Fraud Risk Management in Construction Company: A Case Study in Indonesia

Introduction

Shanmugapriya & Subramanian (2013) stated that the success of the execution of construction projects is largely determined by the ability to maintain jobs according to schedule and budget. Cost overruns and time overruns in the world of construction are known as the two main problems that are often faced in carrying out construction projects.

Kaming, Olomolaiye, Holt & Harris (1997) conducted a survey of high-rise construction projects in two cities in Indonesia: Jakarta and Yogyakarta. From the projects and project managers surveyed, cost overruns are more common and are a problem that is heavier than time overruns in high-rise construction projects in Indonesia.

Based on a study of infrastructure projects in Nigeria conducted by Omoregie and Radford (2006), it was found that one of the main factors causing cost overruns is fraudulent practices. In addition, based on a research conducted by Niazi & Painting (2017), in Afghanistan, one of the main causes that have the potential to cause cost overruns in Afghanistan is corruption. Thus, to be able to solve the problem of cost overruns in the construction industry, handling the cases of corruption and fraud must be considered.

The construction industry is known throughout the world for the many cases of corruption, asset abuse and bribery. The American Society of Civil Engineers claims that corruption accounts for around $340,000,000,000 in construction costs worldwide each year. The challenges of corruption which included bribery, embezzlement, kickback and fraud cases were very significant and could occur in every phase of the construction project (Sohail and Cavill, 2006).

The construction sector is one of the most risky industries related to internal fraud because of its complex and high-cost nature, as well as the number of contractual relationships with third parties. In addition, management supervision and control of construction projects is usually low due to the locations of construction projects that are usually located far from the head offices. According to the Association of Certified Fraud Examiner (ACFE), organizations lose up to seven percent of their annual income due to fraud. In addition to the financial losses, internal fraud can also cause reputation loss, business disruption and regulatory sanctions (Onder, 2011).

The existence of a strong anti-fraud control system can be a mechanism for fraud prevention and detection. ACFE states that it is not easy to determine the return on investment in anti-fraud initiatives, because it is almost impossible to calculate the amount of fraud that can be prevented from applying certain controls. However, ACFE compares the losses experienced by organizations that apply certain controls to those who have not implemented these controls. As a result, the presence of each analyzed control correlates with lower losses (ACFE, 2018).

Ernst & Young (2014), through the 25th ACFE Global Fraud Conference, introduced the Fraud Risk Management Maturity Model as the next step in implementing the Anti-Fraud program. This model is used to assess the level of fraud risk maturity in an organization, based on how the components of the anti-fraud program are implemented in the organization. The maturity level is ranging from the lowest value—basic, to the highest—leading practices. The maturity level can then become the  reference and can also generate recommendations for designing a risk management system framework for fraud risks.

KPMG, in 2014, developed the Fraud Risk Management concept in order to develop strategies for the prevention, detection and handling of fraud risks. The concept developed by KPMG in managing fraud risks is comprehensive as it includes steps to prevent, detect and handle fraud risks.

PT XYZ is a construction company whose main activities are in the fields of building construction, road construction, bridge construction and others. According to information from the Management of PT XYZ, it was found that in several times, internal fraud occurred both by the Project Manager and other Field Staff which caused the construction projects to experience cost overruns or even losses. Thus, a solution is needed to prevent, detect and handle fraud cases at PT XYZ in the future.

Based on the explanation in the previous paragraphs, this study was conducted with the aim of measuring the maturity of fraud risk management and designing a fraud risk management framework at PT XYZ. Fraud risk management maturity measurement results will be used as the basis for designing a fraud risk management framework, while the design of a fraud risk management framework can be implemented as an integrated anti-fraud program by PT XYZ.

