the role of corporate culture as a contributor to … · the role of corporate culture as a...

THE ROLE OF CORPORATE

CULTURE AS A CONTRIBUTOR TO

FRAUD AND CORRUPTION IN

AUSTRALIA: PERCEPTIONS OF

FORENSIC ACCOUNTANTS AND

INDUSTRY PROFESSIONALS

Billy Lukmanjaya

BCULA (TAYLOR’S), MBUS (QUT)

Submitted in fulfilment of the requirements for the degree of

Master of Philosophy (Accountancy)

School of Accountancy

QUT Business School

Queensland University of Technology

2019

The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic

Accountants and Industry Professionals i

ii The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic

Accountants and Industry Professionals

Keywords

Corporate Culture, Corporate Misconduct, Corruption, Ethics, Forensic Accounting,

Fraud, Risk Culture, Shared Values, Tone from the Top.


Accountants and Industry Professionals iii

Abstract

The Inquiry Panel asked how a well-known and sophisticated organisation

such as the Commonwealth Bank (CBA) could have the governance

weaknesses, serious professional misbehaviour, ethical lapses and compliance

failures that were identified. They concluded that ‘A complex interplay of

organisational and cultural factors has been at work.’ Australian Prudential

Regulation Authority (APRA), Final Report of the Prudential Inquiry into the

Commonwealth Bank of Australia (2018, p. 3)

As noted above, the impact of corporate culture on an organisation’s risk profile has

been evidenced over the last several decades by a range of high profile scandals and

corporate collapses. In Australia, the 2018 Royal Commission into Misconduct in the

Banking, Superannuation and Financial Services and the Australian Prudential

Regulation Authority’s release of the CBA Prudential Inquiry Final Report into the

Commonwealth Bank of Australia have both exposed a range of examples of poor

corporate culture leading detrimentally to higher risks of fraud, corruption and broader

economic losses.

This thesis focusses on the role organisational culture plays as a contributor to

incidents of fraud and corruption. As a qualitative inductive study, semi-structured

interviews are used with forensic accountants and senior management who have

worked in multiple fraud and corruption investigations to explore and identify

common characteristics around firm culture that impact incident rates. Building on

existing research in the organisational, finance, accounting, management and ethics

disciplines around culture/corruption links, this thesis identifies key attributes that are

contributors in this respect, and they include shared values, tone from the top, ethics

and risk culture.

iv The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic


The study then presents a conceptual framework developed from prior literature, the

STER model (Shared Values; Tone from the Top; Ethics and Risk Management), to

illustrate the relationship between corporate culture and incidents of economic crime.

Findings from this research substantiate and expand existing conceptual frameworks,

demonstrating that shared values within an organisation can influence employees’

perceptions of what is acceptable, that employees will mirror management’s conduct,

that the combination of ethical culture, ethical education and ethical climate could

serve as preventive measures to fraudulent and corrupt acts, and that proactive risk

assessments would minimise the chances of fraud and corruption incidents occurring.

This model serves as a pathway for future research in further exploring the relationship

between corporate culture and incidents of fraud and corruption, aids organisations in

nurturing anti-fraud and anti-corrupt corporate culture, and complements the 2018

Royal Commission into Misconduct in the Banking, Superannuation and Financial

Services to better understand the role of corporate culture in contributing to corporate

misconduct.


Accountants and Industry Professionals v

Table of Contents

Keywords ................................................................................................................................. ii

Abstract ................................................................................................................................... iii

Table of Contents ......................................................................................................................v

List of Figures ........................................................................................................................ vii

List of Tables ........................................................................................................................ viii

List of Abbreviations .............................................................................................................. ix

Acknowledgements ................................................................................................................ xii

Supervisors ............................................................................................................................. xii

Chapter 1: Introduction ............................................................................................ 1

1.1 Background .........................................................................................................................1

1.2 Growth and Cost of Fraud and Corruption .........................................................................3

1.3 Corporate Culture ................................................................................................................4

1.4 Fraudulent Cases and Corporate Culture – U.S. and Australia .........................................10

1.5 Motivation, Purpose and Research Question ....................................................................13

1.6 Methodology .....................................................................................................................14

1.7 Contributions.....................................................................................................................14

1.8 Summary and Thesis Outline ............................................................................................15

Chapter 2: Literature Review ................................................................................. 17

2.1 Fraud and Corruption (FC) ...............................................................................................17

2.2 Corporate Governance (CG) .............................................................................................25

2.3 Corporate Culture, Fraud and Corruption .........................................................................28

2.4 Gaps in the Literature ........................................................................................................46

2.5 Summary ...........................................................................................................................51

Chapter 3: Conceptual Framework ....................................................................... 53

3.1 Research Question ............................................................................................................53

3.2 Conceptual Background ....................................................................................................53

3.3 Conceptual Framework .....................................................................................................60

3.4 Summary ...........................................................................................................................62

Chapter 4: Methodology .......................................................................................... 63

4.1 Research Design ................................................................................................................63

4.2 Participants and Sampling Strategy ..................................................................................64

4.3 Instruments ........................................................................................................................65

4.4 Trustworthiness of the Research Design ...........................................................................68

4.5 Procedures and Timeline ...................................................................................................72

vi The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic


4.6 Analysis ............................................................................................................................ 74

4.7 Ethics and Potential Risks ................................................................................................ 76

4.8 Summary .......................................................................................................................... 78

Chapter 5: Results .................................................................................................... 81

5.1 Background Information .................................................................................................. 81

5.2 Evidence from Corporate Culture Attributes ................................................................... 83

Chapter 6: Discussion ............................................................................................ 107

6.1 Shared Values ................................................................................................................. 107

6.2 Tone from the Top .......................................................................................................... 109

6.3 Ethics .............................................................................................................................. 110

6.4 Risk Culture .................................................................................................................... 112

6.5 Revised and Refined STER Conceptual Model ............................................................. 117

6.6 Summary ........................................................................................................................ 120

Chapter 7: Conclusions .......................................................................................... 123

7.1 General Discussion ......................................................................................................... 123

7.2 Contributions .................................................................................................................. 125

7.3 Limitations ..................................................................................................................... 126

7.4 Future Research .............................................................................................................. 126

References 129

Appendices 144


Accountants and Industry Professionals vii

List of Figures

Figure 2.1. A Model of Decision-Making Incorporating Ethical Values (Fritzsche, 1991) .. 32

Figure 3.1. A Conceptual Framework of Corporate Culture and FC (STER Model). ........... 61

Figure 6.1. A Revised Conceptual Framework of Corporate Culture and FC (STER Model).

..................................................................................................................................... 118

viii The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic


List of Tables

Table 2.1 ................................................................................................................................. 49

Table 4.1 ................................................................................................................................. 74

Table 5.1 ................................................................................................................................. 82

Table 5.2 ............................................................................................................................... 105

Table 6.1 ............................................................................................................................... 116


Accountants and Industry Professionals ix

List of Abbreviations

AAER : Accounting and Auditing Enforcement Releases

ACFE : Association of Certified Fraud Examiners

AIG : American International Group

APRA : Australian Prudential Regulation Authority

ASIC : Australian Securities and Investments Commission

BOD : Board of Directors

CBA : Commonwealth Bank of Australia

CDS : Credit Default Swap

CEO : Chief Executive Officer

CG : Corporate Governance

FC : Fraud and Corruption

FFR : Fraudulent Financial Reporting

FSF : Financial Statement Fraud

ISACA : Information Systems Audit and Control Association

MoA : Misappropriation of Assets

NAB : National Australia Bank

OECD : Organisation for Economic Cooperation and Development

PwC : PricewaterhouseCoopers

RMS : Risk Management Strategy

x The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic


SEC : U.S. Securities and Exchange Commission

STER : Shared Values, Tone from the Top, Ethics, and Risk Culture

TMT : Top Management Team

UN : United Nations

US : The United States of America


Accountants and Industry Professionals xi

Statement of Original Authorship

The work contained in this thesis has not been previously submitted to meet

requirements for an award at this or any other higher education institution. To the best

of my knowledge and belief, the thesis contains no material previously published or

written by another person except where due reference is made.

Signature: QUT Verified Signature

Date: February 2019

xii The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic


Acknowledgements

I would like to thank my family for believing in me. I would also like to express

my gratitude to my supervisors, Jeanette and Julie-Anne, as well as the research

student learning advisor, Jonathan for their outstanding and continuous support.

Supervisors

Dr Jeanette Van Akkeren

Principal Supervisor

QUT Business School, Accountancy

P: +61 7 3138 2061

E: [email protected]

Professor Julie-Anne Tarr

Associate Supervisor

QUT Business School, Accountancy

P: +61 7 3138 2880

E: [email protected]

Editors

I would like to thank professional editor, Claudia Butera from Editio who

provided academic editing service, according to the guidelines laid out in the QUT

‘Editing of Thesis Guidelines’.

Chapter 1: Introduction 1

Chapter 1: Introduction

The Inquiry Panel asked how a well-known and sophisticated organisation

such as the Commonwealth Bank (CBA) could have the governance

weaknesses, serious professional misbehaviour, ethical lapses and compliance

failures that were identified. They concluded that ‘A complex interplay of

organisational and cultural factors has been at work.’ Australian Prudential

Regulation Authority (APRA), Final Report of the Prudential Inquiry into the

Commonwealth Bank of Australia (2018, p. 3)

1.1 Background

The Global Financial Crisis of 2008 exposed a wide range of serious

shortcomings in the risk management systems surrounding the financial sectors. These

included not only weaknesses in internal control structures but also deficiencies in

institutional attitudes towards risk within organisations. In Australia, although APRA

regulated institutions fared better than many of their counterparts abroad, examples of

poor risk culture such as the 2001 failure of the insurance giant HIH Insurance and the

2004 National Australia Bank foreign currency trading losses underscored the impact

a poor organisational culture played in creating an environment with a dismissive

attitude to underlying risk.

A decade on, the 2018 Royal Commission into Misconduct in the Banking,

Superannuation and Financial Services Industry (henceforth known as the Banking

Royal Commission) and APRA’s Prudential Inquiry into the Commonwealth Bank of

Australia (CBA) (henceforth known as the APRA Report) have once more exposed

widespread weaknesses in frameworks and practices around governance, culture and

accountability of the country’s major financial institutions. Specifically, while

2 Chapter 1: Introduction

APRA’s report attributes CBA’s failures to ‘a complex interplay of organisational and

cultural factors’, the panel identified a range of cultural themes that ‘inhibited sound

risk management’, thereby leading to highly damaging outcomes including a

widespread sense of complacency, reactivity rather pre-emption regarding risk, an

outcome-driven focus, insularity and not learning from experiences/mistakes, and an

overly collegial and collaborative working environment which lessened the

opportunity for constructive criticism and timely decision-making (APRA, 2018, p.

83).

This thesis focusses on the role organisational culture plays as a contributor to

incidents of fraud (‘F’) and corruption (‘C’), exploring whether firm culture can lead

to fraud and corruption (‘FC’) incidents. Interviews with forensic accountants (who

have worked in multiple FC investigations) and senior management who are in some

way responsible for cultural leadership within their organisation were used to identify

common characteristics around firm culture that may – or may not – impact incident

rates are explored.

Fraud and corruption (FC) in the context of this study describes specific

economic crimes in the corporate world. Fraud, according to Chernousov (2012), is

“an intentional deception made for personal gain or to damage another individual;

fraud is a crime, and also a civil law violation” (p. 2). Fraud is also described as a

hidden activity (Brennan & McGrath, 2007, p. 49). Corruption is described as the

“misuse of public power, office or authority for private benefit – through bribery,

extortion, influence peddling, nepotism, fraud, speed money or embezzlement” (Brown

& Loosemore, 2015, p. 372) and “an act which takes place in a form of providing or

soliciting illicit benefits; and it is hard to detect” (Arewa & Farrell, 2015, p. 61). The


following section provides a perspective on the extent of economic crime in Australia

and an overview on how culture is recognised as a major contributor.

1.2 Growth and Cost of Fraud and Corruption

Despite many centuries of proactive intervention, research and regulatory reform

to address fraud and corruption, such crimes remain a costly and ‘obstinate threat’ to

both public and private organisations (PricewaterhouseCoopers [PwC], 2018).

Specifically, PwC results evidenced not only that the reported rate of fraud across all

territories globally had surpassed pre-2007 GFC levels – despite the resulting raft of

legislative reforms that arose out of this event – but have increased a further 13 percent

since between 2016 and 2018 (p. 5). Of particular consequence of this thesis, however,

was their finding that economic crimes committed by actors internal to the relevant

organisation had risen from 46 percent in 2016 to 52 percent in 2018 – making internal

actors a third more likely to commit acts of fraud and corruption. Moreover, of the

external actor-fraudsters, 68 percent could be categorised as ‘frenemies’ – that is

agents, vendors, shared service providers, customers – who were actually extended

parts of the organisation’s ‘family’ (p. 9).

Motivation to commit FC crimes, like the distribution of losses that come out of

them, is also complex and not easily broken down to one simple root cause. For

example, rational choice theory can be used to account for certain percentage of

incidents, but not all. FC motivators may arise out of simple cost/benefit equations but,

overall, research has shown drivers to be generally not only more extensive but also

often inter-related. Statistics on growth and losses from fraud and corruption

demonstrate the importance for ongoing research into the causes. As an example, for

over two decades the global accounting firm KPMG, in collaboration with the

University of Melbourne’s Department of Accounting has tracked economic crime


statistics. They documented that, out of the 155 frauds reported to Australian courts,

the most significant losses were due to embezzlement, fraudulent investment schemes

and ‘boiler room’ scams and these figures represent only those crimes that have been

reported (KPMG, 2018). For example, the Australian Institute of Criminology (AIC,

2013, p. 34) estimated that more than 50 percent of fraud is never reported or

prosecuted. Therefore, the extent of the problem and the cost to public and private

organisations is undoubtedly much higher. Costs from economic crimes also include

expenses incurred through regulation, detection, investigation, negotiation,

prosecution and recovery. These transaction costs, in turn, further multiply resources

lost that could otherwise be used to benefit a range of stakeholders including not just

shareholders, but also society more broadly (Smith, Jorna, Sweeney, & Fuller, 2014).

It is imperative, therefore, to better understand the causes of fraud and corruption in

Australia and this study will contribute to addressing this problem. The following

section outlines the contribution of corporate culture to fraud and corruption.

1.3 Corporate Culture

There has been much discussion in academic and industry publications on the

contribution of corporate culture to incidents of fraud and corruption. For example, the

Banking Royal Commission and the release of the findings by Australian Prudential

Regulation Authority (APRA) in its inquiry into the Commonwealth Bank of Australia

(CBA) highlighted culture as one of the three key areas of concern. Several academic

studies have also identified the relationship between corporate culture and incidents of

FC (see for example: Chen, Cumming, Hou, & Lee, 2016; Liu, 2016; Van Akkeren &

Buckby, 2017). The following sections define corporate culture and provide

justification for the focus of this thesis.


1.3.1 Corporate culture, fraud and corruption.

Organisational or corporate culture is defined as a set of shared assumptions and

collective behaviours that are passed on to new employees as a way of perceiving,

thinking and feeling (Ravasi & Schultz, 2006). Needle (2004) added that

organisational culture encompasses the values and behaviours that contribute to the

social and psychological environment of an organisation and represents the collective

values, beliefs and principles of organisational members. Needle (2004) also suggested

that culture can include, inter alia, the vision, values, norms, systems, symbols,

language, assumptions and habits. It is suggested that the culture within an

organisation is often linked to the management team (Kotter & Heskett, 1992; Schein,

1990), and can be manipulated and altered by leadership and members of the

organisation (Modaff, DeWine, & Butler, 2008). It is from this context that this

research aims to examine the relationship between organisational culture and incidents

of FC.

Many recent findings from APRA and the 2018 Banking Royal Commission

demonstrated that corporate culture is an important contributor to poor performance,

fraud and corruption. As Australian Securities & Investments Commission (ASIC)

previous chairman, Greg Medcraft, stated:

ASIC sees culture as a driver of conduct. A poor corporate culture can be a

driver of misconduct. (Medcraft, 2016a, p. 456)

This view was supported very recently by APRA when investigating the CBA scandal,

stating:

CBA…has a slow, legalistic and reactive, at times dismissive, culture [and]

characterises many of CBA’s dealings with regulators. (APRA, 2018, p. 4)


In response to the ongoing Banking Royal Commission, ASIC’s new Chairman,

James Shipton (2018), stated that Australia’s financial planning sector had

“insufficient imbedding of a professional mindset and culture in finance”.

Australia’s financial planning sector has been fraught with scandals, fraudulent

acts and heavy losses to the public despite enquiries and regulatory intervention into

conduct of planners and their products and services. Following the collapses of Storm

Financial, Opes Prime, and other similar industries, and despite regulatory

intervention, scandals continued to emerge. In 2009, the Parliamentary Joint

Committee on Corporations and Financial Services (henceforth known as the Ripoll

Report) identified incentive-based remuneration – an important part of an

organisation’s culture – as contributing to fraudulent and corrupt conduct. The culture

was described as sales-focussed (p. 32) with commission-types (p. 70) and other

remuneration-based incentives (p. 75). Similarly, recent findings emerging from the

Banking Royal Commission identified culture as a large contributor to poor conduct

throughout banking and insurance firms from the top down.

Findings from the Banking Royal Commission also highlighted many instances

of fraud and corruption including breaches to regulations in the Corporations Act.

Examples include: the CBA failing to report to ASIC that fees were charged for

services not delivered for two years; AMP for materially and deliberately misleading

ASIC about a very similar issue; National Australia Bank (NAB) and Westpac

Banking Corporation for being dishonest and giving inappropriate advice to clients;

and several individual planners from the banks being deceptive and misleading

(Danckert, 2018; McGowan & Davidson, 2018). One Banking Royal Commission

counsel, Rowena Orr, described AMP as having a dishonest culture and repeatedly

lying to ASIC (Han, 2018), while CBA is described as having a culture that only


focusses on ‘good news’, hence the withholding of information for two years (APRA,

2018, p. 82). What is consistent in all cases is that poor culture from the top down is a

major contributor to deceptive conduct including fraud and corruption, all of which

lead to substantial losses to the public.

Further supporting these findings, PwC (2016a) suggested that one of the key

variables that leads to unethical behaviour such as fraud and corruption is corporate

culture:

… promoting ethical behaviour in the financial services sector shows that a

“get-tough” approach to the management of performance has created a climate

of fear which, in turn, leads to unethical behaviours… anxiety caused by this

blame culture disrupts people’s capacity to make good decisions – and often

leads them to behave less well than those who are motivated by the potential

positive outcomes of success. (PwC, 2016a, p. 31)

In a more recent survey focussing specifically on fraud, PwC (2018) recommended

organisations improve employees’ behaviour through assessing the strengths and

weaknesses of their culture as well as promoting an honest and open culture throughout

the firm from top to bottom in order to curb incidents of FC. This is supported by

Arewa and Farrell (2015), Debacker, Heim, and Tran (2015), Liu (2016), and Sims

and Brinkmann (2003) who suggested that internal control measures will not curb

incidents of FC unless the culture of the organisation is addressed. The term ‘culture’

is often used to describe an organisation and is a multi-faceted concept and includes a

number of different contexts and attributes. The following section briefly examines the

extant literature and identifies attributes that collectively define ‘corporate culture’ for

this study.


1.3.2 Corporate culture attributes.

‘Corporate culture’ in this study consists of four attributes that have emerged

from the literature and often found in governance, accounting and management

journals: shared values, tone from the top, ethics and risk culture. Shared values is

described as “the shared philosophies, ideologies, values, assumptions, beliefs,

expectations, attitudes, and norms that knit a community together” (Ogbor, 2001, p.

