By attracting the attention of the public, the media, investors, the financial community and regulators, the problem of financial fraud is of crucial importance today. In fact, the exacerbation of this problem is largely due to businesses' growing reliance on new technologies. Indeed, the latter create sophisticated scams, which creates an environment favorable to corporate fraud.

In such a context, it is certainly necessary to have fraud prevention, detection, analysis and management systems for the reliability of published financial information and consequently for the continuity and stability of activities. In particular, the internal control system is supposed to enable companies to better mitigate the risks of fraud and to face new challenges relating to new technologies. According to Cuomo (2005), internal control constitutes "a set of policies and procedures that protect an organization's assets, produce reliable financial reports, facilitate regulatory compliance, and enable effective and efficient operations."

  In the banking sector, fraud is a major fear of all banks around the world, as most customers experience fear and quickly lose confidence due to increasing bank fraud. In this context, Beasley, Carcello, Hermanson and Lapides (2000) state that in order to reduce opportunities for workplace fraud, internal control is one of the most commonly used tactics in the financial sector to protect employees. employees against the threat of fraud.

Particularly, in the Tunisian context, Law No. 2005-96 of October 18, 2005 relating to the reorganization of the financial market, carries out a general evaluation relating to the effectiveness of the internal control system of Tunisian banks. Responsibility for the design and implementation of an internal control system as well as the periodic monitoring of its effectiveness and efficiency lies with management and the board of directors. At the same time, Tunisian supervisors have put in place accounting organization standards and banking internal control systems (accounting standard no. 22) to strengthen internal control mechanisms.

The objective of this paper is therefore to determine the contribution of internal control, in particular risk assessment, in the detection and prevention of fraud in Tunisian banks.

The research question that arises is therefore the following:

What is the impact of the internal control system, particularly risk assessment, on the detection and prevention of financial fraud in Tunisian banks?

This paper is structured as follows: the first section will be devoted to the literature review, the development of hypotheses and the development of the conceptual model. In the second section we will explain our research methodology. The third section will present the empirical results. As for the fourth section, it will focus on the discussion of our empirical results.

The term “Fraud” has had several definitions. Thus, according to Carassus and Cormier (2003), financial fraud is “an act voluntarily committed, by one or more people from management, by employees or even by third parties, which results in erroneous financial statements, within the meaning of false, inaccurate and misleading.” Likewise, fraud is defined by the National Company of Auditors as an “intentional act committed by one or more managers, employees or any other person, involving fraudulent maneuvers with the aim of obtaining an undue or illegal advantage”.

The literature review shows that the problem of financial fraud is not a recent problem. In fact, starting in the 1970s, fraudulent corporate political financing and illegal financial movements abroad in the wake of the Watergate affair were discovered. Likewise, a controversial bankruptcy of American savings banks was recorded. Such events had the effect of calling into question the quality of the accounting and financial information disclosed. Eichenseher and Schields (1985) for their part confirm the increase in the number of frauds from this date.

This is how, from 1977, the promulgation of the Foreign Corrupt Act by the American Congress ended up requiring companies to keep accounts and implement an internal control system. During this same year (1977), Vanasco (1994) specifies that the Foreign Corrupt Practice Act decreed by the American Congress has just required American companies to keep accounts, expand their internal control activities and set up audit committees. However, until the 1980s, companies were content to improve the image of governance among the general public and they were no longer focused on actually improving the quality of governance (Birkett, 1986). It was only from the 1990s that the notion of governance underwent a new conception by designating a new way of managing businesses which aims to counteract the corruption that was widespread during that era. As a result, and with a view to restoring the confidence of the general public, new normative texts came into being which focused on the need to establish an internal control system.

Furthermore, a series of financial scandals (Enron affair, Worldcom, Parmalat, etc.) has just shaken the confidence of the financial markets and the general public. This called into question the quality of the governance system of these companies. This state of affairs pushed the American Congress to launch a policy aimed at restoring confidence in the financial markets, hence the promulgation of the SOX law (the Sarbanes-Oxley Act) in 2002. Its objective is to protect shareholders by verifying that company financial information is accurate. An organization must include a report on internal controls in every financial report to be compliant. In fact, the primary responsibility for fraud prevention and detection lies with the managing authority. However, it is important to recognize that the success of the fight against fraud depends on the collaborative efforts of management and certification authorities, auditors and other stakeholders.