Literature Review

Fraud

Murray (1958) states that the word “fraud” comes from the Latin word “fraus” which means deceit. The Institute of Internal Auditors (IIA) in the Standard & Guidance – International Professional Practices Framework (IPPF) defines fraud as any illegal action that is characterized by deceit, concealment, or violation of trust. Fraud can be carried out by certain parties or organizations to obtain money, property, or services, to avoid payment or loss of services, or to secure personal or business interests.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) together with the Association of Certified Fraud Examiners (ACFE) in the Fraud Risk Management Guide define fraud as any intentional act or omission designed to deceive others, resulting in suffering a loss for the victim and/or achieving a gain for the perpetrator.

In Kaseem & Higson (2012), it is stated that the causes of committing fraud by people was first examined by Donald Cressey, a criminologist, in 1950. His research was about what drives people to violate trust. He interviewed 250 criminals over a period of 5 months. The result explained that the three factors were: non-shareable financial problems, opportunities  to commit the trust violation and a rationalization by the trust violator, together known as the “fraud triangle”.

Cressey stated that persons become trust violators when they conceive of themselves as having incurred financial obligations which are considered as non-socially-sanctionable and which, consequently, must be satisfied by a private or secret means (Kaseem & Higson, 2012).

Fraud Risk Management Maturity Model

Ernst & Young (2014) developed a Fraud Risk Management Maturity Model that can be used as a tool to assess fraud risk management maturity levels in an organization. The maturity level will be stated as basic, evolving, established, advanced and leading practices, based on the application of anti-fraud program components in the organization.

The anti-fraud components that are assessed consist of: board oversight/management sponsorship, code of conduct, fraud prevention policies, fraud awareness training, fraud risk assessment, anti-fraud controls activities and monitoring, and incident response.

The Fraud Risk Management

KPMG (2014) developed The Fraud Risk Management concept with the aim of developing strategies for preventing,  detecting  and responding to   fraud risks faced by organizations.

Fraud prevention policies are designed to help preventing fraud and misconduct risks. It includes leadership and governance, fraud and misconduct risk assessment, code of conduct, employee and third-party due diligence, and communication and training.

Fraud detection policies are designed to find fraud and misconduct whenever they occur. It includes a mechanism for seeking advice and reporting misconduct, auditing and monitoring, and forensic data analysis.

Fraud response policies aim to take appropriate corrective actions with regard to fraud losses. It includes investigations, enforcement, accountability and corrective actions.

Research Method

This research was conducted using qualitative method. Creswell (2013) describes qualitative research as an approach to explore and understand individuals or groups which are considered social problems.

The qualitative method in this study uses a case study approach. Starman (2013) states that case studies are one type of qualitative research, which aims to provide a detailed description of an object to provide a better understanding. Case studies are carried out by examining specifically one object of research.

This research will use two data sources: primary data and secondary data. Primary data is obtained through interviews and observation, while secondary data is obtained using documentation. Interviews were conducted with the President Director, Operations Director, Project Manager and Field Staffs to get an overview of the business processes and fraud that often occurred. Observation is carried out by conducting direct monitoring of practices in the field (the project) to assess the risk of fraud occurring in common practices in the company. Documentation that is collected and observed carefully is documentation about the organizational structure, division of tasks and other documents related to the topic of research.

The research approach raises a phenomenon of case studies conducted using a single unit analysis, where PT XYZ becomes the object of research. Unit analysis is the actual source of information for companies, organizations, individuals and so on (Shauki, 2018). PT XYZ is a construction company whose main activities are building construction, road construction, bridge construction and others. The unit of analysis studied is all the units in the PT XYZ business process, to be able to identify fraud risks in each business process.

This research was conducted in four stages: (1) understanding of the business process of construction companies through understanding the company’s business processes, (2) the process of identifying fraud risks inherent in the company’s business processes, (3) assessing the maturity level of fraud risk management and (4) designing a risk management policy plan for fraud risks based on the results of the measurement of maturity level.

Analysis and Results

Fraud Schemes and Causes

In identifying fraud risks, interviews were conducted with the President Director, Operations Director, Project Manager and other field staffs. Observation was  also done in the field activities and in the head office to obtain an overview of the business processes to identify inherent fraud risks at every business process.

