The Effect of Governance, Risk Management, and Compliance on Efforts to Minimize Potential Fraud Based on the Fraud Pentagon Concept

DOI: 10.21532/apfjournal.v6i1.196 ABTRACT This study aims to determine the effect of corporate governance, risk management, and compliance with applicable regulations on efforts to minimize the potential fraud based on the Fraud Pentagon concept. For companies engaged in financial service providers, the results of this study are expected to contribute to the implementation of governance, risk management, and compliance (GRC) in order to minimize potential fraud and achieve the expected goals. Respondents used in this study are the employees of Bank Perkreditan Rakyat (BPR). Data are collected using interviews, observations, and questionnaires. Descriptive analysis, data quality analysis, and structural model analysis are used to test hypotheses with the application of STATA version 14. The results show that the variables of corporate governance and risk management have a significant effect on the efforts to minimize potential fraud, while the variable of compliance has no significant effect on the efforts to minimize potential fraud. Due to several factors, such as the small scope of BPR compared to conventional banks and the small number of employees, the implementation of GRC has not been achieved optimally.


INTRODUCTION
Banking is a financial institution or industry that acts as an intermediary in collecting and channeling public funds to support community needs. The development of the banking industry in Indonesia is supported by increasingly advanced information systems and technology, such as digital banking. With this digital banking, customers can carry out activities through their mobile phones, such as banking transactions, opening and closing accounts, including obtaining other information. Supported by advanced systems and technology, banks are expected to further support the implementation of national development in the context of increasing equity, economic growth and national stability towards improving the welfare of the people, which is the goal of the establishment of the banking world. In addition, bank as a profit organization also has a profit achievement target so that it can compete with its competitors and attract investors. Determining too high profit targets forces employees and the board of directors to work harder, but in fact sometimes it can open up opportunities for fraud that will be detrimental in financial and non-financial terms. The theory that is often used to assess fraud is the Fraud Triangle theory initiated by Cressey. According to Cressey, fraudulent financial reporting is always motivated by three elements: pressure, opportunity, and rationalization (Rachmania, 2017). Over time, Cressey's Fraud Triangle theory continued to develop. The first development was put forward by Wolfe and Hermanson (2004) with the Fraud Diamond theory. This theory added one qualitative element that was believed to have a significant effect on fraud, namely capability. In addition to Wolfe and Hermanson, Crowe also helped refine the theory put forward by Cressey. According to Crowe (2010), the elements of arrogance and capability also influence the occurrence of fraud.
The Fraud Pentagon theory put forward by Crowe consists of five elements. The first element is pressure. Pressure can occur from within groups or individuals. Meeting individual needs is more important than group needs. Fraud is often the result of pressure affecting the individual. The second element is opportunity. Fraud can occur if there is an opportunity, where individuals must have access to assets or have the authority to make and regulate control procedures used to commit fraud. The third element is rationalization. Fraud can occur because there is rationalization for various reasons, in addition to justification or defense. Rationalization is carried out through conscious decisions in which the fraudster places his interests above the interests of others. The fourth element is capability. Fraud that results in large losses will not occur without the presence of someone who has a high capability. This capability is then used to commit fraud and take advantage. The last element is arrogance. Arrogance is an attitude of superiority and greed that needs to be corrected. With this element someone will be more courageous to commit fraud in any condition.
One of the efforts to minimize fraud in an organization is to implement good corporate governance, risk management and compliance with existing law and regulation (GRC). Good corporate governance (GCG) is a combination of the processes implemented and carried out by the board of directors, the board of commissioners, and the audit committee whose background is in the organizational structure and how they manage and implement to achieve the company targets. The implementation of GCG in banking sector is not much different from the implementation of GCG in other industries. However, the behavior of bank managers and owners is a major factor that requires attention in the implementation of GCG. The results of research conducted by Wefa (2017) entitled "Pengaruh Implementasi Good Corporate Governance, Pengendalian Intern Kas, Asimetri Informasi terhadap Fraud Studi pada BUMN Kota Pekanbaru" ("The Effect of the Implementation of Good Corporate Governance, Internal Cash Control, and Information Asymmetry on Fraud (Study on SOEs in Pekanbaru City") show that the implementation of good corporate governance has an effect on efforts to reduce the potential for fraud in SOEs in Pekanbaru City. The implementation of good corporate governance has an impact on a clearer division of tasks, responsibilities and supervision. This means that the higher the level of governance implementation in SOEs, the lower the potential for fraud in SOEs in Pekanbaru City.
Risk management is the process of predicting, analyzing and managing risks that can hinder a company from achieving its targets. Within a bank, the risk management committee at the board of directors is responsible for conducting independent reviews of the identification, measurement, monitoring and control of credit, market and liquidity risks, including the completeness of policies and systems. The results of research conducted by Pascalia (2017) show that internal control and risk management have a positive effect on fraud prevention through the implementation of good corporate governance.
Compliance is the implementation of company's policies and procedures, laws and regulations, and strong and efficient governance which is considered the key to the success of the company. The three pillars are interrelated so that a company can run and meet its targets properly and healthily. Compliance is the responsibility of all personnel in a bank so that every level of the organization in all business activities of the bank has their respective responsibilities towards creating a compliance culture, while the Compliance Work Unit as a supporting unit of the strategic business partner of the bank has the duties and responsibilities to carry out the bank's compliance function in order to support the creation of a compliance culture. However, the results of research conducted by Najib and Rini (2016) show that sharia compliance has no effect on fraud prevention.
The difference between this study and previous research is that this study examines the effect of the implementation of GRC (Governance, Risk management, and Compliance) as an effort to minimize the occurrence of fraud. The fraud theory used as a variable of fraud is Crowe's Fraud Pentagon Theory. This research uses PT Bank Perkreditan Rakyat (BPR) as the research object. The reason for choosing BPR as the research object is because BPR is one of the financial institutions that support the community's economy, especially in the capital of MSMEs. However, in the development of its activities, it is still not optimal compared to conventional banks.