594). Flamholtz and Randle (2012) described culture as relating to core organisational

values and “corporate culture consists of values, beliefs, and norms” (p. 77). The

second attribute, tone from the top, is defined as something that reflects the power and

values of the top management team (TMT) over their employees and that employee’s

behaviour is influenced by management (Fritzsche, 1991). A third attribute of

corporate culture is ‘ethics’, which consists of ethical culture (i.e., code of conduct),

ethical education and ethical climate (i.e., perceptions of rules and policies) within an

organisation and is normalised through different means – socialisation, punishment

and rewards (Victor & Cullen, 1988). The final attribute is risk culture, that is, “the

norms of behaviour for individuals and groups that shape the ability to identify,

understand, openly discuss, escalate and act on an institution’s current and future

challenges and risks” (APRA, 2018, p. 82). Based on APRA’s inquiry into CBA and

findings emerging from the Banking Royal Commission, risk culture is influenced by,

and a part, of an organisation’s culture. Risk-taking logic is divided into the logic of

opportunity and the logic of precaution and is explained in more detail in Chapter 2.

To date, no studies have combined these four corporate culture attributes as a

framework and examined how they impact on incidents of FC and this study aims to

address this gap.


A number of academic studies have identified organisational culture as a key

contributing factor to incidents of fraud and corruption (Arewa & Farrell, 2015;

Biggerstaff, Cicero, & Puckett, 2015; DeBacker et al., 2015; Liu, 2016; Ogbor, 2001;

Sims & Brinkmann, 2003; Van Akkeren & Buckby, 2017). One focussed on a specific

industry (Arewa & Farrell, 2015); others on a country (Biggerstaff et al., 2015;

DeBacker et al., 2015; Liu, 2016); another on a particular case (Sims & Brinkmann,

2003); and some on certain theories (Ogbor, 2001; Van Akkeren & Buckby, 2017).

For example, DeBacker et al. (2015) explored the role cultural factors play in shaping

the behaviour of tax evasion in the United States. Liu (2016) linked corrupt culture in

organisations to levels of corporate misconduct. Sims and Brinkmann (2003) discussed

how Enron’s unethical and non-compliant culture led to its demise. Despite the

different foci mentioned, corporate culture is cited in each of these papers as

contributing to incidents of FC. This study examines corporate culture from a broader

perspective than previous studies to gain deeper insights into its role in contributing to

fraud and corruption (FC) in Australian organisations.

In addition to academic publications, several industry publications have

identified the relevance of corporate culture and FC incidents (Darvall-Stevens, 2016;

Kirby, 2016; Lowers & Associates, 2013). Darvall-Stevens (2016) encouraged

organisations to empower their employees to speak up against misconduct and

improper behaviour; Kirby (2016) recommended an honest culture in curbing

fraudulent conduct; and, Lowers & Associates (2013) suggested firms have a robust

management culture and zero tolerance policies in mitigating FC incidents. Most

recently, findings emerging from the Banking Royal Commission identified culture as

a major contributor to fraudulent behaviour throughout the banking and insurance

sectors. The numerous scandals are described as “…systemic, shocking, endemic and


unconscionable behaviour… widespread [throughout the sector]” (ABC News

Breakfast, 2018).

Although there is much literature on the relationship between corporate culture

as a contributor to incidents of FC, it has been difficult to source Australian studies

that include a range of attributes that define corporate culture. This study seeks to

address this by examining the role of corporate culture and incidents of fraud and

corruption using the four attributes described earlier. For example, many of the studies

on organisational culture are limited to one or two attributes only, or a specific

industry. This study probes more specifically into the experiences of forensic

accountants and industry professionals who have investigated and/or experienced

economic crimes across many industry sectors. Perceptions of forensic accountants

and industry professionals as to the cultural dynamics within firms that lead to

incidents of fraud and corruption were examined.

Further definitions and explanations for the inclusion of the four attributes of

corporate culture and the links to FC are illustrated with several case studies and

discussed in detail in the literature review. The following section provides a brief

summary of FC cases where poor corporate culture is highlighted as a contributor.

1.4 Fraudulent Cases and Corporate Culture – U.S. and Australia

There are several examples where a poor organisational culture led to incidents

of fraud and corruption – in particular – a culture of aggressiveness, greed, dishonesty

and rule-breaking are identified as leading to fraudulent and corrupt acts. Two

organisations that demonstrate this are identified by Ashraf (2011) and Sims and

Brinkmann (2003) as WorldCom and Enron. In both cases, continually raising

expectations and unrealistic targets caused employees to violate rules and codes of

conduct. Enron’s employees broke the rules to avoid being publicly humiliated, whilst


WorldCom’s employees altered the existing accounting systems due to the firm’s

incentive-based remuneration.

A culture of poor management leadership is also identified as contributing to FC.

Sims and Brinkmann (2003) identified Enron’s executives were repeatedly found

violating organisation’s code of conduct for personal gain, which became the culture

throughout management levels. Moreover, Enron’s leadership promoted a culture of

aggressive competition, causing employees to ignore the code of conduct describing

Jeffrey Skilling (former Enron’s CEO) as promoting Enron’s aggressive culture.

Similarly, Ashraf (2011) explained that WorldCom’s Bernie Ebbers (former CEO) was

known for his excessive risk-taking. Further, he rejected efforts to establish a corporate

code of conduct that resulted in WorldCom’s aggressiveness and instilled a culture

where management was not to be questioned (p. 8). As these cases demonstrate, poor

corporate culture can lead to major incidents of fraud and corruption and substantial

losses to the public.

In Australia, there are many examples where a culture of non-compliance was

prevalent (McConnell, 2015). Poor governance, risk-taking, questionable practices

and improper corporate culture have resulted in many scandals, two of which are the

Commonwealth Bank of Australia (Ferrier, 2015) and National Australia Bank

(Ferguson & Williams, 2015).

CBA had a culture of non-compliance for almost ten years. The Storm Financial

scandal in 2009 was linked to CBA as the bank encouraged investors in leveraging

their houses to further invest in Storm (Barry, 2011). It is suggested that the CBA-

Storm scandal was due to the sales-and-bonus culture (FSU Australia, 2009). This

concurs with the Ripoll Report (2009) which stated that one reason for the collapse of

Storm Financial and similar institutions was due to the sales-focussed culture (p. 32).


In 2008, Jeff Morris, CBA’s whistle-blower described the bank’s financial

planning sector, Commonwealth Financial Planning (CFP), as corrupted (Barker,

2017). He added that corruption is a common occurrence and that CFP’s management

tried to hide their misconduct in order to defraud victims of compensation. In 2010,

ASIC implored CBA with Enforceable Undertaking to compensate their victims, but

CBA in 2014 admitted that it had misled ASIC on its compensation scheme (Morris,

2018). Recent findings from the Banking Royal Commission confirmed that poor

culture is a major contributor for ongoing acts of fraud and corruption in the banking

and insurance sectors.

Comparable to CBA, NAB has also demonstrated a systemic culture of non-

compliance and being revenue-focussed with little regard for the public interest. This

culture has been described as existing for almost 15 years (Gray, 2016). In 2004, NAB

hid the losses from its’ foreign exchange (forex) trading in London and was later

prosecuted due to the information given by a whistle-blower, Dennis Gentilin (Gray,

2016). Additionally, it is found that some NAB planners had forged clients’ signatures

or manipulated clients’ files to cover up their poor compliance (Ferguson & Williams,

2015). Finally, NAB’s head of broker services, Anthony Waldron, admitted that NAB

breached responsible lending laws by allowing unqualified people (without financial

background) as referrers to refer new customers to the bank for loans in return for

commissions (Introducer Program). Mr Waldron admitted that this incident happened

partly due to the bank’s culture of employee incentives that led to fraudulent conduct

(Lannin, 2018).

As seen from these cases, NAB and CBA are examples of organisations that, due

to poor culture from the top down, encourage their employees to break the rules to

meet their targeted results at the expense of their clients’ best interests. The violations


suggest that both CBA and NAB were consistently complacent in regard to their risk

culture (Eyers, 2017). In a report focussing on the banking sector, PwC (2017a)

suggested that the future of the banking sector may depend on a change in corporate

culture. The reports added that shared values or perceptions (as part of corporate

culture) need to be unambiguous; that it is necessary for set expectations to be clear;

and, the importance of leaders’ role (tone from the top) to reinforce these values by

being employees’ role models (p. 27).

As a brief review of the literature and industry publications has demonstrated,

there is a link between corporate culture and incidents of fraud and corruption, and

highlights the importance of this topic. This study seeks to examine the nature of

corporate culture and gain deeper insights into the impact of culture on an

organisation’s ability to minimise incidents of FC. Therefore, the research problem for

this study is: Is there a connection between corporate culture and incidents of fraud

and corruption in Australian organisations? The next section explains the motivations

behind this study.

1.5 Motivation, Purpose and Research Question

The motivation for this study is to gain deeper insights into the growing problem

of FC regardless of increased regulation and oversight. Prior research has examined

the relationship between corporate culture and incidents of FC through different

means: interview, experiment and document analysis. However, to date, it is difficult

to source studies that have combined the four corporate culture attributes (shared

values, tone from the top, ethics and risk culture) and develop them as a framework in

addressing the relationship between corporate culture and incidents of FC.

Furthermore, it is difficult to source literature that gathers empirical evidence from

forensic accountants and industry professionals on this relationship. Therefore, this


research aims to develop a corporate culture framework to gain deeper insights into

the role of corporate culture as a contributor to FC incidents. The purpose of this study

is to discourse the connection mentioned, using the experiences and perspectives of

forensic accountants and industry professionals who have investigated these types of

cases or who have experienced fraud and corruption. Forensic accountants were

chosen as they conduct fraud investigations to present information for legal

proceedings and accordingly, they gather greater FC-related information than auditors

(Imoniana, Antunes, & Formigoni, 2013).

1.6 Methodology

The methodological approach for this study was semi-structured interviews

(face-to-face and/or phone interview) with forensic accountants and industry

professionals. This study used purposive sampling as it has specific requirements from

certain participants (Zikmund, 2003). A qualitative approach was used for this research

due to its suitability for studying social and cultural phenomena (Myers, 1997), as well

as its ability to probe for further information from participants (Gable, 1994). Interview

method was specifically selected as it is one of the method to produce rich data and

gain deep insights (Schultze & Avital, 2011). Eight professionals (seven forensic

accountants and one compliance manager) were interviewed in this study. In ensuring

representation, participants’ experience in the industry ranges from six to 32 years.

Furthermore, their role varied from individual consultants to partners in ‘Big Four’

accounting firms. The methodological approach is explained in more detail in Chapter

4: Methodology.

1.7 Contributions

The academic contribution of this study is the development of a conceptual

framework of corporate culture based on the literature and refined through the


collection of empirical evidence. The framework provides opportunity for future

research to further explore the attributes of corporate culture needed to better

understand the relationship of FC incidents in an organisational context.

For practitioners and regulators, findings from this study complement the

ongoing Banking Royal Commission in identifying the impact of corporate culture on

incidents of FC and encourage firms to examine their corporate culture to minimise

incidents of FC. These findings can also be disseminated to relevant industry

publications. The next section summarises Chapter 1 and provides the outline for the

remainder of this thesis.

1.8 Summary and Thesis Outline

Incidents of economic crime in the form of fraud and corruption are still a threat

to the global and Australian economy. Several cases of FC in the U.S. and Australia,

coupled with academic, industry and government publications have highlighted the

importance of corporate culture and its relationship with FC. It is even more crucial to

address the problem in Australia, as (1) the cost of FC is substantial; (2) when

compared to the rest of the world, Australian businesses suffer more incidents of fraud

and corruption as against the global average (52% vs 36% respectively; PwC, 2016b,

p. 1); and (3) findings emerging from the Banking Royal Commission demonstrated

that poor corporate culture in the banking and insurance sector is a major contributor

to fraud and corruption.

The remainder of this thesis is as follows. Chapter 2 reviews the literature in

relation to the four attributes of corporate culture: shared values, tone from the top,

ethics and risk culture demonstrating the relationship to incidents of fraud and

corruption (FC). Based on the academic literature in Chapter 2, the conceptual

framework used in this study is presented in Chapter 3 and the research questions are


provided. Chapter 4 discusses and justifies the methodology, including the research

design, methodological approach, participants, instruments, procedures and timelines,

analysis, ethics and finally, potential risks. Chapter 5 presents the findings for the

research questions derived from interviews with forensic accountants and industry

professionals. Chapter 6 compares prior literature to the findings. Finally, in Chapter

7 the conclusion, including limitations, contributions to academic and practitioners,

and possible future research are discussed.

Chapter 2: Literature Review 17

Chapter 2: Literature Review

This chapter surveys the academic literature that explores the economic crimes

comprising workplace fraud and corruption. It further looks at studies into culture in

workplaces. Areas covered under fraud, corruption and culture literature have had

extensive supporting research but at this time, despite the various high-profile

corporate examples covered in the popular press (Enron, NAB, CBA, WorldCom,

Parmalat and Olympus, to name a few) minimal studies, if any, exist into how

corporate culture influences fraud and corruption. In this respect, this study into the

experience and perceptions of experts who work ‘at the coal face’ in this context is

important in helping to advance this area.

This chapter begins by reviewing research around fraud (2.1.1) and corruption

(2.1.2) (collectively ‘FC’) in financial statement, reporting and management contexts.

Literature on corporate governance (‘CG’) is discussed and briefly describes fraud and

corruption from perceptions that surround this area (2.2). Section 2.3 considers culture

and corporate culture more generally. Finally, section 2.4 concludes the chapter,

identifying the potential contribution this thesis may make to this dynamic field.

2.1 Fraud and Corruption (FC)

2.1.1 Fraud.

Fraud, as set out in Chapter 1, is defined as wrongful or criminal deception

intended to result in financial and personal gain. Fraud, however, is an overarching

classification that encompasses a range of different types of actions capable of being

deemed fraudulent activities. This definition is further complicated in corporate

18 Chapter 2: Literature Review

contexts wherein financial and operational complexities can involve multiple options

for reporting or discharging performance indicia.

2.1.1.1 Economic impact of fraud research.

Many scholars and professional organisations have researched financial

consequences of fraud in corporate contexts. Albrecht, Albrecht, Albrecht, and

Zimbelman (2016) focussed on the impact financial statements that conceal the real

bottom line of a company’s operations can cause, reported that more than 50 percent

of U.S. corporations impacted by this type of fraud suffered losses in excess of

$500,000. Kranacher, Riley, and Wells (2010) suggested that the collapse of Enron

resulted in a $70 billion market capitalisation loss. Switzer’s (2007) research estimated

the legislative reaction to this in the form of the Sarbanes-Oxley Act of 2002 increased

compliance costs of companies by an average of $5.1 million. Additional indirect

economic losses in relation to Enron were further documented by Kranacher et al.

(2010) as including additional legal costs, insurance premium increases, heightened

regulation and supervision costs, loss of productivity, and – importantly for cultural

impact purposes around corporations – adverse impact on employees’ moral and loss

of productivity.

A number of high-profile professional reports are produced by organisations

such as the global accounting firm PwC and the Association of Certified Fraud

Examiners (ACFE). The ACFE 2018 Global Study on Occupational Fraud and Abuse,

Report to the Nations, estimated losses in excess of $7 billion globally with 22 percent

of cases they surveyed losing more than $1 million each. Of their survey group, more

than half of all losses were attributed to internal control weaknesses and that fraudsters

who had been with their company for longer stole twice as much (ACFE, 2018, pp. 4-

5). PwC’s Global Economic Crime and Fraud Survey 2018 reported a significant


upswing in fraud cases (49 percent) and that asset misappropriation, consumer fraud

and cybercrime were the most frequently reported frauds across industries (PwC, 2018,

p. 8). In relation to the potential link between culture and fraud, they also reported that

52 percent of all fraud reported was committed by internal employees. Of the 40

percent of external crimes, 68 percent were committed by ‘frenemies’ – that is

individuals related to the organisation such as agents, vendors, customers and shared

service providers (PwC, 2018, p. 9).

Gullkvist and Jokipii’s (2013) research focussed on what they described to be

the most common type of corporate economic crime, which was misappropriation of

assets (MoA). This involved “the theft of an entity’s assets, and is often perpetrated

by employees, in relatively small and immaterial amounts” (p. 45). They argued that

MoA is not as severe as fraudulent financial reporting (FFR) in relation to the amount

of losses, but it nevertheless accounted for more than 50 percent of economic crime

(Gullkvist & Jokipii, 2013), and comprised around 90 percent of fraud cases in 2016

(Johansson & Carey, 2016). Other research demonstrated that MoA is an operational

risk and a significant cost to organisations (ACFE, 2014; Coram, Ferguson, &

Moroney, 2008; Johansson & Carey, 2016; KPMG, 2013).

Research into motivations behind fraud evidenced that fraud can occur with the

best of intentions. Cressey (1953) found that the great majority of fraudsters did so to

meet financial obligations. He noted, however, that other factors included

opportunistic openings (capacity to commit and conceal crimes) and rationalisation.

Skousen and Wright (2006) were amongst the researchers continuing studies into

motivational factors validating pressure, opportunity and rationalisation variables in

associated with financial statement fraud and identifying particular traits in relevant

organisations as including weak governance structures, inventory turnover and profit


trends (Schuchter & Levi, 2015; Skousen, Smith, & Wright, 2009; Skousen & Wright,

2006).

Recent findings from PwC highlighted the reality of motivations outside that of

self-interest. The 2018 Report observed on the basis of survey feedback that:

Fraud needn’t necessarily be a malicious or selfish act. From a legal point of

view, there are actually two kinds of fraud – fraud committed for personal gain

(such as embezzlement, or false reporting intended to boost compensation)

and fraud committed for “corporate motives” (such as the survival of the

company, or the protection of the workforce). The latter could occur with the

best of intentions set on increasing the company’s success. For example, what

might start as a sales strategy designed to increase market share and

profitability (to the benefit of employees) might ultimately morph into

fraudulent sales tactics. Either way, the result is the same: the executive suite

will be held responsible. (PwC, 2018, p. 26)

Bonny, Goode, and Lacey (2015) further extended differentiation in motivation to

commit workplace fraud by exploring gender differentiation, concluded that offender

gender balances were evenly balanced for most firms, with the exception of banking

firms where females significantly outnumbered males. In conclusion, however,

regardless of motivation, Van Akkeren and Buckby’s (2017) research evidenced that

organisations will continue to suffer from losses unless a risk averse culture to fraud

is adopted.

2.1.1.2 Fraud boundaries and complexities – Implication for corporate

culture.

Numerous scholarly works have provided guidance around the definitional

interface between earnings management, fraudulent financial reporting (FFR), and


financial statement fraud (FSF).1 Swai and Mbogela (2016) provided a good example

of the difficulties inherent in drawing lines between normal commercial activities and

those which may be deemed fraudulent. They argued that earnings management was a

financial strategy used by the management of a company to manipulate the company’s

earnings to mislead stakeholders or achieve the targeted numbers. The rationale behind

this is income smoothing – that is, rather than having years of roller coaster returns in

the form of remarkably good or bad earnings, through adding and removing cash from

reserve accounts, more stable outcomes can be projected (Investopedia, n.d.). This is

a legitimate accounting strategy but when income smoothing – or other equivalents

becomes too ‘abusive’ the Security and Exchange Commission (SEC) deems it to be

“a material and intentional misrepresentation of results’ that constituted fraud

(Investopedia, n.d.). In this respect, Perols and Lougee’s (2011) findings added further

support as they identified characteristics likely to increase the chances of firms being

fraudulent included earnings management, meeting or beating analyst forecasts and

inflated revenue.

