Journal of Financial Crime

The case studies of fraud prevention mechanisms in the Malaysian medium enterprises
Rohaida Basiruddin, Malar Gunasegaran, Siti Zaleha Abdul Rasid, Adriana Mohd Rizal,
Article information:
To cite this document:
Rohaida Basiruddin, Malar Gunasegaran, Siti Zaleha Abdul Rasid, Adriana Mohd Rizal, "The case studies of fraud
prevention mechanisms in the Malaysian medium enterprises", Journal of Financial Crime, https://doi.org/10.1108/
JFC-05-2017-0034
Permanent link to this document:
https://doi.org/10.1108/JFC-05-2017-0034
Downloaded on: 25 October 2018, At: 03:02 (PT)
References: this document contains references to 0 other documents.
To copy this document: permissions@emeraldinsight.com
The fulltext of this document has been downloaded 12 times since 2018*
Users who downloaded this article also downloaded:
Downloaded by RMIT University Library At 03:02 25 October 2018 (PT)

(2018),"Fraud prevention in Malaysian small and medium enterprises (SMEs)", Journal of Financial Crime, Vol. 25 Iss 2 pp.
499-517 <a href="https://doi.org/10.1108/JFC-05-2017-0049">https://doi.org/10.1108/JFC-05-2017-0049</a>

Access to this document was granted through an Emerald subscription provided by emerald-srm:393177 []
For Authors
If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service
information about how to choose which publication to write for and submission guidelines are available for all. Please
visit www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com
Emerald is a global publisher linking research and practice to the benefit of society. The company manages a portfolio of
more than 290 journals and over 2,350 books and book series volumes, as well as providing an extensive range of online
products and additional customer resources and services.
Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee on Publication
Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive preservation.

*Related content and download information correct at time of download.

 THE CASE STUDIES OF FRAUD PREVENTION MECHANISMS IN THE MALAYSIAN
MEDIUM ENTERPRISES

Abstract
Purpose – The purpose of this paper is to identify the extent and type of fraud scheme, prevention mechanisms
and challenges experienced by the Malaysian medium enterprises.

Design/methodology/approach – The multiple case studies approach has been employed in this study. The data
was collected through interviews with the directors, owners, managers and supervisors of three medium size
enterprises.

Findings – The findings suggest that the fraud cases experienced by the enterprises were related to broken trust
and non-cash larceny. The implementation of fraud prevention mechanisms in the enterprises seem to be very
limited due to resources and budget constraints.

Practical Implications – The findings of the study have an alarming implication for the owners and directors of
the selected medium size organizations. They seem to have shown proactivity and to have responded to fraud in
Downloaded by RMIT University Library At 03:02 25 October 2018 (PT)

their organizations by implementing fraud prevention mechanisms; however not to the extent that large
organizations have done. This fact may expose the company to the risk of losing their competitiveness and the
ability to survive in the marketplace.

Originality/value – This paper contributes to the growing literature on the studies of fraud scheme and the fraud
prevention mechanism in the medium size enterprises, particularly in the context of developing country. Prior
studies in these areas have predominantly been undertaken by large organizations of developed countries, which
offers different environment, litigation and institutional setting, thus limits the generalizability of fraud
prevention mechanism to small and medium size businesses.

Keywords Medium enterprises, fraud prevention mechanisms

Paper type Case Study

 Introduction
Despite measures and regulations imposed by governments and by the management of various
establishments, fraud remains costly for organizations. According to a recent survey by the Association of
Certified Fraud Examiners, (ACFE, 2016), on average, an organization may lose approximately 5% of its
revenue to fraud and this will have a greater impact on smaller organizations than on larger ones. Therefore, the
issue of fraud will continue to be important and to form a part of managements’ and policy makers’ concerns –
especially in regard to small and medium enterprises (SMEs).
The different sizes and complexities of organizations tend to imply different fraud risks and consequent
measures, with some overlap. Corruption and financial statement fraud are the most common types of fraud in
large organizations (ACFE, 2014; 2016; Brickley, 2006; Kulik et al., 2008; Sidak, 2003), while cheque
tampering, skimming, payroll and cash larceny schemes are more prevalent in small organizations (ACFE,
2014; 2016). The rise in sophisticated information technologies has created new types of digital fraud schemes
(Simha and Satyanarayan, 2016). In terms of countermeasures, evidence suggests that small organizations suffer
from having significantly less comprehensive anti-fraud controls than large organizations. Indeed, it is possible
that some of the known anti-fraud controls are not applicable to SMEs. Therefore, small organizations are more
Downloaded by RMIT University Library At 03:02 25 October 2018 (PT)

