Kaplan, 2009; Leung and Cooper, 2009; Persons,
2009; Law, 2011; McNeel, 2011). These indicators include audit committee effectiveness,
internal audit effectiveness, external audit effectiveness, employee training, and the
presence/absence of a culture of honesty and strong ethics in the top management. Corporate
governance is measured by scores on five dimensions. Each variable is measured on a five-point
–Likert scale and the scores are summed to get the final score of corporate governance.
2.2.1 Audit committee effectiveness

Leishman and Timings (2008) state that a control framework starts with awareness at the board
and senior-management level, and oversight through an audit committee, in addition to support
from upright employees and third-party due diligence programmes. The SEC requires that all
public companies create audit committees that are held responsible for the integrity of the
company’s financial reporting process and the quality of its internal controls (Sommer, 1991;
Braiotta, 1992), as these committees can play a critical role in monitoring the company’s internal
control structure and are responsible for obtaining reasonable assurances from the internal and
external auditors about the fair presentation of management assertions in the financial
information. The committee is, therefore, required to keep abreast of financial-statement
developments affecting the company. Sommer (1991) believes that the audit committee is likely
to be the first to identify potential irregularities because it has constant access to the internal
audit, the external audit firm, and other corporate personnel.
In the UAE, the (SAI, 2011, p.4) stipulates that boards or CEOs are principally responsible
for governance arrangements, and thus, for fraud control within their organizations. The SAI
(2011) adds that in many cases, an audit committee should assist a board and the CEO to oversee
the process of developing and implementing a fraud control framework, receive and review
reports describing how it functions, and oversee any incidents of suspected fraud. In addition, the
UAE’s SCA 2009 requires each listed company to establish a permanent audit committee that
comprises three non-executive directors, with at least one having financial expertise. In addition,
7
the code requires the committee to meet at least once a quarter and to submit a written report to
the board of directors regarding their actions, which are independent.
2.2.2 Internal audit effectiveness

Since 2012, the Institute of Internal Auditors (IIA) has required internal auditors to evaluate
the risk of fraud and to exercise due professional care by evaluating the probability of significant
error, fraud, or non-compliance in addition to indicating how company employees manage these
risks (2011, p.6). Law (2011) points out that the role of internal auditors in corporate governance
now involves the provision of additional services initiated by the board of directors or the audit
committee. Gramling and Myers (2003) add that an effective internal audit function can provide
advance notice of fraud risk, thereby helping to detect and prevent fraudulent financial reporting.
Church et al. (2001), Rezaee (2005), and Nicolãescu (2013) confirm with the belief that
internal auditors are the ‘first line of defence’ against fraud because of their knowledge and
understanding of the business environment and the internal control structures, arguing that
organizations with an internal audit function are more likely to self-report incidents of fraud than
others. Coram et al. (2008) find a significant positive relationship between organizations with an
internal audit function and the number and value of self-reported fraud incidents.
In 2013, the Committee of Sponsoring Organizations of the Treadway Commission’s
(COSO) framework on governance was translated into Arabic by the UAE Internal Audit
Association and released in November (Hirth, 2015). Though the COSO framework is not a
requirement, several leading companies, such as Etisalat and the National Bank of Kuwait, have
chosen to adopt the framework as a best practice. According to Hirth (2015), several listed
companies in the region have adopted regulations on internal controls, including annual
evaluations of effectiveness.
2.2.3 External audit effectiveness

ISA 240 requires that external auditors exercise professional judgment in assessing the risk of
material misstatement resulting from fraud in financial reports. Specifically, paragraph 22 of ISA
240 requires that external auditors evaluate whether an unusual or expected relationship
identified during analytical procedures may indicate risk of material misstatements due to fraud.
8
Additionally, Paragraph A8 of ISA 520 confirms that different types of analytical procedures
provide differing levels of assurance.
Carmichael (2004) and Kim and Kogan (2014) argue that even though fraud detection is not
the external auditors’ primary responsibility, stakeholders believe that this should be one of their
tasks. According to Kim and Kogan (2014), in the post-Sarbanes–Oxley Act era in the US since
2002, in the wake of the Enron scandal, auditors have some degree of responsibility for fraud
detection by evaluating whether the company’s internal control systems sufficiently address the
risk of material misstatement due to fraud. Therefore, external auditors are required to collect
information necessary to identify the risks of material misstatements due to fraud; identify and
assess the risks that may result in material misstatements due to fraud; evaluate audit evidence;
communicate about the fraud to the management, audit committee, and others; and (finally)
document their consideration of fraud (Porter, 1997; Kusnierz, 2006; Gullkvist and Jokipii,
2013).
In the UAE, the Regulatory Law of 2004 was amended in 2012 to provide the stock market
authority with regulatory oversight over registered auditors, allowing the Dubai Financial Stock
Authority (DAFSA) to implement an audit-monitoring programme (Hawkamah, 2013). This
programme was developed and designed to assess whether registered auditors meet the
appropriate ISA, International Standard on Quality Control, and Code of Ethics for Professional
Accountants issued by the International Federation of Accountants (Hawkamah, 2013). To
accomplish these objectives, the stock market authority has identified three key areas of
improvement for registered auditors: practicing greater professional scepticism, identifying
evidence related to corporate balances and managerial judgments, and improving the sufficiency
and appropriateness of evidence obtained to support their conclusions related to significant areas
of audits (Hawkamah, 2013; Halbouni, 2015).
2.2.4 Employee training programmes

According to ACFE (2012), most fraud is detected through employee tips, and organizations
with anti-fraud employee training programmes at different levels. Tysiac (2012) identifies
training provision for employees and managers and targeted fraud awareness aimed at collecting
reports of suspicious activities as the most important elements in fraud prevention and detection.
9
Marston et al. (1989) argue that once an organization has trained staff adequately, they should be
allocated responsibility for fraud prevention and detection.
Johnson and Rudesill (2001), GEO (2006), and Leishman and Timings (2008) point out that
employees must be motivated to report their concerns, and should be assured of confidentiality
and of there being no retaliation or victimization. They suggest ‘hotlines’ as an effective way to
protect internal whistle blowers’ identities and encourage reporting of irregularities. In addition,
all employees should be fully aware of the consequences of fraudulent conduct, perhaps through
the use of a formal code of conduct or awareness training (Leishman and Timings, 2008).
In the UAE, ACFE (2014) announced a partnership with the Financial Audit Department
(FAD) of the Dubai government to provide expert fraud training and certification for FAD
employees (Patterson, 2015). According to ACFE (2014a), it is providing resources and
instruction to help FAD employees earn Certified Fraud Examiner credentials, which are
globally recognized as an indicator of anti-fraud knowledge and expertise.
2.2.5 Culture of honesty

The phrase ‘tone at the top’ refers to the ethical atmosphere fostered by the company’s
leadership (ACFE, 2014b). The tone at the top is an important corporate governance concept
(Horton, 2002). Verschoor (2005), Robinson (2006), Law (2011), Perri and Brody (2011) and
Tomasic (2011) point out that an organization’s board of directors plays a significant role in the
oversight and implementation of controls to mitigate the risk of fraud while both the board and
management are responsible for setting the tone at the top and establishing organizational
support for ethical and responsible business practices at the highest levels. Leishman and
Timings (2008) show that developing an appropriate company culture requires a consistent top-
down attitude that fraud is unacceptable in all circumstances, whether against the organization
itself, or via employee, supplier, or customer misconduct. Witherell (2004) argues that the CEO
is ideally positioned to influence employee actions through his/her executive leadership, by
setting the company’s ethical tone and fostering a culture of high ethics and integrity. Krummeck
(2000) agrees and adds that acting against fraud starts with executive and senior management
commitment to the fraud policy statement communicated to different levels of the organization.
The Sarbanes–Oxley Act (2002) requires organizations to disclose whether they have
adopted a code of ethics for their CEOs, CFOs, and senior accounting personnel, and to report to
10
the SEC whenever there is a change or waiver in the code. Grove and Basilico (2008) argue that
company employees should be encouraged to push their behaviour and financial reporting to
ethical and professional limits. Tuŝek and Klikovac (2012) indicate that only 37% of the
surveyed companies have strict codes of ethics, while more than one third have no codes of
ethics implemented at all. In the UAE, PWC (2014) findings indicate that reporting suspicious
transactions and corporate culture are the most effective methods of fraud detection.
From the above, we can infer that respondents regard audit committees, internal audits,
external audits, employee training programs, and a culture of honesty as being effective and
significant in preventing and detecting fraud. Thus, this study proposes the following second
hypothesis.
H2: The summation score of corporate governance is related to fraud prevention and
detection.
2.3 Fraud prevention and Detection Techniques

