Fraud, Risk, Assessment, Management and Audit

High fraud profile, poor economic management and governance by African Governments resulted in donors shifting their attention and increasing funding to NGOs from the early 1990s. Increased disbursements through NGOs led to the mushrooming of NGOs, who in turn used local community organizations as their entry point for development work at the grassroots. This resulted in proliferation of organizations in the development space; however, the financial performance has been sluggish due to the mismanagement of funds in the NGOs institutions which has led to donors shying away. With many fraud and corruption scandals and individuals abusing disaster relief, donations have subsequently slowed for many organizations. If this funding was to dry up, it would likely mean that the NGOs would no longer be fiscally viable and would cease to operate. 2013 research highlights that Non-governmental Organizations lose up to 5% of their revenue each year resulting in funds inadequacy to execute their mandate. [2]. 

Holistically, fraud is easily perpetrated in NGOs than in profit-making organizations. Fraud in Nigeria has been on the rise and NGOs form a large part of the statistics. Despite the critical contributions to society, all NGOs are continuously targeted by unscrupulous people and groups, giving rise to scandals and disrepute among these organizations. Areas of vulnerability and fraud susceptibility in NGOs include operations and financial transactions carried out on trust, challenges in evaluating specific revenue streams (including individual cash donations), poor risk assessment, weak established internal controls, insufficient organizational and financial expertise and over-reliance on volunteer boards. Despite the prevailing fraud rate and the implications of fraud on their financial performance, most NGOs still register a low degree in the implementation of the fraud risk management practices in their operations that can help mitigate the prospects and potential of fraud risk [3]. 

Besides, little research has been done to establish the level and impact of fraud risk management in NGOs compared to profit seeking businesses. Particularly, a considerable volume of literature works published in this area have focused on the Nigerian banking sector, neglecting the non-governmental entities, whose superior performance is highly beneficial to the economy at large [4-6]. From the reviewed studies, it is therefore clear that there exists a knowledge gap as most of these studies were based on profit making organization hence their findings may not be easy to adopt in NGOs. In addition, the studies done on NGOs mostly targeted organizations outside Nigeria (specifically Kenya) which is the current study area, while studies conducted in Nigeria fail to provide any empirical linkage between fraud risk management and performance of non-governmental organizations in the country [7]. Therefore, there is a research gap existing in the non-governmental sector as well as the Nigerian context. This study, therefore, seeks to fill this gap by providing answer to the research question: does fraud risk management affect financial performance of non-governmental organizations located in Nigeria? Thus, the problem statement to be addressed in the present study: whether there is an impact of fraud risk management on financial performance of NGOs in Nigeria.

Research Objectives

The main objective of the study will be to assess the impact of fraud risk management on the performance of NGOs in Nigeria. Specific objectives include the following:

• To examine the impact of fraud risk assessment tools on the performance of NGOs in Nigeria

• To examine the impact of fraud risk governance tools on the performance of NGOs in Nigeria

• To investigate the impact of fraud risk prevention tools on the performance of NGOs in Nigeria

• To investigate the impact of fraud risk detection tools on the performance of NGOs in Nigeria

• To study the impact of responsive fraud risk management tools on the performance of NGOs in Nigeria

Theoretical Framework

Fraud Triangle Theory

The fraud triangle theory began with the work of Donald Crassey in 1953 and was advanced by Albrecht, Howe and Romney in 1984. The theory states that fraud entails three aspects that include; perceived pressure (factors for fraud), chance (opportunity) and the rationalization fraud. They add that these listed aspects form the fraud triangle. Besides, it is viewed that the three elements making up the fraud triangle do not stand alone but interact with each other such that the greater the perceived opportunity, or the higher the intensity of the pressure, the lower the rationalization for one to engage in fraud [8]. On the other side, an argument by Rae and Subramaniam [9] viewed fraud as a multi-faced matter hence a unification of several factors. They further asserted that in a number of cases, no matter how underdeveloped an organization’s internal controls may be, fraud instances may be at zero level, while at some instances, an organization may set in place very good internal controls but employees of the organization may still look for ways around the internal controls in order to engage in fraud. Enhanced understanding of how the three aspects; opportunities, pressures and rationalizations facilitate the committing of fraud in an organization may facilitate the management in identifying with ease the areas prone to fraud hence work towards strengthening these areas [8]. This is the linkage of the theory to fraud risk management.

Self-Control Theory 

The self-control theory propounded in the works of Gottfredson and Hirschi in 1990, as cited by [10] asserts that individuals bearing a low degree of self-control have a higher probability of committing crime. People who have no self-control tend to be impulsive, have little sensitive physical other than mentally, are not risk averse, are shortsighted and less verbal [11]. The theory argues that employees learn low self-control from their parents and family circles as they grow, which eventually become a part of them as they grow and are engaged in working in any organization. McMullen [11] also adds that people with greater abilities of self-control find out the low likelihood of long-term benefit and high chance of apprehension that can be linked to criminal enterprise.

Financial Control Theory 

This theory was propounded by Ostman and asserts that the existing and possible roles of financial tools in any firm are most essential. The theory points that payments, financial instruments, accounting, control models and economic calculations, both inside and without of the firm, need to be explained in line with the internal trait’s characteristics alongside their possible impact. The author noted that developing the link between different activities and financial processes, from a financial control perspective is critical. This theory puts a natural focus on the organization so that they are perceived from different latitudinal areas. The initial one pertains to the human beings’ functions of what is attained through firms, their activities and output. The second relates to the structure of the firm and activities and of interactions that different sections have among themselves. The third section encapsulates the control systems in relation to the repetitive procedures and methods which are utilized to relate current and future functions to resources both inside and outside.

Conceptual Framework

Fraud Risk Management 

Fraud risk management implies the processes implemented by the management of an organization’s management, intended to prevent, and/or identify potentially fraudulent activities that may influence the entity, as well as contain such fraud induced risks by responding to such fraudulent activities (Committee of Sponsoring Organizations of the Treadway Commission, COSO hereafter, 2004). In the recent past, fraud risk management has evolved as an aspect of development that influences organizational performance [12]. Fraud risk management practices are usually defined by fraud risk management environment, policies and procedures, risk measurement practices, risk mitigation practices, risk monitoring practices and internal control practices among others [13]. A near similar argument was floated by Kummer, Kishore and Peter [4] who asserted that businesses recognize the need of controlling all risks and their related aspects including risks that are well known (familiar) to an organization and that can be easily quantify. 