vulnerable to fraud and also suffer most due to their limited resources (ACFE, 2016; Kramel, 2015).
Despite the presence of these fraud studies across different organizational settings, several calls for
more research on fraud have been issued by individual scholars and groups (Carcello et al., 2009; Smith, 2008;
Kramer 2015). This paper is a response to those calls for more research. In particular, this paper examines the
extent and type of fraud prevention mechanisms used, and the challenges experienced by Malaysian medium-
sized enterprises.
A number of novel and original contributions are made by this paper. First, most of the prior studies
relating to fraud have been conducted in developed countries (ACFE, 2014; 2016; Brickley, 2006; Kulik et al.,
2008; Sidak, 2003). These were conducted in a different environment, and in a different litigational and
institutional setting, which limits the generality of their findings in the context of developing countries. This
present study provides additional insights into fraud prevention measures as used in developing countries,
particularly Malaysia. Second, most of the existing studies on fraud scheme and prevention mechanisms use a
quantitative, survey-based approach. Even though quantitative approaches are able to elicit information related
to large geographical areas and numbers of respondents (ACFE, 20014; 2016), they have little to say about real
behavior and actions in the field (Yin, 2004; 2009). Fraud studies conducted using a qualitative approach are in
limited supply (Cross and Kelly, 2016; Krambia-Kapardis and Zopiatis, 2010; Omar et al., 2012; Zakaria et al.,
2016). However, they could be very useful. Specifically, the qualitative approach is able to offer a rich and
comprehensive picture: especially concerning ‘how’ and ‘why’ questions. In this paper, the qualitative
approach determines how prevention measures are currently being undertaken by SME owners, in relation to
fraud schemes, and why such actions are considered by them to be necessary in order to secure their business
from fraud. Lastly, this paper contribute to the literature about fraud in the SME setting whereas previous
studies concerning fraud schemes and prevention mechanisms are mostly applicable only to larger
organizations.
This paper is organized as follows. First, relevant literature related to fraud schemes and fraud
prevention measures is reviewed. Second, this is followed by detailed descriptions of a number of case studies.
Third, the findings from interviews are reported according to the research objectives. These findings are based
on within-case analysis and cross-case analysis. Fourth, the discussion and implications of the study are then
presented. Finally, in the last section, conclusions and suggestions for future research are made.

Literature review
Prior literature suggests that fraud can be minimized through the use of fraud prevention and detection
mechanisms (Henry, 2016; Mat et al., 2013; Zakaria et al., 2016). However, fraud prevention mechanisms are
more cost-effective in combating fraud than fraud detection mechanisms (Adams et al., 2006). This is due to the
fact that fraud prevention mechanisms are the primary control measures which can be taken before the fraud
occurs (Bolton and Hand, 2002). Using these measures, the management have a greater chance of reducing
fraud risks and preventing possible future fraudulent activity. In other words, management should put in place
proactive measures to thwart fraud and thus give themselves a better chance of preventing it. Fraud detection
 mechanisms involve management in identifying a fraud as fast as possible once it has been perpetrated (Bolton
and Hand, 2002). Actions are then taken accordingly – to respond to the fraud.
KPMG (2011) claims that organizations tend to put in a lot more effort into detecting fraud than into
inhibiting it. Organizations regularly overlook the existence of “fraud red flags”, and only take action when a
fraud is actually detected, by which time it is often too late. Bishop (2004) suggests that the management should
have a balanced combination of fraud prevention and detections mechanisms. However, Mat et al. (2013)
claimed that organizations tend to place more emphasis on the detection rather than prevention mechanisms: on
average, organizations put 80% of the resources available into detection, and only 20% into prevention,
respectively. Therefore, in this paper, while the demand to have fraud detection mechanisms in place is
recognized, it is argued that prevention mechanisms are more important.
Frauds can be grouped into three main categories: corruption, asset misappropriation and financial
statement fraud. In terms of frequency, the most common type of fraud scheme reported, in both large and small
organizations, was that of asset misappropriation (ACFE, 2014, 2016; KPMG, 2013; Omar et al., 2012). The
recent report by ACFE (2016) claims that small businesses experienced more than twice the incidence of cheque
tampering, skimming, payroll, and cash larceny schemes than large organizations did. Therefore, small
Downloaded by RMIT University Library At 03:02 25 October 2018 (PT)

organizations should look at suitable ways for reducing the risk of these incidents, and explore at the
implications of these fraud risks.
Shanmugam et al. (2012) suggested that in order to minimize fraudulent activity, organization should
put more emphasis on professional ethics at all level of management, from top to bottom. For examples,
employees should be involved in a number of courses dealing with moral or ethical issues, in order to remind
them of these, and encourage them to keep these issues in mind. In addition to this, the appointment of a
forensic accountant is also often helpful in deterring fraud (Shanmugam et. al., 2012; Bierstaker et al., 2012). A
forensic accountant is a kind of detective or private investigator who is focused on discovering fraud, recovering
assets fraudulently taken, and asset tracking (Shanmugam et al., 2012). However, the idea of having forensic
accountants would seem to be useful only to large and very profitable organizations rather than small
organizations – mostly due to budget constraints.
However, appropriate oversight functions seem to be required for effective fraud prevention. Those
roles can be performed internally or externally and within various structures. According to AICPA (2001), the
implementation of oversight function mechanisms depend on the size of the organization. In large organizations
- the board of directors, the audit committee, the internal auditors, management, the external auditors, and one or
more certified fraud examiners will be the ones carrying out the oversight procedures.
However, in SMEs, only the management are responsible for constructing an appropriate culture of
morality and implementing a scheme of internal control. In most cases, there is one manager who is the owner
or the sole proprietor of the organization.
Fraud Advisory Panel (FAP, 2006) claims that the management of SMEs have the full responsibility in
terms of preventing fraud. They should assign an individual or department (an internal or external party) to be in
charge of the risk management procedures, in accordance with the budget available. Ideally, SME managers
should be able to engage all their staff in the necessary fraud prevention mechanisms by equipping them with
the required skills. These skills will be in detecting fraud, and in the correct procedures for reporting any
unethical/immoral actions being committed by their peers.
Regardless of the corporate ethical policies and internal controls, innovation also plays an important
function in preventing fraud, particularly in this period of rapidly advancing technology. Technological
innovations can be employed for monitoring transactions and automating controls. According to Kroll (2012),
most of the major financial institutions do not, now, depend solely on traditional accounting methods to keep an
eye on what’s going on, but also utilize technology to detect and trace abnormal transactions that take place. In
the circumstance of small organizations, the entrepreneur may think about employing accounting software in his
or her company. This type of software seems to be useful in combating the threat of fraud if it is designed well.
Often, entrepreneurs will have the ability to recognize unusual exchanges and the time of their occurrence by
investigating reports from such software. Daigle et al. (2009) stated that through a user’s personal ID, business
owners should be able to spot an imposter effortlessly – in comparison with how this can be achieved via
manual accounting. Also, utilizing such a product allows the entrepreneur to practice the segregation of
responsibilities by limiting workers’ access to specific data.
 The Case Studies
Ten organizations were randomly chosen from the SMECorp Malaysia’s website for participation in this study.
However, only three of these agreed to participate and provide their details. Their detailed information is shown
in Figure I (note that in order to preserve the participating organizations’ confidentiality they were referred as A,
B1, B2 and C). Interviews with the directors or owners, managers and supervisors were carried out. These
interviews lasted between four to six hours each. Relevant documents, such as company profiles, have been
referred to and the organizations provided copies of these as required. Additional clarification, if necessary, was
obtained through subsequent phone calls to the participating organizations.
The organizations chosen as respondents for the interviews represent various sectors. They were
particularly selected as medium sized organizations which operated within various industries and locations in
Malaysia. Organizations from WP Kuala Lumpur, Selangor and Negeri Sembilan were chosen.