Fraud has become increasingly complicated, and every organization is at risk (Law, 2011). As a
result, there is increasing demand for timely and on-going assurance about the effectiveness of
risk management and control systems. This has led to businesses and related entities moving
toward a more automated control environment through the implementation of continuous audit
modules (Malescu and Sutton, 2015). Nita (1997) and PWC (2006) confirm that in a paperless
environment, there is global demand for timely and increasingly automated control
environments. Coderre (2006, p.1) defines a continual audit as ‘a method used to perform control
and risk assessments automatically on a more frequent basis’.
Coderre (2000) argues in favour of a systematic approach to fraud investigation that
involves identifying unusual activity using computer-assisted audit techniques (CAATs),
including digital analysis techniques such as Benford’s Law, could help organizations detect
corrupt activity. Phua et al. (2005), Ngai et al. (2011), Zhou and Kapoor (2011), and Ormerod et
al. (2012) note that fraud detection has become one of the best-established applications of data
mining in both the industry and government, as it is often applied to extract and uncover hidden
truths behind very large quantities of data. According to Phua et al. (2005), the most frequently
11
used techniques are logistics models, neural networks, the Bayesian belief network, and decision
trees. Arens et al. (2012) argue that IT could improve a company’s internal controls and affect
overall risk, although its use creates other risks, such as those related to the protection of
hardware and data, or the potential introduction of new types of errors if there is too much
reliance on hardware and software capabilities. These risks include systematic risk, unauthorized
risk, and the risk of losing data.
At the same time, Mahathevan (1997) points out that traditional auditing techniques are
widely acceptable and used. On the one hand, Porter (1997) and Hyde (2007) argue that
traditional compliance testing, which uses random sampling and requires an extrapolation of the
results, may be appropriate for external auditors, given their emphasis on financial statements,
though they are not sufficient for internal audits, which require a much more detailed
understanding of the company’s risks and controls. In addition, internal auditors must rely more
on automated data analysis and targeting sampling methods rather than traditional procedures to
enhance testing methods and optimize efficiency and effectiveness.
On the other hand, McKee (2006) argues that external auditors need to use their imagination
when choosing the most effective and efficient audit techniques in a particular audit approach,
suggesting that external auditors use many irregular, traditional techniques and technological
techniques such as unannounced inventory observation, changing audit techniques from prior
years, applying Benford’s Law; and embedding a software monitor in the auditee’s system to
maintain unpredictability. Banker et al. (2002), Kusnierz (2006), Dowling and Leech (2007),
Dowling (2009) and Chen et al. (2014) confirm that audit support systems are primary
technology applications used by audit firms to control, facilitate and support their audit work. In
addition, audit firms promote these systems as essential to facilitate and achieve high-quality
financial statement audits. The authors point out that if auditors do not use audit support systems
appropriately, then the quality of audited financial statements could suffer and have negative
impacts on stakeholders’ economic decisions.
Protiviti (2013) believes that the automation of internal audits is becoming more appealing
and could help mitigate costs and increase audit effectiveness and efficiency. Malaescu and
Sutton (2015) find that external auditors are willing to rely more on internal audit work in a
continuous audit environment than in a traditional environment, and this effect is magnified if a
12
prior-year audit report on the effectiveness of internal controls were to indicate that these were
working properly.
In 2012, the UAE’s Federal Legal Decree No. 3 established the National Electronic Security
Authority (NESA), which aims to ‘organize protection for the communication network and
information systems to develop, amend, and use the necessary security methods in the electronic
security domain’ (PwC, 2014). The NESA then issued Federal Legal Decree No. 5 in 2012 to
combat information technology (IT) crimes, which came into effect in December 2012.
It can be said from this discussion, and the requirements of Federal Legal Decree No. 5, that
respondents believe that internal and external auditors use both technological and traditional
fraud detection techniques in the UAE. Therefore, we test the following hypothesis.
H3: Fraud prevention and detection techniques are significantly practiced. However, there
is no significant difference in the perceived use of technological and traditional
techniques between internal and external auditors.
2.4 Impact of Various Factors on Internal and External Auditors’ Perceptions of the
Existence of Fraud, and the Effectiveness of Corporate Governance and Fraud Prevention
and Detection Techniques
Jackson (2012) points out that internal auditors endeavouring to assess the risk of fraud need to
be acutely aware of what makes their organization unique. Loebbecke et al. (1989), Beasley et al.
(2000), and Jackson (2012) add that some fraud risks are very industry specific: the healthcare,
financial services, and manufacturing industries appear to have high concentrations of fraud.
Janvrin et al. (2008) find that the use of technological audit techniques varies by audit firm
size. Gillett and Uddin (2005), Janvrin et al. (2008), and Dowling and Leech (2014) confirm this
by arguing that large audit firms have made significant investments in IT, while Johnson and
Rudesill (2001) note that small businesses are at greater risk of fraud because they do not have
the resources that larger companies have to install sophisticated security devices and elaborate
audit and security procedures.
13
Janvrin et al. (2008) reveal that auditors employed by national firms are more likely to use
and assign perceived importance ratings similar to auditors from international operations on
certain audit applications, such as fraud reviews, expert systems, and internal control evaluations,
though they are simultaneously similar to auditors from smaller firms in other areas, such as
audit report writing. Audit experience has a significant impact on auditors’ professional
judgment and the length of audit experience has a significant impact on determining the
seriousness of a fraud problem (Wright, 1988; Bedard 1989; Hackenbrack, 1993; Johnson and
Rudesill, 2001).
This study proposes the following hypothesis on the impact of current position,
qualification, work experience, business type, operation, listing status, and company size on
internal and external auditors’ perceptions of the existence of fraud, and the effectiveness of
corporate governance and of the techniques they use to prevent and detect fraud.
H4: Current position, qualifications, experience, company operation, business type, listing
status, and company size have a significant impact on internal and external auditors’
perceptions on the existence of fraud, effectiveness of corporate governance, and
techniques used to prevent and detect fraud.
3. RESEARCH DESIGN AND DATA COLLECTION

3.1 Research Instrument
Data were collected using a questionnaire adapted from Bierstaker et al. (2006), which is
generally designed to collect data related to the perception of fraud as a concern for Emirati
companies and the role of corporate governance (particularly, the audit committee, internal
auditors, external auditors, employee-training programmes, and the culture of honesty) in
preventing and detecting fraud in the UAE. The questionnaire also includes items related to the
perceptions of financial accountants and internal and external auditors regarding the use of
technological and traditional fraud prevention and detection techniques.
The questionnaire contains four parts (see the Appendix). The first part consists of seven
questions intended to capture respondents’ basic demographic data, including current position
(financial accountant, internal/external auditor), professional qualifications, and work
14
experience. These questions are also designed to capture whether the company operates locally,
regionally, or internationally; the company’s listing status and business type (manufacturing,
retail, financial, service, or government); and the size of the company in terms of number of
employees (large: more than 1,000 employees; medium: between 501 and 1,000 employees;
small: less than 500 employees).
The second part of the questionnaire contains two questions related to participants’
perceptions of the existence of fraud in their companies and their future expectations of the UAE
business environment. These questions were constructed as a series of five-point Likert-type
scales (1 = strongly disagree, 5 = strongly agree).
The third and fourth parts of the questionnaire contain 39 questions presented using a five-
point Likert-type scale. The third part includes six questions measuring respondents’ perceptions
of the effectiveness of their companies’ corporate governance against fraud. The first question
investigates the role of the audit committee in acting against fraud, while the second question
investigates the effectiveness of the internal audit function measured in terms of funding change
over the past 3 years. The third question measures the pressure on employees to achieve
organizational objectives. The fourth question measures the effectiveness of the external audit
function in acting against fraud. The fifth question investigates the role of employee training
programmes, and the sixth question considers the role of the culture of honesty in acting against
fraud. Finally, the fourth part of the questionnaire includes 33 questions developed to measure
internal and external auditors’ perceptions of the use of fraud detection techniques in the course
of an audit in the UAE.
3.2 Research Sample and Techniques

In April 2014, the questionnaire, in both Arabic and English, was sent to financial accountants
and practitioners (the latter either internal or external auditors) working in the UAE. Of the 130
questionnaires sent, 83 (63.8%) were returned; three questionnaires were excluded as they
contained incomplete data. Data validity was confirmed with a reliability analysis, followed by
an analysis of the descriptive statistics, t-tests, a paired sample t-test, and a one-way analysis of
variance (ANOVA) test to evaluate the hypotheses.
15
3.3 Reliability Analysis
Cronbach’s alpha values were analysed to determine the internal consistency of the items for
each construct. The results indicated that the two constructs used to measure respondents’
perceptions of the existence of fraud and its impact on the future UAE business environment
were moderately reliable (α = .707) and the 33 constructs used to measure internal and external
auditors’ perceptions of the techniques used to prevent and detect fraud were high (α = .851),
whereas the six constructs measuring the effectiveness of corporate governance in preventing
and detecting fraud were not calculated since each used a single construct to measure the
respondents’ perceptions of the effectiveness of a certain element of corporate governance in the
UAE. The Cronbach’s alpha values for the two indices were within acceptable ranges (Nunnaly,
1994; Fornell and Larcker, 1981; Smith, 2003).
3.4 Respondents’ Characteristics

Table 1 reports the descriptive statistics, including current position, professional qualifications,
and work experience. They also cover the organization’s background, listing status, type,
industry, and size. Of the respondents, 33.7% were financial accountants, 26.5% were internal
auditors, and 39.8% were external auditors. In addition, 68.7% of the respondents held a masters
or bachelor degree in accounting, with all three categories of professionals holding different
levels of professional qualification and work experience.
{Please Insert Table 1 Here}
Regarding organizational background, listing status, type, industry, and size, the sample
provides a reasonable representation of the various types of companies in terms of listing status:
15.7% of the responses were returned by large companies, 36.1% by medium-sized companies,
and 48.2% by small companies. In addition, 25.3% of the companies were local firms, 51.8%
were regional firms, and 22.9% were international firms. The results reveal that 55.4% of the
respondents represent service and financial institutions, while 21.7% represent manufacturing
companies. The summary statistics show that the research sample reasonably represents a broad
set of firms in terms of listing status, size and professionals, including financial accountants and
auditors with varying levels of professional qualifications and work experience. The findings are,
therefore, unbiased and reliable.
16
4. EMPIRICAL ANALYSIS AND RESULTS
4.1 Perceptions of Fraud
To test the first research hypothesis about the significant differences in fraud perceptions
of financial accountants and internal and external auditors, this study uses sample t-tests and the
one-way ANOVA test for the respondents’ perceptions that their firms had been a victim of
fraud and their expectations that fraud will increase in the future in the UAE. The results are
shown in both Panels A and B of Table 2.
Panel A of Table 2 shows that 44.6% of respondents considered their firms to have been
victims of fraud. The results are in line with those obtained by Johnson and Rudesill (2001), in
which 44.6% of the respondents perceived fraud to be a serious problem in their firms.
Moreover, Panel A of Table 2 reveals that 45.8% of the respondents expect that incidents of
fraud would increase in the future; this is nearly double the PwC’s (2014) finding that 27% of
those surveyed in the UAE were victims of economic crime in the past 24 months. In addition,
Panel A of Table 2 shows that a large proportion of the respondents in this study believed that
their organizations would fall victim to some form of economic crime in the future that they have
already experienced in the past.
{Please Insert Panel A of Table 2 Here}
{Please Insert Panel B of Table 2 Here}
These findings for the UAE are consistent with PwC’s (2014) results, which find that 21%
of companies in the Middle East were victims of an economic crime as compared to 37% of
businesses globally and that 38% of the Middle Eastern respondents expected their organizations
to suffer from an economic crime in the next 24 months. As in PwC (2012), the most common
corporate crimes in the Middle East include asset misappropriation, bribery and corruption,
cybercrime, and accounting fraud.
Panel A of Table 2 reports mean score for respondents’ perceptions of the existence of fraud
in the UAE and their belief that their organizations will experience some form of economic
crime in the future. Panel A of Table 2 further shows that the overall mean of respondents’
perceptions of the existence of fraud in the UAE and their expectation that fraud will increase in
the future is significantly neutral (indicated as 3 on the five-point scale; t = 7.89, p = .000).
17
Finally, Panel B of Table 2 presents the one-way ANOVA test results. The results indicate
no significant difference between financial accountants and internal and external auditors’ views
that their companies were victims of fraud (F = .080, p = .923) and in their expectations that
fraud will increase in the future (F = 2.823, p = .065). The overall mean average is not significant
(F = 1.154, p = .321).
Based on these results, the first research hypothesis regarding the differences between
financial accountants and internal and external auditors’ perceptions of fraud in their
organizations in the UAE is not supported, and it is possible to conclude that there is no
significant difference in the perceptions of fraud among financial accountants and internal and
external auditors.
4.2 Perceptions of the Effectiveness of Corporate Governance