The fraud risks were also analysed, and the causes were categorized into three components of fraud triangle: financial pressure, opportunity and rationalization.

In this research, it is found that the root cause of most of fraud cases is financial pressure. Based on the results of the interview, it was found that before the project manager committed fraud, it was reported that  he remarried secretly, so  he had additional financial needs that could be categorized as financial pressures. Thus, the situation in which project managers remarry secretly, which is a non-shareable financial problem, is the root cause of fraud, which is then supported by the opportunity and rationalization.

Based on the interviews and observations regarding company’s business processes, the fraud risks that have been identified are as follows:

• Diverted purchases

Based on the results of the interviews with the President Director and Operations Director, fraud that had occurred at PT XYZ which caused the biggest loss was the divert purchases. It was when the material ordered to suppliers on behalf of the company was transferred to other projects that were not company projects. This happens because the project manager can order materials directly to suppliers, where there is no division of tasks between material users and the purchasing department. At the time of billing, the supplier submits an invalid delivery order invoice, so the payment department is unaware that the material is actually sent to another place.

This risk arises because of the weak internal control, specifically in the aspect of segregation of duties . Based on the concept of fraud triangle as the cause of fraud, the cause of this fraud scheme can be categorized as an ‘opportunity’, as the weaknesses in the internal control system is an opportunity for fraud.

To be able to prevent such fraud schemes from occurring, ordering materials to suppliers should be carried out by the purchasing department that is separate from the material user. In other words, improvements need to be made in the segregation of duties at PT XYZ.

• Inflated Material Prices

Other fraudulent actions that also often occur are the differences between material purchase prices and fair market prices caused by kickback practices. It is where project managers and/or the field staff work together with suppliers to counterfeit prices or tend to increase material unit prices.

The cause of fraud through this scheme is the inadequate process of determining suppliers so that material users in the field can freely choose suppliers and then cooperate in marking up prices. The difference between the prices is shared between the Project Manager and/or Field Staff and the supplier. Based on the concept of fraud triangle, the cause of this fraud scheme can be categorized as an ‘opportunity’, as the inadequate process of determining suppliers is an opportunity for fraud.

• Material’s volume and/or quality deviations

The next fraud scheme that also causes losses to the company is the difference in the volume of materials and/or the quality received with the one stated in the delivery order, so that the volume that appears in the invoice at the time of collection is different from the volume that is finally paid by the company, and/or the quality that is finally paid becomes higher than what is actually received and used in the field.

The segregation of duties between the material reception staffs in the field, material users and the payment staffs has been considered sufficient. However, the constant cause of this fraud scheme is the absence of a whistleblowing procedure, so the material reception staffs in the field got confused about where to report when facing such situations. When the staff reports to the project manager, the report will not be followed up, because the project manager is usually the fraudster or the party involved in this fraud case.

Based on the concept of fraud triangle as the cause of fraud, the cause of this fraud scheme can be categorized as an ‘opportunity’, as there is no guideline/procedure for whistleblowing that allows the field staff to be able to report violations committed by their superiors.

Therefore, to further mitigate this scheme, an adequate whistleblowing guideline/procedure is needed, which includes reporting procedures when knowing violations and protecting the whistle-blower’s confidentiality.

In a number of other cases, the reception staff was also involved or received a share of the results of the fraud committed.  Consequently, this practice gradually becomes a habit or something that is considered reasonable. Based on the concept of the fraud triangle, this cause of fraud can be categorized as ‘rationalization’.

• Billing of time and material-based costs for the work of lump sum costs

The next fraud scheme is when there is a contract with a lump sum subcontractor, but the subcontractor collects an additional work that is charged based on the time and material used, even though the work has actually been covered in the contract.