Figure I: Case companies’ main characteristics

Case Nature of No. of Type of Sales Years of Location

Downloaded by RMIT University Library At 03:02 25 October 2018 (PT)

Company Business employees ownership Turnover Operation

Security WP Kuala
A 75 Partnership RM 5 mil 6 years
(Service) Lumpur
Retail / Food
Family
B1 & B2 & Beverage 36 RM 3.2 mil 14 years Selangor
Owned
(Service)
Negeri
C Construction 37 Partnership RM 10 mil 12 years
Sembilan

Results from case study Company A

Company’s Demographic Information

Company A is a firm that provides security services: security consultation, internal static security personnel,
security escorts, personal bodyguards and mobile patrols. The company serves both public and private sectors
domestically. It was established in February 2009 and began operations in 2010. The headquarters of the
company is located at Wilayah Persekutuan, Kuala Lumpur. It is actually a partnership type business with four
directors at board-level. Based on the sales turnover, which is around RM 5 million, and its 75 staff, the
company falls under the medium size category of businesses. According to the manager of the company who
was the respondent who was interviewed in this case, the annual income of the firm is around 20% of sales.

Fraud Cases
The types of fraud cases experienced by Company A are as follows: broken trust, cash larceny, cash
mishandling and non-cash larceny. The cases of broken trust mostly consisted of revealing the company’s
confidential information to another party; this may happen in the circumstance where a competitor is facilitated
in obtaining a contract by the use of such information, and an employee of the original company abets with them
in return for a reward of some kind. This situation indicates that the employees involved were deceitful in
relation to their management, as well as in relation to the task that was assigned to them. In terms of cash
larceny, the company has experienced a scenario involving transferring monies intended for employee salaries
from one bank to another. The manager involved actually took this money for himself and then claimed to
higher management that he had been robbed. In addition, this company had also experienced a cash
mishandling case whereby an account manager misused the tasks delegated to him by stealing the cash which
was the salary to be paid to the security guards. In the context of non-cash larceny, the firm has experienced a
case where a guard apparently failed to perform his job properly, and this resulted in a break-in at the premises
where he was on duty. However, in addition, it transpired that an outside party had been set-up with the client’s
financial information, in order to facilitate the theft.
The detection strategies which are applied by this company consist of CCTV monitoring, spying, fraud
vulnerability reviews, employee reference checks, analytical reviews and formal as well as informal reporting.
Based on the statements made by the manager who was interviewed, it appeared that the company was exposed
to many different fraud cases. The value of losses incurred was roughly RM 45000 p.a. The offenders involved
in these cases included managers and supervisors as well as the lower-level staff (the security guards
themselves). Their main motive for committing these kinds of infringement is to simply acquire more money,
 and this motive is often reinforced by low morale and poor family situations. In addition, the company also has
taken action in cases which the interviewee stated indirectly were the result of termination practices. The
company also stated that the trend in fraud cases is that they are definitely on the increase. This they have
inferred by looking at the cases which have occurred, and those which could occur in the future, along with the
prevention measures which they knew were not fully operational.

Existence of Fraud Prevention Mechanisms

This particular company does actually practice the inculcation of a culture of honesty and strong ethics, and
does so formally: clauses relating to these elements are spelled out clearly in each of the employee’s
appointment letters. The staff are also quite well versed on such matters and know the penalty for each and
every fraud action they might be tempted to commit. Besides this, the company provides external as well as in-
house training on anti-fraud issues to their staff so that they (the staff) obtain a better understanding and also a
good knowledge of these issues. In terms of reporting mechanisms, there seems to a mixture of both verbal and
written reporting mechanisms which are applied across the company. One reporting method was basically the
construction of a written report, the other was that of a verbal report made by the employees to their officers or
to management; these are followed-up by a local inquiry process. In relation to the verbal reporting system, the
employees simply meet with their superiors or managers to convey the information that they have acquired
Downloaded by RMIT University Library At 03:02 25 October 2018 (PT)

regarding fraudulent actives taking place within the company. The company had often been reluctant to
publicize the identities of the offenders; they prefer to keep cases of internal fraud private and confidential since
they are in the security service industry where this kind of situation will tend to effect the company’s reputation,
and lost business can result. Thus, the company tries their best to not disclose those cases which they settle
internally and with the third parties affected – such as clients.
Hence, in order to take a cautious approach, the company has implemented some prevention
mechanisms in order to overcome these types of situations. These consist of building a positive workplace
environment wherein they are concerned with conducting business in an ethical manner while making sure that
this does not incur too much financial loss. Next they seem to have evolved a system of building and preserving
a culture of honesty which they indirectly instill in their employees so that these are motivated to be honest
when carrying out the tasks assigned to them: especially those who handle the guard’s salary payments, prepare
tender documents, and also those who are based at the operational site. Moreover, they try to convey the
message in terms of building such a culture through internal meetings with their staff. The company also
possesses their own code of conduct and they convey it clearly, in an appropriate manner, to their employees
through their appointment letters. Apart from this, the company employed other fraud prevention measures,
creating an oversight process in relation to risk management, increasing the employees’ awareness of fraud
issues through training and education, having good internal control and finally through invigilation via cross-
checking and/or spot-checks. The management of the company also show appropriate involvement in the issues
by prioritising prevention measures in which honesty and integrity are among the important elements.