LITERATURE REVIEW AND HYPO-THESIS Corporate Governance
Rezaee (2007), defines corporate governance as a process that results from legal, regulated, contractual and marketbased mechanisms and best practices to create substantial value for shareholders and protect the interests of other shareholders.
Principles established from the implementation of good corporate governance include transparency, accountability, responsibility, independence, and fairness. Transparency means that companies require open, timely, clear, and comparable information concerning financial conditions, company management and company ownership. Accountability means that every individual in the company has a role and responsibility to support the business and ensure the balance of the interests of management, shareholders and other stakeholders as supervised by the board of commissioners. Responsibility is conformity in the management of the company to the prevailing laws and regulations and corporate principles. The implementation of this principle ensures compliance with applicable rules and regulations as a reflection of compliance with social values. Independence means ensuring that the commissioners and directors as well as management independently carry out their respective powers and responsibilities in accordance with existing regulations. Fairness means guaranteeing the protection of the rights of shareholders, including the rights of minority shareholders and foreign shareholders and other stakeholders, ensuring the implementation of commitments with investors and other stakeholders, providing fair treatment to stakeholders including foreign minority shareholders (National Committee on Governance Policy (KNKG) 2006, General Guidelines for Indonesian Good Corporate Governance).

Risk Management
According to Kerzner in Yasa, et al. (2013), risk management is a set of policies or complete procedures owned by organization to manage, monitor and control risks that may arise. Basically, risks can be classified into operational risk, financial risk, and information risk. Operational risk is the risk that occurs in the operational activities of the organization, in which this risk can impede performance in achieving targets within a certain period of time. Financial risk can result in losses to existing finances and assets. Information risk is the risk that can lead to misunderstanding between individuals and groups, therefore it is necessary to convey actual and accurate information (Moeller. 2016. Brink's Modern Internal Auditing: A Common Body of Knowledge).