Gullkvist and Jokipii (2013, p. 45) characterised fraudulent financial reporting

(FFR) as “intentional misstatements, including omissions of amount or disclosures in

financial statements, to deceive financial statement users”. They distinguished it from

financial statement fraud (FSF), the subject matter of Perols and Lougee’s (2011)

work. FSF, according to Perols & Lougee “occurs when managers use accounting

practices that do not conform to generally accepted accounting principles (GAAP) to

alter financial reports to either mislead some stakeholders about the underlying

economic performance of the company or to influence contractual outcomes that rely

1 Appendix A sets out the ACFE “Occupational Fraud and Abuse” Fraud Tree which outlines in full

the range of economic crimes and their interrelationship.


on reporting accounting numbers” (Perols & Lougee, 2011, p. 40). Clearly the two are

distinct but, as Perols and Lougee’s findings highlighted, both FSF and FFR can also

interface with each other in that FSF arose when a method to reverse accruals from

earnings management is adopted, while FFR occurred when managers chose to

implement improper accounting policies in order to achieve or inflate their bonuses

(Perols & Lougee, 2011, p. 41).

Brennan and McGrath (2007) argued that corporate culture can lead to FFR

when, as set out in the example above, employees were pressured to meet financial

goals, fearing punishment or humiliation should they fail to do so. Enron, as discussed

in section 1.4, illustrated the impact culture can have in this respect (Albrecht &

Searcy, 2001; Kranacher et al., 2010). The broader losses suffered through the collapse

of the company were estimated to be $70 billion in market capitalisation as well as the

loss of 21,000 jobs (and in many instances, savings) (Kranacher et al., 2010). Although

Enron’s compensation and performance management systems were designed to retain

and reward its most valuable employees, the system, in the context of a dysfunctional

corporate culture, fuelled further employees’ obsessions with short-term earnings in

order to maximise bonuses. Examples cited in subsequent legal proceedings after the

company’s collapse included the fact employees constantly tried to start deals, often

with no regard to the quality of cash flow or profits, in order to enhance their

performance review ratings. Additionally, to help deal-makers and executives meet

performance levels for large cash bonuses and stock options, accounting results were

recorded as soon as possible to keep up with the company’s stock price.

Spathis (2002) identified additional ways financial statements may have been

manipulated due to the complexities of accounting regulations and corporation laws

including “overstating assets, sales and profit, as well as understating liabilities,


expenses, and losses” (p. 179), adding that the manipulation of sales and profits can

be accomplished by “changing accounting methods, tweaking cost estimations, and

shifting the period when expenses and revenues are included in the results” (p. 180).

All, however, mirror legitimate practices with the ‘tipping point’ one way or the other

around employee behaviour often being driven by the culture of companies (Brennan

& McGrath, 2007), particularly, as Dunn (2004) documented, as shaped by senior

management with excessive power.

Warren Buffet perhaps best summed up the tension between legitimate earnings

management and corporate cultures wherein activities in this respect are allowed to

become sufficiently aggressive that they shade into fraud territory when he observed:

Managers that always promise to “make the numbers” will at some point be

tempted to make up the numbers.

2.1.2 Corruption.

Corruption is described as the “misuse of public power, office or authority for

private benefit – through bribery, extortion, influence peddling, nepotism, fraud, speed

money or embezzlement” (Brown & Loosemore, 2015, p. 372). Several studies have

examined corruption broadly. Ashforth and Anand (2003) examined collective

corruption (cooperation between two or more individuals) at a group level, and how

corruption, in general, became a normalised practice, that is, become embedded into

everyday activities for those groups. Their results suggested that ‘prevention is better

than cure’ and that a proactive response was more effective than a reactive one. Van

der Wal, Graycar, and Kelly (2016) concluded that firms tend to dismiss the idea of

corruption because they fear for the damage it may cause should corrupt activities in

their firm be unearthed. Liu (2016), supported this argument and posited that


employees indirectly contributed to corrupting the firm’s culture by ignoring corrupt

activities inside the organisation, which in turn may attract corrupt individuals.

It is argued that corruption may occur in organisations of a certain size, as

discussed in DeBacker et al. (2015). They observed that corruption levels in an

organisation in the U.S. are related to the size of the firm. The bigger the size, the

higher the level of corruption. Equally important, Arewa and Farrell (2015) suggested

that corrupt activities may also happen in particular industries, such as construction

industries that used lengthy supply chains and complex contractual arrangements,

including confidential negotiations in deciding whose interest comes first, which made

them susceptible to corruption and were often undetected. However, Brown and

Loosemore (2015) added that despite being common in construction industries, the

definition of corruption was relative depending on a country’s culture. The same can

be said about a firm’s culture as different firms may have different levels of tolerance

on corrupt activities based on the rules and values inside those firms (Brown &

Loosemore, 2015).

From the literature, although it is mentioned that corporate culture has a role,

there is limited research that directly links corporate culture to incidents of FC

(DeBacker et al., 2015; Liu, 2016), in the Australian context (Brown & Loosemore,

2015). Therefore, further investigation on the role of corporate culture to incidents of

FC using empirical evidence would provide deeper insights and is the aim of this study.

The next section discusses corporate governance (CG) in general, and the extent it

relates to culture and incidents of FC. This is followed by an examination of ‘corporate

culture’, which is one of the many attributes of governance.


2.2 Corporate Governance (CG)

Corporate governance is crucial because poor governance may lead to incidents

of fraud and corruption (Brennan & McGrath, 2007; Chapple, Ferguson, & Kang,

2009; Coram et al., 2008; dela Rama, 2012; Dunn, 2004; In'airat, 2015; Van Akkeren

& Buckby, 2017). Therefore, it is important to understand the role of governance in

curbing these incidents. Corporate Governance (CG) is “the framework of rules,

relationships, systems and processes within and by which authority is exercised and

controlled within corporations” (ASX Corporate Governance Council, 2014, p. 3) and

in order to be effective, there is the need for authority in corporate governance

(Monem, 2011). O'Shea (2005) suggested that good corporate governance includes,

but is not limited to, a strong, involved board of directors (BODs); a balance of

executive and non-executive directors; division of responsibilities between chairman

and chief executives; formal and transparent procedures; and maintenance of a sound

system of internal control (pp. 34-35). Australian Prudential Regulation Authority

(APRA, 2016) defined CG as “a set of relationships between a company’s

management, its board, its shareholders and other stakeholders which provides the

structure through which the objective of the company are set…” (p. 8). The set of

relationships mentioned, according to ASIC (n.d.), are the components of CG which

include, inter alia, shareholder engagement, director oversight, executive

remuneration, managing conflicts, and culture.

Corporate culture, according to ASIC, is important due to its ability in shaping

corporate governance frameworks and practices. Greg Medcraft, previous ASIC’s

chairman, explained that “culture influences people’s attitudes” and “ASIC sees

culture as a driver of conduct” (Medcraft, 2016a, p. 456). John Price, ASIC’s

Commissioner, posited that good governance can be achieved by having the right


culture (Price, 2015). Notably, this research focussed on corporate culture because the

importance of corporate culture has been highlighted as a critical matter in relation to

minimising FC (Geriesh, 2003; Information Systems Audit and Control Association

[ISACA], 2012; C. May, 2003; Soltani, 2014), yet there is little empirical evidence

that demonstrates this relationship. However, before delving further into the

relationship between corporate governance, corporate culture, and incidents of FC, the

relationship between corporate governance and incidents of FC itself should first be

understood. The next subsection discusses prior research that had examined this

relationship.

2.2.1 Corporate governance, fraud and corruption.

This subsection highlights the importance of corporate governance in an

organisation’s attempt to minimise FC. As the focus of this study is on the link between

incidents of FC and corporate culture, the subsection identifies several corporate

governance mechanisms in relation to fraudulent acts, followed by a definition of

culture as it relates to corporate governance.

There are many research papers in the accounting field that demonstrate the

relationship between poor governance and incidents of fraud and corruption (see for

example: Brennan & McGrath, 2007; Chapple et al., 2009; Coram et al., 2008; dela

Rama, 2012; Dunn, 2004; In'airat, 2015; Van Akkeren & Buckby, 2017). In their

paper, Van Akkeren and Buckby (2017) categorised corporate governance

mechanisms in relation to fraudulent acts identifying five areas of relevance to FC:

composition and role of the board of directors (BODs); tone from the top; internal

control environment; internal and external audit function; and strength and

composition of audit committees. In'airat (2015) focussed on the significance of CG

components (internal control, internal audit and external audit) in relation to fraud and


concluded that these CG components need to be implemented effectively in curbing

fraudulent activities. Brennan and McGrath (2007) emphasised the relationship

between tone from the top in shaping the right attitude towards effective internal

controls for the purpose of curbing fraudulent financial statements. Coram et al. (2008)

discussed the link between having a better internal audit function and the chances for

organisations in detecting misappropriation of assets (MoA). Dela Rama (2012)

stressed the importance of having better corporate governance in mitigating the effects

of corruption. Tan, Chapple, and Walsh (2017) explained that in curbing fraudulent

activities, having a good governance in a firm is essential.

As stated by Van Akkeren and Buckby (2017), the literature demonstrated that

having effective governance in an organisation may be one of the keys to preventing

fraudulent activities, and that lack of governance enabled fraud and corruption to

occur. Although culture is an underlying feature of corporate governance, the literature

focussed more on the audit function, internal control measures and the composition of

the board of directors (BODs). Consequently, the examination of culture has often

been overlooked and/or empirical evidence is not gathered. Therefore, this study

specifically focusses on the relationship between corporate culture and incidents of

FC. The next subsection discusses prior research that has analysed the relationship

between corporate governance and culture.

2.2.2 Corporate governance and corporate culture.

Corporate governance is related to culture because culture influences the

structure and execution of governance in organisations. Different organisation may

deal with both internal and external issues in a different manner, depending on the type

of culture that exists, for example, complying with regulators. Licht (2001) argued that

governance and/or organisational policies are dependent on values, which is one


attribute of corporate culture, held by decision makers. Similarly, Llopis, Gonzalez,

and Gasco (2007) suggested that functional corporate governance is needed to help

organisations in consolidating ethical values from top to bottom. Furthermore, Mintz

(2005) emphasised how culture underpins corporate governance in ensuring

compliancy in a firm. Having the right corporate culture for the purpose of negotiation

or discussion, such as organisation policies, is also recommended for the discussion to

be productive (Rafiee & Sarabdeen, 2012).

There is also evidence from practitioners on the importance of corporate culture

as a part of CG. The COBIT 5 framework by the Information Systems Audit and

Control Association (ISACA, 2012) gave prominence to the importance of corporate

culture and how often it is underestimated as a success factor in governance and

management activities (p. 27). In addition, the Board’s role as one aspect of corporate

governance is argued to be critical in driving the right cultural change within an

organisation (Australian Institute of Company Directors [AICD], 2016).

This study examines the relationship previous literature has identified between

corporate culture and corporate misconduct to gain more profound insights into how a

poor organisational culture may lead to incidents of FC. The next section provides an

examination of empirical studies that identify the link between corporate culture and

FC. In particular, the section describes the attributes from the literature that define

corporate culture, which includes shared values, tone from the top, ethics and risk

culture in an organisational context and how each can lead to incidents of FC.

2.3 Corporate Culture, Fraud and Corruption

Even though there are many variables that may be affected by organisational

culture, such as job satisfaction (Pacheco, Westhuizen, Ghobadian, Webber, &

O'Regan, 2016) and employee retention (Patel & Conklin, 2012), they are not within


the scope of this thesis. Instead, studies that identified corporate culture as contributing

to FC are examined. Further, although the notion of subcultures have been mentioned

several times under the umbrella of organisational culture theory (Gregory, 1983;

Hatch & Zilber, 2012; J. Martin & Siehl, 1983), it is not discussed for the purpose of

this research, as it is not the primary focus of this study. However, the researcher

acknowledges the probability of subculture in influencing incidents of FC as identified

by Van Akkeren and Buckby (2017).

Corporate culture is defined by Schein (1990, p. 111) as: “(a) a pattern of basic

assumptions, (b) invented, discovered, or developed by a given group, (c) as it learns

to cope with its problems of external adaptation and internal integration, (d) that has

worked well enough to be considered valid and, therefore (e) is to be taught to new

members as the (f) correct way to perceive, think, and feel in relation to those

problems”. Schein divided culture into three fundamental levels: observable artefacts,

values, and basic underlying assumptions. In other words, underlying assumptions are

employees’ shared beliefs of an organisation and its environment, and serve as a guide

for the employees’ thoughts and behaviours (Campbell & Göritz, 2014). Similar to

Schein, another definition of corporate culture is “the set of important understandings

(often unstated) that members of a community share in common” (Sathe, 1983, p. 6).

Furthermore, a parallel definition is provided by Sinclair (1993) who argued that

organisational culture “… includes deep-seated and enduring values, at the most

fundamental or inner level, with artefacts and symbols, procedures and

arrangements…” and “… it consists of what people believe about how things work in

their organisations and the behavioural and physical outcomes of these beliefs” (p.

64).


It has been argued that corporate culture is such a strong force, it can hinder or

foster an organisation’s growth (Linnenluecke & Griffiths, 2010). Supporting this,

Pinho, Rodrigues, and Dibb (2014) posited that corporate culture has the ability to

influence “a firm’s choice of outcome and the means to achieve these outcomes,

including organisational structure and processes” (p. 377). In the context of this

thesis, poor corporate culture can hinder an organisation’s growth while fostering acts

of FC. Several studies have assessed the value of corporate culture as a part of CG and

discussed its role in contributing to FC. Geriesh (2003) identified that characteristics

of companies being convicted of illegal actions usually had a corporate culture that

allowed or facilitated such activities. Similarly, Ji, Rozenbaum, and Welch (2017)

concluded that firms associated with low rated corporate culture have a higher chance

of getting Accounting and Auditing Enforcement Releases (AAER) from the U.S.

Securities and Exchange Commission (SEC). C. May (2003) argued that having a

culture of vigilance (emphasising safety) often leads to a productive working

environment and normalisation of said culture would benefit organisations in the long-

run. This is supported by Soltani (2014) who discussed how ethical climate shapes

organisational culture (p. 254). Soltani also suggested that a CEO’s ethical leadership

may affect the organisation’s ethical culture and that tone from the top has an influence

on corporate culture which contributed to the integrity of financial reporting (p. 255).

Soltani added that culture itself may create opportunistic managers in the time of crisis

(p. 265) and how company culture might be the key mechanism in mitigating

fraudulent behaviour (p. 270).

Finally, different studies have also highlighted attributes that are relevant to this

thesis. For example, shared values and tone from the top are identified as necessary

factors in transforming an organisation’s culture (Armenakis, Brown, & Mehta, 2011),


using terms such as cultural leader and cultural carrier (tone from the top) and cultural

internalisation as well as formal/informal management practices (shared values).

Another example is ethics or the ethical climate of the organisation, and has been

confirmed as contributing to a firm’s attitude towards fraudulent acts (Domino,

Wingreen, & Blanton, 2015), or how unethical culture plays an important role in

financial statement fraud (Morgan & Burnside, 2014). Another example is risk culture,

which is considered critical for organisational outcomes (Palermo, Power, & Ashby,

2017). The next four subsections examine shared values, tone from the top, ethics and

risk culture and provide evidence on how they relate to incidents of FC.

2.3.1 Corporate culture and shared values.

According to Ogbor (2001), corporate culture is needed because it unifies the

people in the organisation where common values and beliefs meet together, which in

turn forms an institution based on those similar interests. Ogbor suggested that there

are some positive impacts out of forming this unified and consistent community such

as top management sharing enthusiasm with employees, setting the right norms in the

organisation and ensuring similar attitudes toward certain problems. However, the

same can be said about the negative effects. For instance, managers could shape a

corrupt organisational culture by gathering individuals with common values and

beliefs, which may result in a unified and tight-knitted corrupt society. Ogbor (2001)

explained that this side of corporate culture is a method for managers in creating their

ideal or, in this context, corrupt organisation (p. 591). Management may induce this

culture by utilising simple means such as daily socialisation, where they share their

corrupt values with people who have the same opinion as them (Kleinberg, 2014).

Literature that supports Ogbor and specifically related to corporate culture and

FC includes Cameron, Chaudhuri, Erkal, and Gangadharan (2009); DeBacker et al.


(2015); and Liu (2016). For example, DeBacker et al. (2015) suggested that daily

socialisation in the workplace is a way to shape new employees to the company’s

liking. Besides socialisation, the authors also suggested different means such as

education, selection of employees with similar values, and provision of incentives (p.

124). In their study, Cameron et al. (2009) mentioned that everyday experiences of

corruption have an impact in shaping individuals’ attitudes towards corruption. In this

case, everyday experiences can be translated to individuals’ daily life in the corporate

world or even group norm, which in a corporate context is defined as corporate culture

(Liu, 2016). Liu’s findings showed that group norms have a two and a half times

greater impact in shaping a corrupt corporate culture as opposed to internal norms. An

internal norm is defined as a norm set by an individual based on his/her values, while

a group norm is described as a norm enforced or socialised between groups of people

through rewards and punishment systems (Liu, 2016, p. 322).

The importance of group norms (or shared values), which is the combination of

different personal values, in influencing organisational culture is emphasised by

Fritzsche (1991) and demonstrated in Figure 2.1.

Figure 2.1. A Model of Decision-Making Incorporating Ethical Values (Fritzsche, 1991)


The model suggested that one’s personal values can be shared with and/or modified

by others using daily socialisation (DeBacker et al., 2015) as a medium. Therefore,

one who has corrupt values could share them with other people in the organisation and

change its culture, or the organisation may corrupt someone’s ethical values by

exposing them to a corrupt organisational culture. In the context of this research, the

internal and external impact may be an individual’s or an organisation’s tendency to

commit fraudulent and corrupt acts. However, changing one’s and/or an organisation’s

culture is not a simple task. Thus, other criteria may or may not need to be present,

such as tone from the top or, as described in this figure, role-set configuration. This

term is discussed more in the next subsection.

It has also been argued that shared knowledge has a role in contributing to a

culture’s strengths or weaknesses (Crémer, 1993). Supporting this view, Van den Steen

(2010) acknowledged shared beliefs as part of corporate culture and stated that those

beliefs may lead to advantages and disadvantages. This could be seen by his example

using employees’ shared experiences in the firm, which will develop into shared

beliefs through time. Therefore, the experiences and beliefs that employees shared are

critical. Further, Medcraft (2016b) argued that culture is a set of shared values that

may lead to different outcomes depending on the strength of the said culture. His

argument is reinforced in the Global Fraud Survey by Ernst & Young (EY, 2016) that

explained how cultural factors that are shared, such as loyalty, could be the reason why

fraudulent and corrupt activities are not reported. Thus, positive corporate culture

serves as an asset (e.g., Starbucks) and negative organisational culture may lead to an

organisation’s demise (e.g., Enron) (Flamholtz & Randle, 2012).

A good example of corporate culture focussing on shared values is provided by

Guiso, Sapienza, and Zingales (2015) which discussed the value of corporate culture.


The authors provided a pseudo case, where a firm with an impeccable customer care

record always tries its best to educate its employees in order to live up to the customers’

expectations. Therefore, it is a shared social norm, enforced by all people in the firm

that employees need to try their hardest in promoting the best customer service because

that is the essence of the firm. Consequently, an employee with a negative attitude

towards customers will be shunned by other employees because he/she does not live

up to the company’s values. For that reason, when positive values are shared, these

values may mitigate moral hazards, and when these values are negative, they may lead

to corporate misconduct.

A recent illustration is provided by APRA’s report in regard to its inquiry into

the CBA (2018). The report stated that “shared mindsets impact on behaviours,

because what people do is influenced by who they are and what they believe and value,

whether they are aware of this or not” (p. 82). The report also added an example to the

statement demonstrating that CBA’s business units’ employees view control functions

as obstacles to achieve their short-term incentives rather than the bank’s overall

profitability.

Another instance given by APRA is how the combination of individual

behavioural norms would have a negative impact towards the bank’s organisation

culture. APRA explained how the culture inside CBA often only mentions ‘good news’

while keeping the ‘bad news’ as quiet as possible. These behavioural norms are similar

to Liu’s (2016) findings on group norms. Employees are influenced by others inside

the bank to change their ‘common practice’. The conditions mentioned are interrelated

with CBA’s risk culture which is discussed further in section 2.3.4.