This scheme can only occur if the company’s internal control system is weak. Often, the payment department at the company does not clearly understand the contracts with subcontractors. Payments are made based solely on invoices sent by subcontractors, then confirmed to the project manager and/or the field staff. The weakness of this internal control system provides an opportunity for project managers and/or the field staff to commit fraud in collaboration with subcontractors. Based on the concept of triangle fraud, the cause of fraud, in this case, can be categorized as ‘opportunity’.

• Inflated social costs

In the construction sector, social costs are commonly known. Social costs are costs related to requests or requirements by the community around the project which are usually out of the contract with the project owner. This fee is usually included in the project budget. However, the field conditions related to social costs between projects may vary, so the actual social costs are often far from those budgeted.

Such conditions can eventually become opportunities for project managers or field staff to commit fraud by charging social costs greater than the actual costs incurred in the field. To be able to do this, the project manager must collaborate with the field staff, due to company procedures that require signatures from both in claiming social costs to the financial department. Thus, there has been an internal control—the process of authorization to mitigate it. However, this scheme can still occur because the field staff usually undergoes pressure from the project manager to sign social cost claim forms.

Based on the concept of fraud triangle as the cause of fraud, the cause of this fraud scheme can be categorized as an ‘opportunity’, as there is no guideline/procedure for whistleblowing that allows the field staff to be able to report violations committed by their superiors.

Therefore, to further mitigate this scheme, an adequate whistleblowing guideline/procedure is needed, which  includes reporting procedures when knowing violations and protecting the whistle-blower’s confidentiality.

• Misuse of heavy equipment

Heavy equipment is one of the largest fixed assets owned by construction companies. Because it requires an investment whose value is quite large (on average above Rp1 billion per unit), not all construction companies decide to buy via cash or through capital leases. Many construction companies choose operating leases to companies engaged in heavy equipment rental business.

However, for medium-sized construction companies that have enough capital to reinvest, it is not unusual for these companies to possess their own heavy equipment operated on the project. In a road construction project, for example, it requires at least six types of heavy equipment: excavators to take landfill, vibrating rollers for the compaction of land, motor graders to flatten and form road surfaces while spreading lightweight materials, asphalt finisher to roll asphalt, vibrating tandem rollers to match the asphalt and the roller tire to crush the hot mix layer. However, these tools are not used in every phase of road construction. There are times when one is idle because the project is in a phase requiring other heavy equipment.

This particular condition creates opportunities for field workers, both project managers and field staff, to misuse company assets. When heavy equipment is idle, field workers can mobilize heavy equipment to other projects that are not related to the company, or even rent heavy equipment to other parties without top management’s consent. The rental income is not received by the company, but rather through the personal income of field workers who become fraudsters in this scheme.

The cause of this fraud case based on the concept of triangle fraud is ‘rationalization’. To further mitigate this scheme, an adequate guideline/procedure for whistleblowing is needed, which includes reporting procedures when knowing violations and protecting the whistle-blower’s confidentiality.

• Misuse of residual construction materials

Construction projects are known as high-risk fraud projects, one of which is caused by high construction costs. This high cost includes material costs. The high value of materials used in construction projects makes the residue or waste of these materials an area that also raises the risk of fraud.

The residual construction materials (or waste) should be recorded and managed by certain parties so that the results of the residual construction materials will be returned to the company. However, at PT XYZ, there is no mechanism for managing the residual construction materials. As a result, project heads and/or field workers utilize the residual construction material for their personal use by reselling it without having them deposited to the company. Even worse, at the planning stage, the amount of material is sometimes budgeted in a larger amount than needed so that the residual material can be utilized with the scheme. This certainly causes losses for the company.

The cause of this fraud scheme based on the concept of fraud triangle is the ‘opportunity’, as there is no special section to collect data and manage the remaining construction materials, as well as ‘rationalization’, as this kind of thing is considered reasonable and it is done massively.