Compliance
The demand for compliance with the timeliness in submitting annual financial reports of public companies in Indonesia has been regulated in Law

Fraud Pentagon
The latest theory that examines the factors that trigger fraud is Fraud Pentagon theory developed by Crowe. This theory was developed by Crowe Howarth in 2010. The Fraud Pentagon theory is an extension of the Fraud Triangle theory previously proposed by Cressey. Crowe Howarth added two other elements: capability and arrogance, so that the elements that trigger fraud in the Fraud Pentagon theory include pressure, opportunity, rationalization, capability and arrogance.
The first element is pressure. Pressure can occur from within a group or individual. Meeting individual needs is more important than meeting group needs. Fraud is often the result of pressure affecting the individual to do so. The second element is opportunity. Fraud can occur if there is an opportunity where individuals must have access to assets or have the authority to make and regulate control procedures used to commit fraud. The third element is rationalization. Fraud can occur because there is rationalization for various reasons, in addition to justification or defense. Rationalization is carried out through conscious decisions in which the fraudster places his interests above the interests of others. The fourth element is capability. Fraud that results in large losses will not occur without the presence of someone who has a strong capability. This capability is then used to commit fraud and take advantage. The fifth element is arrogance. Arrogance is an attitude of superiority and greed that needs to be corrected. With this element someone will be more courageous to commit fraud in any condition.

Good Corporate Governance and Fraud Pentagon
The implementation of good corporate governance in companies, especially in the banking sector, can increase investor confidence, maintain company value, improve company performance, maintain better corporate balance sheets, and protect the rights of shareholders. This is in line with the results of research conducted by Wefa (2017) that corporate governance has a positive effect on fraud prevention. This shows that the implementation of good corporate governance in BPRs will increase efforts to minimize the occurrence of fraud in BPRs. So, the first hypothesis proposed in this study is: H1: Good Corporate Governance has an effect on efforts to minimize potential fraud based on the Fraud Pentagon Concept

Risk Management and Fraud Pentagon
Risk management that is implemented properly by the company can prevent and overcome the risks that occur. In general, the risks faced by the banking world are operational risks, financial risks and information risks. This is in line with the results of research conducted by Pascalia (2017) that financial risk management that is implemented in credit management is an effort to prevent fraud. This shows that the implementation of risk management in BPRs will increase efforts to minimize fraud in BPRs. So, the second hypothesis proposed in this study is: H2: Risk Management has an effect on efforts to minimize potential fraud based on the Pentagon Fraud Concept

Compliance and Fraud Pentagon
The high level of compliance that is carried out by a company can make the company have a positive perspective, improve the performance of corporate governance, and enhance risk management. Having a good level of compliance can prevent fraud. The company must comply with applicable regulations and policies so as not to harm customers and the company itself. However, the results of research conducted by Najib and Rini (2016), entitled "Sharia Compliance, Islamic Corporate Governance and Fraud in Sharia Banks", show that sharia compliance has no effect on fraud prevention. So, the third hypothesis proposed in this study is: H3: Compliance has an effect on efforts to minimize potential fraud based on the Fraud Pentagon Concept

METHODS Population and Research Sample
According to Sugiyono in Lestari (2017) The research analysis is carried out in 4 stages: descriptive analysis, data quality analysis, structural model analysis, and hypothesis analysis. Descriptive analysis is carried out to see the trend of the frequency distribution of the variables and to determine the level of achievement of each variable. This study uses the type of interval data in the form of a Likert scale with six points: "strongly disagree", "disagree", "somewhat disagree", "some what agree", "agree", and "strongly agree".
Data quality analysis is used to determine whether the questionnaire indicators used are able to measure an indicator on the research variable used. The following is a series of tests that will be carried out on the research questionnaire indicators.
Structural analysis model is used to consider interaction modeling, non-collinearity, correlated independent variables, measurement error, correlated error terms, each of which is measured using multiple indicators, and one or two latent dependent variables, each of which is also measured by several indicators.
Hypothesis analysis is conducted using z test. The z test is used to test whether each independent variable partially affects the dependent variable. In the z test, the significant level used is 5%. If the value of z count is greater than z table and the value of P> | z | is lower than the significance level, it indicates that the independent variable has a significant effect on the dependent variable. However, if the value of z count is smaller than the z table and the value of P> | z | is greater than the significance level, it indicates that the independent variable has no significant effect on the dependent variable.  Siregar, 2012 used as indicators of corporate governance, such as transparency, accountability, responsibility, independence, and fairness. Respondents' perceptions related to the variable of corporate governance indicate that 100% of respondents, or as many as 34 respondents, agree that the implementation of corporate governance principles can minimize the occurrence of fraud, as shown in Figure 1.