Organizational Risk Culture 

Risk culture is a multidimensional concept that includes organizational risk and culture [14]. Organizational culture refers to a group of values, norms, beliefs and understanding which members of organization think is a good thing, which can be adapted to external environment and passed on to new members for coordination within the organization [15]. While, Fraser et al. [16], define risk culture as the system of behaviors and values existing in an organization that assists in influencing risk decisions. Power [17], opined that risk culture is not a separate from culture in general, but rather a specific kind of framing of organizational culture problem, which focuses on risk-taking and risk control activities of organizations.

The global financial crisis and corporate scandals of 2008 report by pertinent stakeholders, rating agencies and regulators have highlighted financial and ethical issues in financial institutions and other governmental and non-governmental organizations (NGOs hereafter). These issues related to weak organizational cultures which undermined the effectiveness of their risk management frameworks, led to substantial financial losses in the global markets [18]. This has in recent times necessitated the need to solidify and strengthen risk prevention and detection cultures of organizations. Fraud prevention and detection are related in an organizational risk culture, but they are not the same concept. While prevention encompasses policies, procedures, training and communication that stop fraud from occurring, detection focuses on activities and techniques that promptly recognize timely whether fraud has occurred or is occurring. Again, prevention techniques do not ensure fraud will not be committed, they are the first line of defense in minimizing fraud risk. One key to prevention is promoting from the board-down (i.e., throughout the organization), an awareness of the fraud risk management program, including the types of fraud that may occur. By inference, one of the strongest fraud deterrents is the awareness that effective detective controls are in place. Combined with preventive controls, detective controls enhance the effectiveness of a fraud risk management program by demonstrating that preventive controls are working as intended and by identifying fraud if it does occur. Although detective controls may provide evidence that fraud has occurred or is occurring, they are not intended to prevent fraud [19]. 

Preventive Fraud Risk Management Method 

Fraud prevention is the initial stage of a fraud risk management framework, which requires the adoption of suitable strategies that can prevent fraud in an organization. Fraud prevention strategies consist of all procedures, training, policies, actions and communication that stop fraud from occurring [20]. The best approach to fighting fraud in an organization is to prevent it from occurring in the first place, which encompasses improving the key risk processes indicators (i.e. business environment, operational risk and internal control environment) [20]. To prevent fraud, measures that limit the opportunity of offenders to commit fraud and reduce motivation need to be taken [21]. Different measures were put in place for fraud prevention such as the use of anti- fraud control mechanism which include segregation of duty, limits and approval authorities, review of customers associate, access control, implementation and application of security mechanism and physical security control system [22]. 

Three fraud risk preventive management methods are discussed in this work-fraud risk assessment, internal controls and due diligence in staff and partners selection:

Fraud Risk Assessment 

Richards, Melancon and Radley [1] posit that for NGOs to effectively and efficiently protect themselves and their stakeholders from fraud, they should understand fraud risk and the specific risks that directly or indirectly apply to their organizations. A structured fraud risk assessment, tailored to the organization’s size, complexity, industry and goals, should be performed and updated periodically. The assessment may be integrated with an overall organizational risk assessment or performed as a stand-alone exercise, but should, at a minimum, include risk identification, risk likelihood and significance assessment and risk response. 

Ahmed and Manab [23] assert that an effective fraud risk identification process includes an assessment of the incentives, pressures and opportunities to commit fraud. Employee incentive programs and the metrics on which they are based can provide a map to where fraud is most likely to occur. Fraud risk assessment should consider the potential override of controls by management as well as areas where controls are weak or there is a lack of segregation of duties. The speed, functionality and accessibility that created the enormous benefits of the information age have also increased an organization’s exposure to fraud. Therefore, any fraud risk assessment should consider access and override of system controls as well as internal and external threats to data integrity, system security and theft of financial and sensitive business information. Assessing the likelihood and significance of each potential fraud risk is a subjective process that should consider not only monetary significance, but also significance to an organization’s financial reporting, operations and reputation, as well as legal and regulatory compliance requirements. An initial assessment of fraud risk should consider the inherent risk of a particular fraud in the absence of any known controls that may address the risk [1]. 

Individual organizations will have different risk tolerances. Fraud risks can thus be addressed by establishing different practices and controls to mitigate the risk and accepting the risk but monitoring actual exposure and designing on-going or specific fraud evaluation procedures to deal with individual fraud risks. An organization should strive for a structured approach versus a haphazard approach. The benefit an implemented fraud risk management program provides benefits that should exceed its cost. Management and board members should ensure the organization has the appropriate control mix in place, recognizing their oversight duties and responsibilities in terms of the organization’s sustainability and their role as fiduciaries to stakeholders, depending on organizational form. Management is responsible for developing and executing mitigating controls to address fraud risks while ensuring controls are executed efficiently by competent and objective individuals [24]. 

Fraud risk assessment is a major component of preventive fraud risk management which involves the use of systematic procedures to identify and analyze relevant risk and the subsequent management of those risks. Risk assessment incorporates the broader concept of “business risk,” not just the risk related to fraud, error or misstatement in financial reporting. Risk assessment should include a strong focus on a cost versus benefit approach to control. 

Some of the risk assessment indicators include; having mechanisms in place to identify and react to changes that can have dramatic effects on the operations; establishing controls for approving decisions regarding financing alternatives and accounting principles, practices and methods, assessing risks according to changes in the operational environment, analyzing the risks that may arise due to changes of new staff and determining the risks that are likely to be brought about by restructuring and establishing whether new services are likely to bring risks to the organization [25]. “Risk Assessment” is considered as a key part of management process which is in place to identify and assess barriers to achieving NGOs’ objectives [26]. 

Where a high risk of fraud has been identified within the general risk assessment of programmes / projects, an additional and specific fraud risk assessment may be necessary. This in-depth assessment should be used to better identify fraud risks and develop effective measures that address these high risks. The aim is to help management to identify and evaluate areas of the programme / project that are most susceptible to fraud and prioritize where NGOs should focus their resources for fraud prevention and mitigation. These fraud prevention and mitigation measures should be monitored for effectiveness over time and the fraud risk assessment process may be repeated periodically utilizing lessons learned, especially for longer-duration programmes/projects or where material changes are made to the design of the programme /project during its implementation [1]. 