To further mitigate this scheme, a segregation of duties between material users in the field and the manager of the residual material is needed. In addition, adequate whistleblowing guidelines/procedures are needed, which include reporting procedures if they know of violations and protecting the confidentiality of the whistleblower’s identity.

• Gratification to the Employer/Project Owner

In getting projects from employers, almost all projects  operated  by PT XYZ implemented an open tender system. Although the auction process continues according to applicable regulations with the requirements that must be fulfilled by all bidders, sometimes the auction committee determines the winning contractor on the condition that the contractor must give a gratification to the auction committee.

From the company side, even though it gets the project at the end, it actually loses. The company has been through the stages and has fulfilled the requirements of the auction winner in accordance with the regulations, and carried out the implementation of the project also in accordance with the conditions and specifications required in the contract. But on the other hand, there are other costs that actually do not need to be spent which ultimately erode the company’s profits from the project.

In addition, the practice of gratification to the auction committee also had a bad impact on the determination of the company’s culture. The Board of Commissioners and Directors play an important role in setting the tone at the top so that an ethical corporate culture can be internalized to employees at all levels of the company. However, the practice of gratification to the auction committee will indirectly make it difficult for the Board of Commissioners and Directors to determine an ethical culture, because employees will consider the ethical culture to be merely a formality if top-level management does not set an example of ethical business practices.

The cause of this fraud case based on the concept of fraud triangle is ‘rationalization’, as the practice of gratification to the auction committee is normal and everyone does it. The  mitigation that must be done to overcome this is by internalizing the culture and implementing good corporate governance. One concrete step that can be implemented is by including rules regarding gratification in the company’s code of ethics, where the Board of Commissioners, Directors and all employees periodically make and sign statements that they have accepted a code of ethics and agree to comply with the standards.

Fraud Risk Management Maturity Assessment

To determine the current condition of fraud risk management at the company, an assessment of fraud risk maturity is carried out by using the Fraud Risk Maturity Model by Ernst & Young. The maturity level will be expressed at the basic/unstructured, evolving, established, advanced and leading practices levels, based on the application of anti-fraud program components in the organization. The following is an analysis of the application of anti-fraud program components at PT XYZ.

• Board oversight/management sponsorship

At PT XYZ, there are formal structures and processes that are known to each employee. However, in practice, not all formal processes are adhered to through personal awareness and embedded integrity. The Board has not conducted a comprehensive review of management, and management also does not yet have a mechanism to ensure an effective compliance program at all levels. Thus, it can be concluded that PT XYZ has only reached an evolving level in the components of sponsorship board management.

• Code of conduct

At PT XYZ, there has been a code of conduct, but only limited to formal provisions containing regulations that must be obeyed by employees, and there is only minimal communication from management to employees, namely when the employee first enters the company. Thus, PT XYZ has only reached the basic level.

• Fraud prevention policies

PT XYZ has procedures, policies, processes and controls which are carried out to prevent and detect fraud, but not in detail and are not considered sufficiently adequate. PT XYZ also has not conducted periodic assessments of procedures and policies and the effectiveness of the processes and controls. Thus, PT XYZ has only reached the basic level for this component.

• Fraud awareness training

PT XYZ has held trainings and/or meetings before implementing a project that is attended by field workers, subcontractors and suppliers together or separately, where the training includes discussing the controls carried out to prevent fraud. However, these trainings were not specifically conducted to address the issue of fraud, with specific topics of fraud that were delivered in detail regarding prevention, red flags, reporting suspicious activities and disciplinary actions. Thus, PT XYZ has reached the established level.

• Fraud risk assessment

At the end of each project, PT XYZ evaluates the implementation of the project, including fraud incidents that lead to not achieving goals, both in the form of time overruns and cost overruns. However, PT XYZ has not conducted a comprehensive risk assessment of fraud risks. Based on this, it can be concluded that PT XYZ has only reached the basic level for this component.

