The Effects of Interaction between Internal Auditor and Audit Committee on Fraud Detection in Malaysia

This study aims to examine the effect of interaction between internal auditor and audit committee on fraud detection in Malaysia. Specif-ic interaction is firstly; audit committee approving the appointment of chief audit executive, the evaluation of chief audit executive, the dismissal of chief audit executive, the internal audit budget and the internal audit plan or program. Secondly, audit committee’s involvement in reviewing internal auditor’s work specifically; providing input for the internal audit plan, reviewing the results of internal auditing related to financial reporting, reviewing the results of internal auditing related to internal control, reviewing the results of internal auditing related to compliance with laws and regulation, reviewing the internal audit involvement in management responses to internal audit suggestions, reviewing the difficulties or scope restrictions encountered by internal auditors and reviewing the coordination between internal auditors and external auditors. Survey questionnaires were mailed to internal auditors attached to 782 companies listed on Bursa Malaysia’s main market. The results of this study suggest that involvement of audit committee in approving chief audit execu-tives’ matters is insignificant on internal auditors’ contribution to fraud detection. However, audit committee’s involvement in reviewing internal auditors’ work significantly influence the internal auditors’ contribution in fraud detection.


Introduction
PricewaterhouseCoopers (PwC) Malaysia highlighted five most pervasive economic crimes reported by the respondents namely; asset misappropriation (57%), bribery and corruption (30%), cybercrime (30%), procurement fraud (17%) and accounting fraud (17%) [1]. Consequently, these economic crimes or frauds have caused direct financial losses and indirect losses in the form of collateral damage on organizations. PwC [1] reported 68% of their respondents which is an increase; as compared to only 42% respondents in year 2014 have indicated that Malaysian companies that experienced fraud encountered losses in terms of employee morale as the main effect of the collateral damage (non-financial losses). In addition, non-financial losses seem to have greater impact among the employees in the affected companies in Malaysia as compared to other countries.
KPMG Forensic Malaysia reported 52% of the survey respondents among listed companies in Malaysia stated that fraud is a major problem in their organization meanwhile, 83% of respondents felt that fraud is a major problem for Malaysian businesses in general [2]. The phenomenon is empirically supported by Voon, Voon and Puah [3] which highlighted that corporate fraud cases reported each year are on the upward trend and it has increasingly become a serious problem in Malaysia.
This has enlightened the importance of corporate governance roles in the area of investigation, detection and reporting of the fraud incidence in an organization. Internal Auditor (IA) and Audit Committee (AC) are the important components of corporate governance which play an essential role in assisting the senior management to detect fraud. In the aftermath of corporate scandals and the global financial crisis, corporate governance has received significant attention from regulators and public. The fraud incidences that have happened enlighten the importance of corporate governance. This leads the financial and investing community and other stakeholders to drive increased awareness and demand for internal assurance on corporate governance processes, including internal control and risk management. Thus, the regulators and public have increasingly demand for accountability and require the corporate governance reports to include recommendations for internal controls and reporting those controls. In year 2007, the revised of Malaysian Code of Corporate Governance (MCCG) include a new clause stating that the board should establish an internal control function. The chief audit executive (CAE) should report directly to AC and responsible for a regular review of the effectiveness of the risk management, internal control and governance processes within the company. Corporate governance mandates and listing rules identify internal audit function (IAF) as a central internal control mechanism [4]. Given its unique position within the organization, the IAFs is well placed to provide this assurance and is an integral component of the corporate governance mosaic.  [18][19][20][21][22]. Very limited studies on fraud detection had investigated the effects of the interaction between IA and AC on IA's contribution to fraud detection. In the corporate governance dimension, the importance of the internal control system, code of ethics, culture of honesty and the independence works of the IA and AC on fraud detection were examined by researchers in [23], [24]. So far, no empirical research has been conducted to examine the effect of interaction between IA and AC on IA's contribution to fraud detection. Therefore, this research aims to extend the earlier studies and fill this gap in the literature by examining other factors of corporate governance specifically; the interaction between IA and AC in terms of AC approving and reviewing internal audit related matters.