Assessing the likelihood and significance of each potential fraud risk is a subjective process. All fraud risks are not equally likely, nor will all frauds have a significant impact on every organization. Assessing the likelihood and significance of identified inherent risks allows the organization to manage its fraud risks and apply preventive and detective procedures rationally.

 It is important to first consider fraud risks to the business on an inherent basis, or without consideration of known controls. By taking this approach, management will be better able to consider all relevant fraud risks and design controls to address the risks. After mapping fraud risks to relevant controls, certain residual risks will remain, including the risk of management’s override of established controls. Management must evaluate the potential significance of those residual risks and decide on the nature and extent of the fraud preventive controls and procedures to address such risks [26]. Three dimensions of fraud risk assessments are highlighted in this study;

Likelihood of Fraud Risk

Management’s assessment of the likelihood of a fraud risk occurring is informed by instances of that particular fraud occurring in the past at the organization, the prevalence of the fraud risk in the organization’s industry and other factors, including the number of individual transactions, the complexity of the risk and the number of people involved in reviewing or approving the process. Organizations can categorize the likelihood of potential frauds occurring in as many buckets as deemed reasonable, but three categories are generally adequate: remote, reasonably possible and probable [1].

Significance Of Fraud Risk

Management’s assessment of the significance of a fraud risk should include not only financial statement and monetary significance, but also significance to an organization’s operations, brand value and reputation, as well as criminal, civil and regulatory liability. For example, two different organizations may have similar amounts of expenses charged via employee expense reports, but one organization is a professional services firm that charges those expenses to clients. Although the likelihood of the risk of fraudulent expense reports and the monetary exposure may be similar at both organizations, the relative significance of fraudulent expense reports to the professional services firm may be greater, given the impact that fraudulent expense reports can have on customer relationships. NGOs can categorize the significance of potential frauds in as many buckets as deemed reasonable, but three categories are generally adequate: inconsequential, more than inconsequential and material [1].

Evaluation of People/Department

As part of the risk assessment process, the organization will have evaluated the incentives and pressures on individuals and departments and should use the information gained in that process to assess which individuals or departments are most likely to have incentive to commit a fraudulent act, and, if so, via what means. This information can be summarized into the fraud risk assessment grid and can help the organization design appropriate risk responses, if necessary [1].

Internal Controls

Internal control system is important for the smooth running of organizational operations. Internal Controls are processes designed and caused by those charged with governance, management and other personnel to provide rational assurance about the entity goal achievement, about reliability of the financial reporting, effectiveness and efficiency of operations and compliance with appropriate laws and regulations [27]. 

NGOs should benefit from a better understanding of the interrelated connections among the components of internal control systems, which are integrated into the management process resulting in the maximizing shareholders’ value. While all components of an internal control system are vital, a combination between them can lead to managerial excellence and effective governance. There are many empirical evidences which emphasize the requisite of internal control system in organization. According to Adenugba anԁ Adeyemi an insufficient internal control system often causes an inability to deter fraudulent activities and a decrease in the performance of that organization. Research conducted by Gündoğdu, shows that efficient internal control mechanism has great impact on strong and stable outlook of sectors Amudo anԁ Inanga [28] identify the following four essential components of an effective internal control system; control environment, control activities, information and communications and monitoring and opine that the formation of internal control plays an important role in the prevention of fraud and irregularities. A strong internal control system, where policies and procedures are enforced, internal controls are appropriately implemented and staff members, non-staff personnel, vendors, implementing partners and responsible parties are informed about fraud and corruption and its consequences, can curtail fraud and corruption. 

The heart of effective control is an emphasis on controls categorized as the control environment; management’s philosophy and operating style, integrity and ethical values, assignment of authority and responsibility (e.g., accountability), human resource practices (e.g., training, performance appraisal, remuneration and compensation, employee counseling), audit committee and internal audit. Some of the control environment activities that an organization can undertake include; having an accounting and financial management system, management being committed to the operation of the system, management closely monitoring implementation of internal control systems in organizations, management providing feedback to the junior officers about the operation of the system and having appropriate measures to correct misfeasance in operation of the organization’s accounting and finance management system. Further still, an organization’s management should act with a great degree of integrity in execution of their roles, uphold ethical values in all management decisions, establish an objective, independent and active audit committee and ensuring that the board of governors and its committees are independent of management. 

For cooperative organizations, the factors related to the control environment include the integrity and ethical values, commitment to competence of employees, management’s philosophy and operating style, organizational structure, assignment of authority and responsibility, human resources policies and practices and the activities of the board of directors or audit committee towards organizational objectives. “Control Environment” the results indicate that integrity and ethical values, Code of Conduct and Flowchart are essential elements of the control environment [27].

Detective Fraud Risk Management Method 

Fraud detection refers to all procedures employed by organizations to detect fraud after it has been committed. Fraud detection strategies are plans implemented to efficiently and quickly detect fraudulent activity by identifying suspicious or frauds that have bypassed the preventive measures so that an organization can take proper corrective action. Organizations have developed a number of strategies to detect and mitigate fraud. The reason behind any fraud detection system is to identify or detect any potential fraud and reduce subsequent losses [29]. 

Having effective detective controls in place is one of the strongest deterrents to fraudulent behavior. Used in tandem with preventive controls, detective controls enhance a fraud risk management program’s effectiveness by providing evidence that preventive controls are working as intended and identifying fraud that occurs. Although detective controls may provide evidence that fraud is occurring or has occurred, they are not intended to prevent fraud. 

In some cases, the types of detective controls implemented may depend on the fraud risks identified for an organization. For example, if an organization operates in countries that are identified as having high risks for corruption, it may implement detective controls to identify possible violations of the Foreign Corrupt Practices Act (FCPA), such as a recurring review of expense reports or consulting fees. Similarly, if an organization has a high frequency of subjective estimates, it may implement detective controls related to regular internal audit review of such activity. Overall, additional detection controls may be necessary based on the fraud risks identified for the organization. As with fraud prevention, it is important that the organization assess and continuously monitor its fraud detection techniques to help detect fraud that is occurring or has occurred. 