• Anti-fraud controls activities and monitoring

PT XYZ has internal controls aimed at mitigating the risk of the company, which includes fraud risks. However, internal control is not considered sufficient enough. In addition, there is no mapping of specific control activities for fraud risks, and there is no monitoring of these risks. Thus, it can be concluded that for this component, PT XYZ has only reached the basic level.

• Incident response

There is no mechanism that can be used to solve fraud problems. There is no process to collect or track problems or suspected problems related to fraud, as well as the absence of a response plan in the event of a fraud incident. Thus, it can be concluded that for this component, PT XYZ has only reached the basic level.

Table 1: Results of the fraud risk management maturity level assessment in PT XYZ

Fraud Risk Management Framework

In this section, the development of a fraud risk management policy framework will be described using the Fraud Risk Management concept by KPMG (2014). Fraud risk management policies are grouped into three groups: prevention, detection and response. KPMG (2014) explains that prevention policies are useful for preventing fraud from occurring, detection policies serve to find fraud as soon as possible when it occurs, and response policies are designed to take corrective actions and correct losses caused by fraud.

PT XYZ is a national private construction company owned by a family (not a public company). Thus, in designing fraud risk management policies, a cost-benefit analysis of the implementation of a fraud risk management system was also taken into consideration. Therefore, the application of the design will be adjusted to the needs of PT XYZ.

Fraud Risk Prevention Policy

• Leadership and governance

Based on the results of the measurement of fraud risk maturity levels in the previous sub-section, it was concluded that there was a formal structure and process at PT XYZ that was known to each employee. However, in practice, not all formal processes are adhered to through personal awareness and embedded integrity. The Board has not conducted a comprehensive review of management, and management also does not yet have a mechanism to ensure an effective compliance program at all levels.

Thus, improving the policy framework in the leadership component at PT XYZ can be made through the following:

1. The behaviour of the leadership of the organization in determining the tone at the top that supports an organizational culture that has an anti-fraud spirit.
2. The existence of an audit committee to help ensure that the control and enforcement of compliance and anti-fraud policies in the organization are effective.
3. The existence of chief compliance/risk officer to coordinate anti-fraud efforts, including setting acceptable policies, procedures and standards of business practices.
4. The existence of an internal audit functions to evaluate the effectiveness of the internal control policies designed by the company.

• Code of conduct

Based on the results of the measurement of fraud risk maturity in the previous sub-section, it was concluded that there was a code of ethics in PT XYZ, but it was only a formal provision containing regulations that must be obeyed by employees, and there was only minimal communication from management to the employees, namely when employees first enter the company.

The improvement of the policy framework in the component of the code of ethics at PT XYZ can be done through the following things:

1. Improving the company’s code of ethics, with the following attributes:

• Underline commitment to ethics and integrity;
• Become  a guide to values, principles and strategies that guides business decisions and behaviours;
• Use a simple, concise and positive language that is easily understood by all employees;
• Use formats that visually encourage the reader, usage and understanding;
• Become an ethical decision-making tool to help employees make the right choices; and
• Become the reference of reporting channels and mechanisms that employees can use to report problems or ask for advice without fear of retaliation

1. All officials and employees periodically certify or acknowledge that they have received a code of ethics, agree to comply with the standards contained therein and promise to disclose any violations of that code that is known or suspected to occur.

• Fraud Risk Assessment

Based on the results of the measurement of fraud risk maturity levels in the previous sub-section, it was concluded that PT XYZ had evaluated the implementation of the project at the end of each project, including fraud events that caused the achievement of objectives, both in the form of time overruns and cost overruns. However, PT XYZ has not conducted a comprehensive risk assessment of fraud risks.

Thus, improving the policy framework in the fraud risk assessment component at PT XYZ can be done through the following:

1. Development of fraud risk assessment procedures that include the process of identifying, evaluating and mitigating fraud risks.
2. Fraud risk assessments carried out periodically throughout the organization, considering significant business units, processes and entity accounts.
3. The results of the fraud risk assessment are used to continue to make improvements and adjustments to the company’s internal controls.