In this study, shared values form the ‘S’ of the STER model (shared values, tone

from the top, ethics and risk). This model is further explained in Chapter 3. The


following subsection provides a review of the literature on the impact of ‘tone from

the top’ on incidents of FC.

2.3.2 Corporate culture and tone from the top (leadership).

An important consideration for this study is tone from the top, which is identified

as a part of corporate culture (Biggerstaff et al., 2015; Brennan & McGrath, 2007;

Fritzsche, 1991; Liu, 2016; Schein, 1985; Sims & Brinkmann, 2003). Brennan and

McGrath (2007) found that senior management (leaders) were responsible for most

fraudulent activities (financial statement fraud) and that the board of directors (BODs)

are responsible for setting an organisational tone so that internal controls could be

more [or less] effective. Biggerstaff et al. (2015) added that an unethical culture comes

from the top level of leadership (CEOs in particular), highlighting the need for tone

from the top that sets strong leadership and an anti-fraud environment. They noted that

firms with CEOs who receive bonuses are more likely to engage in fraudulent activities

(p. 99), such as financial reporting fraud or overstating firms’ profits. Their results

demonstrated that externally hired CEOs are more likely to alter the firms' culture

effectively. Liu (2016) also emphasised the role of leaders in producing and nurturing

corporate culture in curbing corrupt activities. These indicate the importance of tone

in setting the right culture in a company in terms of risks of FC.

The link between corporate culture and leadership is identified by Sims and

Brinkmann (2003) using Enron as an example. They found that there were no ethical

boundaries because rule-breaking activities were encouraged by the leadership. In his

research, Finkelstein (1992) used different dimensions of power, namely: structural,

ownership, expert, and prestige power and posited that top management (being CEO

and other managers), when given enough power, have the abilities to influence

decision-making activities. This suggested that powerful leadership can decide


whether to involve their firm in corrupt activities. Similarly, using Figure 2.1, Fritzsche

(1991) explained how top management have more influence than one’s peers in terms

of decision-making, using the term role-set configurations. This term also means that

employees’ behaviours depend on the actual role played by the manager. This

argument is supported by Van den Steen (2010), where he argued that managers have

the power to choose what they want their employees to learn, a condition that is called

“manager-forced learning” (p. 618). These arguments strengthen that of Ashforth’s

and Anand’s (2003) which explained that leaders do not always need to engage in the

act of corruption themselves in influencing employees’ perceptions. They can simply

reward or punish the employees depending on their conduct in order to send them a

message of what is expected of them in an organisation, which is referred to as an

“authorisation act of corruption”. Employees will use their perception of their

superiors as well as the knowledge they have learned when faced with unethical

conduct, which in this case, included acts of FC.

Tone from the top within a corporate culture is argued as critical as it reflects the

power of upper echelons (Ogbor, 2001). Wimbush and Shepard (1994) supported this

view, and posited that despite having good ethical policies, the primary influence on

individuals’ ethical behaviour is stronger with what those individuals have learned

from their supervisor. Therefore, employees were likely to mimic their superiors

because they were the ones with the power to judge employees and decide whether

those employees deserve rewards or punishments (p. 642). Similarly, Lail, MacGregor,

Stuebs, and Thomasson (2015) discussed the role of a strong tone from the top in

promoting a resilient anti-fraud corporate culture and how a weak tone may lead to

fraudulent behaviour.


Further evidence of the importance of leadership and tone from the top is

provided in a study examining the influence of CEO’s ethical leadership to an

organisation’s ethical climate and employees’ perceptions of it. Shin’s (2012) study

demonstrated that CEOs play a significant role in establishing and promoting a code

of conduct throughout the organisation. This is because CEOs bring their own personal

values or beliefs, and then share it with everyone from top to bottom. It should be

noted, however, that since a CEO has the means and abilities to positively influence

an institution’s ethical climate, it can also negatively influence others and that can

include wrongdoings of FC.

An example of adverse effects from management can be seen from a study

investigating the relationship of top management team’s (TMT) deterioration with

organisational failure by Hambrick and D'Aveni (1992). They concluded that the

decline of TMT and the decline of organisations are related and act like a downward

spiral where one brings down the other. Another negative impact from TMT is related

to the size of TMT and CEO dominance in organisations (Haleblian & Finkelstein,

1993). Their findings suggested that in a turbulent environment, a larger team is

preferred to smaller teams, and dominant CEOs (centralised organisations) have

critical roles in the firms’ poor performance. Daboub, Abdul, Priem, and Gray (1995)

investigated the link between TMT characteristics and illegal corporate activities.

However, the definition of corporate culture that they provided fits more to shared

values rather than tone from the top, for example, “shared norms, values, and beliefs”

(p. 142) and socialisation as a means of shaping employees’ behaviours (p. 140). This

may suggest that there is a connection between shared values and tone from the top.

In addition, although they briefly discussed the possible link between culture (as

external and internal antecedent factors) and its influence on TMT in committing


corporate criminal activity, they neither examine further nor focus on corporate culture

to find its relationship to FC incidents, which is the focus of this research. Finally, a

very recent example from APRA’s inquiry into the CBA has revealed that CBA’s

leadership had not “practised what they preached” (2018, p. 87). This condition is

another example of the prominence of setting the right tone for an organisation (Lail

et al., 2015; Liu, 2016; Shin, 2012; Sims & Brinkmann, 2003).

There is also a connection between tone from the top and ethics, as explained by

Wimbush and Shepard (1994). In their paper, they explained how supervisors

influence employees through verbal or non-verbal communication on what is ‘right’

or ‘wrong’ in their opinion. These ‘rights’ and ‘wrongs’ could either be based on a

code of conduct (ethics) or personal opinion. The employees then communicate with

each other, spreading the supervisors’ opinions which enforces the policies throughout

the organisation. Wimbush and Shepard (1994) explained that the role of supervisors

is to moderate between rules and practices (p. 643), which further suggests having an

ethical tone from the top is critical in an organisation.

The link between tone from the top and corruption is also identified by van der

Wal et al. (2016). They used the term “good apple, bad barrel”, meaning that the

organisational structure and culture (e.g., unrealistic targets or pressure) may infect

healthy apples, which in this case are the employees of a company. Hauk and Saez-

Marti (2002) argued that corrupt culture is transmitted from older agents to younger

(newer) agents just like parents set examples for their children. Supporting this, Fisman

and Miguel (2007) provided a parking ticket example in their research where they

analysed the parking behaviour of United Nations (UN) officials in Manhattan. They

found that officials from countries with high levels of known corruption accumulated

more unpaid parking violations. This implies that one’s corrupt culture is highly


related to one’s home country, and therefore, an assumption can be made that one’s

home country is the parent (Barr & Serra, 2010). This assumption supported the

argument on corrupt culture being transmitted from ‘parents’ to ‘children’ (Hauk &

Saez-Marti, 2002). Despite having different unit of analyses, the studies mentioned

above may provide some insights on how these conditions can be translated to a

corporate context. For example, in an organisational context, parents are managers and

children are employees and how managers conduct themselves will be mirrored by

employees. Therefore, this thesis may complement the studies above by exploring,

amongst other aspects of culture, tone from the top from a corporate perspective.

As the literature demonstrates, tone form the top is relevant to the culture of a

firm and a potential contributor to FC. Together with shared values, it forms the ‘T’ of

the STER model (shared values, tone from the top, ethics and risk). The next

subsection discusses ethics and its role in guiding organisations to minimise FC, and

how the normalisation of different kind of ethics (e.g., corrupt and fraudulent ethics)

may lead to incidents of FC.

2.3.3 Corporate culture and ethics.

Ethics is another important attribute of corporate culture and the link between

the ethics of an organisation and incidents of FC has been identified. Previous studies

suggest that one of the red flags that can be related to fraudulent activities is unethical

or dishonest management behaviour (Gullkvist & Jokipii, 2013). Therefore, this

subsection further explores the relationship between corporate culture and ethics,

which consists of ethical culture, ethical education and ethical climate, and how it may

or may not have a role as a contributor to incidents of FC.


2.3.3.1 Ethical culture.

Treviño, Butterfield, and McCabe (1998) described ethical culture as a construct

that “emphasises the phenomenal level of culture – the more conscious, overt, and

observable manifestations of culture such as structures, systems, and organisational

practices, rather than the deeper structure of values and assumptions” (p. 451).

Hence, culture in this context is normative, that is, how it should be. This normative

understanding is supported by having rules and regulations such as a code of conduct.

In regard to fraud and corruption, having explicit and direct formal

institutionalisation on ethical conduct (i.e., rules, code of conduct) in a company is

argued by Ashforth and Anand (2003) as preferable as opposed to implicit and indirect

informal institutionalisation (i.e., socialisation, shared values, promotion, rewards for

good behaviour, etc). This statement contradicts previous research which emphasised

more on the latter (Crémer, 1993; DeBacker et al., 2015; Medcraft, 2016b; Van den

Steen, 2010). Nevertheless, van der Wal et al. (2016) stressed the importance of ethics

and the rules surrounding it by giving an example of bottom-up internalisation. They

posited that bottom-up internalisation of organisational values by promoting

employees’ ethical behaviour (strengthening their moral competence and awareness

training) is preferred compared to top-down imposition of rules and regulation,

because the former results in a more positive image of the employees (they are trusted

for what they do), as opposed to the latter, where it results in a negative image of the

employees (the reason rules are imposed on them is because they are not trusted to do

their job).

2.3.3.2 Ethical education.

D. R. May, Luth, and Schwoerer (2014) attested the importance of ethical

education in increasing employees’ moral competence. In their study, they focussed


on how business ethics education has positive impacts on increasing one’s moral

efficacy, moral meaningfulness, and moral courage. Likewise, Tormo-carbó, Seguí-

mas, and Oltra (2016) recommended enhancing employees’ professional ethical

behaviour by learning the consequences of their actions through formal courses.

Finally, supporting both arguments, Halbouni, Obeid, and Garbou (2016) suggested

organisations that promote a culture of honesty by adopting business ethics programs

are better able to prevent, detect and deter fraudulent acts (p. 616).

Ethical rules and education are important in promoting an ethical culture within

the organisation. However, so is ethical climate as it influences the decision-making

progress in an organisation (Duh, Belak, & Milfelner, 2010). Therefore, an

organisation’s ethical climate may determine whether the organisation is susceptible

to incidents of fraud and corruption.

2.3.3.3 Ethical climate.

Ethical climate is described by Cullen, Victor, and Stephens (1989) as one

component that defines organisational culture. They explained ethical climate as a

combination of shared perceptions/values (see subsection 2.3.1) and processes in

dealing with ethical issues. Further, it is “one type of work climate that reflects

organisational procedures, policies, and practices with moral consequences” and it

influences the decision-making process in an institution (K. D. Martin & Cullen, 2006,

p. 177). Similarly, Vardi (2001) posited that ethical climate is “perceived

representation of the organisation’s goals and the means and ways adopted for goal

attainment” (p. 327). An example of an adverse ethical climate is the banking and

insurance sectors that are currently being reviewed under the Banking Royal

Commission due to their incentive-focussed culture (see section 1.4). The institutions’


goals are all sales-driven and they incentivised their employees to increase those

numbers regardless of impact on their clients.

In order for an ethical work climate to exist and persist, there should be

normative patterns inside the organisation that the people acknowledge (or perceived

to exist within the organisation), which is referred to as institutionalisation (Victor &

Cullen, 1988). Since the people inside the institution acknowledge the climate, they

act according to the normalised practice in the organisation. In relation to FC,

Wimbush, Shepard, and Markham (1997) suggested managers to understand the work

climate in their organisation as a proactive measure in curbing unethical conduct.

Wimbush and Shepard (1994) also proposed that having a better ethical climate leads

to minimising costs that are caused by poor performance or counterproductive

behaviours (e.g., absenteeism) and other unethical behaviours (e.g., kickbacks).

Previous research provides insights into organisational ethical culture, ethical

education and ethical climates to better understand how ethical culture as rules, ethical

education, and ethical climate as perceptions shape ‘normal practice’ in an

organisation, and how ‘normal’ may lead to acts of FC. Ethics, together with shared

values and tone from the top, shapes the ‘E’ in the STER model in Chapter 3. The next

subsection explains the last attribute of corporate culture, that is, risk culture and how

it relates to incidents of FC by utilising several cases from prior research.

2.3.4 Risk culture.

APRA (2016) defined risk culture as “the norms and traditions of behaviour of

individuals and groups within an organisation that determine the way in which they

identify, understand, discuss, and act on the risks the organisation confronts and the

risks it takes” (p. 7). APRA (2017) stressed the importance of having a strong risk

culture to “support the ability of the institution to operate consistently within its risk


appetite” (p. 3), with risk appetite defined as ‘the amount and type of risk that an

organisation is willing to take in order to meet their strategic objectives’ (Institute of

Risk Management [IRM], n.d.). APRA also underscored that a solid risk management

strategy (RMS) must be able to “instil an appropriate risk culture across the

institution” (p. 8). An organisation’s risk culture, APRA contended, is reflective of the

influence of that organisation’s overall culture on how it manages organisational risks

(2018, p. 82).

A risk management strategy, according to APRA (2017) is a document that must

be maintained by an APRA-regulated institution,2 which contains the strategy to

manage risk within an institution. APRA (2017, p. 7) listed the necessary elements

needed in a risk management framework:

a) credit risk;

b) market and investment risk;

c) liquidity risk;

d) insurance risk;

e) operational risk;

f) risks arising from the strategic objectives and business plans; and

g) other risks that, singly or in combination with different risks, may have

a material impact on the institution.

APRA, in their Fraud Risk Management document (2015), expected institutions to

include abovementioned risk elements in their framework and how to manage fraud

2 APRA oversees banks, credit unions, building societies, general insurance and reinsurance

companies, life insurance, private health insurance, friendly societies and most members of the

superannuation industry (APRA, n.d.).


risks (internal and external) associated with them. Despite the document specifically

tailored for registrable superannuation entity (RSE), a fraud risk management is

recommended for all Australian organisations. In addition, APRA recommended

organisations include a risk appetite statement covering the possibility of fraud risks

and a risk management strategy (RMS) to minimise the likelihood of fraud to occur.

In its inquiry report into the CBA, APRA explained that despite there being no

single best practice for a sound risk culture, there are some elements that are

recommended. These elements include “constructive challenge from a range of

perspectives, timely and transparent information flows without fear of blame, and a

consistent approach to risk management through the economic cycle” (2018, p. 83).

Furthermore, APRA suggested organisations to reward employees in relation to risk-

taking accordingly. This suggestion is due to the incentive-driven culture that shrouds

the Australian banking and insurance sectors. The report added that employees are

reactive towards risks (p. 85), perceive risk management as a low priority

‘administrative task’ (p. 86) and do not fully execute ‘walking the talk’ in regard to

risk management (p. 87). This report further showed that failing to uphold a proper

risk culture may lead firms to corporate misconduct.

In addition to APRA, concerns regarding organisations’ risk culture have been

voiced by industry and academic publications. For example, the Organisation for

Economic Cooperation and Development (OECD, 2014), in a report discussing a risk

management framework, explained that one of the greatest shocks from the financial

crisis was its prevalent failure of risk management (p. 12). EY, in the Global Fraud

Survey (2016), emphasised the need for companies to recognise the impact of culture

on business risk, further highlighting the importance of culture and risks within

organisations.


Many academic studies also identify the importance of risk management, such

as Naude and Chiweshe (2017) who suggested that it is expected for businesses to

identify, respond and mitigate risks early by proactively undertaking risk assessment.

Pan, Siegel, and Wang (2017) posited that an organisation’s risk culture may be crucial

in influencing the organisation’s decision-making activities. Palermo et al. (2017)

provided another view, explaining that there are two logics which are related to risk-

taking: logic of opportunity and logic of precaution (p. 155). Logic of opportunity is

where risk-taking and entrepreneurism are favoured, while logic of precaution means

to regulate risk and exercise control, mitigating excessive risk-taking. They suggested

that organisations risk logic is shifting from logic of opportunity (innovative risk-

taking in a period of growth) to logic of precaution (condemning excessive risk-taking

in a period of crisis) after the Global Financial Crisis (GFC). Poor risk culture can be

seen as taking unnecessary risks or even implementing ‘riskiness’ as a policy, and they

cited the GFC as an example of excessive risk-taking.

Excessive risk-taking can lead to serious fraudulent acts and this was

demonstrated in the Enron case where there was a culture of risk-taking and this was

encouraged as long as great results were achieved (Sims & Brinkmann, 2003). Enron’s

rewards system provides a useful example: win-at-all-costs. In that type of

environment, any measure, no matter how risky, is considered innovative and brave,

and included fraudulent activities. Another instance of a risk-seeking company was the

American International Group (AIG) (Flamholtz & Randle, 2012). Frank Cassano, the

leader of AIG’s Financial Products Group, changed its corporate culture from ‘just

about anyone could question a trade’ to a risk-seeking culture without adequate

information and understanding of Credit Default Swap’s (CDS) risks and rewards. The


organisational culture also became flawed as nobody would challenge Cassano’s ideas

and as a result, AIG almost collapsed if not for the Federal Reserve bailout.

In regard to risk-taking activities caused by remuneration in the banking sector,

Zalewska (2016) suggested regulators to have active participation in regulating firms

to minimise their risk-taking activities. Similarly, Bezzina, Grima, and Mamo (2014)

recommended firms to be more disciplined in their risk management as an effective

measure to thwart economic turbulence such as the GFC. They asserted that the

strength of one’s risk culture in order to survive a financial crisis and how it can be

achieved is through leadership, involvement, learning, accountability and

communication. In addition, a board that understand the firm’s philosophy is needed

in order to drive the risk culture even further (Schein, 1985). However, contrary to the

recommendation, the results from Palermo et al. (2017) showed that risk assessment

means very little to decision-makers and some managers are less willing to do the

assessment on their own. They prefer to have someone to do it for them or ‘hold their

hand’. The managers’ unwillingness to conduct risk assessment may be one indicator

on why incidents of FC occur in the first place, because they could not determine the

risks until after the fraudulent incident occurred.

Based on the concerns raised above, risk culture serves as the final component

of ‘R’ in the STER model and is explained further in Chapter 3. After reviewing the

literature, several gaps in the literature can be identified. Those gaps are discussed in

the following section.

2.4 Gaps in the Literature

The reviewed literature provided useful insights into the relationship between

corporate culture and fraud and corruption, and aided in the identification of the

attributes that define corporate culture. However, there are several gaps that need to


be addressed to ensure the research question for this study (Is there a connection

between corporate culture and incidents of fraud and corruption in Australian

organiastions?) is properly addressed.

Gaps identified include the following: various studies did not provide empirical

evidence (Crémer, 1993; Flamholtz & Randle, 2012; Fritzsche, 1991; Ogbor, 2001),

others focussed on specific places or cases which are not related to the Australian

organisational context (Brennan & McGrath, 2007; Cameron et al., 2009; DeBacker

et al., 2015; Fisman & Miguel, 2007; Liu, 2016; Sims & Brinkmann, 2003; Soltani,

2014). Another identified gap is that although previous research used different

methods in gathering their data (quantitative or experimental), it was difficult to source

literature that examined the role of corporate culture and FC through in-depth

interviewing of professionals who identify causes of fraud and corruption as part of

their role (Biggerstaff et al., 2015; Cameron et al., 2009; Guiso, Sapienza, & Zingales,

2006; Guiso et al., 2015; Liu, 2016; Van den Steen, 2010). Professionals such as

forensic accountants were able to provide their view of a firm’s culture due to their

intimate knowledge of the crime during a forensic investigation. Furthermore,

corporate management opinions were explored as many have experienced FC first-

hand. This study probes for in-depth insights into culture and the relationship to

incidents of FC using a qualitative approach through in-depth interviewing.