Gwadoya further conjectures that organizations can never eliminate the risk of fraud entirely. There are always people who are motivated to commit fraud and an opportunity can arise for someone in any organization to override a control or collude with others to do so. Therefore, detection techniques should be flexible, adaptable and continuously changing to meet the various changes in risk. While preventive measures are apparent and readily identifiable by employees, third parties and others, detective controls are clandestine in nature. This means they operate in a background that is not evident in the everyday business environment. Such techniques will usually occur in the ordinary course of business, draw on external information to corroborate internally generated information, formally and automatically communicate identified deficiencies and exceptions to appropriate leadership and use results to enhance and modify other controls. 

Although every organization is susceptible to fraud, it is not cost-effective to try to eliminate all fraud risk. An organization may choose to design its controls to detect, rather than prevent, certain fraud risks, as approved by the board. If the estimated costs of designing, implementing and monitoring the controls against fraud such as tools, personnel, or training is lower than the estimated impact of the risk, they should be cost-effective to implement [29].

Three important detection methods include programme and project monitoring, Fraud audits and Whistleblowing mechanisms (hotlines).

Monitoring And Evaluation

Monitoring can be defined as a continuing function that aims primarily to provide the management and main stakeholders with early indications of positive or negative progress, in the achievement of objectives. Monitoring helps organizations to assess the quality of performance over time and determine the efficiency of its controls. Most NGOs employees believe that Monitoring procedures are an inherent part of the NGOs and are performed on a real-time basis reacting dynamically to changing conditions [26]. 

The purpose of monitoring is to determine whether internal control is adequately designed, properly executed and effective. Internal control is adequately designed and properly executed if all internal control components are present and functioning as designed. Monitoring is done to ensure that controls continue to operate effectively. Monitoring of controls is accomplished through ongoing monitoring activities, separate evaluations, or a combination of the two. Effectiveness of the internal control can be achieved through ongoing monitoring at each level of out. Furthermore, monitoring of the major risks should be the part of the daily activities of the all organizations along with the periodic evaluations [30]. 

According to Internal Institute of Rural Construction (IIRR), a monitoring and evaluation framework on how the success of projects should be measured forms part of projects proposal, due to demand to demonstrate results and accountability requirements on projects performance. 

Gwadoya, found that there was a shared need for proper understanding of M and E practices in donor-funded projects. This is an indication that there was lack of shared understanding of M and E practices in donor-funded projects among the various teams. With proper enhancement and capacitating of the monitoring teams, there would be more team work and hence more productivity. 

Fraud Audits

The Institute of Internal Auditors define Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. In relation to fraud, this means that internal auditing provides assurance to the board and to management that the controls they have in place are appropriate given the organization’s risk appetite. 

Richardson et al [1] contend that internal auditing should provide objective assurance to the board and management that fraud controls are sufficient for identified fraud risks and ensure that the controls are functioning effectively. Internal auditors may review the comprehensiveness and adequacy of the risks identified by management especially with regard to management override risks. 

Internal auditors should consider the organization’s assessment of fraud risk when developing their annual audit plan and review management’s fraud management capabilities periodically. They should interview and communicate regularly with those conducting the organization’s risk assessments, as well as others in key positions throughout the organization, to help them ensure that all fraud risks have been considered appropriately. When performing engagements, internal auditors should spend adequate time and attention to evaluating the design and operation of internal controls related to fraud risk management. They should exercise professional skepticism when reviewing activities and be on guard for the signs of fraud. Potential frauds uncovered during an engagement should be treated in accordance with a well-defined response plan consistent with professional and legal standards. Internal auditing should also take an active role in support of the organization’s ethical culture [31]. 

The IIA report assert that the importance an organization attaches to its internal audit function is an indication of the organization’s commitment to effective internal control. The internal audit charter, which is approved by the board or designated committee, should include internal auditing’s roles and responsibilities related to fraud. Specific internal audit roles in relation to fraud risk management could include initial or full investigation of suspected fraud, root cause analysis and control improvement recommendations, monitoring of a reporting/whistleblower hotline and providing ethics training sessions. If assigned such duties, internal auditing has a responsibility to obtain sufficient skills and competencies, such as knowledge of fraud schemes, investigation techniques and laws. Effective internal audit functions are adequately funded, staffed and trained, with appropriate specialized skills given the nature, size and complexity of the organization and its operating environment. Internal auditing should be independent (have independent authority and reporting relationships), have adequate access to the audit committee and adhere to professional standards. 

Whistle Blowing Hotline

The use of a whistleblower hotline, which has markedly increased among SEC registrants since it was mandated by the U.S. Sarbanes-Oxley Act of 2002, is one of the more effective measures organizations can implement as part of their fraud risk detection program. Various surveys indicate that anonymous tips received through hotlines or by other methods are the most likely means of detecting fraud. In addition, knowledge that an employee hotline is in place can help prevent fraud because individuals may fear that a fraud will be discovered and reported [1]. 

According to the Association of Certified Fraud Examiners [32], marketing the existence of a hotline to increase awareness, making it easy to use and promoting the timely handling of all reported issues are strong preventive measures that should supplement the detective control of hotlines. The hotline should be promoted with educational materials provided to shareholders, employees, customers and vendors, all of whom can provide valuable information from a variety of reliable sources. Hotlines ideally support a multilingual capability and provide access to a trained interviewer 24 hours a day, 365 days a year.

Provision for anonymity to any individual who willingly comes forward to report a suspicion of fraud is a key to encouraging such reporting and should be a component of the organization’s policy. The most effective whistleblower hotlines preserve the confidentiality of callers and provide assurance to employees that they will not be retaliated against for reporting their suspicions of wrongdoing including wrongdoing by their superiors. Another key is demonstrating that their reporting will result in appropriate and timely action being taken. To preserve the integrity of the whistleblower process, it must also provide a means of reporting suspected fraud that involves senior management, possibly reporting directly to the audit committee. 

An effective hotline program should analyze the data received and compare results to norms for similar organizations. Ongoing analysis allows an organization to reshape its fraud risk management program to address evolving risks. The whistleblower process should be independently evaluated periodically for effectiveness, including compliance with established protocols. 

Responsive fraud risk management methods 

Fraud risk responses are the measures taken for the corrective purpose to remedy the harm caused by fraud [33]. Fraud response strategies significantly affect the occurrence of fraud in NGOs, therefore the tougher the fraud response strategies, the less the likelihood of fraud [34]. A successful fraud incident, depending on its magnitude, may negatively affect the survival of an organization [35]. Therefore, the organization should design, implement and maintain fraud risk management periodically.