• Communication and training

Based on the results of the measurement of fraud risk maturity levels in the previous sub-section, it was concluded that PT XYZ had held trainings and/or meetings before implementing a project that was joined by field workers, subcontractors and suppliers jointly or separately, where the training included discussing controls that must be carried out to prevent fraud. However, these trainings were not specifically conducted to address the issue of fraud, with specific topics of fraud that were delivered in detail regarding prevention, red flags, reporting suspicious activities and disciplinary actions.

Thus, improving the policy framework for the socialization and training component at PT XYZ can be done through the implementation of socialization and training with the following criteria:

1. Involve internal and external parties of the organization
2. Implemented with special topics of fraud which were delivered in detail regarding prevention, red flags, suspicious activity reporting and disciplinary actions
3. Performed based on the results of fraud and misconduct risk assessments
4. Conducted regularly and frequently, and also includes the relevant employee population

Fraud Detection Policy

• Mechanism for seeking advice and reporting misconduct (whistle-blowing)

Based on the results of a study of the frequent causes of fraud at PT XYZ in the previous sub-section, of the six fraud schemes, four of them could be mitigated by the existence of whistleblowing guidelines. These fraudulent actions can be prevented from happening again in the future with the mechanism of reporting fraud and violations, including the policy of protecting reporters.

In addition, the results of the measurement of fraud risk maturity levels in the previous sub-section, concluded that in PT XYZ, there is no mechanism that can be used to solve fraud problems, and there is no process to collect or track problems or suspected problems related to fraud.

Thus, improving the policy framework in the components of the fraud and violation complaints mechanism at PT XYZ can be done through the following:

1. Development of whistleblowing guidelines, including, but not limited to, mechanisms for reporting fraud and violations, as well as policies for protecting reporters;
2. Use of hotlines as an effective reporting tool.

• Auditing and monitoring

Auditing and monitoring have not been conducted, so management has not been able to use audits and monitoring as a means to evaluate the adequacy of the existing controls. Thus, improving the policy framework in the audit and monitoring component at PT XYZ can be done through the implementation of audits and monitoring with the following criteria:

1. Compilation of audit and monitoring guidelines
2. Planning is done based on the results of the risk assessment where the audit will be prioritized in areas with the highest risk level (risk-based audit).
3. Audits are conducted periodically by special personnel who are independent of operational activities.

Fraud Response Policy

• Investigation

PT XYZ has never carried out an investigation of fraud and misconduct information, so cases of fraud and violations that have occurred at PT XYZ have never been followed up, and  consequently caused these incidents to recur. Thus, improving the policy framework for the investigation component at PT XYZ can be carried out through the investigation of the following criteria:

1. Preparation of investigation guidelines
2. Investigations are carried out in accordance with the guidelines of the investigation by an independent party that understands the law with adequate investigative capabilities (can use a third party) and is overseen by an audit committee independent of management.

• Disciplinary Standard

PT XYZ has never carried out follow-up on cases of fraud and violations, so PT XYZ has not implemented a system of consistent disciplinary sanctions. In most cases, when fraud perpetrators are finally found to have committed a violation, they choose to leave or resign so that they do not get disciplinary sanctions. In fact, disciplinary sanctions have a deterrent effect, not only on the perpetrators, but these effects can also further increase the awareness and alertness of all parties in the organization that there are consequences for any acts of fraud or violations that occur.

Thus, improving the policy framework for the sanctions component at PT XYZ can be done through the following:

1. Preparation of disciplinary sanctions procedures, which contain the types of violations and sanctions.
2. Implementation of disciplinary sanctions in accordance with consistent disciplinary procedures.