The questionnaire included six items to address respondents’ perceptions of the effectiveness of
corporate governance in preventing and detecting fraud. Table 3 summarizes the analysis and
shows that the overall mean of respondents’ perceptions of the function of corporate governance
varies between 3.24 and 3.71 (range = 0.47). The overall mean of respondents’ perceptions of
corporate governance in preventing and detecting fraud is significantly different from 3 (t =
10.36, p = .000). In addition, the results indicate that respondents are positive about the internal
audit function’s effectiveness, perceiving it to play the most significant role in preventing and
detecting fraud by placing high pressure on employees to meet organizational objectives (based
on the factor analysis presented in panel C of Table 6; described in detail in section 4.5), with an
average greater than 3 (t = 7.27, p = .000). The high pressure on employees to achieve the target
is in line with both Weisbach (1993) and Evans et al. (2002), who argue that corporate
performance is a function of the quality of the company’s corporate governance structures.
However, this employee pressure does not conform to the IIA, AICPA, and ACFE guidelines
(Managing the Risk of Fraud, 2015, p.22), which state that pressure on individuals to achieve
performance or other targets is an important motive to act fraudulently and is often difficult to
quantify.
18
Furthermore, the results reveal that funding for internal audit departments has changed
significantly over the past 3 years, with an average greater than 3 (t = 4.64, p = .000). This study
sees this change as an increase based on the UAE Corporate Governance Code requirements,
issued by the SCA in 2009. These results are in accordance with Bierstaker et al.’s (2006)
finding that funding for internal audit departments has increased over the past 3 years. Table 3
also shows that audit committees, employee training programmes, and external audit functions
have significant effects in preventing and detecting fraud in the UAE.
Furthermore, this study’s results confirm Law’s (2011) finding that the effectiveness of the
audit committee and the internal audit function, along with the impact of the culture of honesty,
are positively associated with the absence of fraud in organizations. However, despite the
positive influence of the culture of honesty (Q6, with an average greater than 3), the results
indicate that the culture of honesty has the lowest mean average, and is not statistically
significant.
Based on the results, the second hypothesis regarding the effectiveness of corporate
governance for UAE companies is supported. Corporate governance measured by scores on five
dimensions, the role of the audit committee, the pressure on employees to meet organizational
objectives, the significant role of the external audit function, and increased funding for the
internal audit department and employee training programmes have significant effects on
preventing and detecting fraud in the UAE.

4.3 Perceptions of Prevention and Detection Techniques
The study includes 33 constructs to investigate UAE companies’ technological and traditional
fraud prevention and detection techniques. These techniques are ranked based on the overall
mean of each construct. Table 4 demonstrates that filtering software, Q33 (average = 4.39; t =
11.81; p = .000), is the most common technique used by companies in the UAE. Password
protection, Q31 (average = 4.19; t = 9.70; p = .000), and surveillance equipment, Q12 (average =
4.17; t = 8.60; p = .000), rank second and third, respectively. However, fraud software, Q24
(average = 2.73; t = -1.56; p = .000), and fraud auditing techniques, Q5 (average = 2.84; t = -1.1;
p = .273), are not commonly used to detect and prevent fraud, as the average for the two
19
constructs are below the cut-off point of 3. The results do not meet the Public Company
Accounting Oversight Board (2000, 2007, 2008) recommendations for audit effectiveness for the
use of forensic-type fieldwork audit procedures to demonstrate a high level of professional
scepticism throughout the audit process and to focus on fraud risk indicators that may signal the
occurrence of financial statement fraud. At the same time, the results agree with Bierstaker et
al.’s (2006) finding that firewalls, virus protection, password protection, and internal control
reviews are the most common techniques practiced by the organizations surveyed, while the use
of forensic accountants is the least common practice. Moreover, Table 4 indicates that despite an
acceptable mean average for fraud-reporting policies (Q6) and fraud hotlines (Q7), the p-value
for these two constructs is not significant at the .05 level.

Table 4 confirms the findings from earlier studies that the use of an audit committee as a
fraud prevention and detection technique is common, ranking in fourth place (Q15: average =
4.13; t = 9.77; p = .000). Additionally, the table indicates that respondents perceived even the
limited practice of the culture of honesty—as demonstrated by the presence of ethics officers
(Q23), ethics training (Q11), and corporate codes of conduct (Q1)—to prevent and detect fraud.
The three constructs ranked 25th, 26th, and 27th, respectively. This can be explained as the
respondents’ expectations that their firms would suffer from an economic crime in the future.
The results are in line with those of COSO (2006, p.7), which finds that ethical behaviour has a
strong impact on business strategy, operations, and long-term company survival, the level of
board and corporate commitment, and the organization’s fraud-risk profile.
Table 4 reveals that fraud prevention and detection training is moderately practiced despite
its significant role in preventing and detecting fraud, Q10 (average = 3.73; t = 6.86; p = .000). Its
moderate use, combined with an increase in awareness of the importance of this technique, is
supported by the respondents’ perception that funds for fraud prevention training have changed
significantly over the previous 3 years. Furthermore, the importance of fraud prevention and
detection training complies with the COSO (2006, p.32) requirement that human resources
departments develop and provide the necessary training for fraud-risk management programmes,
including ethics and codes of conduct, defining what constitutes fraud, and establish what to do
when fraud is suspected. ACFE (2010) ranked management reviews and internal audits as the
second- and third-most common methods of detection, respectively, while tips from employees
were almost three times as common as either of these other methods, as 43% of the fraud in that
20
survey was initially detected through employee tips. In addition, Table 4 demonstrates that
respondents’ perceptions of the use of both technological and traditional techniques is
significantly different from 3 (3.74; t = 13.26; p = .000).

To examine the third research hypothesis related to the absence of any significant difference
in the perceived use of technological and traditional techniques between internal and external
auditors, this study uses sample t-tests, paired samples tests, and independent-sample t-test. The
sample t-test was employed to investigate the use of technological and traditional fraud
prevention and detection techniques by internal and external auditors in the UAE. The paired
samples test was used to investigate any significant difference in the use of technological and
traditional audit techniques by internal and external auditors, while the independent-sample t-test
was employed to examine any significant difference in the use of technological and traditional
techniques between internal and external auditors in the UAE.
Panel A of Table 5 presents the sample t-test results. The results indicate that the overall
main average for the use of technological means is slightly higher than that for traditional audit
techniques.
{Please Insert Panel A of Table 5 Here}
An analysis of the paired samples test results reveals no significant differences between the
overall mean averages of technological and traditional audit techniques. The results shown in
Panel B of Table 5 indicate that no significant difference exists between the two mean averages
(t = -.724; p = .472), suggesting that both technological and traditional fraud audit techniques
play a significant role in fraud prevention and detection in the UAE.
Finally, the independent-sample t-test used to examine the absence of a significant
difference in the use of technological and traditional techniques between internal and external
auditors in the UAE. Panels B and C of Table 5 present the results of this analysis.
{Please Insert Panel B of Table 5 Here}
{Please Insert Panel C of Table 5 Here}
21
Panel C of Table 5 indicates that no significant difference exists between internal and
external auditors’ perceptions of the use of technological and traditional fraud prevention and
detection techniques. Therefore, hypothesis 3 is supported.
4.4 Impact of Various Factors on Internal and External Auditors’ Perceptions of the
Existence of Fraud, and the Effectiveness of Corporate Governance and of Fraud Prevention
and Detection Techniques
This study applies a one-way ANOVA test to examine the fourth research hypothesis related
to the impact of internal and external auditors’ current professional position, qualification, and
work experience and their organization’s operation, business type, listing status, and company
size on the auditors’ perceptions of the existence of fraud in their companies, their expectations
about the increase of fraud in the future, corporate governance effectiveness, and their use of
traditional and technological techniques to prevent and detect fraud in the UAE. The results are
presented in Panels A–H of Table 6.
Panel A of Table 6 indicates that demographic variables do not have a significant impact on
respondents’ perceptions of their companies being victims of fraud. Panel B of Table 6 shows
that current position (being an internal auditor or an external auditor) as well as listing status
significantly impact expectations that fraud will increase in the future. In addition, Panel B
reveals that the mean average for external auditors is greater than that for internal auditors (F =
6.004, P = .018), and the mean average for listed companies is significantly greater than that for
unlisted companies (F = 4.77, p = .033). The results indicate that external auditors are more
concerned about the increase of fraud in the future than internal auditors. Moreover, Panel B
indicates that listing status significantly affects respondents’ perceptions of a future increase in
fraud.
{Please Insert Panels A & B of Table 6 Here}
To verify the impact of respondents’ perceptions on the effectiveness of corporate
governance, a factor analysis using the extraction sums of squared method is applied to the
corporate governance indicators (six items). The factor loading is rotated using rotated
component analysis. The results are reported in Panel C of Table 6.
22
It is noteworthy that the audit committee’s role in fraud detection, as well as the change in
funding for employee fraud prevention training over the past 3 years, is loaded substantially for
Factor 1 (audit committee), the change in funding for the internal audit department over the past
3 years. Meanwhile, the high pressure placed on employees to meet organizational objectives is
loaded substantially on Factor 2 (internal audit), while the role played by the external audit
function for fraud prevention and detection, as well as top-management accountability, are
loaded substantially on Factor 3 (external audit). Panel C of Table 6 indicates that the role of the
audit committee, internal audit function, and external audit function are the three main factors
associated with corporate governance that explain 71.9% of the variation in the auditors’
responses.
{Please Insert Panel C of Table 6 Here}
Panels D, E, and F of Table 6 indicate that business type is the only variable that has a
significant effect on internal and external auditors’ perceptions of the effectiveness of the audit
committee and the internal audit and external audit functions. The table shows respondents’
business type (specifically, manufacturing firms) to be the most influential factor behind the
effectiveness of corporate governance in acting against fraud.
{Please Insert Panel D of Table 6 Here}
{Please Insert Panel E of Table 6 Here}
{Please Insert Panel F of Table 6 Here}
Panel G of Table 6 indicates that professional qualification, business type, and listing status
have significant impacts on internal and external auditors’ perceptions of the use of traditional
techniques. Respondents with higher education or professional degrees rely more on traditional
techniques than those with other degrees, such as bachelor’s, secondary degrees, or diplomas (F
= 2.861, P = .033). In addition, some business types, such as manufacturing organizations, rely
more on traditional techniques than do others, such as government or retail organizations.
However, unlisted companies significantly rely on traditional techniques compared to listed
companies (F = 5.37, P = .024).
{Please Insert Panel G Table 6 Here}
{Please Insert Panel H Table 6 Here}
23
Panel H of Table 6 indicates that professional qualification and business type have
significant impacts on auditors’ perceptions of their use of technological fraud prevention and
detection techniques. Respondents with bachelor’s or higher qualifications rely more on
technological techniques than those with secondary school education or diplomas (F = 2.824, P =
.034). Moreover, manufacturing firms rely significantly more on technological techniques
compared to other business types (F = 9.127, P =.000).
The data shows that internal and external auditors with higher qualifications use both
traditional and technological fraud prevention and detection techniques more as compared to
those with lower qualifications. Moreover, manufacturing organizations rely on both traditional
and technological techniques more than other business types. The results in this subsection
confirm the earlier results in this study that internal and external auditors use both traditional and
technological techniques simultaneously. The results are also in line with Martinis et al.’s (2011)
finding that client-type differences impact auditors’ risk assessment. Furthermore, the results are
in accordance with Marston et al.’s (1991) finding that auditors rely on both computer-assisted
tools and manual techniques. These results thus support the fourth research hypothesis. The
results also reveal that work experience, organizational operation, and company size have no
significant impact on respondents’ perceptions of the techniques they use to detect fraud, which
are in line with those of Johnson and Rudesill (2001), in which auditors’ years of experience
have no impact on their perceptions of the techniques used to prevent and detect fraud. At the
same time, the results differ from those of Martinis et al. (2011), who found that company size
has a significant impact in determining the seriousness of the fraud problem and the risk
associated with the client, as well as Janvrin et al. (2008), who find that national firms may
invest resources in relatively high-risk activities, like fraud detection and prevention.
5. DISCUSSION AND CONCLUSION