Risk tolerance varies from organization to organization. At the highest level, the board sets the organization’s risk tolerance level, taking into consideration its responsibilities to all shareholders, capital providers and stakeholders. While some organizations want only to address fraud risks that could have a material financial statement impact, other organizations want to have a more robust fraud response program. Many organizations will state that there is a “zero tolerance” policy with respect to fraud. However, there may be certain fraud risks that an organization considers too expensive and time-consuming to address via controls. Consequently, the organization may decide not to put controls in place to address such risks. If a fraud is discovered, zero tolerance for fraud will be applied [36]. 

Fraud Investigations

Bartsiotas and Achamkulangare assert that no system of internal control can provide absolute assurance against fraud. As a result, the board should ensure the organization develops a system for prompt, competent and confidential review, investigation and resolution of instances of noncompliance and allegations involving potential fraud. The board should also define its own role in the investigation process. An organization can improve its chances of loss recovery, while minimizing exposure to litigation and damage to reputation, by establishing and preplanning investigation and corrective action processes. The board and the organization should establish a process to evaluate allegations. Individuals assigned to investigations should have the necessary authority and skills to evaluate the allegation and determine the appropriate course of action. The process should include a tracking or case management system where all allegations of fraud are logged. Clearly, the board should be actively involved with respect to allegations involving senior management. 

If further investigation is deemed appropriate as the next course of action, the board should ensure that the organization has an appropriate and effective process to investigate cases and maintain confidentiality. A consistent process for conducting investigations can help the organization mitigate losses and manage risk associated with the investigation. In accordance with policies approved by the board, the investigation team should report its findings to the appropriate party, such as senior management, directors, legal counsel and oversight bodies. Public disclosure may also need to be made to law enforcement, regulatory bodies, investors, shareholders, the media, or others (United Nations (UN) report). If certain actions are required before the investigation is complete to preserve evidence, maintain confidence, or mitigate losses, those responsible for such decisions should ensure there is sufficient basis for those actions. When access to computerized information is required, specialists trained in computer file preservation should be used. Actions taken should be appropriate under the circumstances, applied consistently to all levels of employees (including senior management) and taken only after consultation with human resources (HR) and individuals responsible for such decisions. Consulting legal counsel is also strongly recommended before undertaking an investigation and is critical before taking disciplinary, civil, or criminal action. As a matter of good governance, management and the board should ensure that the foregoing measures are in place. 

Financial Performance of NGOs

Financial performance is a measure of company’s policies and operations in monetary terms. It is a general measure of a firm’s overall financial health over a given period and can be used to compare similar firms across the same industry or to compare industries or sectors in aggregation. There are many ways to Measure Company’s financial performance [27]. In the context of organizational financial performance, performance is a measure of the change of the financial state of an organization, or the financial outcomes that results from management decisions and the execution of those decisions by members of the organization. Since the perception of these outcomes is contextual, the measures used to represent performance are selected based upon the circumstances of the organization(s) being observed. Carton defines financial performance of an organization as its ability to secure revenues in relation to a need, so as to constantly maintain or increase its productive processes, produce anticipated results and to obtain a surplus. Occurrence of fraud impacts organizations through loss of organizational monies which leads to less funds available to undertake its mandate, drained customer confidence and wasted business time resource through investigations. Financial performance is a key aspect in the sustenance and effectiveness among NGOs. 

Fraud Risk Management and Financial Performance 

Fraud risk management affects the financial performance of Non-Governmental Organization [37]. Wanjiku [38] established that most organizations develop fraud risk management measures and further asserted that companies with better developed risk practices record better financial performance. These organizations generally outperform their counterparts by effectively utilizing resources that are not adequate and managing their exposure to risk, thus giving rise to a ‘financial save’ to the organization. Most global organizations invest substantially in their human capital, processes and technology so as to enhance the control of business risk. Overly, these risk investments initiatives are majorly geared towards the financial controls that purpose to achieve organizational financial performance (Greenlee et al., 2007). The authors generally argue that fraud is rampant and perpetrates with ease among the NGOs as compared to the profit-making organizations. However, most organizations with better established fraud risk management practices perform better financially [38], hence fraud risk management techniques can be employed to enhance the performance of NGOs. 

Different NGOs managements raise diverse arguments in connection to fraud and mostly assume that since their organizations undertake noble duties, their employees and volunteers do not engage in fraud [39]. Buckhoff and Parham affirm that these misplaced beliefs make such NGOs not to develop the necessary controls towards protecting their assets. Douglas and Mills [40] add that depending on trust, the incomplete verification of revenue streams, weak controls, absence of expertise within the organizations and over-reliance on volunteers enhance the problem of fraud. However, with the current competitive business world, the overall need for fraud risk management has increased with an aim of enhancing the financial performance of these organizations. Organizations which have been impacted by fraud end up losing monies which may further result to funds not being available to effectively attain the organization’s business. This may further erode customer confidence and time that may have to be spend on investigations.

In Nigeria, fraud has had major impact on NGOs, giving rise to great losses. Githecha [41] buttressed that non-governmental organizations need to embrace fraud management strategies so as to reduce losses incurred as a result of fraud therefore improving financial performance. The assessment performed by a public accounting firm in connection with fraud risk management and control over the financial reporting process, provides a major impact upon the reliability of financial statements prepared by these non-governmental entities and therefore has significant influence on their funding, grant reception and consequently, their financial performance. Research results of Spatacean support the conjecture that the more effective fraud risk management lowers magnitude of fraudulent activities in NGOs, which improves their service quality, as well as operating and resource efficiency.

Empirical Review 

Okoye, Adeniyi and Jones examined fraud risk management and corporate performance of deposit money banks (DMBs) in Nigeria. Data for fraud risk management proxied by International Fraud Report/checklist (IFRC) and corporate performance was represented by return on Asset and return on equity. In testing the research hypothesis, the study adopted both descriptive statistics and simple regression techniques analyzed with the aid of Statistical Package for Social Sciences (SPSS) version 20. The findings revealed that IFRC have significant effect on return on asset while IFRC revealed an insignificant effect on the return on equity of deposit money banks in Nigeria during the year under review. It was recommended that the regulation and supervision of DMBs should be stricter, that is, the CBN and NDIC should tighten their grip in regulating and supervising so as reduce the increasing fraud incidence. This in turn will keep the bank management alert on the control measures to put in place to prevent and deter fraud.