Respondents' Perceptions Related to Risk Management
Statement items on the variable of risk management are measured by indicators of risk management, such as operational risk, financial risk, and information risk. Respondents' perceptions related to the variable of risk management indicate that 100% of respondents, or as many as 34 respondents, agree that the implementation of risk management can minimize the occurrence of fraud, as shown in Figure 2.  Figure 3.

. Respondents' Perceptions related to the Variable of Risk Management
Source: Questionnaire Data Processing, 2020 that 100% of respondents, or as many as 34 respondents, agree that the implementation of prevention indicators can minimize the occurrence of fraud, as shown in Figure 4.

Data Quality Analysis Data Validity Test
From the results of the validity test, it is found that the variable of corporate governance, with indicators of transparency, accountability, responsibility, and fairness, has a high correlation value, and only the indicator of independence that has a moderate correlation value. The variable of risk management, with indicators of operational risk, financial risk and information risk, has a high correlation value. The variable of compliance, with indicators of operational risk, financial risk and information risk, has a high correlation value. The variable of fraud pentagon, with indicators of competence, opportunity and rationalization, has a high correlation value, but only the indicators of arrogance and pressure that have a moderate correlation value. So, all variables with their indicators are declared valid for use in this study.

Reliability Test
From the results of reliability test, it is found that the variables of corporate governance, risk management, compliance, and the fraud pentagon have a high correlation value so that all variables are declared reliable for use in this study (Table 7).

Structural Model Analysis
Based on the results of the structural model test in Table 8, it can be said as follows: a. The coefficient is positive, meaning that there is a positive relationship between the CG (X1) and the Fraud Pentagon, so the higher the CG (X1), the higher the efforts to minimize fraud based on the Fraud Pentagon concept. b. The coefficient is positive, meaning that there is a positive relationship between RM (X2) and the Fraud Pentagon, so the higher the MR (X2), the higher the efforts to minimize fraud based on the Fraud Pentagon concept. c. The coefficient is negative, meaning that there is a negative relationship between C (X3) and the Fraud Pentagon, so the lower the C (X3), the lower the efforts to minimize fraud based on the Fraud Pentagon concept.

The Effect of Corporate Governance on the Fraud Pentagon
The results of the first hypothesis testing show that the relationship between the variable of corporate governance, as measured by using corporate governance principles, and the variable of fraud pentagon has the z value of 2.01 which is greater than the z table value of 1.96 and has the probability value of 0.045 which is lower than the significance level of 0.05. So it can be concluded that the variable of corporate governance has a significant effect on the variable of fraud pentagon.
The results of this significance are in accordance with the first hypothesis (H1) that corporate governance has an effect on efforts to minimize potential fraud based on the fraud pentagon concept. This significant influence indicates that the implementation of corporate governance at the BPR Bank has met the five principles of corporate governance, such as transparency, accountability, responsibility, independence and fairness. The implementation of the principle of transparency in each BPR is very important in maintaining objectivity in carrying out business activities. This becomes very important because BPR is a financial institution that collects public funds in the form of savings and distributes the funds to the public. Therefore, transparency in both financial and non-financial reports is needed so that shareholders or customers can trust to invest in BPR.
The implementation of the accountability principle is evidenced by clarity regarding the functions and structures in carrying out the responsibilities of each company so as to create checks and balances on authority and roles in managing BPRs. This is evidenced by the effectiveness of the supervisory function carried out by the board of commissioners in carrying out its duties to supervise, provide direction and evaluate all forms of policies of the board of directors in managing BPRs. The BPRs have clearly defined the functions and responsibilities of employees in carrying out the operational activities of the BPRs. To develop quality, a reward and punishment system is applied to change and increase employee productivity and motivation gradually and continuously. The implementation of the principle of responsibility in each BPR is a form of accountability to customers and the environment which is expected to create awareness that in banking activities, companies can often generate negative externalities that must be borne by the public. In addition, the accountability principle is also expected to assist the role of the government in reducing economic problems, such as gaps in opinion, and promoting national economic growth through MSMEs.
Based on the explanation regarding the implementation of the independence principle carried out by each BPR, it can be seen that the implementation of this principle is in line with all the rules governing the implementation of BPR governance. In its implementation, it is found that each BPR has been managed professionally without any conflict of interest, pressure, and intervention from any party.
Based on the explanation regarding the implementation of the fairness principle carried out by each BPR, it can be seen that the fairness principle can be implemented properly for the continuity of banking activities so that BPRs get positive values from customers, stakeholders, investors, as well as the Financial Services Authority. By implementing this principle, it is hoped that the governance system in each BPR can run well in order to achieve the company's vision and mission and increase the trust of the public and other stakeholders. This governance principle affects BPR's efforts to minimize the occurrence of fraud based on the Fraud Pentagon concept. It is conducted by implementing an antifraud control program based on the values adhered to by BPRs, so as to be able to emphasize all employees to carry out their obligations as well as possible and train good morale in every employee. In addition, BPR regularly also conducts socialization and training to related fields regarding efforts to improve internal control, recognizes employee performance results in accordance with BPR targets, and evaluates employee contributions in developing a positive work environment in accordance with company values. This shows that BPRs has implemented the corporate governance optimally to prevent from fraud. This is in accordance with the results of the respondents' responses regarding the implementation of the principles of corporate governance which have been presented in Figure 4.7 that 100% of respondents stated agree.
These results are in line with the results of research conducted by Wefa (2017)  that the implementation of corporate governance has an effect on the occurrence of fraud in SOEs in Pekanbaru City. The implementation of corporate governance has an impact on the focus of company management in a clearer division of duties, responsibilities and supervision. This means that the higher the level of implementation of corporate governance in SOEs, the lower the occurrence of fraud in SOEs in Pekanbaru City.