This study investigated financial accountants’ and internal and external auditors’ perceptions of
the existence of fraud among companies in the UAE and of the effectiveness of corporate
governance via their views on audit committees, internal and external audit functions, culture of
honesty, and employee training programmes. Moreover, this study investigated the extent of the
use of IT and traditional fraud prevention and detection techniques in fraud detection and
prevention. With regard to respondents’ perceptions of fraud, the results reveal that respondents
24
perceived that their firms had been victims of fraud and expected frauds to increase in the future,
which is in line with Bierstaker et al.’s (2006) finding for the USA.
With regard to the effectiveness of corporate governance in preventing and detecting fraud
in the UAE, the analytical results show that financial accountants and internal and external
auditors perceived that corporate governance via the audit committee plays a significantly role in
preventing and detecting fraud in the UAE. The results confirm Persons’ (2009) and Kaplan’s
(2009) argument that an effective audit committee is essential for preventing fraudulent financial
reporting. In addition, the results are in accordance with Goh’s (2009) finding that the audit
committee’s effectiveness is associated with the organization's timeliness in remediating material
weaknesses in internal controls by improving financial reporting quality, and ultimately

enhancing corporate governance. However, the moderately significant role the audit committee
plays could be attributed to its members’ reasonable, but not high, level of confidence in their
oversight of their company’s financial reporting and in the accuracy, independence, and
objectivity of internal and external audit processes (KPMG, 2015).
Moreover, the results demonstrate that the internal audit function has the most significant
impact on fraud prevention and detection in the UAE, in line with Owusu-Ansah et al.’s (2002),
KPMG’s (2003), and Alleyne and Howard’s (2005) conclusion that organizations with internal
auditors, sound internal controls, and effective audit committees were better equipped at
preventing and detecting fraud.
With reference to the effectiveness of other elements of corporate governance, the results
reveal that employee training programmes and the external audit function have a significant
impact on preventing and detecting fraud, which agrees with Rezaee’s (2004) argument that
organizations should develop fraud prevention programmes and establish appropriate policies
and procedures, and communicate the same to all organizational members. Further, these policies
should be applied by all employees, including the management.
25
Furthermore, the results indicate that setting an honest ‘tone at the top’ has limited positive
impact on fraud prevention and detection in the UAE. This result contradicts Law’s (2011)
argument that the moral and ethical tone of the top management is an integral part of an
organization’s control systems and it supports Horton’s (2002) argument that this should be set
by the CEO and board of directors to influence the corporate environment in terms of integrity
and ethics, among other factors.
In respect of fraud prevention and detection techniques, the results demonstrate that
respondents have positive perceptions of the role of IT and traditional techniques in preventing
and detecting fraud. Furthermore, there is no significant difference in the use of technological
and traditional techniques for internal and external auditors in the UAE, which departs from
Arens et al.’s (2012) argument that internal auditors should rely more extensively on
technological techniques than external auditors. Auditors’ moderate use of technological
techniques could moderately explain the respondents’ concerns about their organizations
becoming victims to some form of economic crime in the future.
Our results should encourage greater reliance on technological techniques and fraud
software to prevent and detect fraud, in line with the work of Coderre (2000), Kusnierz (2006),
Gill (2009), and Kemal (2013), who indicate that advanced analytical techniques are essential for
generating financial statements on a real-time or close to real-time basis, and that models should
be developed from data for both the detection of fraudulent activity that has already occurred and
for the proactive determination of the propensity for fraudulent activity in the future.
Finally, the analysis of the impact of the firm’s current position, professional qualifications,
work experience, company operation, business type, listing status, and company size on internal
and external auditors perceptions of the existence of fraud, corporate governance effectiveness,
and fraud prevention and detection techniques indicates that external auditors are more
concerned about the increase of fraud in the future, while internal auditors are more concerned
about the impact of listing status on the existence of fraud. Furthermore, internal and external
auditors perceive that manufacturing companies have the most effective corporate governance,
and therefore, they rely more on both technological and non-technological techniques than other
business types to prevent and detect fraud. In addition, internal and external auditors’
qualifications have a significant impact on their perceptions of their use of both traditional and
26
technological fraud techniques, while they perceive that unlisted companies rely more on
traditional techniques to act against fraud.
This study’s main contribution is the finding that corporate governance plays a moderately
significant role in preventing and detecting fraud in the UAE, providing information to senior
management and boards of directors to improve their awareness of the importance of their
oversight function to meet their obligations and fiduciary responsibilities to stakeholders. The
moderately significant role the audit committee plays suggests that the audit committee members
need to learn more about how to enhance confidence in their oversight of risk through an
appropriate orientation and ongoing training, in addition to staying current with regulatory
standards and developments (KPMG, 2015). Simultaneously, the moderately significant role the
internal auditors have suggests that they should work to improve their ability to deal with issues
such as assessing strategic risks, business risks, and risks related to fraud and technology, in
addition to dealing with finance, compliance, and operational issues (PWC, 2008). Whilst the
external auditor is in large part responsible for the effectiveness of the audit process,
management and the audit committee have important contributions through the overall
assessment of the effectiveness of the external audit process. Moreover, the limited positive
effect of a culture of honesty emphasises the importance of adopting effective business ethics
programs to serve as the foundation for preventing, detecting, and deterring fraudulent and
criminal acts and to create an environment where making the right decision is implicit. However,
the current research findings and suggestions provide insightful contributions to the significance
of corporate governance.
Furthermore, as most organizations in the current business environment rely on IT to
conduct business, the finding that IT performs the same function as traditional techniques should
indicate to senior managers that it is important to develop a systematic approach to fraud
investigation that involves identifying unusual activity using effective software. Moreover, the
results from this study in the UAE as an emerging nation are in line with those obtained in
developed countries, except for the corporate governance indicator related to ethical conduct,
despite the cultural, social, institutional, legal, and economic differences between the UAE and
developed nations. This could be attributed to the fact that the UAE is not representative of most
developing nations as it is a high-income country, with technology investments and global trade,
supplemented by the SCA’s efforts in 2009. This study’s results could provide further insights
27
not only to academics and practitioners in the UAE, but also to their counterparts internationally.
Future research may investigate the effectiveness of a broader view of governance, such as risk
management programs, internal controls, and corporate responsibility and risks related to fraud
and technology. Additionally, future research based on specialized domain knowledge could
investigate the most effective and efficient computer-assisted automated fraud-detection
mechanisms. An investigation of the effectiveness of audit procedures by internal and external
auditors in the UAE provides yet another avenue for future research.
This study shares a limitation common to other studies of fraud prevention and detection.
The sensitive nature of the subject and the tendency of financial accountants and practitioners to
protect themselves and their organizations may lead them to provide socially desirable answers.
Additionally, the empirical analysis is limited by the survey instrument. Although five-point
Likert-type scales are common, they limit the range of responses, so, it may have been
insufficiently precise in detecting differences between financial accountants and internal and
external auditors.
28
References:
Abu Dhabi Education Council (2014), ‘ADEC conducts the first anti-fraud assessment program for senior
officials, schools and universities. As cited on 20/2/2014:
(http://www.adec.ac.ae/en/MediaCenter/News/Pages/ADEC-conducts-the-first-anti-fraud-
assessment-program-
ACFE, (2008). Association of Certified Fraud Examiners. Report to the Nations on Occupational Fraud
and Abuse, Association of Certified Fraud Examiners, Austin, TX.
ACFE, (2010). Association of Certified Fraud Examiners Report to the Nations on Occupational Fraud
ACFE, (2012). Association of Certified Fraud Examiners Report to the Nations on Occupational Fraud
ACFE, (2014, a). Association of Certified Fraud Examiners Report to the Nations on Occupational Fraud
and Abuse, Association of Certified Fraud Examiners, Austin, TX
ACFE, (2014, b). Association of Certified Fraud Examiners. Tone At The Top: How Management Can
Prevent Fraud in the Workplace. As cited on December 12th, on
http://www.acfe.com/uploadedFiles/ACFE_Website/Content/documents/tone-at-the-top-
research.pdf.
AICPA, (2002). Statement on Auditing Standards No. 99: Consideration of Fraud in a Financial
Statement Audit From: http://www.aga-olympia.org/attachments/sas_no_99.pdf.
AICPA, (2010). American Institute Certified Public Accountants. Fraud and the responsibilities of the
Audit Committee: An Overview. pp. 95-98.
Alleyne, P. Howard, M. (2005). An exploratory study of auditors’ responsibility for fraud detection in
Barbados, Managerial Auditing Journal, Vol.20, No. 3, p. 284-303
Amold, T. (2014). Over 1 in 4 UAE companies are victims of fraud, from:
http://www.thenational.ae/business/industry-insights/economics/over-1-in-4-uae-companies-are-
victims-of-fraud.
Arens, A.A. Elder, R.J. and Beasley, M.S. (2012). Auditing and Assurance Services-Ab Integrated
Approach, 14th ed., Pearson.
Bainbridge, A. (2011). Corporate Governance for UAE Companies, As Cited from:
http://www.nortonrosefulbright.com/knowledge/publications/54327/corporate-governance-for-
uae-companies
Banker, R.D. Chang, H. and Kao, Y. (2002. Impact of Information Technology n Public Accounting firm
productivity. Journal of Information Systems, Vol. 16, No. 2, pp. 209-222.
29
Beasley, M.S. Carcello, J.V. and Hermanson, D.R. (1999). Fraudulent financial reporting 1987-1997. An
analysis of public companies. New York, NY:COSO.
Beasley, M.S. Carcello, J.V. and Hermanson, D.R. (2000). Fraudulent financial reporting: Consideration
of Industry Traits and Corporate Governance Mechanisms, Accounting Horizons, Vol. 14, No. 2,
pp. 441-454.
Bedard, J. (1989). Expertize in Auditing: Myth or reality? Accounting, Organizations and Society, Vol.
14, No. 1&2, pp. 113-131.
Bierstaker, J.L., Brody, R.G. and Pacini, C. (2006)."Accountants' perceptions regarding fraud detection
and prevention methods", Managerial Auditing Journal.Vol.21, No.5, pp.520-535.
Braiotta, L. JR. (1992). Preventing Fraudulent Reporting, Auditing for Honesty, ABA Journal, May, p.
76-79.
Campbell, A. and Lindsay, D. (1994). Internal auditors and the detection of fraud. Internal Auditing, Vol.
9, No. 4, pp. 26-37.
Carmichael, D.R. (2004)."The PCAOB and the Social Responsibility of independent Auditor", Mid-Year
Auditing Section Meeting of the American Accounting Association, Florida, USA.
Chen, Y. Smith, A.L. Cao, J. and Xia, W. (2014). Information Technology Capability, Internal Control
Effectiveness, and Audit Fees and Delays, Journal of Information Systems, Vol. 28, No. 2, pp.
149-180
Christopher, J. Sarens, G. and Leung, P. (2009). A critical analysis of the independence of the internal
audit function: evidence from Australia, Accounting, Auditing and Accountability Journal, Vol.
22, No. 2, pp. 200-220.
Church, B. McMillan, J.J. and Schneider, A. (2001). Detection of Fraudulent Financial Reporting: Are
internal auditors not spotting red flags? Journal of Accountancy, September, p. 99.
Coderre, D.G. (2000). Computer Assisted Fraud Detection, Computers and Auditing, August, pp. 24-26.
Coderre, D.G. (2006). Global Technology Audit Guide: Continuous Auditing Implications for Assurance,
Monitoring, and Risk Assessment. Montvale, NJ. The Institute of Internal Auditors.
Concerning Governance Rules and Corporate Discipline Standards, Ministerial Resolution No.
(518) of 2009.
Coram P, Ferguson C, Moroney R (2008). Internal audit, alternative internal audit structures and level of
misappropriation of assets fraud. Accounting and Finance Journal, Vol. 48, No. 4, pp. 543–559.
COSO, (2006). Committee of Sponsoring Organizations of the Treadway Commission. Managing the
Business Risk of Fraud: A Practical Guide. The Institute of Internal Auditors, pp. 1-79. From:
https://na.theiia.org/standards-guidance/.../fraud%20paper.pdf
30
CPA, (2014). Chartered Professional Accountants, Canada. Oversight of the External Auditor
GUIDANCE FOR AUDIT COMMITTEES January. From:
https://www.icd.ca/getmedia/ac88804a-db90-4cf5-a006-
a674a944ac59/item78035_Guidance_EN.pdf.aspx.
Dowling, C, and Leech, S.A. (2007). Audit support systems and decisions aids: Control Practice and
opportunities for future research. International Journal of Accounting Information Systems, No.
8, pp. 92-116.
Dowling, C, (2009). Appropriate Audit Support System Use: the Influence of Auditor, Audit Team, and
Firm Factors, The Accounting Review, Vol. 84, No. 3, pp. 771-810.
Dowling, C. and Leech, S.A. (2014). A Big 4 Firm's Use of Information Technology to Control the
Audit Process: How an Audit Support System is Changing Auditor Behavior†, Contemporary
Accounting Research, Vol. 31, No. 1, pp. 230-252.
Evans, J. Evans, R. and Loh, S. (2002). Corporate Governance and Declining Firm Performance,
International Journal of Business Studies, Vol. 10, No. 1, pp. 1-18.
Farber, D.B. (2005). Reporting Trust after Fraud: Does Corporate Governance Matter?, The Accounting
Review, Vol. 80, No. 2, pp. 539-561.
Fich, E.M. and Shivdasani, A. (2007). Financial fraud, director reputation, and shareholder wealth,
Journal of Financial Economics, Vol. 86, pp. 306-336.
Fornell, C. & Larcker, D.F. (1981). Evaluating Structural Equation Models with Unobservable Variables
and Measurement Error. Journal of Marketing Research, Vo. 18, No. 1, pp.39-50.
GAO, (2006). United States Government Accountability Office, Individual Disaster Assistance Programs:
Framework for Fraud Prevention, Detection, and Prosecution, July 12, pp. 1-13.
George, J. (2013). UAE to be a global tech hub. As cited from: http://www.emirates247.com/expo-
2020/uae-to-be-a-global-tech-hub-2013-11-29-1.529626
Gill, W. (2009). Fighting Fraud with advanced Analytics Canadian Underwriter, September, pp. 28-32.
Gillett, P.R. and Uddin, N. (2005). CFO Intentions of Fraudulent Financial Reporting, Auditing: A
Journal of Practice and Theory, Vol. 24, No. 1, pp. 55-75.
Goh, W. (2009). Audit committees, boards of directors, and remediation of material
weaknesses in internal control. Contemporary Accounting Research, Vol. 26, N. 2, pp .486-508.
Glover, H.D. and Aono, J.Y. (1995) ‘Changing the Model for Prevention and Detection of Fraud’,
Managerial Auditing Journal, Vol. 10, No. 5, pp. 3-9.
Gramling, A. and Myers, P. (2003). Internal auditors’ assessment of fraud warning signs, The CPA
Journal, Vol. 73, No. 6, pp. 20-24.
31
Grove, H. and Basilico, E. (2008). Fraudulent Financial Reporting Detection, International Studies of
Management and Organization, Vol. 38, No. 3, pp. 10-42.
Gullkvist, B. and Jokipii, A. (2013). Perceived importance of red flags across fraud types, Critical
Perspective in Accounting, Vol. 24, pp. 44-61.
Hackenbrack, K. (1993). The Effect of Experience with Different Sized Clients on Auditor Evaluations of
Fraudulent Financial reporting Indicators, Auditing: A Journal of Practice and Theory, Vol. 12,
No. 1, pp. 99-110.
Halbouni, S.S. (2015). The Role of Auditors in Preventing, Detecting and Reporting Fraud: The Case of
the United Arab Emirates, International Journal of Auditing. Vol. 19, No 1, pp. 117-130.
Harrast, S. and Olsen, L. (2007). Can audit committees prevent management fraud? The CPA Journal,
Vol. 77, No. 1, pp. 24-28.