Hussaini, Abubakar and Yusuf explored the effect of fraud risk management, risk culture, on the performance of Nigerian banking sector: preliminary analysis. A survey research design employed to administer a total of 417 questionnaires to either the senior officer in the risk management department, internal control department and branch manager of each bank in the Nigerian banking sector. The results shows that the data satisfied the multivariate analysis assumptions which indicate the fulfillment of conditions for further multivariate analysis.

Karuiki carried out an assessment of fraud risk management and financial performance and sustainability of Non-Governmental Organizations in Kenya. They study several fraud risk management techniques such as anti-fraud policies, management style, fraud detection and deterrence mechanisms and internal controls. The study used an explanatory research design. The study revealed that fraud is an issue of concern among NGOs in Kenya as most of the NGOs conduct daily or weekly monitoring and apply anti-fraud techniques to a great extent while seeking to curb fraud. The findings indicated that the sector is financially sustainable with the large organizations being more financially stable as compared to small organizations. A multiple regression model was also applied in deriving the relation between the dependent and independent variables. From the findings, the study concluded that all the independent variables; anti-fraud policies, fraud detection, fraud deterrence, internal controls and management style positively correlate with financial sustainability and have a statistically significant relationship with financial sustainability. The study recommends that anti-fraud policies should give clear guidance to employees, the organizations should establish policies around whistle blowing, monitoring and financial reporting processes should be considered while setting internal controls and that management should keenly support strategies towards fraud risk management. 

Silvanus and Solomon [42] conducted a study on determinants of financial performance for Non-Governmental Organizations. The study employed a descriptive study design and adopted two variables against financial performance; fraud risk management and financial resource mobilization capacity. The study concluded that organisational capacity to mobilize financial resources did not have a significant impact on the NGOs sustainability. However, fraud risk management was identified as having a positive and significant effect on financial performance of the NGOs.

Ohando conducted a study on the relationship between fraud risk management practices and financial performance of commercial banks in Kenya. The objective of his study was to investigate the relationship between fraud risk management practices and financial performance of commercial banks in Kenya. The target populations for the study were the senior officers in the risk management department of the 43 commercial banks operating in Kenya. The research data was collected in Nairobi. The sample size comprised of all the 43 commercial banks operating in Kenya. Primary data was collected using structured questionnaire. The questionnaire was self-administered through drop and pick later. A total of 43 questionnaires were administered. Collected data was then analyzed using SPSS Version 22. The results were then presented in form of tables and charts. The results of the study indicated that there exists a positive relationship between fraud risk management practices and financial performance of commercial banks in Kenya. It also found out that preventive and detective fraud risk management practices had a very strong positive (Pearson correlation coefficient of 0.932 and 0.868) influence on financial performance of commercial banks as measured by ROA. It is therefore imperative that commercial banks use preventive and detective fraud risk management practices in order to put fraud risk exposure under control and to improve financial performance.

On the other hand.

Tyge-F et al. [4] studied fraud risk management and their impact on the performance of New-Zealand organizations. The study utilized a confirmatory research design on a sample of 520 respondents. They found that the occurrence of fraud triggers a learning process within the organizations that give rise to greater comprehension of internal controls thus more suitable risk management. Their tests depicted that organizations that have not recorded any fraud case, or have recorded low fraud case results from effective prevention measures put in place by these organizations, which in turn improves the performance of these organizations. The research was however restricted to organizations in Australia and New Zealand and thus the findings may not necessarily be applicable to the Nigerian scenario.

The research study adopted descriptive research design. Descriptive research is typically guided by research questions and focuses on the frequency with which something occurs or the relationship between variables. The descriptive research helps to probe specific aspects of study variables by collecting the information of a set of parameters known beforehand that was desirable to collect data about.

Model Specification

The econometric model specification below developed by the researcher will be used in regression equation to establish the effect of the independent variable (fraud risk management) on the dependent variable (financial performance of NGOs).

The multiple regression equations for achieving the set objectives will be specified below: 

PERF = f (FRA, FRG, FRP, FRD, FFR),

where:

• PER denotes Performance (dependent variable)

• FRA denotes fraud risk assessment (independent variable)

• FRG denotes fraud risk governance (independent variable)

• FRP denotes fraud risk prevention (independent variable)

• FRD denotes fraud risk detection (independent variable)

• FRR denotes fraud risk response (independent variable)

• The analytical models specified for each objective is expressed here: 

• PER= βo + β1FRA + β2FRG+ β2FRP + β2FRD + β2FRR + ℮t 

• βo = Constant (Coefficient of intercept) 

• β1, β2, β3, β4, β5 = regression coefficient of the four variables

In order to conduct proper diagnostic tests and test of significance, the research will focus on stating the null and alternative hypotheses. The test statistic is also calculated. The P- value is also obtained (using a table or statistical software). There after a comparison of P-value with α was determined in order to decide whether the null hypothesis should be rejected or accepted.

Descriptive Analysis

This section provides discussions of both descriptive characteristics such as the mean, standard deviation, skewness, kurtosis and total observations. The Table 1 revealed that the mean value of fraud risk assessment (FRA) was 3.35 with a standard deviation of 0.904, which suggests that the data is not dispersed from the mean. The data is negatively skewed (skewness=-0.443) and generally flat, that is platykurtic, as K=-0.707 is less than 3. The mean value of fraud risk governance (FRG) is 3.45 with a standard deviation of 1.037. The data is negatively skewed (skewness=-0.261) and generally flat, that is platykurtic, as K=-0.671 is less than 3. Fraud risk prevention (FRP) also had a mean value of 3.67 with a standard deviation of 0.605. Fraud risk detection had a mean value of 3.79, with a standard deviation of .846. Fraud risk response had a mean value of 3.73 and a standard deviation of 0.830. Performance also revealed a mean value of 3.81 and a standard deviation of 0.865. Overall, the data for the study is negatively skewed and platykurtic. An inspection of the unreported Jarque-Bera, computed using the skewness and kurtosis values indicates that the data follows normal distribution. Hence the data meets the Normality test criteria.