Challenges faced in adopting Fraud Prevention Mechanisms

The company also faces some challenges in the adoption of fraud prevention mechanisms. As stated by the
respondent, the organization continues with their current organizational structure since they do not see any
problems with it. The unnecessary changes in organizational structure will affect their budget. In terms of
monitoring, the company has decided on certain steps such as facilitating easy ‘whistle-blowing’ by the
employees of any fraud cases of which they are aware; this can occur whenever the manager or director is
available. In addition, management also play their role by acknowledging the challenges confronting the
adoption of fraud prevention mechanisms with the limited resources available by spelling out the company
policies as well as the rules and regulations that need to be obeyed to new employees of the company. The
company also has a role to play in changing the mindset of the employees towards the adoption of fraud
prevention mechanisms by instilling the idea, in their employees, that integrity and ethical considerations must
be kept in mind when carrying out their jobs. “Since you work for the company, I’ll always follow the policies.
We grow together towards the company”, is actually one of the statement given by the respondent to show how
the management play their role in terms of monitoring and at the same time facing the challenges which are
caused by this monitoring. In the context of relying on and trusting the employees, this company actually does
not fully employ such a policy since they are more inclined to apply the BDTA principle, “Do Not Trust
Anybody” where they believe that doing so (trusting the employees) may result in frauds being perpetrated. This
is an aspect which can be seen as a challenge to them.
The company, of course, has faced some difficulties when adopting these fraud prevention
mechanisms. Employee commitment has represented such a difficulty. Sometimes employees are not willing to
do their part to make these prevention mechanisms effective due to negligence or laziness. Therefore the
company is quite strict with the employees in relation to facing this challenge. The company clearly states, to
their employees, that those who are not committed, to the anti-fraud measures, should leave the company since
 they are not fully engaged in its efforts. Other situations that this company has faced include the circumstances
where employees have been reluctant to change their working practices and culture since to do so they would
have to leave their comfort zones (as currently constituted) and because they actually feel uncomfortable when
the new kind of prevention mechanisms take place. In terms of management commitment, the company also has
faced some challenges in situations where the management have not always been around to ensure that
prevention mechanisms are actually being practiced by their staff. Since the company only operating on a
medium scale they it would appear that implementing a code of ethics, rather than corporate governance, is as
far as they are willing to go at the present time – due to limited resources. However, the company might apply
corporate governance practices when they expand in the future.

Implications to the Company

Through implementing or applying fraud prevention mechanisms the company has actually seen that this
practice can improve their company’s performance both financially and non-financially. These measures have
less effect on their sales and income; nevertheless, they do have some effect through the company not losing
their contract opportunities to their competitors. And the company feels that they can reduce fraud-related
financial losses by making sure that these prevention measures are in place at their organization. They are also
fairly sure that they are actually less vulnerable to fraudulent activities through having proper and effective
Downloaded by RMIT University Library At 03:02 25 October 2018 (PT)

prevention mechanisms in place, and the company’s status and image are improved by this, both internally and
externally. Internally, it is considered that the company will tend to have more ethical employees, which means
that business activities will be carried out without too much contention and without any damage to either party:
staff and employer. In addition, the company improves its financial situation since they seem to reduce losses as
a result of dishonest activities. From an external point of view, the company possesses a good public reputation
by being seen to do their business ethically and in a sound manner.

Results from case study Company B

Company’s Demographic Information

Company B is a company in the retail and food industry; they provide their services via mini markets as well as
via a local restaurant. The company has been established for 14 years, starting from 7th November 2001.
Previously, form 1979, the business had been run on a smaller scale by the current managing director. The
headquarters is located at Batu Belah, Klang, Selangor. The business is family owned and its executive consists
of one managing director and two operational directors who are family members. The firm is categorized as
medium size according to the latest SME definition; it has 19 employees and has a yearly sales turnover of RM
3.2 million. According to the operational director of the company who is the respondent being interviewed in
this case, its annual profits are about 10% of sales.

Fraud Cases
Company B has experienced fraud cases mostly involving cash larceny, corruption and non-cash larceny. The
cases of cash larceny concerned the stealing of the company’s money. In terms of corruption, the company has
experienced a scenario where the workers delivered greater quantities of goods than were officially ordered.
Expensive items were especially involved with this. The customer was charged the price for the official order,
but the employees who over-delivered would gain some commission from the customer later – either financially
or non-financially. In terms of non-cash larceny, the firm has come across a case where their supervisors
conspired with the vendors who delivered the goods to the minimarkets; some of the delivery would go missing,
and the supervisors would then make use of the missing goods for their own personal benefit – and not the
company’s.
The detection strategies that were reported to have been implemented by this company involved
analytical reviews, CCTV monitoring, formal and informal reporting, fraud vulnerability reviews, and as well as
surveillance. According to the director who was the respondent being interviewed, the company had only been
exposed to a few fraud cases so far. The value of the loss incurred was roughly RM 2000 p.a. The offenders who
were implicated in those cases were supervisors as well as lower level staff. The main causes for their
committing of this kind of action were: simply to earn more money, low morale, and poverty situations. The
company has taken action in regard to some cases which have occurred. These actions have tended to be verbal
warnings or termination of employment within 24 hours – in other words, legal action was not considered. The
company also stated that fraud cases were definitely on the increase. This they determined by looking at the
cases which had occurred and those could be expected to occur in the near future. The company believes that its
employees are becoming less trustworthy.