Another motivation for this study stems from the roles of the AC and IAF within an organization's overall corporate governance system. Specifically, the efforts of the IAF to adhere to good corporate governance principles are influenced by the power and attitude of the AC through the committee's oversight duties. However, prior research has ignored the potential impact of ACs interaction with IAs on IAs' contribution to fraud detection. As a consequence, this study makes a valuable contribution to the literature in the field of internal auditing and corporate fraud and specifically enlightens knowledge and understanding of how IA's contribution to fraud detection is influenced by ACs' interaction with IAs.
Beyond this introduction, the paper proceeds with section II discussing the theory underpinning the study. Section III considers previous research and from this, developing the hypotheses to be tested. Section IV discusses the methodology adopted and variables. Section V present the analysis and discussion of the results and finally, a conclusion is reached forming to Section VI.

Agency Theory
Berle and Means [25] has introduced the idea of the separation of ownership and control within an organization). According to Jensen and Meckling [26], the contract between the principal (capital provider or owner/shareholders) and the agent (BODs) raises two important issues; moral hazard and adverse selection. Theoretically, due to the separation of ownership and control, the monitoring role is ultimately borne by the BODs in supervising the managers on behalf of the stakeholders especially shareholders [27]. It is argued that when management and ownership are separated, a potential for divergence in decision making and control may exist.
Due to this separation between ownership and control, two problems arises firstly there is a conflict of interest whereby the goals of the principal and agent are not the same because individual managers are assumed to be utility maximizers who act in their own self-interest and prefer leisure than work [28], [29]. Second issue related to agency problem is "information asymmetry", the situation where the agent has more information including private information about the business than the principal thus, the principal cannot fully rely on the agent's representation [28], [30]. This is because in this situation, the agent is likely (given the information that he/or she has) to make the decision that is inclined to support his/her interest rather than protecting the interest of the shareholders.
IA acts on behalf of the agent who is the BODs of the company. Due to that, in the context of this study IA will be viewed as the proxy of the agent. Thus, in line with the present development of corporate governance, the IAF is perceived to be one of the effective monitoring mechanisms and information systems that provide effective support to the AC and BODs [31], [32]. This concurs the suggestion by Adams [30] that IAF should be able to reduce the gap of information asymmetry of the AC and other stakeholders.

Literature Review and Hypotheses Development
Earlier studies have defined the interaction between IA and AC in terms frequency of AC meetings with the CAE, AC involvement in the dismissal of the CAE and the involvement of the committee in the review of the internal audit work [15], [17], [33], [34]. In pursuance of these studies, Al-Taher and Boubaker [6] examined the effect of the independent variables which is the AC's characteristics (independence, financial expertise, frequency of meetings and size of AC) and the AC's interaction with the IAF (which is measured as the above earlier studies' definition). The results indicate that AC independence has no effect on AC relation with internal audit.
Goodwin [17] explores the relationship between the AC and internal audit in Australian and New Zealand entities in both the private and public sectors. The findings of the study are that independence of the AC and the level of accounting experience amongst AC members have a complementary impact on AC relations with internal audit. While independence is associated with a number of issues of process, it is the proportion of committee members with an accounting or finance background that is associated with the extent of the review of internal audit work.
Carcello, Hermanson and Raghunandan [35] conduct a study based on survey to CAEs on the factors associated with U.S. public companies' investment in internal auditing. The results indicate that internal audit budgets (dependent variable) are higher when the AC reviews the internal audit budget (independent variable). The results appear consistent with findings from research indicating that AC support of internal auditing is associated with a stronger IAF [33] which could lead to possible fraud prevention and detection activities.