The Effect of Risk Management on the Fraud Pentagon
The results of the second hypothesis testing show that the relationship between the variable of risk management, as measured by using the types of risk, and the fraud pentagon has the z value of 2.18 which is greater than the z table value of 1.96, with probability value of 0.029 which is lower than the significance level of 0.05. So it can be concluded that the variable of risk management has a significant effect on the variable of fraud pentagon. This significant result is in accordance with the second hypothesis that the variable of risk management has an effect on efforts to minimize potential fraud based on the fraud pentagon concept. This significant influence indicates that the implementation of risk management has overcome all three risks including operational risk, financial risk and information risk. Therefore, it proves that each BPR has implemented an adequate internal control system. BPRs regularly pay attention to HR by improving the quality of human resources through various forms of training and supervising employees so that they do not take any action that could harm the company.
The implementation of financial risk management in BPR is proven by good management of cash inflow and cash outflow. As a financial service provider, each BPR has calculated the adequacy of funds in overcoming short-term and longterm debt so that the BPR avoids the risk of difficulties in paying off its debts. In addition, BPRs take great care and pay close attention to the rate of repayment of loans to their customers. The implementation of financial risk management is felt to have been carried out in accordance with the provisions stipulated by the regulator in the presence of the Legal Lending Limit (LLL) and so on. There is no violation and exceedance of the LLL. However, the policy regarding the provision of large amounts of funds also needs to be taken into account and improved.
Given the limited capital owned and the high risk of bad credit, before providing credit, each BPR must first conduct a survey to determine the ability of consumers to repay credit and monitor the use of this credit. With regard to the implementation of information risk management in BPRs, all information regarding values needs to be conveyed properly to all employees so that they know the goals and targets of the company and the BPR is able to increase efforts to minimize the occurrence of fraud. Thus, employees must be instructed not to deviate from the rules and regulations set by the regulator. In addition, by providing the information needed by stakeholders, BPRs will avoid misuse of incomplete information by stakeholders.
Maintaining customer information and accounts is also the BPR's obligation to retain its customers. This method is able to increase the level of customer trust in the BPR. The efforts made by BPRs to minimize the occurrence of fraud, based on the Fraud Pentagon concept, are by organizing career development trainings to increase employee morale and promoting good cooperation to prosper all aspects of the company. In addition, BPRs need to update the banking operational system at least within 1 year to minimize the weakness gaps that occur in the banking operational system. This indicates that the second hypothesis is accepted, meaning that the risk management in BPRs has been implemented optimally to prevent fraud. This is in accordance with the results of the respondents' responses regarding the implementation of risk management, as presented in Figure 4.13 where 100% of respondents agreed.
The results of this study are in line with the results of research conducted by Pascalia (2017) that financial risk management in credit management is an effort to prevent fraud. Risk management, consisting of financial risk, operational risk and strategic risk, applied to Credit Unions is an effort to prevent fraud. Therefore, the effect of risk management on fraud prevention is very strong.