Existence of Fraud Prevention Mechanisms

 This particular company actually practices a culture of honesty and high ethics in an informal way by having
weekly and monthly meetings. However, the organization does not offer any anti-fraud training for its staff,
although the management implemented some changes in terms of employment practices, in order to have fraud
prevention mechanisms in place, after experiencing some cases of fraud. In terms of reporting mechanisms,
within this company, only the method available is verbal. A case of fraud must be reported directly to the
directors or supervisors by meeting them face to face and/or through phone calls. In contrast with Company A
and C, this company actually does not object to publicizing the offenders and their actions in the public
information which they give out. They believe in being transparent about their business in order to gain a public
reputation.
The company has also implemented some prevention mechanisms specifically designed to combat the
kind of frauds from which they have suffered. These mechanisms consist of conducting regular audits involving
stock checking, having good internal controls via having checklists - revising these from time to time - and
finally through thorough invigilation. The management of the company have also demonstrated a reasonable
level of involvement by formulating a plan to provide training on fraud awareness to their staff internally as well
as externally when the expansion of the business allows.

Challenges faced in adopting Fraud Prevention Mechanisms

Downloaded by RMIT University Library At 03:02 25 October 2018 (PT)

The company faces various challenges to the adoption of fraud prevention mechanisms. As stated by the
respondent, the organization intends to continue with their current organizational structure, largely, since they
do not see any problems with this. However in future, the management plans to create managerial positions in
each of their businesses. In terms of monitoring, the company has implemented a number of steps such as
communicating with the employees where the directors or supervisors make themselves available for the staff
under them to voice their issues either via face to face meetings, phone calls or phone messaging. In addition,
management also intend to play their role by creating awareness of the challenges involved with the adoption of
fraud prevention mechanisms, working within the limited resources available. They are also concerned to raise
awareness of the failures that may occur as the result of fraudulent activity. In terms of relying on and trusting
the employees, the director stated that they can trust and rely-on most of their employees, especially the senior
ones who have been with the organization for some time. However, this situation does not apply to the new
staff.
The company has, of course, faced some difficulties in adopting fraud prevention mechanisms. These
have mainly been due to employees’ dissatisfaction with the prevention systems and the fact that, most of the
time, the staff demonstrate negligence and/or unwillingness in terms of performing the prevention measures. As
regards management commitment, the company does seem to face some difficulties because the management
often shows insufficient interest – because of limited resources. Since the company only operates on a medium
scale it appears that they have only considered implementing a code of ethics, rather than corporate governance,
due to these limited resources.

Implication to the Company

Through implementing or applying fraud prevention mechanisms the company has actually seen that this
practice can improve their company’s performance financially - through increases in the profits and sales of
their business. They are also very confident that they can reduce financial losses by making sure the prevention
measures are in place in their organization. The company are also very sure that they are actually less exposed to
large-scale fraudulent activities when having proper and effective prevention mechanisms, and that the presence
of such mechanisms also increases the company’s status and their public/business image: the company improves
their reputation since they have less fraud cases as a result of implementing fraud prevention mechanisms and
so, indirectly at least, they attract good business talent to join their company.

Results from case study Company C

Company’s Demographic Information

Company C is a construction based business, engaging in both private and government projects. The firm was
established in the year 2003. The headquarters of the company is located at Seremban, Negeri Sembilan. It is
actually a partnership type business with two directors. Based on the sales turnover, which is around RM 10
million and the 37 members of staff, the company falls under the medium size category of business. According
to the project manager of the company, who was the respondent being interviewed in this case, the annual
income of the firm is around 10-12% of sales.

Fraud Cases
 Company C has experienced fraud cases mostly involving non-cash larceny and broken trust. In the latter case,
of broken trust, a supervisor on a construction site purchased items for the use of the construction project but
most of the items purchased were not used for their stated purpose. Those items which are not used at the site
were billed to the company as well as the items which were actually needed for the construction job. Besides
this, the company has also experienced non-cash larceny cases whereby the lorry drivers that send cement bags
to the site connive with the supervisor so that they do not really send all the cement to the site but rather keep
some in the lorry for the driver to sell, in order to make money for themselves, personally.
The detection strategy that was applied by this company was that of analytical reviews. Also, the
company seemed to be exposed to certain kinds of fraud. This could be seen, based on the statements given by
the Project Director of the organization who was the respondent being interviewed. The value of the loss
incurred was quite a large – almost 3 percent of the company’s total material costs. The offenders that have been
involved in these cases were usually the supervisors who play the role of site administrator. Their main motive
in undertaking this kind of action was simply due to family situations and also to obtain money in easy ways and
else to satisfy their needs using what they saw as a short cut. The company does take action in these cases. Their
two main approaches were a warning or termination within 24 hours. The company also stated that fraud cases
are definitely on the increase, looking at the cases which have already occurred and those which might be
expected to occur soon. The motivations behind these frauds are greed and dissatisfaction. People committing
Downloaded by RMIT University Library At 03:02 25 October 2018 (PT)

fraud are looking for a simple and fast way of improving their financial situation, and are not taking into account
any ethical considerations.