Means, Standard Deviations (SD), Skewness (S), Kurtosis (K) and Observations (Obs).

Correlation Analysis

To examine whether there were associations between the factors or latent variables adopted in this study, the person moment correlation coefficient matrix analysis was employed. All Pearson correlation coefficients among the six study variables of the study were significant (0.301<r<0.690) as seen in the table 2.

Table 1: Latent variable

Denotations: FRA: Fraud risk assessment, FRG: Fraud risk governance, FRP: Fraud risk prevention, FRD: Fraud risk detection, PER: Performance Source: SPSS version 25

Table 2:

 Denotations: FRA: Fraud Risk Assessment, FRG: Fraud Risk Governance, FRP: Fraud Risk Prevention, FRD: Fraud Risk detection, FRR: Fraud risk response, PER: Performance *, **, *** denote significant at 0.1, 0.05 and 0.01 levels of significance. Source: SPSS version 25

Although these correlation coefficients alone do not provide a full test of the hypothesized relationships; they generally support the expected pattern of results. All fraud risk management constructs were found to be significantly related to firm performance at the 0.01 level of significance. Specifically, fraud risk assessment was positively and significantly related to performance (r=.496; p=0.000). Fraud risk governance was also found to be positively and significantly associated with performance (r=.445, p=0.000). Similarly, fraud risk prevention was positively and significantly related to performance (r = .465; p=0.000). Fraud risk detection also had a positive and significant relationship with performance (r=.367, p=0.000). Finally, Fraud risk response also had a positive and significant association with performance (r = .563; p=0.000).

The correlations revealed that fraud risk response has the highest value of correlation, indicating a 56.3 percent relationship with performance, followed by the correlation between fraud risk assessment and performance (r=49.6 percent). The correlations between fraud risk prevention and performance came next (r=46.5 percent) and then the correlation between fraud risk governance followed (r=44.5 percent). The smallest correlation (though statistically significant at the 0.01 level of significance) was that between fraud risk detection and performance (r=36.7 percent).

The correlations among the constructs of fraud risk management revealed that fraud risk assessment had a positive correlation and significant with fraud risk governance (r=0.328, p=0.000), a positive and significant correlation with fraud risk prevention (r=0.468, p=0.000), a positive and significant correlation with fraud risk detection (r=0.353, p=0.000) and a positive and significant correlation with fraud risk response (r=0.684, p=0.000). 

Overall, the correlations do not present any threat to the analysis as there seems to be no

problem of multicollinearity in the data. Since the correlations are not up to 0.80, there is therefore no multicollinearity. This is a desirable feature for OLS analysis.

Pearson Moment Matrix Correlations (with p-value in italics and parenthesis)

Reliability Analysis

To examine the internal consistency of each measure, the reliability was analyzed using Cronbach’s alpha. The reliability estimation was computed utilizing Cronbach’s alpha. As presented in Table 2, the reliability coefficients of all measures ranged from 0.794 to 0.862, which demonstrated high levels of reliability. The Cronbach alphas revealed that: the five items of fraud risk assessment had an alpha value of 0.862, the five items of fraud risk governance had an alpha value of 0.877, the five items of fraud risk prevention had an alpha value of 0.837. Fraud risk detection which was also measured by five items had an alpha 0value of 0.794, while the five constructs that measured fraud risk response revealed alpha values of 0.820. Performance, which was measured by eight items had an alpha value of 0.849. The total items of the instrument were tested for reliability too. The result in table 4.5 revealed a Cronbach alpha of 0.955, suggesting a high reliability for all the 33 constructs.

Kaiser-Meyer-Olkin (KMO) measure of sampling adequacy and Bartlett’s test of Sphericity were also used to test the sampling adequacy of the instrument and the internal consistency of the items in the instrument in table 2. The KMO value of 0.875, which exceed the threshold of 0.50 indicates that the items met the sampling adequacy. The Bartletts’ value of 9566.07, with a significant value of 0.000, less than the 0.05 level indicates that the items have internal consistency.

The study finds that effective fraud risk management is a positive predictor of the performance of non-governmental organization. Specifically, the effects of fraud risk prevention on performance were the highest (b=0.531), followed by the effect of fraud risk governance (b=0.202), then the effect of fraud risk response (b=0.196) and the effect of fraud risk detection (b=0.134), with the least effect being the effect of fraud risk assessment (b=0.129).

The findings agree with Kanana who found that fraud risk prevention, fraud risk detection and fraud risk response (deterrence) have significant implications on the performance of firms. They concluded that fraud risk prevention had more effect on performance than fraud risk detection.

• All employees must be involved in acceptance and understanding the risk approach adopted by the organization; human resources must be aware of the consequences of actions not complying with the rules, as well as capable of acting properly. It is believed that responsibilities of managing risks should be formally added to job descriptions (ownership of risk).

• The preventive fraud risk management practices used by NGOs such as fraud risk assessment program, strong internal controls, board audit committee and management oversight, antifraud policy and surprise audits should be encouraged to an efficient level.

• The detective fraud risk management practices such as bank reconciliation and internal audit function should be a fully introduce in the operations of most banks in Nigeria

• The responsive fraud risk management practices such as communication to employees that management took appropriate actions, strengthening internal controls, recovery of stolen assets and progressive sanctions should be done on a regular basis to checkmate the operational efficiency of staff.

• Organization should be equipped with internal fraud investigators as a response strategy to fraud. It is the mandate of fraud response team to issue preventive and prosecutorial recommendations. Adoption and implementation of the key recommendations remain a daunting task of the top leadership or operational heads.

1.  

2. Richards, D.A. et al. (2015). Managing the business risk of fraud: A practical guide. Retrieved from https://na.theiia.org/standardsguidance/Public%20Documents/fraud%20paper.pdf [Accessed 2013-03-14].

3. Hamilton, J. B. and Slatten, L. A. D. (2013). A nonprofit's practical guide to resolving ethical questions. Journal of Applied Management and Entrepreneurship, 18(2), 39–58.

4. Neely, D. G. (2011). The impact of regulation on the U.S. nonprofit sector: Initial evidence from the Nonprofit Integrity Act of 2004. Accounting Horizons, 25(1), 107–125.

5. Tyge, F. K., Kishore, S. and Peter, B. (2014). The effect of fraud on risk management in not-for-profit organizations. Corporate Ownership and Control, 12(1).