Mat Zain et al. [15] examined the relation between AC characteristics, IAF characteristic and IA's assessment of their contribution to financial statement audits. Their findings indicate that AC's review of internal audit plans and budgets have significant influence on IA's assessment of their contribution to financial statement audit. In addition, a more competent and interactive AC (measure via frequency of meetings, involvement in CAE dismissal and reviewing IA programme and processes) appears to have a positive effect on the IA's assessment of their contribution to financial statement audit (external audit work).
Mat Zain and Subramaniam [12] interviewed 11 CAEs from 11 publicly listed companies to gauge their perceptions concerning their interactions with ACs. The study also discovered that majority of the interviewees concur that AC's involvement in the appointment and termination of the CAE are an added security to them. It is found that an important factor for the effectiveness of audit processes and communication between CAE and ACs include regular meetings with CAEs. In short, based on the feedbacks received, ACs are viewed as an essential and invaluable support to IAF.
Meanwhile, Zaman and Sarens [8] examined the effect of AC characteristics on the informal interactions between IA and AC. They conducted a survey on 672 CAEs in the UK. The results highlighted that AC's informal interactions are significantly and positively associated with AC independence, knowledgeable and experience AC, internal audit quality.
Garcia, Barbadillo and Perez [36] in their paper focused on the relationship between two corporate governance mechanisms (AC and IAF). The scholars hypothesised that the association between the effectiveness of the AC and the presence of an IAF and its relationship with this committee (meetings between the IAF and the AC) would indicate less opportunity for management to manipulate earnings. The study reveals that size and number of meetings of the AC had a significant negative association with earnings manipulations and the study also suggest that a negative relation between having an IAF and earnings management.
Indeed, Abbott, Parker and Peters [9] argued that AC's desire to avoid financial misstatement leads to an increased IAF focus on internal control. In particular, AC with greater IAF oversight are associated with larger percentages of IAF hours being allocated toward internal control activities. Factors relating to AC's oversight are reporting to AC, AC has authorization to terminate the CAE and AC determines the internal audit's budget. In another study, Khelil, Hussainey and Noubbigh [37] used mixed method approach via questionnaire sent to CAEs in the first stage and semi-directed interviews with 22 CAEs from listed Tunisian companies. Their studies found that the existence of private access to the AC has a positive effect on the moral courage of the CAE. The number of meetings between the AC and the CAE, the examination of internal audit programmes and results together with the contribution of the AC to the appointment and dismissal of the CAE do not show a significant link with the moral courage of the CAE. It also found an insignificant relationship between the AC's examination of interaction between management and the IAF and the moral courage of the CAE. While, Haron and Tong [38] discovered that factors related to AC's characteristics and the interaction between AC and internal audit were not found to be significant. Thus, they emphasized that the relationship between AC and internal audit needs to be reinforced for better oversight mechanism.
In particular, it has been emphasize by the MCCG (revised 2007) that AC also involves in the evaluation of Internal Audit whereby the committee needs to assess its effectiveness against agreed performance criteria such as the overall comprehensiveness of the internal audit plan and its relationship to the strategic objectives of the firm, timely delivery of internal audit services in accordance with the plan and the competency of internal audit staff and adequacy of resources to achieve the same scopes outlined in the plan.
AC also has the responsibility to review the outcomes of the internal audit programme and activities to the extent to which such activities are coordinated with the external audit programme [15]. ACs are likely to urge for a more in depth internal audit testing and procedures to enhance internal controls and the effectiveness of IAF which in turn, would enhance the IAs' contribution to prevent and detect fraud. This is because the independent AC members are more likely to demand higher audit quality in order to protect their reputation [39], [40].
Goodwin [17] segregated the scope of internal audit work for review by the AC into three sections firstly; review of internal audit proposals relating to program or plans, budget and coordination of work with EAs. Secondly, review the results of internal auditing relating to financial reporting, internal control and compliance with laws and regulations and lastly, review the management responses to internal audit findings and whether there are any scope restrictions encountered by the internal audit. The results further highlight that the AC is more involved in reviewing the work of IA when there are more committee members with an accounting expertise.