In this context, agency theory (M. Jensen and W. Meckling, 1976) states that when shareholders (principal) delegate the management of their companies to managers (agent), the latter find room to operate. in the sense of their own interests which diverge from those of the shareholders, thus creating conflicts of interest which are linked to this separation of control / ownership. These conflicts thus require a system of control of leaders.

In fact, the role of internal control in preventing and detecting financial fraud is widely supported by academic research. Internal control is “a process implemented by the company aimed at guaranteeing the protection of assets, the security and quality of information, ensuring legal compliance, and also ensuring that management instructions are applied to improve performance. performance of the company”. COSO[1] (1992)

Given the importance and necessity of establishing an internal control system, Dimitrijevic et al. (2015) emphasize the importance of ensuring the assessment of the quality of internal control in companies by internal auditors. They stated that it is fully essential when an organization lacks internal audit and several control processes are implemented to promote the effectiveness of the internal control system.

In fact, COSO (1992) states that internal control consists of the control environment, risk assessment, information and communication, monitoring and control activities, as well as other control elements related. In this study, we will focus our interest on one of the main dimensions of internal control, namely: “risk assessment”. In this context, Moeller (2007) specifies that in the COSO model, the risk assessment pursues four stages, namely: the identification of hazards, the estimation of their importance, the evaluation of probability and frequency occurrence and examining the advisability of developing countermeasures. In this same context, Marshall et al. (2006) state that the risk assessment dimension can be divided into three phases, including: event identification, risk assessment and risk response.

In fact, many empirical studies have attempted to test the nature of the relationship between internal control and financial fraud. In this sense, Dechow et al., (1996) empirically proved that internal control and the probability of fraud are linked. Similarly, McMullen (1996) demonstrates that the establishment of an internal control system has the effect of reducing errors and irregularities in financial statements, such as: fraud, illegal acts, SEC orders, the change of auditor following a disagreement relating to certain accounting aspects. For his part, Dunn (2004) also showed that the concentration of power in the hands of internal directors and the probability of publishing fraudulent financial statements are positively linked. From a similar perspective, Rae, K. and Subramaniam, N. (2008) showed that internal control has a moderating effect on the relationship between perceptions of organizational justice and employee fraud.

  In a similar sense, Baz et al (2016) empirically verified that internal control and fraud prevention and detection are positively and significantly related. Likewise, Richard et al (2017) revealed that the establishment of the internal control system and good governance have a significant positive impact on fraud prevention. Along the same lines, Zhang (2018) finds that due to improved public governance, companies are less willing to commit fraud in the post-campaign period than in the pre-campaign period.

For their part, Fernandhytia, and Muslichah, (2020) empirically approved that increasing internal control has the effect of weakening the tendency for accounting fraud in a company. As for Puryati, and Febriani (2020), they assured that the alert system and internal control significantly affect fraud prevention. They indicated that fraud can be avoided by establishing reliable internal control and increasing the whistleblowing system to all parts of the organization.

In this study, and like these authors, we will propose the following hypothesis:

H: There is a significant and positive effect of internal control systems on fraud prevention and detection in Tunisian banks

Thus, with reference to the postulates of agency theory and the developments of all of these authors, our conceptual model will therefore be as follows:    

1. Research methodology

1- Measurement and operationalization of variables:

Concerning internal control, we will focus our study on one of the main dimensions of internal control, namely: “risk assessment”. We therefore used the measurement scale of Fatemi and Glaum (2000) and Rae et al. (2008) composed of four dimensions, namely: financial risk management, environmental risk management, competitive risk management and operational risk management. Referring to this scale and adding a pilot test involving five finance academics and five bank directors, we retained, for each of these dimensions, the measurement scale of Moeller (2007). This scale consists of the following items: the identification of hazards, the estimation of their importance, the evaluation of the probability and frequency of occurrence and the examination of the advisability of developing countermeasures.

As for the variable “fraud detection and prevention”, we adopted the measurement scale of Golicha and Onsiro (2022).