Another gap relates to definitions or attributes of corporate culture. Although

most prior research defined the attributes of corporate culture, these definitions vary

substantially; or, if similar, they focussed on one or two attributes (Ashforth & Anand,

2003; Beasley, 1996; Biggerstaff et al., 2015; Crémer, 1993; Daboub et al., 1995;

Finkelstein, 1992; Guiso et al., 2015; Haleblian & Finkelstein, 1993; Hambrick &

D'Aveni, 1992; Johansson & Carey, 2016; Liu, 2016; Palermo et al., 2017; Shin, 2012;


Van Akkeren & Buckby, 2017; Wimbush & Shepard, 1994; Wimbush et al., 1997).

For example, a study by Liu (2016) explored the role of corrupt culture in influencing

corporate misconduct and how it may be inherited. Culture, in her study, includes

shared values (“shared values and beliefs…” (p. 309) and “lower level employees

having similar values as their leaders” (p. 310)); and tone from the top (“leaders

create and disseminate culture within the organisation” (p. 309)). Although similar to

this study, several aspects of culture were not included (i.e., ethics and risk culture),

particularly as they relate to incidents of FC. In another study, Van Akkeren and

Buckby (2017) identified the connection between criminology theory and incidents of

fraudulent activities committed by individuals and groups. The study mentioned

shared values (“The sub-groups that formed within these organisations adopted

norms…” and “…behaviour of those involved in corporate scandals may have been

learned from others through socialisation…” (p. 386)) as well as tone from the top as

part of corporate governance (p. 387). However, in the context of FC, they focussed

more on only two aspects of culture (i.e., shared values and tone from the top).

Finally, studies identified in the literature review do not specifically discuss the

relationship between corporate culture and FC and only one paper utilised forensic

accountants’ expert opinions as its empirical resource (Van Akkeren & Buckby, 2017),

but did not focus on all attributes of culture identified as relevant in this thesis. This

study aims to fill these gaps by investigating the relationship between corporate culture

and incidents of FC in Australian organisations using the perceptions and experiences

of forensic accountants and industry professionals. In addition, a corporate culture

(STER) framework is developed, providing a useful guide for future researchers. The

overall summary of each individual attribute of corporate culture and the gaps attached

to them are provided in table form (Table 2.1).


Table 2.1

Summary of the four cultural attributes and their gaps

Attribute(s) and Author(s) Summary Gaps

Shared Values (S)

Cameron et al. (2009);4 Crémer (1993);1

DeBacker et al. (2015);3,4 Flamholtz and Randle

(2012);3,4 Fritzsche (1991);1 Guiso et al.

(2015);3,4 Liu (2016);3,4 Medcraft (2016b);5

Ogbor (2001);1,2 Van den Steen (2010)3

Shared values in the form of daily

socialisation may shape employees to

the company’s liking

Group norms are stronger than internal

norms

Shared experience may develop to

shared beliefs through time, therefore

critical

As referred from superscript:

1. Studies do not have empirical evidence

2. Studies focussed on certain theories

3. Studies are not based on Australian

context

4. Studies have different unit of analysis

(e.g., country instead of corporate

context, or focussed on specific

industry)

5. Cited articles are not research papers

Tone from the Top (T)

Ashforth and Anand (2003);1,2 Barr and Serra

(2010);3,4 Biggerstaff et al. (2015);3,4 Brennan

and McGrath (2007);3 Daboub et al. (1995);1

Finkelstein (1992);3,4 Fisman and Miguel

(2007);3,4 Fritzsche (1991);1 Haleblian and

Finkelstein (1993);3 Hambrick and D'Aveni

(1992);3 Hauk and Saez-Marti (2002);1 Lail et al.

(2015);2,3 Liu (2016);3,4 Ogbor (2001);1,2 Schein

(1985); Shin (2012);3,4 Sims and Brinkmann

(2003);1,3,4 Van den Steen (2010);3 van der Wal

et al. (2016);4 Wimbush and Shepard (1994)1,2

Senior management are responsible for

setting organisational tone, positive or

negative

Management holds more power

compared to one’s peers in decision-

making process

Leaders can control what they want their

employees to learn

Employees tend to mimic their

supervisors


Ethics (E)

Arewa and Farrell (2015);3,4 Ashforth and Anand

(2003);1,2 Brown and Loosemore (2015);4 Cullen

et al. (1989);3 Duh et al. (2010);3,4 Gullkvist and

Jokipii (2013);3,4 Halbouni et al. (2016);3,4 K. D.

Martin and Cullen (2006);1,2 D. R. May et al.

(2014);3,4 Tormo-carbó et al. (2016);3,4 Treviño

et al. (1998);3,4 van der Wal et al. (2016);4 Vardi

(2001);3,4 Victor and Cullen (1988);3,4 Wimbush

and Shepard (1994);1,2 Wimbush et al. (1997)3,4

Having rules are argued to be preferable

compared to informal institutionalisation

An ethical education is recommended to

increase employees’ moral competence

Ethical climate may influence

employees’ perceptions inside an

organisation

Risk Culture (R)

Bezzina et al. (2014);3,4 Flamholtz and Randle

(2012);3,4 Naude and Chiweshe (2017);1,3

Palermo et al. (2017);3,4 Pan et al. (2017);3,4

Schein (1985); Sims and Brinkmann (2003);1,3,4

Zalewska (2016)1,3,4

Strong risk culture is needed to prevent

excessive risk-taking

A risk management strategy is needed to

calculate risks within an organisation

Risk assessment is not a priority for

decision-makers

Regulators active participations are

needed to minimise excessive risk-

taking

Overall gaps from this study:

The lack of forensic accountants and industry professionals’ views and perceptions as

experts who have investigated and/or experienced incidents of FC based on corporate

culture

The lack of a comprehensive framework addressing the relationship between corporate

culture and incidents of FC


2.5 Summary

The relationship that corporate culture has with incidents of FC is critical, as

highlighted in this chapter. However, there are several gaps found in the literature,

which are unit of analyses (Cameron et al., 2009; DeBacker et al., 2015; Fisman &

Miguel, 2007); different methods (Biggerstaff et al., 2015; Liu, 2016); different

cultural context (Crémer, 1993; Hambrick & D'Aveni, 1992; Liu, 2016; Van Akkeren

& Buckby, 2017); and lack of empirical evidence gathered from forensic accountants

and industry professionals expert opinions in a cultural context (Van Akkeren &

Buckby, 2017). In answering the overarching research question, this study explores

these gaps and develops a framework based on empirical evidence.

The next chapter presents the conceptual framework that is developed from the

review of the literature on economic crime, governance and organisational culture.

This framework is then used in answering the overarching research question with its

four attribute-related questions.

Chapter 3: Conceptual Framework 53

Chapter 3: Conceptual Framework

There continues to be a clear acknowledgement of the importance of creating

an environment where the right people take the right action at the right time.

(PwC, 2017b, p. 17)

3.1 Research Question

The purpose of this study is to better understand the relationship between the

role of corporate culture and incidents of fraud and corruption (FC). To gain a deeper

understanding, an overarching question needs to be asked:

‘Is there a connection between corporate culture and incidents of fraud and corruption

in Australian organisations?’

Chapter 2: Literature Review has identified four organisational culture attributes

that are found and/or suggested to be associated with incidents of FC: shared values

(S), tone from the top (T), ethics (E) and risk culture (R). The following section

identifies the conceptual foundations adapted from the literature review for the

development of the ‘STER’ model used in this study. Four specific research questions

relevant to this study are also identified and explained in the next section.

3.2 Conceptual Background

Literature that shapes the conceptual model focussed on four attributes of

corporate culture: shared values, tone from the top, ethics and risk culture. The

predominance of these four attributes was discussed in detail in the literature review,

specifically section 2.3. These cultural attributes may explain how incidents of FC

persist despite strong regulatory requirements for Australian organisations from the

Australian Prudential Regulation Authority (APRA) and Australian Securities &

54 Chapter 3: Conceptual Framework

Investments Commission (ASIC). The researcher acknowledges that corporate culture

is not limited to these four attributes alone. However, for this study, these four were

selected because of the high correlation between the presence of these factors and FC

incidents (potential and existing) documented in accounting, finance, ethics and

management studies (for example, see Flamholtz & Randle, 2012; Liu, 2016; Palermo

et al., 2017; Sims & Brinkmann, 2003; Van Akkeren & Buckby, 2017), as well as

industry publications (HLB Mann Judd, 2017; PwC, 2017b). Subsection 3.2.1

describes shared values together with the first research question.

3.2.1 Shared values.

The management literature suggested that certain shared informal norms in an

organisation are reflected by employees’ behaviour (Armenakis et al., 2011; Ogbor,

2001). This aligns with Schein’s (1985) definition of organisational culture, which is

the assumptions and values concerning how things work in an organisation. Hatch and

Zilber (2012, p. 95) described organisational culture as “tacit knowledge that drives

organisational actors in potent ways that engage their full being in processes from

which organisational culture arises”. Hatch and Zilber (2012) further explained that

tacit knowledge can operate within emotional and aesthetic consciousness, which leads

to certain behaviours in everyday activities. In this study, emotional and behavioural

knowledge take the form of employees’ perceptions of how ‘things are done around

here’ (Arewa & Farrell, 2015, p. 62). As Arewa and Farrell (2015) explained, when

employees perceive it is normal for corrupt acts to happen in their workplace, they will

adjust themselves to that condition. This condition then shapes employees’ daily

behaviour.

The ethics and finance literature on corporate culture also suggested that shared

values played a role in contributing to FC. For example, Fritzsche (1991) argued that


shared values from daily socialisation between people in the organisation may shape

individuals’ perceptions of fraudulent and corrupt activities (Arewa & Farrell, 2015;

DeBacker et al., 2015). Liu (2016) argued that group norms, which were enforced

shared values, had two and a half times greater impact in shaping a corrupt corporate

culture than internal norms, which were based on personal values. Liu illustrated this

phenomenon using an individual’s predisposition towards insider trading, which

remains even though he/she moved to a different organisation. Correspondingly,

Cameron et al. (2009) identified how everyday experiences shape individual’s

perceptions toward corrupt activities. Their experimental study showed that an

individual builds a greater tolerance towards corrupt activities once he/she is exposed

to such activities on a daily basis.

These examples support the position that shared values can be significant factors

in spreading fraudulent and corrupt acts, and that, in turn, tolerance for these acts may

increase due to employees’ everyday exposure to these influences. An example of

shared values influencing corporate culture and FC was the Enron case. Enron’s

employees shared a culture that pushed the limits of propriety and put the individual

before everyone else to avoid public humiliation. The employees used any means

necessary to save themselves, including fraudulent and corrupt activities (see

subsection 1.4).

Although demonstrated as a contributor to FC, shared values can vary greatly in

definition, and across organisations. This study examined shared values, their

composition, and how they may result in acts of FC. Therefore, based on these

arguments, the first research question in relation to organisational culture is:

RQ1: How do shared values contribute to incidents of fraud and corruption?


The next subsection explains tone from the top and highlights the second

research question.

3.2.2 Tone from the top.

Tone from the top is the second attribute of corporate culture that emerged from

the management literature. Tone from the top is explained by Hambrick (2007, p. 334)

as the combination of experiences, values and personalities of executives and how

these combinations significantly influence their understandings of different conditions,

and in the end, make their business decisions. Hambrick concluded that leaders engage

in acts that may bring either positive or negative outcomes for an organisation and its

employees. This is because leaders are the key decision-makers who determine

whether or not to involve the organisation in fraudulent and/or corrupt activities by

condoning or condemning the related activities. This argument is supported by finance,

accounting, management and ethics literature discussing the role of leadership in

nurturing or curbing fraudulent and/or corrupt activities (Brennan & McGrath, 2007;

dela Rama, 2012; Finkelstein, 1992; Liu, 2016; Sims & Brinkmann, 2003).

Tone from the top has been argued as reflecting leaders’ behaviour to

employees’ conduct related to fraudulent and corrupt acts inside an organisation.

Despite its relevance, the means and to what extent tone from the top contributes to

FC is still unclear in Australian industries. This study explored tone from the top and

how it may result in acts of FC. Thus, the second research question in relation to

organisational culture is:

RQ2: How does tone from the top contribute to incidents of fraud and

corruption?

The second research question assisted in answering how tone from the top in

Australian organisation may lead to incidents of FC. The next subsection clarifies the


role of ethics as one of the organisational culture attributes and presents the third

research question.

3.2.3 Ethics.

Ethics is the third attribute of corporate culture literature and takes three forms

within an organisation, that is, ethical climate, ethical culture and ethical education. K.

D. Martin and Cullen (2006) described ethical climate as “a type of work climate that

is best understood as a group of prescriptive climates reflecting the organisational

procedures, policies, and practices with moral consequences” and how it

“influences… subsequent behaviour in response to ethical dilemmas” (p. 177). These

behaviours are shared amongst everyone in the organisation (be it employees or

managers), and therefore, it is crucial for employers and employees to understand an

organisation’s ethical climate (Wimbush & Shepard, 1994; Wimbush et al., 1997).

Ethical climate, as part of ethics, is relevant for this study as it helps to shape corporate

culture and attitudes to fraud and corruption.

Ethical culture is described as focussing on the more conscious and observable

manifestations of culture, such as structures and systems, rather than the hidden

perceptions, such as shared values and assumptions (Treviño et al., 1998). The

organisational, ethics and finance literature have examined different methods of

achieving a culturally ethical organisation. Prior research suggested that having

explicit and direct formal institutionalisation, such as rules and a code of conduct is

preferred (Ashforth & Anand, 2003; van der Wal et al., 2016) as opposed to shared

values and daily socialisation (DeBacker et al., 2015). Other research focussed on the

importance of ethical education in the organisation to strengthen employees’ moral

competence in dealing with unethical behaviour (D. R. May et al., 2014; Tormo-carbó

et al., 2016). Nevertheless, ethical culture and ethical education are argued to be able


to curb unethical or counterproductive behaviours, such as acts of FC (Halbouni et al.,

2016; Wimbush & Shepard, 1994).

Ethical climate differs to ethical culture. As explained above and in the literature

review (see subsection 2.3.3), ethical culture is a control measure that is embedded in

the system, such as rules, regulations and recommended education. Treviño et al.

(1998) defined ethical culture as “a subset of organisational culture, representing a

multidimensional interplay among various ‘formal’ and ‘informal’ systems of

behavioural control that are capable of promoting either ethical or unethical

behaviour” (p. 451). Hence, ethical culture is normative because it describes the

ethical rules inside an organisation. Although ethical climate is explained as reflecting

the organisational procedures and practices (K. D. Martin & Cullen, 2006), it leans

more towards group perceptions of those procedures and practices. Perceptions are not

normative, and they could change depending on the situations. Hence, what is

perceived as ‘normal’ inside an organisation may change based on the everchanging

experiences (Prabowo & Cooper, 2016).

Despite their differences, people sometimes confuse ethical climate and ethical

culture, or even use them interchangeably. This is understandable due to their

similarities. Both ethical culture (as rules) and ethical climate (as perceptions) may

influence how an organisation deals with incidents of fraud and corruption using a

code of conduct and group perceptions of practices inside the organisation. Thus, both

of these ethical attributes, together with ethical education, may help each other in

creating a robust system to deter FC incidents.

As ethics entails three components in this study, how these components (either

individually or the combination of them) contribute to incidents of FC is still unclear.


Therefore, based on the reviewed literature, the third research question for this study

is:

RQ3: How does ethics contribute to incidents of fraud and corruption (FC)?

This research question aids in investigating how these three ethical components

contribute to FC in Australia. The final subsection discusses risk culture as the final

attribute of corporate culture and highlights the final research question for this study.

3.2.4 Risk culture.

Risk culture is the final attribute emerging from the literature, including research

in accounting, management, finance and business ethics. APRA (2016) defined risk

culture as “the norms and traditions of behaviour of individuals and groups within an

organisation that determine the way in which they identify, understand, discuss, and

act on the risks the organisation confronts and the risks it takes” (p. 7). They also

highlighted the importance of having a risk management strategy (RMS) and risk

management framework (see subsection 2.3.4). An organisation without a proper RMS

may be a victim to incidents of fraud and corruption. Further, with a proper RMS, an

organisation can decide when to pursue and avoid risk without risking the

organisation’s well-being.

Several academic and industry publications have stressed the significance of

having a sound corporate risk culture, especially its relation to FC. Sims and

Brinkmann (2003) explained how a risk-taking culture in an organisation may not have

positive outcomes, using Enron’s incentive-driven culture as their example. Ernst &

Young’s (EY) Global Fraud Survey (2016) emphasised the importance of the

relationship between a corporate risk culture and overall business risks. Further, the

OECD (2014) stressed sound risk management in preventing a financial crisis.

Palermo et al. (2017) cited the Global Financial Crisis (GFC) as an example on why


excessive risk-taking should be discouraged, identifying poor risk culture as being

associated with poor risk assessment by management. Palermo et al. (2017) also added

that management is somewhat reluctant in properly assessing a firm’s risk (see

subsection 2.3.4). Arguably, this condition may be the reason why incidents of FC can

occur.

Risk culture can take many forms and includes a number of approaches in

attempts to minimise FC. What is unclear is how risk culture (or lack thereof)

contributes to incidents of FC, that is, what are the most common elements of risk

culture that have resulted in FC. Therefore, the final research question in relation to an

organisation’s risk culture is:

RQ4: How does risk culture contribute to incidents of fraud and corruption?

This research question aids in the exploration of the way in which a company’s

risk culture contributes to FC in Australia.

The aforementioned literature from organisational, ethical, accounting,

management and finance journals aided in the identification of four cultural attributes

and related research questions. The conceptual framework established from the

literature aids in visualising corporate culture and the relationship to incidents of FC.

The next section presents the conceptual framework used for this study.

3.3 Conceptual Framework

In responding to the research questions, this study developed a conceptual

framework based on the literature discussed in Chapter 2. This framework identified

the relationship between the four organisational culture attributes and incidents of FC

within an Australian context. The conceptual model for this study is displayed in

Figure 3.1.


Figure 3.1. A Conceptual Framework of Corporate Culture and FC (STER Model).

Adapted from different papers (Crémer, 1993; Cullen et al., 1989; Flamholtz & Randle, 2012;

Fritzsche, 1991; Guiso et al., 2015; Hambrick & D'Aveni, 1992; Liu, 2016; Ogbor, 2001; Palermo et

al., 2017; Shin, 2012; Sims & Brinkmann, 2003; Van Akkeren & Buckby, 2017; van der Wal et al.,

2016; Victor & Cullen, 1988; Wimbush et al., 1997)

This framework uses an interdisciplinary approach that captures attributes

identified in prior studies on corporate culture and incidents of FC drawing from

studies in organisational, management, ethics and finance literature. The framework

visually illustrates how shared values, tone from the top, ethics and risk culture may

shape an organisation’s culture, and how they may contribute to incidents of FC. It

should be noted, however, that in relation to FC, corporate culture is not limited only

to these aspects and not all cultural aspects need to be present for FC to occur. What

is unclear is the level of impact (if any) each attribute may have on incidents of FC

and, therefore, gathering empirical evidence aided in answering the research questions

Contributes to

Shared values

(S)

Tone from

the top (T) Ethics (E)

Risk culture

(R)

Shapes

Organisational/Corporate

Culture

Fraud and corruption (FC)


for this study. The four attributes were specifically chosen due to the consistent

emergence throughout the literature and their relationship (potential and existing) with

incidents of FC. The framework can be used to explain the events, decisions, reactions

and actions of organisations and individuals within them, and how each, or a

combination of factors, may lead to incidents of FC (Van Akkeren & Buckby, 2017,

pp. 388-389). The majority of empirical studies on FC have not focussed on ‘corporate

culture’ as a major contributor and/or do not include all four attributes of corporate

culture identified in this study. Thus, this framework is developed based on the

combination of a review of the literature, in particular, studies that have argued the

importance of these four attributes and their possible link to incidents of FC.

3.4 Summary

The STER Model is generated from the literature and is a visual aid for exploring

how different attributes of corporate culture may contribute to incidents of FC based

on cases investigated by forensic accountants and events experienced by industry

professionals.