Hawkamah Organization. The Corporate Governance Code For Small and Medium Enterprises. As cited
on 12th September, 2013. Mohmmed Bin Rashid Establishment for SMEevelopment
http://www.hawkamah.org/files/Dubai%20SME%20CG%20Code%20En.pdf
Hirth, R. (2015). COSO’s Internal Control-Integrated Framework, Internal Control. From:
http://www.google.ae/url?sa=t&rct=j&q=&esrc=s&source=web&cd=14&ved=0CEEQFjADOAo
&url.
Hogan, C.E. Rezaee, Z. Riley, R.A. and Velury, U.K. (2008). Financial statement fraud: Insight from the
academic literature. Auditing: A Journal of Practice and Theory, Vol. 27, Vol. 2, pp. 231-252.
Hopwood, W.S., Leiner, J.J. & Young, G.R. 2012. Forensic accounting and fraud examination. 2nd
edition. New York: McGraw-Hill.
Horton, T. (2002), “Tone at the top”, Directors and Boards, Vol. 26 No. 4, pp. 8-13.
Hyde, G. (2007). Enhanced audit testing, Internal Auditor, August, pp. 65-68.
IIA, AICPA, ACFE, (2015). The Institute of Internal Auditor, The American Institute Certified Public
Accountants, The Association of Certified Fraud Examiners, Managing the risk of Fraud: A
Practical Guide, as Cited on 25-5-2015 from:
http://www.acfe.com/uploadedfiles/acfe_website/content/documents/managing-business-risk.pdf
IIA, (2012). The Institute of Internal Auditor. International Standards for The Professional Practice of
Internal Auditing (Standards).
ISA, (2009). International Standards on Auditing, 240. The Auditor’s Responsibilities Relating to Fraud
and Audit of Financial Statements (Effective for audits of financial statements for periods
beginning on or after December 15.
ISA (2009). International Standards on Auditing 520. Analytical Procedures (Effective for audits of
financial statements for periods beginning on or after December 15.
32
Jackson, R.A. (2012). Are You Addressing the Obvious? Organizations can't afford to ignore potential
fraud risks. Internal Auditor, October.
Janvrin, D. Bierstaker, J. and Lowe, D.J. (2008). An Examination of Audit Information Technology Use
and Perceived Importance, Accounting Horizons, Vol. 22, No. 1, pp. 1-21.
Johnson, G.G. and Rudesill, C.L. (2001). An Investigation into fraud prevention and selection of small
business in the United States: responsibilities of auditors, managers, and business owners,
Accounting Forum., Vol. 25 Issue 1, p56. 78.
Kaplan, S. Pany, K. Samuels, J. and hang, J. (2009). An examination of the effects of procedures
safeguards on intentions to anonymously report fraud? Auditing, A Journal of Practice and
Theory, Vol. 28, No. 2, pp. 273-289.
Kelly, R. and Chicken, L. (2013). Approaches to fraud management for companies in the UAE. From:
http://www.clydeco.com/insight/articles/approaches-to-fraud-management-for-companies-in-the-
uae
Kemal, M. (2013). Continuous Audit: From the concept towards the implementation. From:
http://www.google.ae/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=1&ved=0CBwQFj
AA&url=.
Kim, Y. and Kogaan, A. (2014). Development of an Anomaly Detection Model for a Bank’s Transitory
Account System, Journal of Information Systems, Vol. 28, No. 1, pp. 145-165.
KPMG (2003). Fraud Survey, KPMG, Sydney. From:
http://faculty.usfsp.edu/gkearns/Articles_Fraud/Fraud%20Survey_040855_R5.pdf
KPMG (2015) Lower Gulf and Hawkamah launch first Audit Committee Institute (ACI) in the UAE.
From:
https://www.kpmg.com/AE/en/Documents/ACI%20launch%20-%20Press%20Release.pdf.
Krambia-Kapardis, M. (2010). Neural network: the panacea in fraud detection, Managerial Auditing
Journal, Vol. 25, No. 7, pp. 659-678.
Krummeck, S. (2000). The role of ethics in fraud prevention: a practitioner’s perspective, Business
Ethics: A European Review, Vol. 9 No. 4, pp. 268-72.
Kusnierz, R. (2006). Fraud Doesn’t Matter?, Credit control, , Vol. 27 Issue 4/5, pp. 61-64.
Law, P. (2011). Corporate governance and no fraud occurrence in organizations: Hong Kong evidence,
Managerial Auditing Journal, Vol. 26, No. 6, pp. 501-518.
Leishman, M. and Timings, S. (2008). New trends in identifying and mitigating fraud, Chartered
Accountants Journal, Vol. 87 Issue 3, April, p30.
33
Leobbecke, J.K., Eining, M.M. and Willingham, J.J.(1989)."Auditors'' experience with material
irregularities: frequency, nature, and detect-ability", auditing: A journal of Practice & Theory
.Vol.9, pp.1-28.
Leung, P. and Cooper, B. (2009). Internal audit an-Asia Pacific profile and the level of compliance with
internal auditing standards, Managerial Auditing Journal, Vol. 24, No. 9, pp. 861-882.
Mahathevan, K. (1997). Auditors’ use and perception of analytical procedures: evidence from precision in
evidential analytical procedures, Auditing, Vol. 26, No. 1, pp. 1-18.
Malaescu, I. and Sutton, S.G. (2015). The Reliance of External Auditors on Internal Audit’s Use of
Continuous Audit. Journal of Information Systems, Vol. 29, No. 1, pp. 95-114.
Marston, C. Dixon, R. and Collier, P. (1989).Internal Auditors and the Prevention and Detection of
Computer Fraud, Journal of Information Technology (Routledge, Ltd). Vol. 4, No. 4, pp. 230-
238.
Martinis, M.D. Fukuawa, H. and Mocjk, T.J. (2011). Exploring the role of country and client type on the
auditor’s client risk assessments and audit planning decisions, Managerial Auditing Journal, Vol.
25, No. 7, pp. 543-565.
Marston, C. Dixon, R. and Collier, P. (1991).The role of internal auditors in the prevention and detection
of computer fraud, Public Money & Management. Vol. 11, No. 4, pp. 53-61.
McKee T. E. (2006). “Increase your fraud auditing effectiveness by being unpredictable!”, Managerial
Auditing Journal, Vol. 21, No. 2, pp. 224-231.
McNeel, A. (2011). The Role of the Board in Fraud Risk Management. From: https://www.conference-
board.org/retrievefile.cfm?filename=TCB...
NESA, (2012). National Electronic Security Authority. By The National Electronic Security Authority.
Ngai, E.W.T. Hu, W. Wong, Y.H. Chen, Y. and Sun, X. (2011). The Application of data mining
techniques in financial fraud detection: A classification framework and an academic review of
literature, Decision Support Systems, Vol. 50, pp. 559-569.
Nicolãescu, E. (2013). Internal Auditors’ Role in Detecting Fraud. Contemporary Readings in Law and
Social Justice, Vol. 5, No. 1, pp. 109-111.
Nita, C. (1997). Fraud detection techniques, Internal Auditor, Vol. 54, No. 2, April, pp 17-21, 1997.
Nunnally, J.C. & Bernstein, I.H. (1994). Psychometric theory. New York, NY: McGraw-Hill.
Ormerod, T.C. Ball, L.J. and Morley, N.J. (2012). Informing the development of a fraud prevention tools
through a situated analysis of fraud investigation expertise, Behaviors and Information
Technology, Vol. 31, No. 4, pp. 371-381.
Owusu-Ansah, S. Moyes, G.D. Oyelere, B.P. and Hay, D. (2002). An empirical analysis of the likelihood
of detecting fraud in New Zealand, Managerial Auditing Journal, Vol. 17, No. 4, p. 192-204.
34
Patterson, S. (2015. Dubai anti-fraud partnership provides expert training, certification for FAD
employees. From: http://www.fraud-magazine.com/article.aspx?id=4294986991.
Persons, O. (2009). Audit committee characteristics and earlier voluntary ethics disclosure among fraud
and no-fraud firms, International Journal of Disclosure and Governance, Vol. 6, No. 4, pp. 284-
298.
PCAOB, (Public Company Accounting Oversight Board, 2000).Panel on Audit Effectiveness, Report and
Recommendations. From: www.pobaditpanel.org/download.html.
PCAOB. (2007). Public Company Accounting Oversight Board. Standing Advisory Group Meeting:
Panel Discussion – Forensic Audit Procedures. From:
http://pcaobus.org/News/Events/Documents/02222007_SAGMeeting/Forensic_Audit_Procedures
.pdf
PCAOB. (2008). Public Company Accounting Oversight Board . Standing Advisory Group. Retrieved
December 2, from http://www.pcaobus.org/Standards/Standing_Advisory_Group/index.aspx
Perri, F.S. and Brodyt, R.G. (2011). The sleeping watch dog: aka the Securities and Exchange
Commission, Journal of Financial Regulation and Compliance, Vil. 19, No. 3, pp. 208-221.
Phua, C., Lee, V., Smith, K. and Gaylar, R. (2005).” A comprehensive survey of data mining-based fraud
detection research”, Artificial Intelligence Review, pp. 1-14.
Porter, B. (1997): Auditors’ responsibilities with respect to corporate fraud: a controversial issue, in
Sheerer. and Turley, S. (Eds), 3rd ed., Current Issues in Auditing, Paul Chapman Publishing.
London, Ch. 2:31-54.
PwC, (2006). Price Waterhouse. State of the Internal Audit Profession: Continuous Auditing Gains
Momentum. NY: Pricewaterhousecoopers
PWC, (2008). Pricewaterhouse. Targeting key threats and changing expectations to deliver greater value.
PricewaterhouseCoopers. State of the internal audit profession study. From:
http://www.pwc.com/us/en/internal-audit/assets/state_internal_audit_profession_study_08.pdf
PWC, (2012). Price Waterhouse. Global Economic Crime Survey 2011. From:
http://www.pwc.com/m1/en/publications/globalecnomiccrimesurvey.jhtml
PWC, (2014). Price Waterhouse. Economic Crime in the UAE. From:
http://www.pwc.com/m1/en/publications/gecs2014reportuae.pdf
Protiviti, (2013). Building Value in Your SCX Compliance Program: Highlights from protiviti 2013
Sarbanes-Oxley Compliance Survey. From:
http://www.google.ae/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CBwQFjAA&url=
http%3ASOX-Compliance-Survey-
35
Rezaee, Z. (2004). Restoring public trust in the accounting profession by developing anti-fraud education,
programs, and auditing, Managerial Auditing Journal, Vol. 19, No. 1, pp.134 – 148.
ReZaee, Z. (2005). Causes, consequences, and deterrence of financial statement fraud, Critical
Perspectives on Accounting, Vol. 16, No. 3, pp. 277-298.
Robinson, P. (2006). Prevention controls are designed to help reduce the risk of fraud and misconduct
from occurring in the first place. Fraud Risk Management: Developing a Strategy for Prevention,
Detection, and Response. KPMG as cited on December, 12th, 2014 from:
https://www.google.com/search?sourceid=navclient&ie=UTF-
SAI, (2011). State Audit Institution. Fraud control Frameworks, Best Practice guide. UAE. From:
http://saiwb1.saiuae.gov.ae/Reports/SAI%20-
%20Best%20Particle%20Guide%20English%20Layout.pdf
Sarbanes-Oxley Act of 2002 - Securities and Exchange. From: https://www.sec.gov/about/laws/soa2002.
Saidi, N. (2011). Corporate governance in the GCC: What has been done & what Remains. Qatar
Business Review, pp. 11-13.
SCA, (2009). Securities and Commodities Authority, Corporate Governance Code. From:
http://www.linklaters.com/pdfs/insights/UAECorporateGovernanceRegime.pdf
Sharma, A. and Panigrahi, P.K. (2012). A Review of Financial Accounting Fraud Detection based on
Data Mining Techniques, International Journal of Computer Applications, Vol. 39, No. 1, pp. 37-
47.
SME Advisor (2012). Preventing Financial Fraud. August 15th. As Cited on:
http://www.smeadvisor.com/2012/08/preventing-financial-fraud/.
Smith, M. (2003). Research Methods in Accounting, Sage Publications: London.
Sommer, A., JR. (1991). Auditing audit Committee: An Educational opportunity for auditors. Accounting
Horizons: pp. 91-93.
Tomasic, R. (2011). The financial Crisis and the haphazard pursuit of financial crime, Journal of
Financial Crime, Vol. 18, No. 1, pp. 7-31.
Tuŝek, B. and Klikovac, A. (2012). Corporate Governance Practices in Fraud Prevention and Detection-
Empirical Evidence from Croatia, International Journal of Management Cases, Vol. 14, No. 3, pp.
59-71.
Tysiac, K. (2012). To prevent fraud, offer a hotline, train employees on fraud prevention, report says,
Journal of Accountancy, May, 9th.
Verschoor, C.C. (2005). Three Pillars of Fraud Deterrence and Detection. Strategic Finance, April, pp.
17-18.
36
Weisbach, M.S. (1993). Corporate governance and hostile takeovers, Journal of Accounting and
Economics, Vol. 16, pp. 199-208.
Wright, W.F. (1988). Audit Judgment consensus and experience. In Behavioural Accounting Research: A
Critical Analysis. Ed. K. R. Ferris, 305-328. Century VII Publishing Company.
Witherell, W. (2004). The Immense Economic Benefits, Priority to Combating Financial Crimes and
Abuse. The OECD and Economic crime.
Zhou, W. and Kapoor, G. (2011). Detecting evolutionary financial statement fraud, Decision Support
Systems, Vol. 50, pp. 570-575.
37
Tables
Table 1: Information on the background of organizations and respondents