In this study, the interaction between AC and IA is captured by two aspects: 1. Involvement of AC in approving chief audit executive's appointment, chief audit executive's dismissal, chief audit executive's evaluation, internal audit budget and internal audit plan or program.
2. Involvement of AC in reviewing the work of IA.
Based on the above discussions and mixed results, it can be argued that a positive relationship exists between AC's sole involvement in approving the CAE's dismissal, CAE's appointment, CAE's performance evaluation, internal audit budget and internal audit plan or program and IA's contribution to detect fraud. This is because they will not be exposed to the threat risk from the management which may adversely affect their employment and remuneration and thus, enable the IAs to work transparently. In turn, this is likely to enhance their contribution to detect fraud.
In addition, it can be argued that the stronger the interactions between AC and IAs as reflected by: (i) the extent of ACs review of internal audit plans and processes, budget and coordination with EAs, (ii) the extent of AC reviews of the results of internal audit activities related to financial reporting, internal control and compliance with law and regulation, the more likely it is that the efficacy of the IAF will be enhanced.
In this context, IA is a proxy representing the management who is the agent as in the Agency Theory. Therefore, by having interaction with AC, IAs will be able to assist the management to safeguard and monitor the assets of the organization more efficiently through their contribution in fraud detection. Therefore, based on the preceding arguments and regulatory calls to promote good interactions between IA and AC, thus this study proposes the following hypotheses: • H1: There is a positive effect of AC's involvement in approving CAEs' matters (CAE's appointment, CAE's dismissal, CAE's evaluation, internal audit budget and internal audit plan or program) on IA's contribution to fraud detection.
• H2: There is a positive effect of AC's involvement in reviewing the work of IAs on IA's contribution to fraud detection.

Study Design
The survey instrument was developed based on [15], [41][42][43][44][45]. The survey captures information on the profile of the IA and his or her organization. The survey was validated through pilot study and the actual survey was mailed to 782 companies listed in Bursa Malaysia's main market for the year 2014. Each company is represented by one IA and out of the 782 companies, only 135 participated in the survey.

Variables and Measurements
This study investigates whether the interaction between IA and AC effects IAs' contribution in fraud detection. The measurements of dependent, and independent variables used in this study are described in subsections below. Our model also includes the control variables such as inherent risk (IR) and return on assets (ROA). The IR, which represents the risk of material misstatement occurring in the client's financial statement in the absence of internal control, is reported by the IA respondent based on 0 to 100 scale where 0% represent extremely low exposure to inherent risk and 100% represent extremely high exposure to inherent risk. The ROA is measured by eearnings before interest and tax divided by total assets.
The dependent variable of this study is the contribution of IA in fraud detection whereby 22 questions were developed based on the standards in the International Professional Practices Framework (IPPF). The feedbacks from the IAs are measured by using a score in percentage. Lower fraud detection activities in an organization is reflected by the lower score while higher fraud detection activities are reflected by a higher score. For companies in Malaysia, the average score for FRAUD is 84.7% with a standard deviation of 9.55% thus, indicating that fraud detection is actively being carried out by all companies.
One of the independent variables is APPROVE, which represents the extent of AC involvement in approving the appointment of CAE, the evaluation of CAE, the dismissal of CAE, the internal audit budget and the internal audit plan or program. Its measurement uses the scale of 0-100 where 100 represent 100% AC involvement. This variable is expected to have a positive coefficient as the higher the extent of AC involvement in approving the above, the higher the IAs' expected contribution to prevent and detect fraud.
Another independent variable, REVIEW, represents the extent of AC involvement in reviewing IAs work, which is measured using the scale of 0-100 where 100 represent 100% AC involvement. The reviewing tasks comprises of seven elements below: • providing input for the internal audit plan.
• reviewing the results of internal auditing related to financial reporting.