A review of the literature demonstrates the need for further empirical evidence

on how corporate culture contributes to incidents of FC. The model, therefore, assists

in answering the four research questions by guiding the researcher in exploring this

topic.

The next chapter (Methodology) outlines the chosen research design for this

study including sampling, how data is analysed, how trustworthiness is achieved,

ethical considerations, and finally, identifies the potential risks of this study.

Chapter 4: Methodology 63

Chapter 4: Methodology

The methodology adopted in this study is qualitative, using interviews with

forensic accountants and industry professionals to investigate the relationship between

the four attributes of corporate culture and incidents of FC. This chapter describes and

justifies the design adopted to answer the research questions identified in the previous

chapter. The first section (4.1) of this chapter discusses the research design that was

used in the study and the stages by which the research design was implemented. The

second section (4.2) details the participants in the study and reasons for their inclusion.

The third and fourth explains the instruments used in the study and justifies their use

(4.3) outlining the procedures used and the timeline for completion of each stage of

the study (4.4). Data analysis is discussed in the fifth section (4.5) with the chapter

concluding (4.6) by outlining the ethical considerations of the research and identifying

potential problems and risks.

4.1 Research Design

A qualitative inductive research design using semi-structured interviews was

used to solicit deep insights into this topic. This approach was chosen to enable an in-

depth exploration of social and cultural perceptions on incidents of FC. Qualitative

research was selected over quantitative as it provided the capacity to probe into greater

depth and obtain more information (Gable, 1994), which is particularly useful when

addressing complex organisational cultural issues. Manning and Kunkel (2014)

observed that qualitative research allowed richer data based on participant-driven

understandings (p. 435) and that participants subjectivity can “help bring ideas or

concepts into focus that might otherwise elude researchers” (p. 436). This framework

therefore, enables fuller exploration of forensic accountants’ and industry

64 Chapter 4: Methodology

professional’s subjective perceptions as to the interface between corporate culture and

the FC cases they have investigated and/or experienced. Further, similar prior research

has validated a qualitative inductive approach for examining the relationship between

corporate culture and incidents of FC (Goodstein, Butterfield, & Neale, 2016; Van

Akkeren & Buckby, 2017).

Further explanations on the number of participants and the reasons this research

used semi-structured interviews are provided in section 4.2 and section 4.3

respectively. The next section details the participants and sampling strategy for this

qualitative inductive study.

4.2 Participants and Sampling Strategy

Purposeful sampling is used in gathering data in this study. Zikmund (2003)

explained that in this framework samples selected need to have appropriate

characteristic to serve the specific purpose (p. 382). Teddlie and Yu (2007), in

comparing purposive and probability sampling, found purposive sampling to be better

suited to address a specific purpose related to the research questions, that is, samples

are selected based on the probability of informing the research questions. Thus,

purposive sampling is preferable as forensic accountants and industry professionals

have the specialised knowledge on the role of organisational culture and incidents of

FC from cases they have investigated and/or experienced. As Young observes, one of

the forensic accountants’ job requirements in investigating a case includes looking into

a company’s culture (Young, 2014). Industry professionals, which in this study are

compliance managers, were chosen because part of their role is to ensure firms having

an honest, ethical and compliance culture (Interligi, 2010; Jenkinson, 1996) in

preventing compliance risk which includes fraud and corruption (Dominic, 2018). For


these reasons, both forensic accountants and industry professionals were able to

provide deep insights into the causes of FC from a cultural perspective.

In purposive sampling, the sample size is typically small, fewer than thirty, and

concentrates more on the depth of the information (Teddlie & Yu, 2007, p. 84).

Approximately twelve forensic accountants and industry professionals were chosen to

participate in this research and eight in total accepted that invitation. Although many

attempts were made to source further participants, time constraints of participants, in

part due to many being involved in the Banking Royal Commission, hindered this

process. However, the number of participants was not fixed and data collection was

complete when data saturation was achieved, that is, the point in data collection and

analysis process was reached when no new categories or themes emerge, which

supports DiCicco‐ Bloom and Crabtree (2006, p. 317). Although sampling was

purposive, the participants selected were randomly chosen to minimise both

participant bias risk in responses and researcher bias in participant selection (Zikmund,

2003). This was done by using the “RAND” function in Microsoft Excel to randomly

generate numbers that are associated with each of the potential participant’s names.

The following section describes the instruments used for data collection process.

4.3 Instruments

4.3.1 Interviews.

The data collection instrument was semi-structured interviews. Interviews are

the most commonly used data collection method in qualitative research (DiCicco‐

Bloom & Crabtree, 2006; Kallio, Pietilä, Johnson, & Kangasniemi, 2016), and are

capable of generating rich data (Schultze & Avital, 2011). In the interview method,

Schultze and Avital (2011) highlighted the importance of having an interview protocol

(see Appendix B), identifying its dual purposes as (p. 3):


(1) To outline the steps and questions to be taken and asked in order to extract

relevant responses from the participants; and

(2) To minimise the possibility of the researcher on interfering with the data

extraction process (see section 4.7 for further explanation).

Guest, Bunce, and Johnson (2006) suggested that approximately 88 percent of the

necessary data can be obtained with only 12 interviews. Therefore, in this study data

saturation was expected well within twelve interviews.

Barriball and While (1994) listed several advantages of using interviews as the

method for data collection (p. 329). These included:

(1) Better response rates as contrasted against a questionnaire survey;

(2) A better-suited method for exploring subjective subject matter, such as

attitudes, values, beliefs and motives;

(3) Better researcher capacity to measure the validity of responses by observing

non-verbal indicators such as, for example, body language;

(4) Greater consistency in that this method “can facilitate comparability by

ensuring that all questions are answered by each respondent” (Barriball &

While, 1994, p. 329); and

(5) Better validation of response integrity through the ability to ensure all

answers are purely from the respondents.

Further, face-to-face contact with the researcher may motivate participants to engage

actively in the interview. These advantages align with this study’s aims to: (1) explore

subjective views of forensic accountants and industry professionals; (2) ensure that


they respond to every question and, where appropriate, generate further probative

questions and answers; and (3) observe non-verbal indicators during the interview.

Finally, Van Akkeren and Buckby (2017) and Campbell and Göritz (2014) have

demonstrated the usefulness of the interview method in studying economic crime.

4.3.1.1 Semi-structured interview.

Semi-structured interviews are the most widely used interviewing method

(DiCicco‐ Bloom & Crabtree, 2006, p. 315). DiCicco-Bloom and Crabtree argued that

structured interviews often produced data that is quantitative in nature, while Dana,

Dawes, and Peterson (2013) highlighted that unstructured interviews may be subject

to limited validity due to randomness. Dana et al. explained that without at least some

interview structure, there is no capacity to compare responses. Combining both of

these issues, Fontana and Frey (2000) summarised the advantages of structured

interviews as including consistency and reliability with the primary disadvantage

being the inability to follow emergent new lines of inquiry (less chance of probing).

Unstructured interviews, therefore, advanced the flow of the process in a manner

similar to a conversation, facilitating generation of rich data but carry the risk of

acquisition of unusable data due to superfluous information. Therefore, the semi-

structured interview method combined both the strengths from other methodological

approaches while minimising the weaknesses.

As explained above, the advantages of semi-structured interviews included

versatility and flexibility (Kallio et al., 2016). Semi-structured interviews were also

useful in establishing reciprocity (or mutual exchange) between the researcher

(interviewer) and participants as the interviewer is able to improvise follow-up

questions based on the participants’ responses (p. 2955).


The next section outlines design integrity for this research aimed at ensuring

trustworthiness.

4.4 Trustworthiness of the Research Design

In ensuring the credibility, transferability, dependability, and confirmability of

the research, this study follows guidelines established by Shenton (2004).

4.4.1 Credibility.

Credibility as a factor goes to ensuring whether the study measures what is

initially intended, that is, “how congruent are the findings with reality?” (Shenton,

2004, p. 64). Credibility is achieved, according to Shenton, through seven

mechanisms. These include (pp. 64-69):

(a) adopting a well-established research method;

(b) being familiar with the culture of the participants’ organisations prior to data

collection;

(c) doing random sampling of participants;

(d) giving participants the opportunity to refuse their participation to ensure their

honesty;

(e) using iterative questioning to probe for further explanations;

(f) working with thick descriptions (that is paying attention to contextual detail

in observing and interpreting social meaning) of the matter being investigated;

and

(g) examining prior research.

Point A is achieved by adopting a qualitative interview method that has been

shown to be useful in research related to economic crimes (Campbell & Göritz, 2014;


Van Akkeren & Buckby, 2017); point B, the culture of participants, by “consulting to

appropriate documents” (i.e., academic and industry publications) prior to interviews

to become more familiar with participants’ responsibilities (Shenton, 2004, p. 65);

point C, random sampling, through identification of this study’s participants (forensic

accountants and industry professional) which was narrowed to twelve with data

saturation used as the collection cut-off determinant (see section 4.2); point D through

the ethics approved protocol of enabling participants to refuse participation before,

during and up to four weeks after completion of the interview; point E through the use

of iterative questioning to probe for deeper explanation; point F, thick description is

addressed and discharged in the analysis and discussion section of chapter 6; and,

finally, point G, the examination of previous research findings is outlined in chapters

2 and 3 and findings from this study will be compared with the extant literature.

4.4.2 Transferability.

Shenton (2004) explained transferability as the extent a study can be applied to

other circumstances (p. 69). The requirements of achieving transferability include (p.

70):

(a) giving a full description of the number of participants;

(b) describing any restriction in the type of participants included in the study;

(c) explaining how the data collection will be employed;

(d) identifying the number and length of the data collection sessions; and

(e) recording the time period for data collection.

As explained in Section 4.2, the number of participants was expected to be

approximately twelve or the relevant point at which data saturation occurred. The type

of participants (i.e., forensic accountants and industry professionals) was restricted by


their expertise and experience in investigating incidents of FC and the insights this

background provided into the role corporate culture played in contributing to these

incidents (Dominic, 2018; Interligi, 2010; Jenkinson, 1996; Young, 2014). The method

of data collection, point C, was semi-structured interview because it is the most

commonly used data collection method for an interview (DiCicco‐ Bloom & Crabtree,

2006), and its ability to probe for further question and getting rich data (Schultze &

Avital, 2011). As per point D, the survey size is outlined and the length of each

interview was 30-45 minutes with the outline of interview procedures and the time

period for this activity (point E) described further in section 4.5: Procedures and

Timeline. In line with data collection protocols, the processes around consent from

interviewees and their organisations along with the requisite documents (i.e., letter of

invitation and participant consent form), timelines, transcripts and other information

gathered will be stored and retained in accordance with QUT Ethics Committee

requirements and archival best practice.

4.4.3 Dependability.

Dependability in qualitative research is similar to reliability in a quantitative

study, that is, similar results should be obtained if, assuming all things being constant

with prior research (participants and context), the same methods were applied

(Shenton, 2004, p. 71). Shenton listed three ways of attaining dependability (pp. 71-

72):

(a) explaining the step-by-step of the research design;

(b) describing the stage of data gathering; and

(c) giving reflective appraisal post-data collection.


The research design, point A, is a qualitative method, utilising semi-structured

interviews with forensic accountants and industry professionals as the source of data.

The description of the procedures of data gathering (point B) included ethical

application, consent procurement and documentation around timelines for completion

(see section 4.5). Results from the interview were analysed using a content analysis

method, which included three-step procedures: open, axial and selective coding. It is

further described in section 4.6. Reflective appraisal of the method includes

explanation of varying results derived from interviews (Chapter 5: Results),

comparisons with literature review findings (Chapter 6: Discussion) and

limitation/future research directions in the concluding chapter (Chapter 7:

Conclusion).

4.4.4 Confirmability.

Confirmability, like objectivity in a quantitative study, means to ensure that the

result of the research is not unduly influenced by the subjectivity of the researcher

(Shenton, 2004). Shenton further explained that confirmability can be realised by (p.

72):

(a) acknowledging researcher’s subjectivity; and

(b) describing the audit trail of the research, including its results.

In acknowledging subjectivity (point A), beliefs regarding decisions made and

methods adapted are said to be explained. The researcher believes that forensic

accountants and industry professionals are suitable sources in exploring the

relationship between corporate culture and incidents of FC based on the

aforementioned literature (Dominic, 2018; Imoniana et al., 2013; Interligi, 2010;

Jenkinson, 1996; Young, 2014).


An audit trail (point B), that is, the step-by-step procedures regarding this

research is explained throughout this thesis, from the method adaption (Chapter 4:

Methodology), results of the interview (Chapter 5: Results) and the analysis of those

results (Chapter 6: Discussion). Audit trail also includes the method to store the

interview data. During the transcription of the interview data, data were de-identified

in order to safeguard the participants’ anonymity and confidentiality. For instance,

participants’ names and positions were coded and stated without the name of their

organisations. Hard copies will be kept securely for 15 years, as per the Queensland

State Archives Schedule, in a locked filing cabinet inside the principal supervisor’s

room at the university. Soft copies are kept electronically on the password-protected

QUT mainframe drive.

The next section outlines the procedures taken in gathering the interview data

from participants. In addition, the timeline for data collection is provided, as well as

the write-up for the remainder of the chapters.

4.5 Procedures and Timeline

4.5.1 Procedures.

There were a number of procedures that were taken to ensure the trustworthiness

of this study. First, ethical approval was sought from the university (QUT). Once

approved, the method for contacting participants was derived from QUT guidelines

with standard introductory letters and permission forms. Institutions were contacted

via email and/or phone call. Several documents were attached in the email: a

participant consent form, an information sheet, two letters of invitations (for the

institutions and the participants), an introduction letter, and a permission advice. For

analysing the data, there was also a transcriber confidentiality agreement for an

external transcriber to ensure the participant data remained confidential. Once


participants and their institutions agreed to be interviewed, they were contacted for

further details of the activity and given a chance to ask further questions. The

permission from the head of each firm was included in the interview consent

documents sent out by email to individual participants who had agreed to participate

in this study. Finally, several dates were set for the interview process.

This study has received ethical approval from QUT Ethics Committee.

According to the Committee, it is mandatory to give the participants continuous

consent. Therefore, participants may withdraw their participation before, during and

after four weeks of the initial interview. Should they choose to withdraw from the

interview, the data will be destroyed, provided that it is still within the four-week

period. This option for participants does not have any implication toward the

participants’ relationship with QUT, the researcher or supervisors. Participants were

informed via verbal communication and consent form that the interview and any

reports produced from the interview would remain anonymous and stored

electronically in a password-protected folder.

The interview questions included the four attributes of corporate culture

discussed in Chapter 3 and their relationship (potential and existing) with incidents of

FC. At the beginning of each interview, permission to record was obtained from all

interviewees both verbally and in written form. Again, participants’ anonymity was

assured.

4.5.2 Timeline.

The timeline for the procedures in this study are listed in Table 4.1.


Table 4.1

Timeline for procedures

Steps Procedures Timeline

1 Thesis write-up: Chapter 1 – Chapter 4 Completed November 2017

2

Ethical approval and interview

questions (draft)

Completed September 2017

(together with Thesis write-up)

3

Acquiring participants’ contacts and

contacting them

March 2018

4 Interview and transcribing April - June 2018

5

Chapter 5 (Results) and Chapter 6

(Discussion) write-up

April - June 2018

6

Ongoing consultation and Chapter 7:

Conclusion write-up

Finished by August 2018

The next section (4.6) discusses the steps taken in analysing the data extracted

from participants.

4.6 Analysis

The data from participants’ interviews were analysed using a detailed, three-step

content analysis procedure (Berg & Lune, 2012; Goodstein et al., 2016; Van Akkeren

& Buckby, 2017): open, axial and selective coding. The first stage involved the

researcher coding interview data based on the four research questions using NVivo 11

software. The software allowed for the coding of major themes emerging from the

data. The coding stage is referred to as the three-step coding (Glaser & Strauss, 1967;


Strauss & Corbin, 1998). As explained by Goodstein et al. (2016), the first step is

identifying the code and may include “a single word, a phrase, a sentence, an entire

paragraph, or even parts of separate sentences or paragraphs” (p. 22). This is referred

to as ‘thought units’ or ‘lower-level nodes’.

The second stage comprised categorisation of the interview data from the first

stage into themes by identifying emerging patterns from the data. Data from the first

stage was grouped under emerging categories (e.g., grouping management-related

concepts into ‘tone from the top’), which were related to the research questions of this

study (Miles & Huberman, 1994). This stage was iterative and intersubjective where

the researcher compared similarities and differences between ‘thought units’ while

organising the emergent categories. By the end of this stage, differences across

categories were maximised while differences within categories were minimised. In

ensuring the consistency of this stage, the researcher conducted frequent ‘reality

checks’, including rereading the original interview transcripts and revisiting and

revising themes as necessary (Goodstein et al., 2016, p. 22). Any irrelevant ‘thought

units’, which were not necessarily related to corporate culture, its attributes and

incidents of FC, were removed. To increase the reliability of this stage, the researcher

asked for the supervisors’ opinions to ensure interview bias was minimised and

interpretation of data was in line with the research objectives for this study. This step

was undertaken because the supervisors do not know the interview results, therefore,

reducing the threat of familiarity with the data.

The final stage involved grouping the categories of data into different themes,

which is also called ‘top-level domain nodes’. Similar to the second stage, this stage

was also iterative and intersubjective. Further, this stage included comparing the

emerging pattern with the provided ‘STER’ framework from Chapter 3 to determine


whether or not the data supported the concepts. It is possible for additional cultural

attributes to appear from the rich interview data and this was the case in this study.

Therefore, additional attributes were used in refining the ‘STER’ model. The purpose

of this final step was to group different categories into much broader themes, which

then were analysed and compared to prior literature and the conceptual model. ‘Reality

checks’ were also completed to ensure that the data were consistent. This three-stage

analysis was completed once data saturation was achieved.

The following section outlines the ethical considerations of this research and

potential risks and threats to the results.

4.7 Ethics and Potential Risks

This study is classified as potential low-risk research, and any potential risks

were highlighted by the researcher when submitting ethical approval to the university’s

Ethics Committee. The approval number provided by the committee is 1700000819.

Potential ethical risks for the interview process are identified by Barriball and While

(1994) and Fontana and Frey (2000), and include informed consent, right to privacy

and protection from harm. In addition, the following were identified:

(1) Minor discomfort during the interview;

(2) Inconvenience due to the needs to give their time in participating in the

interview;

(3) Inconvenience due to the feeling of being coerced into participating in the

interview;

(4) Inconvenience due to the probability of their identity being known to

public; and

(5) Probability of participants refusing the interview being recorded.


The researcher and the supervisors identified several ways in mitigating these

potential risks. For instance, ongoing consent was given to participants providing

reassurance knowing they can withdraw their participation for up to four weeks after

the initial interview. An agreement between the researcher and the participants was

achieved before the interview, reducing the chance of the participants being

uncomfortable in sparing their time for the interview. Participants were also given the

opportunity to opt-out from the audio recording, meaning the researcher would have

to rely only on note-taking during the interview, and recollection of events after the

interview. Finally, participants were reassured that their anonymity would be

guaranteed by safeguarding their data. Hard copies will be kept securely for 15 years,

as per the Queensland State Archives Schedule, in a locked filing cabinet inside the

principal supervisor’s room at the university. Soft copies are kept electronically on the

password-protected QUT mainframe drive. Although this study collected and stored

data that may be individually identifiable, the report produced is in a form to ensure

participants are not re-identifiable. To achieve this, identifiers were removed and

replaced by codes that do not directly link the data to participants.