Description No. = Percentage
Current Position
Financial Accountant 28 33.7%
Internal Auditor 22 26.5%
External Auditor 33 39.8%
Total 83 100%
Professional Qualification
Secondary school only 5 6%
Diploma degree 18 21.7%
Bachelor Majoring in Accounting 36 43.4%
Master Degree 21 25.3%
Professional Certificate 3 3.6%
Total 83 100%
Work Experience
(number of years) <5 27 32.5%
5-10 34 41%
>10 21 25.3%
Missing 1 1.2%
Total 83 100%
Company Operation
Local Firm 21 25.3%
Regional Firm 43 51.8%
International Firm 19 22.9%
Total 83 100%
Business Type
Manufacturing company 18 21.7%
Retail company 11 13.3%
Financial institution company 18 21.7%
Service company 28 33.7%
Governmental organization 8 9.6%
Total 83 100%
Listing Status
Listed Company 69 83.1%
Unlisted Company 14 16.9%
Total 83 100%
Company Size
Large: more than 1000 employees 13 15.7%
Medium: between 501-1000 30 36.1%
employees
Small: less than 500 employees 40 48.2%
Total 83 100%
38
Panel-A of Table 2: Respondents’ perceptions of fraud in the UAE
No. Mean SD Percentage Percentage t-value Sig.
Rating Rating
1 or 2 4 or 5
1. My firm has been a victim of fraud. 3.05 1.28 55.4% 44.6% 7.48 .000
**
2. I am expecting fraud to increase in the 3.01 1.33 49.4% 45.8% 6.93 .000
future? **
Overall Average 3.03 1.19 7.89 .000

**
** Significant at the 5% level.
Panel-B of Table 2: The One-way Anova Test for the respondents’ perceptions of
fraud in the UAE

No. Mean F-value Sig.
Square
1. My firm has been a victim of fraud. .134 .080 .923
2. I am expecting fraud to increase in the future? 4.780 2.823 .065
Overall 1.629 1.154 .321
Table 3: Respondents’ perceptions of the effectiveness of corporate governance in fraud

prevention and detection in the UAE
No. Mean SD t-value Sig.
1. In my firm, the audit committee plays a significant role in fraud 3.66 .954 6.33 000**
detection.
2. In my firm, the funding for the internal audit department has been 3.53 1.04 4.64 000**
significantly changed over the past three years.
3. In my firm, a high pressure is placed on employees to meet the 3.71 .891 7.27 000**
organization objectives.
4. In my firm, external audit is playing a significant role for fraud 3.55 1.11 4.56 000**
prevention and detection.
5. In my firm, the funding for employee fraud prevention training has 3.67 .871 7.06 000**
been significantly changed over the past three years.
6. In my firm, top management is accountable to the same fraud 3.24 1.27 1.72 .089
standards as non-management employees.
Overall average 3.56 4.49 10.36 000**
39
Table 4: Respondents’ perceptions of fraud prevention and detection technique in the
UAE
No. Fraud detection techniques Mean SD t-value Sig. Rank
1. Corporate code of conduct/ethics policy. 3.59 .938 5.74 .000** 27
2. Internal control review and improvement. 3.70 1.145 5.56 000** 22
3. Reference checks on employees. 3.84 .954 8.97 000** 14
4. Employment contracts. 3.78 1.148 6.21 000** 16
5. Fraud auditing. 2.84 1.29 -1.10 .273 32
6. Fraud reporting policy. 3.23 1.41 1.48 .142 31