• reviewing the results of internal auditing related to internal control.
• reviewing the results of internal auditing related to compliance with laws and regulation.
• reviewing the internal audit involvement in management responses to internal audit suggestions.
• reviewing the difficulties or scope restrictions encountered by IAs.
• reviewing the coordination between IAs and EAs.
This variable is expected to have a positive coefficient as the higher the extent of AC's involvement in providing input and reviewing the above elements, the higher the IAs' expected contribution to prevent and detect fraud.

Statistical Method
Multiple linear regression analysis is adopted to collectively test the effects of independent, and control variables against the dependent variable. The following regression model is to be estimated by the ordinary least squares (OLS) method: where Y = IAs contribution in fraud detection (%), = constant of the model; = coefficient of independent or control variable for i = 1,2,3 and 4; X1 = APPROVE; X2 = REVIEW; X3 = IR; X4 = ROA and = error term.
The regression model is valid if it passes the F-test such that its pvalue is significant at a specified significance level. Each factor or independent variable can be concluded to have a significant effect on IAs contribution in fraud detection with a magnitude of βi if its p-value is smaller than a specified significance level. Residual analysis is also conducted to ensure the correctness of the regression model. Table 1 summarizes the descriptive statistics on the depth of the involvement of AC in reviewing IAs' work. On average, the AC is 89.9% involved in reviewing the results of internal auditing related to internal control and 87.9% involved in reviewing the results of internal auditing related to compliance with laws or regulation. Interestingly, half of the total companies had 100% AC involvement in reviewing the results of internal auditing related to internal control while the other half had between 30% to 90% involvement. Similarly, 50% of all company's understudy had 100% AC involvement in reviewing the results of internal auditing related to compliance with laws or regulation while the remaining companies had between 20% to 90% involvement in that matter. AC involvement in reviewing the coordination between IA and EA has the lowest average involvement of 64.1%. In terms of the median, 50% of all companies has at least 70% AC involvement with regards to that matter while the other half has below 70% AC involvement. Generally, half of the companies had high AC involvement in reviewing IAs work, as shown by the values in the median column of Table 1. Based on the minimum column of Table 1, the nonzero values indicate that all companies had AC involvement in the following matters:

Data Description
• Reviewing the results of internal auditing related to internal control. • Reviewing the results of internal auditing related to compliance with laws or regulation. • Reviewing the internal audit involvement in management responses to internal audit suggestions. • Providing input for the IA plan. Table 2 summarizes the descriptive statistics on the levels of involvement of AC in approving CAEs matters. AC involvement in approving the IA plan or program has the highest average involvement of 89.3%. 50% of all companies had 100% AC involvement in this matter while the remaining 50% of the companies had below 100% AC involvement. Generally, half of the companies had high AC involvement in approving CAE matters, as shown by the values in the median column of Table 2. There are companies whose AC are not involved in approving CAE matters, as shown by the values in the minimum column presented by Table 2.  (1) was estimated and the results are shown in Table 3. The R-square of the estimated model is 0.34, which indicates that 34% of the variation in IAs contribution to fraud detection can be explained by the variation in the independent and control variables. Furthermore, the F-test of 16.732 is significant at 5% level, where its p-value of 0 is smaller than 0.05, thus rejecting the null hypothesis of no linear relationship between variables under study on the dependent variable (FRAUD). This result indicates that the model is a good fit such that at least one predictor can explain the dependent variable. The results in Table 3 show that REVIEW has significant positive effect on IAs' contribution to fraud detection because t-value is significant at 5% (p-value < 0.05). The control variables, IR and ROA, also have t-values that are significant at 5% thus implying the both variables have significant positive effect on the dependent variable. However, APPROVE has insignificant t-value (p-value > 0.05) thus suggesting that it does not significantly affect IAs' contribution to fraud detection. Residual analysis is conducted to ensure the correctness of the regression model by checking if the assumptions of linearity, independence, normality and equal variances (or homoscedasticity) are satisfied. This analysis is conducted after estimating the regression model. If all four assumptions are not violated, the errors should be independent normal random variables with mean zero and constant variance. The results of the residual plots, which are not shown here, showed that the errors are distributed randomly within ±3. Thus, there are no outliers and the error terms are independent of each other. The normality test revealed that the errors are normally distributed. Therefore, the regression model is valid. A.