The Existence of Fraud Prevention Mechanisms

This particular company actually does practice a culture of honesty and high ethics in a formal way whereby the
members of staff, are often engaged in on-site training and one of the topic which is covered is honesty and
integrity. Moreover, the organization sends their employees on anti-fraud training programs which are organized
by other parties – mostly under the control of the Construction Industry Development Board (CIDB). In terms of
reporting mechanisms, the company only facilitates verbal reporting, whereby the staff can report fraud cases
directly to the project director face to face – particularly at the site. The company is reluctant to publicize the
offences and the offenders in their public information and prefer to keep incidences of fraud private and
confidential since the project director feels that this kind of information may have a negative impact on his
employees when they leave the company to look for a other opportunities. He feels that, by that time, they may
well have ‘learnt their lesson’ and become cognizant of their ethical responsibilities.
The company has implemented some prevention mechanisms to combat the types of frauds to which
they are vulnerable. This is undertaken by conducting regular audits which consist of both internal and external
ones and also by having good internal control. In this company’s case they do practice ISO standards and use
them as one of the weapons to be utilized in overcoming fraud cases occurring at their locations. Also the firm’s
management displays good involvement in instigating prevention measures. They see honesty and integrity as
one of the most significant aspects to be nurtured in order to run their business without failures.

Challenges faced in adopting Fraud Prevention Mechanisms

The company also faces some challenges in the adoption of fraud prevention mechanisms – in various ways. As
stated by the respondent, the organization will continue with their current organizational structure since they do
not see any problems with it. In terms of monitoring, the company has developed a number of stratagems such
as communicating with the employees – whereby the project director makes himself available to the staff so that
they are able to express their issues so that he can settle them. In addition, the management also play their role
by creating awareness of how to face the challenges of adopting fraud prevention mechanisms within the
company’s limited budget, and by pointing out the failures that will occur as a result of fraudulent activity. The
project director also stated that at times he has to just trust employees because he feels that the business would
not have expanded and been as successful as it is now, if had not done so. However, he too comes in to the
office to do some spot check on his office staff once a month since most of the time he will at construction site.
The company of course has faced some difficult circumstances in adopting fraud prevention
mechanisms through employees’ dissatisfaction with the prevention systems as well as their reluctance to
change. Employees are often do not want to do their part in making this prevention mechanism effective due to
neglect or an unwillingness to get involved in the adoption process. In terms of management commitment, the
company does not seem to face that many challenges since the project director is still able to control his staff
especially in order to make the prevention mechanisms work. According to the respondent too, a code of ethics
is seen to be the most suitable prevention mechanism compared to corporate governance for this particular
company since they only operate at a medium scale. However, the company might consider practicing corporate
governance when they expand in the future.

Implication to the Company

 According to the respondent, practicing or putting into action fraud prevention measures will actually improve
this particular company’s performance financially as well as non-financially. They too stated that money can be
saved in terms of reducing financial losses by implementing fraud prevention mechanisms in their company.
The firm too are confident in their stand where they actually become less vulnerable to fraudulent cases by
having good prevention mechanisms. Furthermore, such mechanisms would increase the company’s status and
image both internally and externally. In terms of the internal context, the company will have employees who are
more directed towards a sense of accountability and integrity. Whereas from the external perspective, the
company will possess a good reputation with the public and so job hunters are more likely to opt to work for
them since they are manage their business in an ethical manner.

Cross Case Analysis Findings

The type of fraud cases which are most likely to occur are cases of broken trust and cases of non-cash larceny.
Fraud vulnerability reviews, CCTV monitoring, and surveillance as well as formal and informal reporting seem
to be the most widely used detection strategies. The main factors which contribute to fraudulent activity seem to
be low morale among the employees and difficult family situations which influence people to become involved
in unethical activities. Termination and also warnings are the actions usually by the three organizations when
Downloaded by RMIT University Library At 03:02 25 October 2018 (PT)

fraud cases occur at their workplace.

The majority of them prefer to keep the names of the offenders private and confidential, and do not
wish to publicizing them. In terms of existing prevention mechanisms, the most widely used strategies are
internal control, invigilation, and lastly, by conducting regular audits. The majority of company managements
show good involvement in the prevention mechanisms existing in their company.
Most of the challenges faced in carrying out the managerial role through monitoring are in the form of
difficulties in communication whereby they experience a great many problems in conveying the benefits and the
need for adopting fraud prevention mechanisms. The extent to which management is committed and employees
are committed does positively imply the most likely results when fraud prevention mechanisms are
implemented.
Fraud prevention mechanisms do have some implications for these three organizations. Improved
company performance financially and non-financially has iis an important positive effect, and all agreed on the
point that fraud prevention reduces the financial losses of their organizations. All three organizations are also
very sure of becoming less vulnerable to fraud cases through implementing fraud prevention mechanisms and
most of them considered that the implementation of such measures improved their company’s image and status
both internally as well as externally.