In the context of the interview itself, Myers and Newman (2007) listed several

problems and pitfalls that may hinder or even stop the interview process (pp. 4-5). The

ones that are relevant to this study are listed below together with potential mitigating

acts:

Artificiality of the interview – interrogating a complete stranger. Solution –

build rapport with the participants right from the start of the interview

Lack of trust – the possibility of participants choosing not to disclose certain

information. Solution – the participants may trust the interviewer better if


the interviewer is familiar with their occupations plus reassurances on

anonymity to improve trust

Lack of time – data are incomplete, due to the lack of time or collected data

are unreliable, due to participants forming their opinions under time

pressure. Solution – have an agreed upon length prior to the interview, for

example, 30-45 minutes and allow participants to tell their story

Ambiguity of language (Fontana & Frey, 2000) – the process of extracting

information out of interviewees is not straightforward. Further, English is

not the researcher/interviewer’s first language, therefore, this method may

be daunting. Solution – wording the questions carefully and repeating the

interviewee’s answers if unsure of their responses. Audio recording and

transcription of the interviews also assisted with this.

In transcribing the data using content analysis, there is always the possibility of

researcher’s bias (Goodstein et al., 2016). This condition was minimised by consulting

academic supervisors as they are viewing the data from different perspectives from

that of the researcher’s.

4.8 Summary

In explaining the relationship between the attributes of corporate culture with

incidents of FC, this research utilises a qualitative method by conducting semi-

structured interviews with forensic accountants and industry professionals. These

participants were purposively chosen due to their expertise and the researcher’s belief

that they have the knowledge on the relationship between corporate culture and FC

incidents. For this research to be trustworthy, its credibility, transferability,

dependability and confirmability were tested using specific guidelines (Shenton,


2004). After completing the initial interviews, content analysis (with NVivo 11) was

used in analysing the data. Further details regarding analysis are provided in Chapter

6: Discussion. This research has been approved by the QUT Ethical Committee with

ethics approval number 1700000819. Potential risks of this research are highlighted

together with potential ethical problems. The next chapter, Chapter 5: Results,

provides the findings from the data derived from interviews based on the perceptions

of participants.

Chapter 5: Results 81

Chapter 5: Results

This chapter presents findings from the semi-structured interviews. Findings are

presented in a sequential order to address each of the research questions identified in

Chapter 3: Conceptual Framework. The first section highlights the background

information of the participants which includes their role, firm size, education,

experience and main task in the workforce. Following this, evidence from the

interviews is presented beginning with shared values, tone from the top, ethics and risk

culture. A summary table of the findings is presented, which concludes the chapter.

5.1 Background Information

This section highlights the demographics of participants. The study sourced

forensic accounting experts with field experience and industry professionals with first-

hand knowledge. The sample chosen includes managers, partners and directors across

a range of firm sizes. A total of eight interviews were conducted through two mediums:

face-to-face (4) and telephone interview (4). To ensure a broad representation for the

collection of data, the participants’ roles vary from individual consultants to partners

of ‘Big Four’ accounting firms. Furthermore, although most participants are from

Queensland firms, many had worked interstate previously, and one participant was

based in Victoria. Finally, the length of participants’ experience ranges from six to 32

years, therefore providing different perceptions from those who are relatively new to

the field through to those with long standing experienced. Table 5.1 summarises the

geographical location of the informants, their role and the size of the firm.

82 Chapter 5: Results

Table 5.1

Demographic information of participants including the geographic location, their role, and the size of the firm

Participants ID Location Role Firm size Highest Education Experience Main Focus

Participant A Queensland Independent

Consultant Small Master’s degree 27 years

Fraud

Investigation

Participant B Queensland Director Medium CA 32 years Commercial

Litigation

Participant C Queensland Senior Manager Medium CA 7 years

Forensic

Investigation and

Dispute

Participant D Queensland Manager Medium Bachelor’s degree 6 years Forensic

Investigation

Participant E Victoria Senior Consultant Medium Master’s degree 30 years

Forensic

Investigation

[Corporate

Misconduct]

Participant F Queensland Partner Large MBA 19 years

Forensic

Investigation

[Corporate

Misconduct]

Participant G Queensland Partner Medium Bachelor’s degree 23 years Cyber

Investigation

Participant H Queensland Manager N/A Bachelor’s degree 10 years Compliance and

Risk

Note. CA = Chartered Accountants; MBA = Master of Business Administration


Participants are labelled alphabetically (e.g., Participant A, B, C etc) to ensure

anonymity. Interviews with participants covered several key issues of the interface

between corporate culture and incidents of FC including:

the role of shared values

tone from the top

role of an organisation’s ethics and risk culture as an influential driver

for whether employees commit fraudulent and corrupt acts

5.2 Evidence from Corporate Culture Attributes

This section presents views from participants based on the study’s conceptual

framework to answer the four research questions. It provides discussion of

participants’ opinions as to whether shared values, tone from the top, ethics and risk

culture contribute to incidents of fraud and corruption in Australia. The section also

identifies new concepts that have emerged from the interviews, which are discussed

further in Chapter 6: Discussion.

5.2.1 Shared values.

Research question one (RQ1) seeks evidence to examine the question:

“How do shared values contribute to incidents of fraud and corruption (FC)?”

Participants were asked whether, in cases they have investigated, shared values play

any role towards FC. Participants identified that shared values contributed to FC

incidents in three ways:

1) employees’ lack of self-validation,

2) employers shaping malleable culture, and

3) peer pressure from colleagues.


5.2.1.1 Employees’ lack of self-validation.

Self-validation refers to employees independently validating whether

instructions accord with formal institutional rules, regulations, procedures and

requirements or merely assume they are doing their job because everyone else is doing

the same activity. Participants gave examples on how employees frequently err in this

respect, falling into the latter category of accepting directions and performing duties

in compliance with surrounding practices, that is, they merely ‘did as they were told’

as the following examples demonstrate:

…I'm doing some work with one large company at the moment. It's very much

a new employee arrives and - so I'm sitting down with them and saying, well

why are you doing it this way? Because someone showed me how to do it. But

they don't question it. They don't ever pull out the policies or the procedures.

Then it just becomes this gap between what they're supposed to be doing and

what they're actually doing. So if they even think that something mightn't be

right and think something doesn't look right, they don't know how to

investigate it anyway, they don't know how to troubleshoot it because they

haven't been taught… (Participant A)

…they might be an accounts administrator or an accounts officer - someone

that's just responsible for the processing of a payment, not so much the

approval - they've identified something that has been suspicious to them but

they believe is normal practice within the organization…They get into that

sort of general pattern where this is okay. (Participant D)

Participants suggested that employees did not realise they were acting

unethically due to their beliefs that it is a normal practice within the organisation.

These examples also overlapped with comments around the importance of ethical


education for employees including not acting as they were programmed to do so (see

subsection 5.2.3.3).

5.2.1.2 Employers shaping malleable culture.

‘Malleable culture’ in the context of this study refers to a corporate culture that

is easily influenced by employers and precipitating negative results. Participants gave

several examples regarding the employers’ role in shaping/influencing culture, mostly

using the means of incentivisation:

This has come out in the Royal Commission, I’ve been following it fairly

closely… So [the Banks] are strongly incentivised to go and sell business in a

very competitive environment and as I say sometimes people can operate up

to the boundary but then if you're continuously operating at the boundary then

inevitably you will cross the boundary for example, in your working career.

(Participant E)

Culturally I've seen it's acceptable for those teams to be wined, dined, maybe

receiving gifts and they far exceed what's considered generally appropriate. It

just becomes it's okay and we've had discussions with clients saying, well this

is a serious issue and they say well no, that's just the way a tender works. As

an extreme, I've seen an instance where a successful bidder, after winning a

tender, took the pitch team out to celebrate, which involved a trip away for a

weekend. I think okay, that seemed quite over the top and they said no, it was

a large contract. It was a lot of work and it was everyone - the person running

that particular team wasn't able to attend the trip and received a boat. They

said it was a similar value. I'm going, well that doesn't make it right.

(Participant G)


The incentivisation culture described above suggest that daily socialisation,

specifically using the means of incentives, is an effective way for management to

create their ideal organisation. This culture was acceptable due to everyone’s daily

exposure to such culture.

5.2.1.3 Peer pressure from colleagues.

Participants identified fraudulent and/or corrupt culture becoming the norm due

to peer/colleague pressure. Peer pressure, equivalent to group norms, have a stronger

influence in shaping corporate culture as opposed to internal norms, that is, when faced

with peer pressure, people have two choices: to give in or to be shunned by others

because they do not fit in. Several participants provided insights into situations they

had encountered where the need to conform with the organisation’s practices in order

to be accepted by their peers became problematic. The quotes below provide two

examples:

… people will conform to a standard which is the overriding standard within

any organisation. So if someone comes to an organisation that has a really

high standard of ethical behaviour and conduct, then they will lift themselves

to that level because they need to conform. It's part of human nature and they'll

feel out of place if they don't. If they go into an organisation that turns up to

work at nine o'clock, and 10 o'clock goes and has a game of cards, and

lunchtime goes to the pub every day and comes back, and if someone who's

not used to that turns up in that environment they will lower their standards

because they will be part of this conformity. (Participant B)

So if you're working in a workplace where everybody does the wrong thing

and they basically ignore the code of conduct then that's what you'll do.

Because you want to be accepted by the group, and the way to be accepted by


the group is to behave like the group and to adopt the shared values of the

group. (Participant E)

Participants suggested that shared social norm is enforced by the people within

the firm and employees who behaved unnaturally (in comparison to the social standard

within the firm) are likely to be shunned by their cohorts. This condition emphasises

the need for having a positive culture in a firm in order for people to reject bad apples

in the firm and not vice versa. The following highlights participants’ views on sub-

cultures and how they impact on acts of fraud and corruption and is a new finding for

this study.

5.2.1.4 Corrupted values within a sub-group.

Three participants observed that corrupted values can be limited to a sub-group

within an organisation. They suggested that risky behaviours or practices may occur

only within a specific group and not spread to the rest of the organisation as occurred

with HIH Insurance, Enron and other high-profile cases. The following provide some

excerpts of participant views:

It just seemed that there was a culture, a boys' club if you want to call it, within

that entity, that then ended up - it was just so toxic that they were all I suppose

fuelling each other and doing the same things. If he's doing it, I'm doing it,

that type of thing. (Participant C)

I would say a company as a whole. If they're that big you wouldn't have the

company as a whole having a bad culture. I think it would be either units

within that culture - selected teams who have bad culture - and it's gone

throughout the whole team - this is what they believe is correct and this is how

we'll do things. (Participant D)


I think - the vast majority of the cases I've looked at, the - if there has been a

person or a group of people whose values haven't aligned with the stated

position of the corporation. You've usually got a manager or a group of

managers or a team somewhere whose values diverge from the corporate

values. That's by far the more common case. I do think it's pretty rare that that

- the organisation in entirety has unethical values. (Participant F)

Participants suggested that groups of employees with poor culture could be hidden and

commit fraudulent acts without others in the organisation knowing. As ‘corrupted sub-

group’ does not fit into the original ‘STER’ model, it will be considered “new” for the

purpose of this research and it will be examined further in the following chapter.

5.2.1.5 Promoting good shared values.

Participants also suggested the notion of promoting a strong culture of shared

values within a firm as one measure to minimise incidents of FC confirming the

importance of positive shared values. Below are example quotes from participants:

Then hiring appropriate and promoting appropriate employees is important

within a culture. If you have someone that's really good and honest as part of

your culture and is a leader in your place. You promote the appropriate ones

and you don't promote and reward people who don't fit that culture. So it's

important to understand that is important. (Participant B)

What we're talking about is some companies have had a $500 - we've seen in

years gone by that had a - you know, that they won't bother investigating

anything that's a complaint about $500 or less. You have to have that zero

tolerance that no one can get away with anything in regards to fraudulent or

corrupt conduct and I think if that's enforced the you know okay, I can't even

try for this $200 thing or $100 thing. (Participant D)


Summary of Shared Values

Regarding the first RQ ‘How do shared values influence FC conduct’, most

participants opined that incidents occurred because employees mimic others in their

daily activities. The action they copy from their colleagues might be considered

‘minor’: such as taking $20 without reporting it, or using company’s credit card to pay

for things that are not related to the business; or much of a bigger scale: such as bribery

to achieve a firm’s targeted result (Participant B, C, D and E). To add, it was suggested

that perpetrators may undertake these actions because they just did what they were told

without evaluating the consequences or they wanted to be accepted by their peers to

avoid other people distancing themselves because the perpetrators were not “one of

us”. Although they may seem reluctant at first, with time and daily exposure to such

acts, they would adjust their standards to that of the culture of the firm.

Participants were also asked how to promote good values within a company and

recommended that management have strong anti-fraud policies and behaviours, and

that these, combined with consistent reminders, such as ethical training (discussed in

subsection 5.2.3.3) or zero tolerance policies, would improve shared values within a

firm.

The next subsection discusses the second element of the STER model, that is,

tone from the top.

5.2.2 Tone from the top.

Research Question two (RQ2) focusses on tone from the top and asks:

“How does tone from the top contribute to incidents of fraud and corruption (FC)?”

Participants were asked questions related to management and leadership and the role


each played in cases they have investigated and how leadership contributed to FC.

Findings were that management contributed to FC by:

1) ignoring the rules and

2) authorising FC misconduct.

Each is addressed below.

5.2.2.1 Ignoring the rules.

Participants suggested that FC incidents occurred because people failed to

adhere to rules and regulations. Participants’ offered examples:

I've seen businesses where there's definitely - the owner's gone, well the rules

don't apply to me, and the tone from the top and the culture's just not been

good within the organisation. Because if the owner doesn't - if it's not good

enough for the owner, then why carry - why should the employees follow the

rules? So I've seen that in some instances and they've been ones that we've

had to go and do investigations for. (Participant A)

An organisation that has a very high turnover in a particular industry.

Everything was pretty relaxed. The business was owned by a number of

people in the family and they pretty well did what they liked. Someone wanted

to go out and spend $5000 on something they would. Someone wanted to take

some cash out of the bank and they'd cash a cheque. The brothers would run

around doing whatever they wanted to. So that developed this relaxed culture

in the organisation where there wasn't any controls, there wasn't any

purchasing protocol, there wasn't any budget process. So everyone else in the

organisation decided, well, this is all - if they can do it this is going to be easy.

So pretty well they were - it was a free-for-all. I mean they lost over $10

million over… (Participant B)


By doing what they please, management perpetrators set the example or tone for

other employees, that is, that it is acceptable to undertake such acts because their

supervisor is doing the same thing.

5.2.2.2 Authorisation of misconduct.

The culture of accepting gifts highlighted earlier in the ‘shared values’ section

evidenced that management do not have to model best practice behaviour themselves

for employees to follow. Rather, participants suggested that incentivisation may arise

through the use of inappropriate or misplaced ‘reward’ systems. Examples provided

included rewards such as holidays, parties and gifts – in lieu of praise and annual

appraisal adjustments – for employees upon completion of major projects.

Despite, for example, Participant G’s explanation about accepting gifts being

inappropriate (see section 5.2.1.2), employees that this participant had interviewed

during forensic investigations accepted and enjoyed the gifts as they regarded them as

a reward for their work. This situation empowers employees’ beliefs that what they do

is right because they are constantly praised and rewarded.

Another reason provided by participants on why tone from the top is imperative

for an organisation’s culture was due to employees assuming that management conduct

is standard and, consequently, try to follow their conduct.

Participant E provided the following example:

Because people look up to those above them on the organisational chart and

they are motivated to…servicing that person's needs as conveyed to them by

that person on behalf of the organisation. Most people are motivated towards

being seen as complying with instructions, working towards achieving the

organisation's goals as conveyed to them by their management team. So they


look up to those people and to a degree they would adopt their behaviours.

(Participant E)

Participant E’s response demonstrates the importance of having the right person

in a management role and that employees try to please management by following their

instructions.

Another reason why leadership is important is because employees look up to

management and therefore assume what management does is within the acceptable

boundaries. When asked the reason why employees did not realise they are conducting

fraudulent or corrupt activities, one participant commented:

[Junior staff] don't want to be coming across as one of these people that are

opposing a view or trying to highlight something that might be inappropriate,

given that they might think what might happen to me if I do this? I'm just

going to just do my job, get done what I'm paid for and just go home at the

end of the day. Others are…naïve to the fact of what's going on and it's not

until that stage where you outline what the actual policies and procedures

say…that's when it clicks that something was wrong. (Participant D)

Participants suggested that employees learn what they are taught and then

emulate these procedures. Therefore, the quote suggests that employees are either

ignorant or naïve to the fact that they were acting unethically.

5.2.2.3 Improving tone.

Due to the importance of this issue, participants were also asked on how to

improve tone from the top in curbing further misconduct. Below are examples

provided by participants:

Zero tolerance. From what I've seen, it's the companies that actually if they

have a fraud or corruption issue, turn around, investigate it fully, pass it to the


police and are open and honest about what happened and why it happened and

who's involved, that type of thing. Then that sends a message down the line to

say, well this isn't acceptable behaviour. (Participant C)

Having a chief risk officer or somebody in that risk role endorsing and then a

CEO actually coming out and saying, this is really important to us. This is

something that we're focusing on, this is part of our culture. (Participant G)

I think if you brought an external specialist in and put them in front of a board

and said this is why you need a fraud and corruption program. It will put you

in jail. It would change the thinking around fraud and corruption programs.

But I don't think it happens at that level. I would call it a risk to role approach.

Those high-risk roles like your board of directors, need to know a lot more

about fraud and corruption than say your payroll officers. So take a risk to role

approach. (Participant H)

Analysis of participants views identified five major points on how tone from the

top can be improved: (1) having a zero-tolerance policy in the firm, (2) be firm with

every employee even if they are considered indispensable to the company, (3) educate

employees from top to bottom on FC, (4) the importance of dialogue between the C-

suites and employees in the firm and (5) taking a risk-to-role approach.

Summary of Tone from the Top

To summarise, findings suggest that tone from the top contributes or enables

incidents of FC by demonstrating to employees the poor face of management (i.e.,

ignoring rules). Participants argued that management may also influence employees’

conduct by authorising such conduct using means such as punishments and rewards.

Participant also emphasised that management sets an example and because employees


try to please them, committed acts that they may not otherwise have been inclined to

do.

There are four important points on how to improve tone from the top provided

by participants: the importance of zero tolerance; the need to act on the professional

assessment completed by external parties; the importance of having dialogues between

C-suite executives and everyone else in the firm; and the implementation of risk-to-

role approach. Participant G suggested that C-suites’ endorsements carry more weight

to the message and signal to everyone in the firm that starting from the top, everyone

needs to take fraud and corruption seriously. Of equal importance, Participant H’s

recommendation on taking a risk-to-role approach suggested that risk awareness starts

from top management. Similar to ‘corrupted sub-group’ in section 5.2.1.4, risk-to-role

approach is considered as a “new” finding for the purpose of this research and will be

discussed in the next chapter.

The next subsection examines the third attribute of the STER model, that is,

ethics.

5.2.3 Ethics.

The third RQ (RQ3) asked “How does ethics contribute to incidents of fraud and

corruption (FC)?”

In terms of ethics, participants were asked questions related to the role of ethic’s

in either preventing or enabling FC incidents to occur. Questions covered three main

topics: ethical rules, ethical climate and ethical education.

5.2.3.1 Ethical rules.

Most participants agreed that having clear and concise rules are needed to

minimise FC incidents. Examples of participants’ responses regarding the importance

of having clear ethical rules and regulations are listed below:


If you define what - you know, have statements and try to define what is

ethical behaviour for an organisation that relates to that organisation, so I

guess you need to think about what it is you do and sell or what it is - and then

make - so people understand what's right and wrong. (Participant G)

I think it really goes back to the behaviours that are allowed to manifest. So

people in my experience test what they can get away with. If they find that

they can get away with they will continue. Usually the incidents of those type

of behaviours get more and more severe as they go along. So it's more that

they're not pulled into line, they're not reprimanded about non-compliant

behaviour. (Participant H)

Participants suggested that having clear rules and regulations is an effective

measure for curbing incidents of FC. Many added the importance of having clear and

proper ethical guidelines within a firm to remove ambiguity, as well as to prevent

people from circumventing the rules.