Discussion
The findings of this study did not support the hypothesis that there is a positive effect of AC involvement in approving CAEs matters on IAs' contribution to fraud detection. However, the hypothesis of positive effect of higher involvement of AC in reviewing IAs' work on IAs' contribution to fraud detection was supported. The hypothesis 1, on positive effect of AC involvement in approving CAEs matters on IAs' contribution to fraud detection was not supported. This could be because of company size which in this study has not been taken into consideration. Favourable responses could be contributed by the larger companies. Secondly, there is a possibility that some companies in Malaysia have high IAs' contribution to detect fraud even though AC does not involve in approving CAE matters. Likewise, there is also possibility where AC is too involved in CAE matters but lower fraud detection. Table 3 shown the insignificant result of APPROVE which means no linear relationship between APPROVE and the dependent variable. This means that higher involvement of AC in approving CAE matters does not necessarily leads to higher fraud detection. Therefore, the result of this study indicates that MCCG and IPPF should require higher compliance from the listed organizations to the standards in IPPF with the disclosure on the AC activities for better reinforcement and oversight by the regulators on the effectiveness of the relationship between IA and AC in all the listed organizations. These are essential for both IA and AC in order to fulfil their responsibilities to senior management, BODs, shareholders and other stakeholders. While, the findings relating to hypothesis 2 on REVIEW should have a positive effect on IA's contribution in fraud detection because the relationship between IA and AC has to be reinforced for better oversight mechanism. The finding from this hypothesis provide empirical support for the guidelines recommended by IPPF to have close working relationship between AC and IA [46]. This finding also has implication to the IIA which recognises ACs and IAs that have interlocking goals and a strong working relationship with the AC. In addition, this positive interaction between IA and AC is likely to increase the quality of internal audit works which would lead to higher IA's contribution in fraud detection and thus, the theory is supported.

Conclusion
In an organization's efforts to achieve good corporate governance, its IAF plays an important role, as is confirmed by the amount of authoritative guidance pertaining to the need for regular and effective interaction between AC and IA. Within the particular context of Malaysia, this study has examined the effect of AC's interaction with IA on IA's contribution to fraud detection. The results provide evidence that certain AC's interaction with IA on reviewing IA's matters -reviewing the results of internal auditing related to internal control, reviewing the results of internal auditing related to compliance with laws or regulation, reviewing the internal audit involvement in management responses to internal audit suggestions and providing input for the IA plan have influence posi-tively the IA's contribution in fraud detection. The findings of this study also have significant implications for ACs wishing to improve their overall effectiveness by identifying the impact of AC's interaction with IA in terms of approving certain IAs matters -approving the internal audit plan or program, approving the appointment of the CAE, approving the evaluation of the CAE, approving the dismissal of the CAE and approving the internal audit budget. This involvement from AC needs improvement to enhance the quality of IA's contribution in fraud detection. Further, this study makes another important contribution by extending the literature that has studied on fraud detection. This is the first study that examines how AC's interaction with IA have impact with IA's contribution to detect fraud. With respect to this study's limitation, the fact that the data were derived from a survey of IAs. IAs were chosen because they have the responsibility to ensure that organization are enforced to adhere to policies, guidelines and standards besides identifying high risk areas. However, this sample has the potential to introduce bias into the results as it was only the IA's perceptions of the dependent variables that were explored. A future study could probe the perceptions of EA to establish whether the responses from the two categories agree or show dissimilarities. Such study would reduce the potential for response bias.