2- Target population, sampling technique, administration, data collection and analysis

Regarding sampling and in order to obtain the most relevant information, we chose the stratified and simple random sampling method. Indeed, each respondent has an equal chance of responding. The population consists of all Tunisian commercial banks. As for the questionnaire, we had to verify the validity of the consensual and facial content through the assessment of peers and experts and a pre-test with 12 managers from several banks. Subsequently, it was administered, in its final version, to senior managers and heads of departments (Operations department, human resources department, ICT department, internal audit department and accountants). Initially, 144 questionnaires were distributed, but only 49 were collected, of which only 42 were usable with a rate of 29.16%. Respondents are asked to show their degree of agreement with each item on the various measurement scales used for the study. The questions were asked following the 7-class Likert scale ranging from “very weak” to “very strong”.

[1]  Committee of Sponsoring Organizations of the Treadway Commission

Before moving on to hypothesis testing, and in addition to the content validity test carried out, we carried out an exploratory study which allowed us to purify the measurement scales and verify the reliability and validity of the measurement instruments, through principal component analysis (PCA) and the calculation of Cronbach's alpha. Subsequently, we definitively ensured the reliability of the measurement scales selected from the PCA using confirmatory factor analysis (CFA). Then, we used the linear regression method to test the linear relationship between risk assessment (internal control) and the detection and prevention of financial fraud:

  Y

With

Y: dependent variable which corresponds to the financial fraud prevention and detection indicators

X1: independent variable which reflects financial risk management

X2: independent variable which reflects the management of environmental risks

X3: independent variable which reflects competitive risk management

X4: independent variable which reflects operational risk management

The results of the linear regression used to test the relationship between risk assessment and the indicators of prevention and detection of financial fraud in Tunisian banks show that the model is overall significant because the probability associated with the Fisher statistic is zero, which confirms that all of the explanatory variables have a significant overall impact on the prevention and detection of financial fraud.

In addition, the coefficient of determination R2 is of the order of 0.418. This results in the fact that 41.8% of the variability in the prevention and detection of financial fraud is explained by the model.

As for the explanatory variables, we found that the variables: “risk analysis” and “control security” are statistically significant. The same goes for the constant. However, the variable “probability and impact of risk” turned out to be insignificant. Likewise, for the “identification of procedures” variable, the empirical analysis allowed us to confirm that it does not have a significant impact on fraud.

As for the nature of the effect of these different variables on the prevention and detection of financial fraud, our empirical analysis allowed us to confirm that risk analysis as well as control security have a positive effect on prevention. and detection of financial fraud. Hence the confirmation of our hypothesis H1.

Formally the estimated research proposal is as follows:

The empirical results of our research suggest that at the level of the banks in our sample, risk assessment promotes the prevention and detection of financial fraud and constitutes an effective means in the hands of managers to fight against financial fraud.

Our results thus coincide with those of Oguda Ndege et al (2015) and Golicha and Onsiro (2022). These authors showed that internal control helps in the prevention and detection of financial fraud. Oguda Ndege et al (2015) showed that five components must be identified and taken into account for effective internal control, namely: the control environment, risk assessment, control activities, monitoring as well as information and communication. All of these elements must be linked synergistically to form an integrated system that dynamically responds to the detection and prevention of financial fraud.

As for Golicha and Onsiro (2022), they showed, from a sample of Kenyan banks, that risk assessment was positively and significantly associated with fraud detection and prevention. According to these authors, new technologies must be developed and government regulations must be revised to improve fraud detection and prevention.

The aim of this study was to assess the impact of internal control on the detection and prevention of financial fraud in the Tunisian banking sector. Through a quantitative study, we found that there is a significant positive relationship between risk assessment and the detection and prevention of financial fraud in Tunisian banks. In fact, using linear regression, we were able to affirm that risk assessment was successful in detecting and preventing fraud. More specifically, the empirical analysis allowed us to show that the measures used to analyze risks were successful in detecting and preventing fraud. Additionally, control security had a statistically significant beneficial impact on fraud detection and prevention.

This research thus constitutes a contribution to theoretical debates on the determinants of the prevention and detection of financial fraud, in particular the contribution of internal control to the resolution of this problem.

The results of our empirical study are also important for public authorities who must legally ensure the proper execution of internal control in order to minimize the risks of financial fraud, restore confidence in the financial market and thus promote a favorable market, reliable and attractive to investors.

However, this work is not without limitations. Indeed, other components of internal control can be studied to better analyze the effect of this mechanism on the prevention and detection of financial fraud. Also, our results will certainly be more relevant if we combine the quantitative approach and the qualitative approach.