Validation of proposed implementation framework

The findings of this research have resulted from both inductive and deductive approaches. Some of these
findings can be linked with those found in the studies examined in the literature review but some of them seem
to be new findings, in relation to this particular research field. The first theme which emerged, which is in
regard to the types of fraud cases encountered, is in line with most of the findings of the studies reviewed.
However, there also seem to be some new perspectives which have been not previously been discussed in
theoretical terms. These relate to the actions which are taken towards individuals who commit fraud. In the
above discussions, the research has demonstrated that fraudsters were punished using certain common actions.
Most of the time they lost their job; their employment was terminated forthwith. The elements which were
discussed in terms of the theoretical aspects were mostly concerning the types of fraud cases being experienced
by organizations and the detection strategies which have been applied. However not all the known detection
strategies are being employed by the owners/managers of these Malaysian medium-sized businesses. This is due
to these companies having limited resources and also limited knowledge and awareness of fraud prevention
mechanisms. On the other hand, the number of cases which occurred, the amounts of money which was lost due
to fraudulent activities, the offenders who were found to commit fraud, the factors that provoke them to commit
fraud, and the trends in the incidence of fraud cases in medium organizations were found to be in line with the
theoretical explanations.
The second theme that emerged and was developed, is represented by some of the findings which
pertain to the existence of fraud prevention mechanisms in Malaysian medium sized organizations. The owners
of Malaysian medium sized organizations have limited knowledge and ideas about fraud prevention
mechanisms. This is simply because they do not look at this issue as a serious matter; in fact, they tend to feel
that everything is under control anyway, and that, due to limited resources, they can only manage to apply
prevention mechanisms to a certain level and in a very basic and simplistic way. Most of the prevention
mechanisms are found to be undertaken informally. For instance, meetings are held in which motivational talks
are given to instill the culture of honesty among the employees. These owners mostly do not see a need for anti-
 fraud training since they believe the employees are well versed with the company’s policies through this
informal approach. Apart from that, proper reporting mechanisms are not being practiced: most of the time the
reporting can be done verbally only. Prevention mechanisms should be have priority, in terms of time and
importance, over detection strategies, yet for Malaysian medium entity entrepreneurs, it seems that prevention
only comes in after the detection of fraud cases.
The third theme which emerged is to do with the data gathered on the challenges faced by the
organizations in adopting prevention mechanisms. This was discovered using the deductive approach since it
had not been explored thoroughly in the literature reviewed. Most of the challenges faced are from the
perspective of employee and employer commitment towards fraud prevention implementation. However the
challenges from the employers’ perspective have been explored by several scholars yet not much has been said
on the challenges faced from other perspectives, including the difficulties in implementing corporate
governance. Very limited studies have been done in this area.
The last theme which developed explains the implication to the organizations from applying as well as
practicing fraud prevention mechanisms. The findings seem to be more towards positive implications rather than
negative ones. However it has been agreed that fraud prevention mechanisms helps those organizations to
perform better and to be equally competitive with larger organizations.
Downloaded by RMIT University Library At 03:02 25 October 2018 (PT)

Discussions and Implications

The findings suggest that the implementation of fraud prevention mechanisms at the selected medium size
organizations is very limited. This finding should trigger further discussions with regard to corporate
governance practice in SMEs. The study also discovered that the selected medium scale organizations do,
nevertheless, equip themselves as well as their employees with some fraud prevention mechanisms; however,
they do not place much emphasize on this matter as compared to large organizations.
All the respondents from the participating organizations claimed that they have practiced and
implemented fraud prevention mechanisms in their organization. With very limited resources and simple
organizational structures, the applicability of fraud prevention mechanisms is questionable. In future, this issue
should be discussed in a broader perspective by scholars or academicians, by addressing the importance of fraud
prevention mechanisms.
The findings of the study have an alarming implication for the owners and directors of the selected
medium size organizations. They seem to have shown proactivity and to have responded to fraud in their
organizations by implementing fraud prevention mechanisms; however not to the extent that large organizations
have done. This fact may expose the company to the risk of losing their competitiveness and the ability to
survive in the marketplace. Not having proper frameworks, policies and strategies results in the breakdown of
organizations.
Policy makers also play important roles by providing a range of support programs, activities and events
which can make sure that medium scale company owners are well versed in fraud prevention mechanisms. Such
information could prevent organizations from having to shut down due to the highly competitive business
environment. The findings of the study should generate some actions in response from policy makers. This
would be in order to change the situation since they (policy makers) play important an important role in
attempting to make sure that owners are well versed in fraud prevention mechanisms.
Looking at the significant impact these organizations have on the nation’s economy, it is crucial for
government bodies to have adequate knowledge of fraud prevention mechanism policies as well as the benefits
which can accrue from implementing them in organizations. This study has provided valuable information, on
the basis of which the agencies can start looking at the problem more seriously. A guideline to implementing
fraud prevention mechanisms also should be developed so that the medium size enterprises of Malaysia may
gain a clearer picture of how to respond to threats of fraud and sustain their business in this increasingly
competitive atmosphere.
 Conclusion and Future Research

This study has mainly focused on fraud prevention mechanisms for SMEs. Though the findings of the study
could not be generalized as the samples used were very small, they establish a good platform on which other
researchers can further investigate the existence and implementation of fraud prevention mechanisms among
SME owners. There are some recommendations that the study can provide for future research within the area.
The differences between SMEs and larger entities are substantial and should be properly addressed in future
research. Therefore, future research could viably be expected to conduct a broader study by using large scale
data in this area. This is actually vital in enabling the studies to generalize the findings; thus, providing
significant information regarding the issue.
Furthermore, future studies should address the implications of employing or practicing fraud
prevention mechanisms as well as the relationships between fraud prevention and detection strategies, whereby
the prevention mechanisms should inform the detection tactics. Since this study only covered a very limited
number of SME entrepreneurs from the services and construction sectors, it is suggested that any further
research should cover the manufacturing sector as well. With that kind of participant involvement in the study,
more accurate predictions could be developed to determine the de-facto existence and implementation of fraud
Downloaded by RMIT University Library At 03:02 25 October 2018 (PT)

prevention mechanisms in SMEs. Covering more SMEs in future research could eventually result in an increase
in SMEs performance, in Malaysia, boosting their status and image.

References

Adams R., Bessant, J., and Phelps, R. (2006), “Innovation Management Measurement: A Review”,
International Journal of Management Reviews, Vol. 8 No. 1, pp. 21–47.