7. Fraud hotline. 3.25 1.31 1.75 .083* 30
8. Whistle-blowing policy. 3.27 1.09 2.21 .030** 29
9. Operational audits. 3.76 1.13 6.11 000** 19
10. Fraud prevention and detection training. 3.73 .976 6.86 000** 21
11. Ethics training. 3.60 1.22 4.50 000** 26
12. Surveillance equipment. 4.17 1.24 8.60 000** 3
13. Increased attention of senior management. 3.92 1.26 6.62 000** 9
14. Code of sanctions against suppliers/contractors. 3.87 .908 8.71 000** 12
15. Increased role of audit committee. 4.13 1.06 9.77 000** 4
16. Surveillance of electronic correspondence. 4.12 1.16 8.78 000** 5
17. Staff rotation policy. 3.76 1.26 5.47 000** 19
18. Security department. 4.01 1.28 7.19 000** 8
19. Employee counseling programs. 3.82 1.19 6.27 000** 15
20. Cash reviews. 3.87 1.20 6.60 000** 12
21. Inventory observation. 3.67 1.44 4.27 000** 23
22. Bank reconciliations. 3.90 1.29 6.36 000** 11
23. Ethics officer. 3.64 1.16 5.00 000** 25
24. Fraud software. 2.73 1.55 -1.56 000** 33
25. Discovery sampling. 3.45 1.36 2.98 000** 28
40
26. Data mining. 3.78 1.47 3.59 000** 16
27. Digital analysis. 3.92 1.25 6.67 000** 9
28. Continuous auditing. 4.07 .894 10.93 000** 6
29. Financial ratios. 3.78 1.32 5.42 000** 16
30. Virus protection. 4.04 1.13 8.35 000** 7
31. Password protection. 4.19 1.12 9.70 000** 2
32. Firewalls. 3.65 1.58 3.75 000** 24
33. Filtering software. 4.39 1.07 11.81 000** 1

Overall average 3.74 .507 13.26 000**
Panel-A of Table 5: Sample t-test results for respondents’ perceptions of

technological and traditional audit techniques for fraud prevention and detection in the
UAE
Rank Traditional Audit Techniques Mean SD Rank IT Audit Techniques Mean SD
41
4 Surveillance equipment. 4.11 1.29 1 Filtering software. 4.38 1.10
6 Security department. 4.02 1.33 2 Password protection. 4.18 1.00
7 Code of sanctions against 3.98 .892 3 Surveillance of electronic 4.15 1.16

suppliers/contractors. correspondence.
10 Bank reconciliations. 3.89 1.38 5 Continuous auditing. 4.04 .942
10 Increased role of audit committee. 3.89 1.33 7 Digital analysis. 3.98 1.25
12 Reference checks on employees. 3.87 1.00 9 Virus protection. 3.95 1.21
13 Fraud auditing. 2.85 1.31 17 Firewalls. 3.80 1.48

14 Employee counseling programs. 3.82 1.14 24 Data mining. 3.64 1.43
14 Staff rotation policy. 3.82 1.28 28 Discovery sampling. 3.55 1.39
14 Cash reviews. 3.82 1.16 30 Whistle-blowing policy. 3.31 1.12
18 Employment contracts. 3.76 1.17 31 Fraud hotline. 3.14 1.25
18 Financial ratios. 3.76 1.36 33 Fraud software. 2.73 1.55
20 Increased attention of senior 3.75 1.34

management.
21 Operational audits. 3.73 1.13
22 Inventory observation. 3.71 1.40
23 Ethics training. 3.65 1.22
25 Corporate code of conduct/ethics 3.60 .993

policy.
26 Internal control review and 3.58 1.18

improvement.
27 Fraud prevention and detection 3.56 1.03

training.
29 Ethics officer. 3.53 1.30
32 Fraud reporting policy. 3.01 1.33
Overall Average Non- 3.70 .535 Overall Average 3.73 .558

Technological Techniques Technological Techniques
42
Panel-B of Table 5: Paired sample t-test results
Mean SD t-value Sig.
The difference in use between traditional and technological -.0336 .344 -.724 .472
audit techniques.
Panel-C of Table 5: Independent sample t-test results

F- SD t-value Sig.
value
The use of technological and traditional audit techniques by internal and .137 .713 1.05 .295
external auditors in the UAE.
43
Panel-A of Table 6: The One-way Anova Test for the impact of respondents’ background and organization characteristics on their perceptions towards:
Panel A: My firm has been a victim of fraud
Current Internal External
Position auditors auditors
No. Mean SD. No. Mean SD. F- Sig.

value
22 2.95 1.25 33 3.09 1.33 .145 .705
Professional Secondary Diploma Bachelor Professional Higher

qualification school degree
No. Mean SD. No. Mean SD. No. Mean SD. No. Mean SD. No. Mean SD. F- Sig.
value
4 4.25 .428 14 3.29 1.33 20 2.85 1.39 3 2.67 1.15 14 2.79 .1.19 1.347 .266
Work <5 5-10 > 10

experience
No. Mean SD. No. Mean SD. No. Mean SD. SD. F- Sig.
value
22 2.91 1.41 20 3.05 1.19 13 3.23 1.30 .249 .781
Organization Local Regional International

operation
value
15 2.80 1.37 27 3.19 .565 13 3.00 1.29 .427 .655
Business type Manufacturing Retail Financial Service Government

Institution
44
value
12 3.42 .348 10 3.00 1.63 11 3.09 1.04 14 2.86 1.39 8 .374 .319 .416 .835
Listing status Listed Unlisted
No. Mean SD. No. Mean SD. No. Mean SD. No. Mean SD. F- Sig.
value
48 3.13 1.25 7 2.43 1.51 1.806 .185
Company 51-100 101-500 501-1000 > 1000

size
value
3 3.33 1.15 21 3.00 1.37 22 3.00 1.35 9 3.11 1.17 .125 .945
Panel-B of Table 6: The Expectation of fraud to increase in the future
45


value
22 2.45 1.18 33 3.27 1.23 6.004 .018

**

value
4 2.00 .000 14 3.14 .561 20 3.20 .424 3 3.92 .740 14 2.57 1.22 1.238 .307
Work <5 5-10 > 10

experience
No. Mean SD. No. Mean SD. No. Mean SD. F- Sig.
value
22 3.05 1.33 20 2.85 .596 13 2.92 1.32 .123 .885

operation
value
15 2.4 1.12 27 3.22 .565 13 3.00 1.41 2.12 .129

Institution
value
46
12 3.25 1.54 10 2.70 1.49 11 2.82 1.08 14 3.36 .929 8 .2.25 1.16 1.457 .221
No. Mean SD. No. Mean SD. No. Mean SD. No. Mean F- Sig.
value
48 3.08 1.20 7 2.00 .382 4.77 .033
**
Company 51-100 101-500 501-1000 > 1000

size
value
3 3.33 1.15 21 2.86 1.31 22 3.09 1.34 9 2.67 1.12 .358 .785
Panel-C of Table 6: Factor Matrix, Extraction Method: Rotated Component Analysis

Factor 1 Factor 2 Factor 3 Variation
47
Audit Committee Internal Audit External Audit Level
1. In my firm, the audit committee plays a .659

significant role in fraud detection.
2. In my firm, the funding for the internal audit .855

department has been significantly changed over
the past three years.
3. In my firm, a high pressure is placed on .688

employees to meet the organization objectives.
4. In my firm, external audit is playing a significant .879

role for fraud prevention and detection.
5. In my firm, the funding for employee fraud .894

prevention training has been significantly
changed over the past three years.
6. In my firm, top management is accountable to .833

the same fraud standards as non-management
employees.
Total No. of Items 2 2 2
Extracted Sums of Squared Loading 26.2% 16.7% 29% 71.9%
Panel-D of Table 6: The effectiveness of audit committee

48

value
22 3.701 .826 33 3.773 .674 .113 .738

value
4 3.50 .428 14 3.64 .745 20 3.80 .70 3 3.67 .777 14 3.86 .691 .283 .887
Work <5 5-10 > 10

experience
value
22 3.84 .697 20 3.88 .626 13 3.38 .87 2.170 .124

operation
value
15 3.60 .712 27 3.78 .800 13 3.85 .625 .436 .649

Institution
value
12 4.20 .838 10 3.60 .633 11 3.05 .757 14 4.04 .237 8 3.69 .594 5.154 .001
49
568 **

value
48 3.78 .714 7 3.50 .866 .900 .347
Company 51-100 101-500 501-1000 > 1000

size
value
3 3.33 .577 21 3.79 .768 22 3.73 .783 9 3.83 .613 .372 .773
Panel-E of Table 6: The effectiveness of internal audit
50


value
22 3.59 .947 33 3.58 .719 .005 .947

value
4 3.62 1.80 14 3.46 .50 20 3.63 .91 3 3.50 .50 14 3.64 .84 .111 .978
Work <5 5-10 > 10

experience
value
22 3.61 .963 20 3.38 .705 13 3.85 .625 1.38 .260

operation
value
15 3.37 .972 27 3.65 .757 13 3.69 .722 .734 .485

Institution
value
51
12 4.21 .541 10 3.56 412 11 3.45 1.11 14 3.56 .795 8 3.30 .64 2.80 .027
**

value
48 3.61 .823 7 3.43 .382 .284 .597
Company 51-100 101-500 501-1000 > 1000

size
value
3 2.83 1.61 21 3.69 .70 22 3.67 .761 9 3.61 .894 .986 .407
52
Panel-F of Table 6: The effectiveness of external audit


value
22 3.23 1.04 33 3.5 1.06 .617 .436

value
4 3.75 . 289 14 2.82 .923 20 3.70 .894 3 3.92 .740 14 3.50 1.26 2.38 .064*
Work <5 5-10 > 10

experience
value
22 3.3 1.1 20 3.8 1.18 13 3.46 .776 .101 .904

operation
value
15 3.03 1.06 27 3.6 1.00 13 3.23 1.07 1.643 .203
Business type Manufacturin Retail Financial Service Government

g Institution
value
53
12 4.21 .838 10 3.60 .568 11 3.27 .691 14 4.03 .237 8 3.69 .594 5.154 .001
**

value
48 3.42 .930 7 3.00 1.71 .966 330
Company 51-100 101-500 501-1000 > 1000

size
value
3 3.17 1.04 21 3.29 .462 22 3.43 1.04 9 3.444 1.07 .117 .950
54
Panel-G of Table 6: The use of traditional fraud prevention and detection techniques