Conclusions

The results of fraud risks identification and analysis at PT XYZ concluded that the most common fraud schemes in a construction company were: diverted purchases, inflated material prices, material’s volume and/or quality deviations, billing of time and material-based costs for the work of lump sum costs, inflated social costs, misuse of heavy equipment, misuse of residual construction materials, and gratification to the employer/project owner. Out of eight fraud schemes, six of them were caused by the existence of opportunities, and five of them were caused by rationalization among the field workers. However, the situation where project managers remarry secretly, which is a non-shareable financial problem, made financial pressures the root cause of fraud. Recommended mitigations to overcome these fraud risks include improving the segregation of duty, supplier selection process and developing whistleblowing guidelines.

The results of fraud risk maturity level assessment concluded that there are still opportunities for further enhancements to improve the fraud risk management policies at PT XYZ. Four components were still at a basic level: code of conduct, fraud prevention policies, fraud risk assessment, anti-fraud control activities and monitoring, and incident response. Board oversight/management sponsorship component has reached an evolving level, while the fraud awareness training component has reached an established level.

The fraud risk management policy framework was designed in accordance with the fraud risk management concept by KPMG, and also took into considerations: the results of the identification and analysis of fraud risks, the results of fraud risk maturity level assessment and also the cost-benefit analysis. The details of the fraud risk management policy framework are described as follows:

1. Fraud Risk Prevention Policy, which consists of leadership and governance, code of conduct, fraud risk assessment, and communication and training.
2. Fraud Detection Policy, which consists of a mechanism for seeking advice and reporting misconduct (whistleblowing), and auditing and monitoring.
3. Fraud Response Policy, which consists of investigations and a disciplinary standard.

However, if later research can add research objects to more than one construction company  with diverse company sizes, the results of the study will produce a more complete and comprehensive reference for developing fraud risk management policies in order to cope with the losses incurred by fraud incidents in construction companies.

References

• (2018) Report to The Nations: 2018 Global Study on Occupational Fraud and Abuse. Association of Certified Fraud Examiners.
• Creswell, J. (1994) Research Design: Qualitative and Quantitative Approaches, Thousand Oaks, California: Sage Publications.
• Ernst & Young LLP. (2014) ‘Fraud Maturity Model: Advancing the Anti-Fraud Management Program,’ Presented at 25^th Annual ACFE Global Fraud Conference, 17 June 2014.
• Kassem, R. and Higson, A. (2012) ‘The New Fraud Triangle Model,’ Journal of Emerging Trends in Economics and Management Sciences 3(3): 191-195
• KPMG Forensic. (2014) Fraud Risk Management: Developing a Strategy for Prevention, Detection, and Response. China: Author.
• Murray, J. G. E. (1958), ‘Some Aspects of Fraud, Control and Investigation,’ 49, Journal of Criminal Law and Criminology, 49 (11).
• Niazi, G. A. and Painting, N. (2017), ‘Significant Factors Causing Cost Overruns in the Construction Industry in Afghanistan,’ Proceedings of the 7^th International Conference on Engineering, Project, and Production Management.
• Omoregie, A. and Radford, D. (2006), ‘Infrastructure Delays and Cost Escalation: Causes and Effects in Nigeria,’ Proceedings of the 6^th International Conference on Postgraduate Research, Netherlands.
• Önder, Oytun. (2011), ‘Corruption and Internal Fraud in Turkish Construction Industry,’ A Thesis submitted to The Graduate School of Natural and Applied Sciences of Middle East Technical University.
• Shanmugapriya, S. and Subramanian, Dr. K. (2013), ’Investigation of Significant Factors Influencing Time and Cost Overruns in Indian Construction Projects,’ International Journal of Emerging Technology and Advanced Engineering, 3 (10).
• Sohail, M. and Cavill, S. (2006), ‘Corruption in Construction Projects,’ Proceedings of Construction in Developing Countries Symposium, “Construction in Developing Economies: New Issues and Challenges”, Santiago, Chile.
• Starman, A.B. (2013), ‘The Case Study as a Type of Qualitative Research,’ Journal of Contemporary Educational Studies 1/2013, 28-43.