1. Birkett, B.S. (1986) ‘The recent history of corporate audit committees’, The Accounting historians Journa Vol. 13, No. 2, pp. 109-134.
2. Baz, R. and Samsudin, R. S. and Che-Ahmad, A. and Popoola, O. M.J. (2016) ‘Capability component of fraud and fraud prevention in the Saudi arabian banking sector’, International Journal of Economics and Financial Issues, Vol. 6 , No. pp. 68-71, https://ssrn.com/abstract=2810745
3. Beasley, M.S., Carcello, J.V., Hermanson, D.R. And Lapides, P.D. (2000) ‘Fraudulent financial reporting: consideration of industry traits and corporate governance mechanisms’, Accounting horizons, Vol. 14, pp. 441-454, http://dx.doi.org/10.2308/acch.2000.14.4.441
4. Carassus, D. and Cormier D., (2003) ‘L’évaluation du risque de fraude comme objet d’analyse de l’audit externe légal’, Comptabilité, Contrôle, Audit, Printemps.
5. Cuomo, A. (2005) ‘Internal controls and financial accountability for not-for-profit boards’ Retrieved August 29, 2012, From oag.state.ny.us/charities/html
6. Dechow, P., Sloan R. and Sweeney A.P. (1996) ‘Causes and consequences of earnings manipulation, Contemporary Accounting Research, Vol.13, pp. 1-36.
7. Dimitrijevic, D., Milovanovic, V. and Stancic, V. (2015) ‘The Role Of A Company’s Internal Control System In Fraud Prevention’ Financial Internet Quarterly „E-Finanse,  11,  No.3, pp. 34- 44.
8. Dunn, P. (2004) ‘The Impact Of Insider Power On Fraudulent Financial Reporting’ Journal of Management, 30, No. 3, pp. 397-412.
9. Eichenseher, J. and Shields, D. (1985) ‘Corporate Director Liability and Monitoring Preferences’ Journal of Accounting And Public Policy, Vol. 4, No. 1, pp. 13-31.
10. Fernandhytia, F. and Muslichah, M. (2020) ‘The effect of internal control, individual morality and ethical value on accounting fraud tendency’ Media Ekonomi Dan Manajemen, Vol. 35, No. 1, pp.112-127.
11. Golicha, K. J. and Onsiro, M. (2022) ‘Assessing the of effect of risk assessment on detection and prevention of fraud in banking sector in kenya’ Asian Journal of Economics, Business And Accounting, Vol. 22, No.17, pp. 45-54. https://doi.org/10.9734/ajeba/2022/v22i1730639
12. Mcmullen, D. (1996) ‘Audit committee performance: an investigation of the consequences associated with audit committees’ Auditing: A Journal of Practice and Theory, Vol. 15, pp. 87-103.
13. Oguda, N. J., Odhiambo A. and Byaruhanga, J. (2015) ‘Effect of internal control on fraud detection and prevention in district treasuries of kakamega county’ International Journal Of Business and Management Invention, Vol. 4, No.1, pp.47-57.
14. Puryati, D. and Febriani, S. (2020) ‘The consequence of whistleblowing system and internal control toward fraud prevention: a study on indonesian state-owned enterprise’ International Journal Of Business And Technology Management, Vol. 2, No.3, pp. 35-48.
15. Rashid, C. A. (2022) ‘The role of internal control in fraud prevention and detection’, Journal of Global Economics and Business, Vol. 3, No. 8, pp. 43-55.
16. Rae, K. and Subramaniam, N. (2008) ‘Quality of internal control procedures: Antecedents and moderating effect on organisational justice and employee fraud’ Managerial Auditing Journal, Vol. 23, No. 2, pp. 104-124. https://doi.org/10.1108/02686900810839820
17. Rae, Kirsten; Sands, John; and Subramaniam, Nava, Associations among the Five Componentswithin COSO Internal Control-Integrated Framework as the Underpinning of Quality CorporateGovernance, Australasian Accounting, Business and Finance Journal, 11(1), 2017, 28-54.doi:10.14453/aabfj.v11i1.4
18. Vanasco, R.R. (1994) ‘The audit committee: an international perspective’ Managerial Auditing Journal, Vol. 9, No. 8, pp. 18-42. https://doi.org/10.1108/02686909410071151
19. Zhang, J. (2018) ‘Public governance and corporate fraud: evidence from the recent anticorruption campaign in China ‘ Journal Of Business Ethics, Vol. 148, No. 2, pp.375-396.