value
22 3.81 .505 33 3.62 .548 1.71 .197

value
4 3.46 .428 14 3.36 .561 20 3.78 .424 3 3.92 .740 14 3.94 .501 2.861 .033
**
Work <5 5-10 > 10

experience
value
22 3.75 .505 20 3.67 .596 13 3.64 .520 .181 .863

operation
value
15 3.80 .500 27 3.67 .565 13 3.65 .535 .372 .691

Institution
55
value
12 4.30 .348 10 3.68 .633 11 3.22 .368 14 3.56 .325 8 3.19 4.14 8.750 .000
**

value
48 3.64 .529 7 4.12 .382 5.37 .024
**
Company 51-100 101-500 501-1000 > 1000

size
value
3 3.57 .825 21 3.73 .462 22 3.67 .665 9 3.76 .665 .125 .945
56
Panel-H of Table 6: The use of technological fraud prevention and detection techniques

value
22 3.78 .550 33 3.70 .570 .240 .627

value
4 3.33 .605 14 3.43 .441 20 3.94 .481 3 3.67 .500 14 3.88 .631 2.824 .034
**
Work <5 5-10 > 10

experience
value
22 3.86 .557 20 3.56 .571 13 3.78 .512 1.621 .208

operation
value
15 3.68 .442 27 3.82 .565 13 3.65 .628 .674 .514

Institution
57
value
12 4.33 .331 10 3.71 .549 11 3.17 .294 14 3.76 .531 8 3.59 .234 9.127 .000
**

value
48 3.71 .567 7 3.917 .493 .848 .361
Company 51-100 101-500 501-1000 > 1000

size
value
3 3.31 .801 21 3.82 .483 22 3.73 .600 9 3.76 .570 .750 .527
58
Questionnaire
Dear Mr./Mrs. ………………………………………
The purpose of this survey is to investigate the role of corporate governance and information technology in fraud
prevention and detection within the UAE. It should take approximately 10 minutes to be completed. Thank you in
advance for your willingness to contribute to the enhancement of the profession. Your response is confidential and
will be published in summary and statistical form. You or your firm will not be identified in anyway. Accordingly,
there are no foreseeable risks to you or your firm.
59
Part One: Respondent’s profile
1. Work Experience:
□ 5 – 10 y□ 5 < Years ears □ 5 > years
2. Academic Qualification
□ Secondary School only
□ Diploma Degree
□ Bachelor’s Degree
□ Higher Degree-Master, Ph.D
□ Professional certificate
3. Current Position:
□ Financial Accountant
□ Internal Auditor
□ External Auditor
□ Others. Specify……………..
□ Professional certificate
4. Company size: No. of Employees
□ 1-50
□ 51-100
□ 101-500
60
□ 501-1000
□ Over 1000
5. Business Type:
□ Manufacturing Firm
□ Retail
□ Financial Institution
□ Service Firm
□ Governmental Organization
□ Others (specify.……………………
6. Company Operations:
□ Local Firm
□ Regional Firm
□ International Firm
7. Stock exchange listing:
Is it a Listed Company? Yes No
61
Part Two: The existence of fraud
Please, indicate the extent to which you agree or disagree with each of the following statements using the scale
below:
Low - High - 1
2 3 4 5
(Strongly Disagree) Disagree) Don't Know) (Agree) (Strongly Agree)
The existence of fraud in the UAE Level of Perception
Low………. High
1 My firm has been a victim of fraud.

1 2 3 4 5
2 I am expecting fraud to increase in the future.

1 2 3 4 5
Part Three: Corporate Governance Indicators to Prevent and Detect Fraud
Please, indicate the extent to which you agree or disagree with each of the following statements using the scale
below:
Low - High - 1
2 3 4 5
(Strongly Disagree) Disagree) Don't Know) (Agree) (Strongly Agree)
Corporate Governance Indicators to Prevent and Detect Fraud Level of Perception
Low………. High
1 In my firm, the audit committee plays a significant role in fraud

detection. 1 2 3 4 5
2 In my firm, the funding for the internal audit department has been
significantly changed over the past three years. 1 2 3 4 5
3 In my firm, a high pressure is placed on employees to meet the

organization objectives. 1 2 3 4 5
62
4 In my firm, external audit is playing a significant role for fraud
prevention and detection. 1 2 3 4 5
5 In my firm, funding for employee fraud prevention training has been

significantly changed over the past three years. 1 2 3 4 5
6 In my firm, top management is accountable to the same fraud

standards as non-management employees? 1 2 3 4 5
Part Four: Fraud Prevention and Detection Techniques
Please indicate to what extent you perceive the following techniques are practiced and effective in preventing and
detecting fraud in your organization by using the scale below:
Low - High -
1 2 3 4 5
(Strongly ineffective) (Ineffective) (Don't Know) (Effective) (Strongly effective)
Fraud Prevention and Detection Techniques Level of Perception
Completely ineffective
…. completely
effective
1 Corporate code of conduct/ethics policy

1 2 3 4 5
2
Internal control review and improvement 1 2 3 4 5
3
Reference checks on employees 1 2 3 4 5
4
Employment contracts 1 2 3 4 5
5
Fraud auditing 1 2 3 4 5
6
Fraud reporting policy 1 2 3 4 5
7
Fraud hotline 1 2 3 4 5
8
Whistle-blowing policy 1 2 3 4 5
63
9
Operational audits 1 2 3 4 5
10
Fraud prevention and detection training 1 2 3 4 5
11
Ethics training 1 2 3 4 5
12
Surveillance equipment 1 2 3 4 5
13
Increased attention of senior management 1 2 3 4 5
14
Code of sanctions against suppliers/contractors 1 2 3 4 5
15
Increased role of audit committee 1 2 3 4 5
16
Surveillance of electronic correspondence 1 2 3 4 5
17
Staff rotation policy 1 2 3 4 5
18
Security department 1 2 3 4 5
19
Employee counselling programs 1 2 3 4 5
20
Cash reviews 1 2 3 4 5
21
Inventory observation 1 2 3 4 5
22
Bank reconciliations 1 2 3 4 5
23
Ethics officer 1 2 3 4 5
24 Fraud software
1 2 3 4 5
25 Discovery sampling
1 2 3 4 5
26 Data mining
1 2 3 4 5
27 Digital analysis
1 2 3 4 5
64
28 Continuous auditing
1 2 3 4 5
29 Financial ratios
1 2 3 4 5
30 Virus protection
1 2 3 4 5
31 Password protection
1 2 3 4 5
32 Firewalls
1 2 3 4 5
33 Filtering software
1 2 3 4 5
Thanks again for your participation
Biographical Information
Dr. Sawsan Saadi Halbouni (Corresponding author) is an Assistant Professor of Accounting,
Canadian University-Dubai, School of Business Administration, Accounting and Finance
Department, Dubai, UAE, PO Box 117781, Tel: +971 4 7096821 Fax: +971 4 321 9090, E-mail:
sawsan.halbouni@cud.ac.ae
Nada Obaid is an undergraduate student , University of Sharjah, College of Business Administration,

Accounting Department, Sharjah, UAE, PO Box 27272, Fax: +971 6 5050100, E-mail:
U00026324@sharjah.ac.ae
Abeer Garbou is an undergraduate student , University of Sharjah, College of Business Administration,
Finance & Economics Department, Sharjah, UAE, PO Box 27272, Fax: +971 6 5050100, E-mail:
U00024678@sharjah.ac.ae
65

(USED) Corporate Governance Fraud Prevention in UEA

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

(USED) Corporate Governance Fraud Prevention in UEA

Uploaded by

Copyright:

Available Formats

Managerial Auditing Journal

*Related content and download information correct at time of download.

Sawsan Saadi Halbouni *

Paper type – Research paper

detect fraud exceed their associated costs.

2.1 Existence of Fraud in the UAE

H1: There is a significant difference in the fraud perceptions of financial accountants,

2.2 Corporate Governance Indicators to Prevent and Detect Fraud

2.2.1 Audit committee effectiveness

2.2.2 Internal audit effectiveness

2.2.3 External audit effectiveness

2.2.4 Employee training programmes

2.2.5 Culture of honesty

2.3 Fraud prevention and Detection Techniques

3. RESEARCH DESIGN AND DATA COLLECTION

3.2 Research Sample and Techniques

3.4 Respondents’ Characteristics

4.2 Perceptions of the Effectiveness of Corporate Governance

{Please Insert Table 3 Here}

for these two constructs is not significant at the .05 level.

{Please Insert Table 4 Here}

5. DISCUSSION AND CONCLUSION

weaknesses in internal controls by improving financial reporting quality, and ultimately

Vol. 77, No. 1, pp. 24-28.

Table 1: Information on the background of organizations and respondents

Overall Average 3.03 1.19 7.89 .000

fraud in the UAE

1. My firm has been a victim of fraud. .134 .080 .923

2. I am expecting fraud to increase in the future? 4.780 2.823 .065

Overall 1.629 1.154 .321

** Significant at the 5% level.

Table 3: Respondents’ perceptions of the effectiveness of corporate governance in fraud

** Significant at the 5% level.

2. Internal control review and improvement. 3.70 1.145 5.56 000** 22

3. Reference checks on employees. 3.84 .954 8.97 000** 14

4. Employment contracts. 3.78 1.148 6.21 000** 16

5. Fraud auditing. 2.84 1.29 -1.10 .273 32

6. Fraud reporting policy. 3.23 1.41 1.48 .142 31

7. Fraud hotline. 3.25 1.31 1.75 .083* 30

8. Whistle-blowing policy. 3.27 1.09 2.21 .030** 29

9. Operational audits. 3.76 1.13 6.11 000** 19

11. Ethics training. 3.60 1.22 4.50 000** 26

12. Surveillance equipment. 4.17 1.24 8.60 000** 3

13. Increased attention of senior management. 3.92 1.26 6.62 000** 9

14. Code of sanctions against suppliers/contractors. 3.87 .908 8.71 000** 12

15. Increased role of audit committee. 4.13 1.06 9.77 000** 4

16. Surveillance of electronic correspondence. 4.12 1.16 8.78 000** 5

17. Staff rotation policy. 3.76 1.26 5.47 000** 19

18. Security department. 4.01 1.28 7.19 000** 8

19. Employee counseling programs. 3.82 1.19 6.27 000** 15

20. Cash reviews. 3.87 1.20 6.60 000** 12

21. Inventory observation. 3.67 1.44 4.27 000** 23

22. Bank reconciliations. 3.90 1.29 6.36 000** 11

23. Ethics officer. 3.64 1.16 5.00 000** 25

24. Fraud software. 2.73 1.55 -1.56 000** 33

25. Discovery sampling. 3.45 1.36 2.98 000** 28

27. Digital analysis. 3.92 1.25 6.67 000** 9

28. Continuous auditing. 4.07 .894 10.93 000** 6

29. Financial ratios. 3.78 1.32 5.42 000** 16

30. Virus protection. 4.04 1.13 8.35 000** 7

31. Password protection. 4.19 1.12 9.70 000** 2

32. Firewalls. 3.65 1.58 3.75 000** 24

33. Filtering software. 4.39 1.07 11.81 000** 1