6. Okoye, E. I. and Gbegi, D. O. (2013). An evaluation of fraud and related crimes on the Nigerian economy. Arabian Journal of Business Management Review, 2.

7. Akinyomi, O. J. (2012). Examination of fraud in the Nigerian banking sector and its prevention. Asian Journal of Management Research, 3(1), 182–194.

8. Michael. (2016). Examination of fraud in the Nigerian banking sector and its prevention. Asian Journal of Management Research, 3(1), 182–194.

9. Dunn, G. et al. (2001). Can auditors detect fraud? A review of the research evidence. Journal of Forensic Accounting, 2(1), 1–12.

10. Rae, K. and Subramaniam, N. (2008). Quality of internal control procedures: Antecedents and moderating effect on organizational justice and employee fraud. Managerial Auditing Journal, 23(2), 104–124.

11. Holtfreter, K. et al. (2010). Low self-control, routine activities and fraud victimization. Criminology, 46, 189–220.

12. McMullen. (1999). Forensic and Investigative Accounting (3rd ed.).

13. Grant, G. H. et al. (2008). The effect of IT controls on financial reporting. Managerial Auditing Journal, 23(8), 803–823.

14. Kanu, S. I. and Okorafor, E. O. (2013). The nature, extent and economic impact of fraud on bank deposits in Nigeria. Interdisciplinary Journal of Contemporary Research in Business, 4(9), 253–264.

15. Schmitt, E. (2017). Effective risk culture in banks: Responsibilities and boundaries of risk management. Journal of Economic Literature: G21, G28, G32.

16. Nikpour, A. (2017). The impact of organizational culture on organizational performance: The mediating role of employee’s organizational commitment. International Journal of Organizational Leadership, 6(1), 65–72.

17. Fraser, J. et al. (2010). Creating a risk-aware culture. In Enterprise Risk Management (pp. 87–95). John Wiley and Sons, Inc., Hoboken, NJ, USA. https://doi.org/10.1002/9781118267080.ch6.

18. Power, M. (2013). The apparatus of fraud risk. Accounting, Organizations and Society, 38(6–7), 525–543. https://doi.org/10.1016/j.aos.2012.07.004.

19. Wood, A. and Lewis, A. (2017). Risk culture development within the Caribbean Development Bank. The Business and Management Review, 8(4), 221–234.

20. Allwright, E. (2013). The real cost of corruption—Part one. Edward, Nathan and Sonnenbergs Law Partners.

21. Albrecht, W.S. et al. (1984). Deterring Fraud: The Internal Auditor's Perspective. Institute of Internal Auditors Research Foundation.

22. American Institute of Certified Public Accountants (AICPA). (2007). Audit and Attest Standards. Retrieved from https://www.aicpa.org/Research/Standards/AuditAttest/DownloadableDocuments/AU00316.pdf

23. KPMG. (2006). Fraud Risk Management: Developing a Strategy for Prevention, Detection and Response. https://doi.org/10.1002/9781119203889.ch8

24. Ahmed, I. and Manab, N.A. (2016). Influence of enterprise risk management success factors on firm financial and non-financial performance: A proposed model. International Journal of Economics and Financial Issues, 6(3), 830–836.

25. Barclay, C. (2013). Preferential procurement in the South African context. ABA Section of International Law, London.

26. Bett, J. and Memba, F. (2017). Effects of internal control on the financial performance of processing firms in Kenya: A case of Menengai Company. International Journal of Recent Research in Commerce Economics and Management, 4(1), 105–115.

27. Karagiorgos, T. et al. (2012). Effectiveness of internal control system in Greek banking sector. The South European Review of Business Finance and Accounting, 6(2), 1–11.

28. Kinyua, J., et al G. (2015). Effect of internal control environment on the financial performance of companies quoted in the Nairobi Securities Exchange. International Journal of Innovative Finance and Economics Research, 3(4), 29–48.

29. Amudo, A. and Inanga, E. L. (2009). Evaluation of internal control systems: A case study from Uganda. International Research Journal of Finance and Economics, 3, 124–144.

30. Edge, M.E. and Sampaio, P.R.F. (2009). A survey of signature-based methods for financial fraud detection. Computers and Security, 28(6), 381–394. https://doi.org/10.1016/j.cose.2009.02.001

31. Abbas and Iqbal. (2012). Managing the Business Risk of Fraud: A Practical Guide. Institute of Internal Auditors. Retrieved from https://na.theiia.org/standardsguidance/Public%20Documents/fraud%20paper.pdf [Accessed 14 Mar. 2013].

32. Association of Certified Fraud Examiners (ACFE). (2016). Report to the Nation on Occupational Fraud. Retrieved July 15, 2018.

33. Yegon, C.K. (2015). Effect of enterprise risk management determinants on financial performance of listed firms in Kenya. Nairobi: Ploty Press.

34. Ross, P. and Armstrong, J. (2016). Fraud risk in difficult economies. Canada, USA.

35. Ogola, J.O. et al. (2016). The effect of corporate governance on the occurrence of fraud in commercial banks in Kenya. The International Journal of Business and Management, 4(7), 135–152.

36. KPMG. (2010). Risk and Compliance. Nigeria.

37. COSO. (2016). Summary of Internal Control-Integrated Framework. COSO.

38. Grant, Miller and Alali. (2008). "IT Control Deficiencies That Impact Financial Reporting." Union University Faculty Forum, 28.

39. Wanjiku, A.N. (2013). Effect of financial risk management on financial performance of oil companies in Kenya. A management research, University of Nairobi.

40. Rothschild, J. and Milofsky, C. (2006). The centrality of values, passions and ethics in the non-profit sector. Non-profit Management and Leadership, 17(2), 137–143.

41. Douglas, S. and Mills, K. "Non-Profit Fraud: What Are the Key Indicators?" Available at: https://charityvillage.com/Content.aspx?topic=nonprofit_fraud_what_are_the_key_indicators_. [Accessed August 6, 2018].

42. Githecha, D.K. (2013). The Effect of Fraud Risk Management on the Financial Performance of Commercial Banks in Kenya. MSc Project, University of Nairobi.

43. Silvanus, M.M. and Solomon, N. (2016). Determinants of financial sustainability for non-governmental organizations in Nakuru County, Kenya. Journal of Business and Management, 18(9), 81–88.