The Effect of Compliance on the Fraud Pentagon
The results of the third hypothesis testing show that the relationship between the variable of compliance, as measured by using POJK No. 4/POJK.03/2015 and SEOJK No. 6/SEOJK.03/2016, and the fraud pentagon has the z value of -1.97 which is smaller than the z table value of 1.96 with a probability value of 0.058 which is greater than the significance level of 0.05. So it can be concluded that the variable of compliance has no significant effect on the variable of fraud pentagon. This shows that the third hypothesis is rejected, which means that the implementation of compliance has not been optimally implemented in preventing fraud. This is not in accordance with the results of respondents' responses regarding compliance that have been presented. BPRs have implemented the compliance function in their banking activities. The form of implementation is evidenced by the establishment of an independent compliance work unit in accordance with POJK No. 4/POJK.03/2015 and SEOJK No. 6/SEOJK.03/2016 regarding compliance with having directors who do not participate in the distribution of funds and have been equipped with compliance executive officers so that the implementation of the compliance function to reduce the level of violations can run well.
As evidence of the implementation of compliance function, PT. BPR Koperindo Jaya BPR has appointed a member of the board of directors in charge of the compliance function to form a compliance work unit and had work guidelines, systems and compliance procedures. However, in its implementation, the compliance function has not been implemented optimally because the appointment of members of the board of directors in charge of the compliance function and compliance formation was only carried out in the fourth quarter of 2018. In addition, BPRs only have a small scope and area coverage. The implementation of compliance function in PT. BPR Bahtera Masyarakat, related to its business activities, has been carried out in accordance with the stipulated rules. BPR has appointed and established a compliance work unit and ensures that the company's activities, systems and financial implementation procedures are in accordance with the SOP. The BPR is consistent with implementing the rules set by the Financial Services Authority and aware of the importance of implementing corporate governance and risk management effectively for the sustainability of the BPR. Similar to BPR Koperindo Jaya, this compliance function has not been implemented optimally because the appointment of members of the board of directors in charge of the compliance function and compliance formation was only carried out in the first quarter of 2018. Thus, BPR's efforts to minimize the occurrence of fraud, which are based on the Pentagon Fraud concept with the implementation of the compliance function in the BPR, have not been implemented optimally to prevent fraud. This is not in accordance with the results of respondents' responses regarding the implementation of compliance as shown in Figure 4.17 where 100% of respondents agreed. This is in line with the results of research conducted by Najib & Rini (2016), entitled "Sharia Compliance, Islamic Corporate Governance and Fraud in Sharia Banks" that sharia compliance has no effect on fraud prevention.

CONCLUSION
Good Corporate Governance, consisting of transparency, accountability, responsibility, independency and fairness, has a significant effect and increases efforts to minimize potential fraud based on the Fraud Pentagon concept. Risk Management, consisting of operational risk, finance risk and information risk, has a significant effect and increases efforts to minimize potential fraud based on the Fraud Pentagon concept. Compliance, as measured by POJK No. 4/ POJK.03/2015 concerning Implementation of Governance for Rural Banks (BPR) and SEOJK No. 6/SEOJK.03/2016 concerning Implementation of the Compliance Function for BPR, has no significant effect and reduce efforts to minimize potential fraud based on the Fraud Pentagon concept.This research tends to be new research which includes governance, risk management, and compliance (GRC) as X variable and Crowe's Fraud Pentagon Theory as Y variable. The small number of samples is one of the obstacles of this study. Therefore, further research is expected to increase the number of samples and extend the span of the study. This study uses only 3 variables: corporate governance, risk management, and compliance. Future research is expected to add more independent variables. Through this research, it is hoped that there will be other studies regarding efforts to minimize fraud based on the latest fraud concept.