ACFE, Association of Certified Fraud Examiners (2014), “Report to the nations on occupational fraud and
abuse”, available at https://www.acfe.com/rttn/docs/2014-report-to-nations.pdf (accessed November 5,
2016).

ACFE, Association of Certified Fraud Examiners (2016), “Report to the nations on occupational fraud and
abuse”, available at https://www.acfe.com/rttn2016/docs/2016-report-to-the-nations.pdf (accessed
February 1, 2017).

AICPA, American Institute of Certified Public Accountants (2001), “Management antifraud programs and
controls: Guidance to help prevent and deter fraud”. Available at
http://www.mtsu.edu/audit/forms/Management_Antifraud_Programs_and_Controls_1_.pdf (accessed
December 20, 2016)

Bishop, T. J. F. (2004), “Preventing, deterring, and detecting fraud: What works and what doesn’t?”, Journal of
Investment Compliance, Vol. 5 No. 2, pp. 120-127.

Bierstaker, L. J., Hunton, J. E., and Thibodeau, C. J. (2012), “Does fraud training help auditors identify fraud
risk factors?”, In Advances in Accounting Behavioral Research, pp. 85-100.

Bolton, R.J. and hand, D. J. (2002), “Statistical fraud detection: A review”, Statistical Science, Vol. 17 No. 3,
pp. 235-255.

Brickey, K. F. (2006), “In Enron’s wake: Corporate executives on trial”, The Journal of Criminal Law and
Criminology, Vol. 96 No. 2, pp. 397-433.

Carcello, J. V., Bedard, J. C. And Hermanson, D. R. (2009), “Responses of the American accounting
association’s tracking team to the recommendations of the advisor committee on the auditing
profession”, Accounting Horizon, Vol. 23 No. 1, pp. 69-84.
 Cross, C. and Kelly, M., (2016), “The problem of “white noise”: examining current prevention approaches to
online fraud”, Journal of Financial Crime, Vol. 23 No. 4, pp.806-818.

Daigle, R., Morris, P.W. and Hayes, D. C. (2009), “Small businesses: Know they enemy and their methods”,
The CPA Journal, Vol. 79 No. 10, pp. 30-37.

FAP, Fraud Advisory Panel (2006), “Fighting fraud: A guide for SMEs”, available at
https://www.fraudadvisorypanel.org/pdf_show_17.pdf (accessed March 18, 2016).

Henry, L. (2016), “Fraud prevention: an effective control environment can deter or minimize the occurrence of
fraudulent activities” Internal Auditor, Vol. 73 No. 2, pp. 17-19.

KPMG (2011), KPMG Analysis of Global Patterns of Fraud: Who is the Typical Fraudster?, KPMG Malaysia

KPMG (2013), Global Profiles of the Fraudster: White-collar Crime – Present and Future, KPMG
International
Downloaded by RMIT University Library At 03:02 25 October 2018 (PT)

Krambia-Kapardis, M. and Zopiatis, A. (2010), “Investigating incidents of fraud in small economies: the case
for Cyprus”, Journal of Financial Crime, Vol. 17 No. 2, pp.195-209.

Kramer, B. (2015), “Trust, but verify: fraud in small businesses”, Journal of Small Business and Enterprise
Development, Vol. 22 No 1, pp. 4-20.

Kroll, K. (2012), “Keeping the company safe: Preventing and detecting fraud”, Financial Executive, Vol. 28 No.
7, pp. 20-23.

Kulik, B. W., O’Fallon, M. J., and Salimath, M. S. (2008), “Do competitive environments lead to the rise and
spread of unethical behavior? Parallels from Enron”, Journal of Business Ethics, Vol. 83 No. 4, pp.
703-723.

Mat, T., Zainun, T., Nazri, S. M., Faiza, S. N., Mohd Fahmi, F., Ismail, A .M. and Smith, M. (2013), “Assessing
the fraud prevention mechanisms in Malaysian government agencies”, Malaysian Accounting Review,
Vol. 12 No. 2, pp.141-169.

Omar, N. and Bakar, K. M. A. (2012), “Fraud prevention mechanisms of Malaysian government-linked

companies: An assessment of existence and effectiveness”, Journal of Modern Accounting and
Auditing, Vol. 8 No. 1, pp. 15-31.

Shanmugam, J. K., Hatt, M. H. C., and Ali, A. (2012), “An exploratory study of internal control and fraud
prevention measures in SMEs”, International Journal of Business Research and Management, Vol. 3
No. 2, pp. 90-99
Sidak, J. G. (2003), “The failure of good intentions: The WorldCom fraud and the collapse of American
telecommunications after deregulation”, Yale Journal on Regulation, Vol. 20, pp. 207-268.

Simha, A. and Satyanarayan, S. (2016), “Straight from the Horse's mouth: Auditors' on fraud detection and
prevention, roles of technology, and white-collars getting splattered with red!”, Journal of Accounting
and Finance, Vol. 16 No. 1, pp. 26-44.

Smith, R.G. (2008), “Coordinating individual and organisational responses to fraud”, Crime, Law and Social
Change, Vol. 49 No. 5, pp. 379-396.

Yin, R.K.. (2004). The case study anthology. Sage

Yin, R.K. (2009). “How to do better case studies”, The SAGE handbook of applied social research methods,
Vol. 2, pp.254-282.

Zakaria, K.M., Zakaria, K.M., Nawawi, A., Nawawi, A., Salin, A.S.A.P. and Salin, A.S.A.P., (2016), “Internal
controls and fraud–empirical evidence from oil and gas company”, Journal of Financial Crime, Vol. 23
No. 4, pp. 1154-1168.