5.2.3.2 Ethical climate or ‘what is normal’.

A number of participants commented on how, despite having regulations,

employees were still engaged in misconduct due to their actions being considered

normal practice within the firm:

What's happened in the case of the Royal Commission is brokers will get

someone who comes in who's a bit on the edge of somebody who's suitable to

get loan funding, they'll find a way or means to get that loan application over

the line. Now if that means fudging documentation or turning a blind eye to

factors that would mean that this person shouldn't get financed then they'll do

it. That's the sort of culture that I'm talking about… (Participant E)


We've seen some examples where it's just always been allowed to happen..

…because it's been done once - it starts to grow and what maybe wasn't okay

last year is now okay because the amounts increase or the number of people

doing something gets - we do see that it's very hard to unwind that type of

culture.

…It's probably illegal, it's in breach of all these policies, it's not okay. So that

change becomes really difficult. We find that it's also very difficult to get buy-

in from senior people because if they were also doing this, they're accepting

that they've been doing something wrong as well? (Participant G)

These normal practices identified by participants are what is referred to in

Chapter 2 as ‘ethical climate’. Participants opined that sometimes misconduct is

allowed to happen due to people assuming the conduct as acceptable. This is because

the rules may not be clear, or because it is a normal practice in the firm despite the

rules. Once everyone accepts the new normal, they will live in the new perceived

normative environment or the new ethical climate. As explained by Participant G, once

the ethical climate is changed, it can be quite difficult to change it back to how it is

supposed to be.

5.2.3.3 Ethical education and policies enforcement.

Most participants acknowledged the importance of ethical education and for the

constant reminder/enforcement of ethical education and rules within a firm as a

preventive FC measure. In terms of ethical education, participants strongly agreed that

employees need to be trained ethically:

I think the problem is when policies aren't properly - or employees don't

understand policies. So it's the whole you stick policies on the shelf and people

don't read them. The number of times I've done fraud investigations, in


interviewing the person you think's done it and they go, I didn't know I couldn't

do that. Oh it's amazing. (Participant A)

I think that's - it's a two-pronged approach. You definitely need policies and

procedures, but you need people to know about them and need them trained

up on them, need them to understand what happens if they come across a

potential fraud or a corruption problem or incident and know what their

responsibilities are. (Participant C)

It's more than a policy. It's an actual - it's got to be understood. There is various

ways to educate people. But they do need to understand that they need to be

given the opportunity to query on it, work through scenarios, dilemmas and

see how it works. (Participant F)

Together with ethical education, participants also recommended employees

consistently follow the rules or that they should be regularly enforced:

There's a practice, if you have an expense this is how we reimburse you. You

can't just go and take cash out of a tin or out of the till and go and reimburse

yourself, there is a process. So conformity with processes, again, [instils it].

The last thing we have is proper discipline when the code of culture of honesty

is broken. So dealing with people appropriately who step out of line with

respect to that culture. From taking the ream of photocopy paper home, to

filling up your car, your wife's car with your work fuel card, dealing with those

appropriately is important as well. (Participant B)

…actually enforcing the policy I think is even more important than just

training or having the policy… So you need to make your staff aware of what's

there and how we do things in this organisation.


But unless you enforce it, employees could just go off and do whatever they

want. It's that standard thing where people will say oh, I haven't read the code

of conduct. …unless you're actively enforcing it and having the proper

controls in place… (Participant D)

It needs to be - they need to demonstrate those values as well in their actions

and behaviours. But no, I think it's critically important to set the standard or

the benchmark, so that people know what's expected of them in that

organisation. (Participant F)

Although ethical education is in the original ‘STER’ model, ethical

reinforcement that participants recommended is not. Therefore, the combination of

ethical education and ethical reinforcement will be treated as a “new” finding for the

purpose of this research under the name ‘two-pronged approach’. This finding will be

further discussed in the next chapter.

Summary of Ethics

In summary, based on the findings from participants, ethics may contribute to

incidents of FC by firms not having clear sets of rules and regulations, negative ethical

climate (corrupt normative environment) and the lack of education and enforcement

of policies inside a firm.

To improve the overall ethics (ethical culture, ethical education and ethical

climate) within a firm, participants’ suggestions are to have clear sets of rules, a robust

ethical education program, constant enforcement of these rules and programs via

leading by example, and finally, empowering employees to speak up when there is

fraudulent or corrupt behaviour occurring within the organisation.

The final subsection analyses the final attributes of STER, that is, risk culture.


5.2.4 Risk culture.

The final RQ (RQ4), in relation to risk culture, is “What are the elements of poor

risk culture that most commonly contribute to incidents of fraud and corruption?”

In seeking out the answer to this question, participants were asked questions

related to a firm’s risk culture, such as the importance of having a risk framework or

risk assessment, the role of regulators and why some firms do not undertake fraud risk

assessment.

5.2.4.1 Risk framework’s role.

To answer the first point, the importance of risk framework inside an

organisation, participants discoursed:

I definitely think that if they've got a risk framework around fraud, then even

if they have fraud it gets picked up faster. So frauds don't cost the organisation

as much because they don't last as long, and employees are more willing to

come forward about it as well. (Participant A)

You might think in your organisation yeah, all my employees are fine. We've

done our background checks. We've done everything right. Everyone is good.

Then it just takes sort of a couple of incidents for some employee and then

they switch like that. So as part of that whole risk culture you need to be

continuously going through these risks and updating it on a regular basis.

(Participant D)

Doing a fraud risk assessment and a fraud control plan is not going to wipe

out the risk, it'll just help you to minimise the risk. So you can't say that this

sort of behaviour won't happen. But if you've got the appropriate treatment

plans in place, it'll be either aimed at preventing the fraud from occurring in


the first place, or secondly if it does occur, you're going to pick it up quickly.

(Participant E)

In addition, some respondents highlighted and commended firms that

proactively completed risk assessments to curb incidents of FC before it happens:

We're actually doing one at the moment and it's a proactive one and they

haven't suffered a loss or a fraud that we know of. They've just come to us and

they want to revamp what they've got in place. [Do it on] a benchmark against

best practice and what they've got in their policies and where their holes are

and doing risk assessments through initially an online survey and then more

direct one-on-one workshops or groups. (Participant C)

A lot of our clients who actually have dedicated risk teams seem to be quite

proactive. So they are employed to identify, manage and mitigate risk. They

will organise fraud risk assessments and different other risk assessments as a

tool to help them do their job. They tend to take that quite seriously and they

use that process to identify gaps as I said and actually make improvements.

(Participant G)

These examples establish that the chances of a firm suffering from FC are

minimised by being proactive, which in turn minimises the cost and reputational

damage related to FC.

5.2.4.2 Reactive risk assessment.

Despite a few positive instances, participants suggested that most firms

undertook risk assessment only after they have experienced incidents of FC, which

means, risk assessment is more reactive rather than proactive:

…at the moment unfortunately still very much until something happens and

the likes of us or someone comes in, do you have this in place, do you have


that in place? Didn't even know that existed or you didn't know, just it was on

a to-do list but we haven't gotten round to it or that type of thing. (Participant

C)

It's reactive, yeah. The same thing is true, and this is an important point, the

fidelity guarantee insurance. So fidelity guarantee insurance is what will

insure an organisation against workplace fraud, and we have a lot of clients

who have got fidelity guarantee insurance but then when you look at the cover

they've got say a $2 million cover, on the basis that they think in their worst

nightmares they might have a $1 million fraud would be absolutely worst case

scenario. Then they have a $20 million fraud and they're short $18 million,

and that has happened. (Participant E)

One hundred per cent reactive. No one has got a mature compliance program.

(Participant H)

These examples provided by participants demonstrate that most firms still do not

take fraud and corruption risk assessment seriously. Participants were also asked about

the reasons why firms are reactive, or why they did not undertake any fraud and

corruption risk assessments. Most participants suggested that firms do not take it

seriously because they do not believe that incidents of FC would happen to them,

because risk assessment is an unnecessary cost, or because they do not want to accuse

any of their employees. Examples from participants are provided below:

…fraud…it's a different type of risk, but it should be considered a risk just

like occupational health and safety. So it's another risk and it should be dealt

with in the same process. But people just freak out about fraud risk and they


don't want you going in and talking to their employees because they'll think

we're accusing them of fraud. (Participant A)

Yeah. It's quite - it's more common than you think. Fraud is always considered

as part of a risk register but they seem to put the incidence of fraud as not very

likely to happen or the consequence maybe not as severe as it should be… It

is again one of those things that people think they're immune from it and

they're fine and their business is okay. They don't fully understand maybe

where could be vulnerable in the business. Then once something happens -

again it goes back to this whole thing - things just blow up. (Participant D)

Once driven, that has been the competitive environment that we're now in and

we have been in for many years of course, where for every dollar you spend

on overhead is a dollar off your bottom line. A lot of senior executives in

business, they see things like internal control and risk management and so on

as an overhead for which they're not returning any profit. So the senior

executives are interested in investing in revenue generation but they're not

interested in investing in loss prevention, on the basis that what I would be

preventing may not happen anyway. (Participant E)

5.2.4.3 The role of regulators.

In responding to the answers provided above, a follow-up question was asked on

what the regulators could do to promote the importance of fraud and corruption risk

assessment. Respondents agreed that regulators should do more and put more rules in

place. Examples that advocated more rules are as follows:

I think it should be more prevalent in the regulators' legislations, yeah.

Particularly the reporting of it. (Participant B)


I think if there was a particular legislation that said, you have to have this, you

should have this in place, protect customers, and with the privacy stuff coming

out and notifiable breaches as well, sort of forcing companies that have been

subject to a cyber-attack or losing people's information, that they have to

report it, that type of thing can only help, I think. Just to be more transparent.

I think similarly with fraud and corruption issues that if they don't report, then

there's heavier sanctions and that type of thing. (Participant C)

5.2.4.4 Whistle-blower program.

Participants also strongly advocated for a robust whistle-blower program as a

part of an organisation’s risk culture:

…I think would be having sufficient detection in place - or detection strategies

and mechanisms in place to ensure - and making their employees aware of

these detection strategies so they know there's no sort of area where they can

target if they want to try and find a weakness. Whistle-blower is one detection.

It's one of the key ones - you know, another employee speaking out.

(Participant D)

We run a number of whistle-blower services for a number of clients. What we

see is that as long as the messaging through the organisation is appropriate, it

sort of aligns to a culture of doing the right thing… I think that's a really

important thing to give people that opportunity. (Participant G)

The importance of whistle-blower program is not in the original STER model and

hence, it will be considered as a “new” finding for the purpose of this thesis and it will

be discussed further in Chapter 6: Discussion.


5.2.4.5 How to ameliorate a firm’s risk culture.

Finally, participants were asked about measures to improve an organisation’s

overall risk culture. They proposed that firms realise that incidents of FC can happen

in any organisation and to have appropriate assessments in place. Examples from

participants are presented below:

It comes back to the basics. It's making sure that risk assessments are done.

Risk shouldn’t be, oh now we have to deal with risk; it should just be part of

the everyday work environment. That's a hard process to get to, be it

occupational health and safety or fraud or harassment or whatever component

of risk it is. It takes time to get to that point. But that's a gradual process that

an organisation has to work with, everyone within the organisation, to build

to a point where you don't have to think about it, it's just automatically part of

what you do. (Participant A)

To realise that fraud and corruption can occur and cause significant damage.

(Participant E)

…what's the risk? What's your stated position? What's your values? What's

your risk appetite and your tolerance? …how do you propagate that through

the business? How do you get that message out? Part of their job - whatever

their job is, their day job, there should be an element of it is that you are also

responsible for managing risk. (Participant F)

Summary of Risk Culture

Findings highlight several elements of poor risk culture that contribute to

incidents of FC: (1) lack of proactivity, (2) firms trying to cut their [overhead] costs,

(3) firms not believing that incidents of FC could happen to them, (4) firms not wanting


to offend any of their employees by undertaking preventive actions against economic

crimes, and (5) the lack of whistle-blower program inside an organisation.

Participants also provided their views on how to improve an organisation’s risk

culture, which included: (1) undertaking risk assessments proactively, (2) realising that

Australian firms are vulnerable to economic crimes, (3) enhancing the reporting of

these incidents, (4) embedding risk assessment as part of the firm, until it is natural to

do so, (5) the Government to enact new rules or strengthen their existing regulations,

and (6) implementing a robust whistle-blower program.

Table 5.2 provides a visual summary of the findings for this chapter, outlining

the most prominent contributors for incidents of FC for each of the corporate culture

attributes based on percentages of participants’ responses for each attribute. New

findings are highlighted in asterisks (*).

Table 5.2

Summary of FC contributors for each of corporate culture attributes

Shared Values Tone from the Top Ethics Risk Culture

Employees’ lack

of self-validation

(37.5%)

Ignoring the rules

(100%)

Lack of clarity

on ethical rules

(75%)

Lack of appropriate

risk framework

(100%)

Employers’

shaping malleable

culture (50%)

Authorisation of

misconduct (25%)

Negative

ethical climate

(87.5%)

Reactive risk

assessment (50%)

Peer pressure

from colleagues

(37.5%)

Poor example from

leadership (i.e., tolerance

against problematic

employee and no

dialogue between C-

suites and employees)

(25%)

Poor ethical

education

(75%)

Lack of proactive

role from

regulators (87.5%)

Corrupted values

within sub-

group* (37.5%)

Lack of risk-to-role

approach* (12.5%)

Lack of ethical

enforcement*

(87.5%)

Lack of robust

whistle-blower

protection

program* (100%)


According to participants, the most prominent aspects of corporate culture that

contribute to incidents of FC are leadership ignoring the rules, lack of appropriate risk

framework and lack of robust whistle-blower protection program. These findings will

be discussed further in the following chapter. The next chapter begins with a discussion

of the results from this chapter and compares findings with the extant literature in

Chapters 2 and 3. Following this, an examination of several new concepts that have

emerged from participants and not in the original STER model will be discussed.

Chapter 6: Discussion 107

Chapter 6: Discussion

This chapter compares findings with the extant literature in an attempt to answer

the research questions outlined in Chapter 3: Conceptual Framework. The chapter

begins with a comparison of STER contributors with the extant literature in the

following order: shared values, tone from the top, ethics and risk culture. This is

followed by presenting the revised and refined conceptual STER model based on

findings from the previous chapter.

6.1 Shared Values

The first research question asked: How do shared values contribute to incidents

of fraud and corruption?

Responses provided in relation to shared values regarding employees’ lack of

self-validation support several studies discussed in Chapter 2. For example,

employees’ shared knowledge within the firm gradually develop into shared beliefs

through time (Crémer, 1993; Van den Steen, 2010) and therefore employees do not

question other employees’ actions. This is an example of shared knowledge which

morphs to shared beliefs. Findings in this study concur with Cameron et al. (2009) as

they posited that everyday experiences of corruption can shape employees’ attitudes

towards it. In the case of shared values, even though it could be argued that employees

are not that naïve, they may believe the organisation is corrupt and therefore continue

doing what is expected of them.

The incentivisation culture mentioned by participants aligns with ‘employers

shaping malleable culture’ and concurs with the notion that daily socialisation,

specifically using the mean of incentives, is an effective way for management to create

108 Chapter 6: Discussion

their ideal organisation (DeBacker et al., 2015; Ogbor, 2001). Similarly, it was found

that the culture of receiving gifts was acceptable due to everyone’s daily exposure to

such culture, which concurs with Cameron et al. (2009). The reason why it is difficult

for these types of incidents to come to light may be because most employees enjoy the

benefits. Thus, as long as they are rewarded and incentivised, they are comfortable and

prefer to preserve the situation – a finding that supports Ernst & Young (2016) that

shared culture increases the likelihood of FC incidents not been reported.

Shared values also includes ‘peer pressure’ and findings from this study suggest

that corrupt culture becomes the norm inside a firm due to the influence of peer

pressure. As Liu (2016) posited, group norms have a stronger influence in shaping

corporate culture as opposed to internal norms. Findings from this study support Guiso

et al. (2015) and Liu (2016) that people within an organisation choose between

conformity or alienation with their peers in their workplace.

The final question relating to shared values examined participants’ views on

improving organisational shared values. Participants’ suggestions concur with Ogbor

(2001) who suggested that positive shared values unify people together as setting the

right values helps to shape people’s attitudes towards certain problems, which in the

context of this research is fraud and corruption being unacceptable.

6.1.1 Corrupted sub-group in an organisation.

A new finding that emerged from this study and not previously identified in the

literature was that corrupted values may only be shared within a small group of

employees within a firm, or a different ‘sub-culture’. Therefore, within an

organisation, findings suggest that employees are eventually bound or belong to only

specific group/s to commit FC. This means it is possible for corrupted individuals to


group without influencing the rest of the organisation. Therefore, as corrupted sub-

culture is a new finding for this study, it was added to the STER model.

6.2 Tone from the Top

The second research question asked: How does tone from the top contribute to

incidents of fraud and corruption?

Findings from participants concur strongly with the extant literature, in

particular, that senior management is, and should be, held responsible for most

fraudulent activities (Brennan & McGrath, 2007), and the important role of leadership

in strengthening an unethical culture within a firm (Biggerstaff et al., 2015).

Furthermore, the literature emphasises the critical value of the power that management

holds over their employees (Lail et al., 2015; Ogbor, 2001; Wimbush & Shepard,

1994) and this study confirms these findings. Participants suggested that by breaking

the rules, management sets poor examples for employees which will then continue

cascading to the lowest rank employees. This finding was demonstrated in the Enron

case, where rule-breaking activities were encouraged and lead to a firm’s demise (Sims

& Brinkmann, 2003), and as Liu (2016) suggested, top management needs to

encourage an anti-fraud and anti-corrupt corporate culture. Findings from this study

strongly support this view.

The incentivisation culture is not only part of ‘shared values’ identified in the

previous section, but also relevant to leadership. For example, findings demonstrate

that top management has the ability to choose what they want their employees to learn

by encouraging them to participate in said culture using the means of excessive

rewards after a successful project. This example concurs with Ashforth and Anand

(2003) who suggested that accepting gifts is an ‘authorisation act of corruption’ or

‘manager-forced learning’ (Van den Steen, 2010). Also, the APRA Report (2018)


emphasised that encouragement and rewards by leadership reflect the organisation’s

culture more than a mission statement.

Findings from this study suggest that poor management examples contribute to

FC as top management have the power and ability to control the firm; and that

employees try to please them by mimicking what they do. To improve tone from the

top, participants confirmed Shin (2012) that the significance of the CEO’s role in

establishing and promoting ethical conduct in the organisation is paramount in

minimising occurrences of FC.

Findings from this study on ‘tone from the top’ as a corporate culture attribute

concur with the literature, with the exception of one finding, a risk-to-role approach,

which is explained in the next section.

6.2.1 Risk-to-role approach.

Participants identified a risk-to-role approach to minimising FC as a leadership

initiative. Participants suggested that risk awareness starts at the top of the

organisational hierarchy. The higher the person’s position, the higher the need for that

person to understand risks associated with their organisation (including fraud and

corruption risks). As this approach is a new finding for tone from the top, it was added

to the STER model.

6.3 Ethics

The third research question asked: How do ethics contribute to incidents of fraud

and corruption? There are three components of ‘ethics’ discussed in this section, that

is, ethical rules, ethical climate and ethical education.

Participants’ responses regarding firms having clear ethical rules or policies are

in line with that of Ashforth’s and Anand’s (2003) who posited that having explicit


ethical conduct in a firm is preferred as opposed to implicit and indirect informal

institutionalisation. Furthermore, Treviño et al. (1998) explained that having an ethical

culture, which in this case is represented by having clear rules and a code of conduct,

is equivalent to a normative system within a firm. Therefore, by having an ethical

culture, organisations expect employees to follow the rules. Findings from this study

support this with the majority of participants advocating organisations having clear

definitions and rules on what is considered non-ethical behaviour.

Findings also highlighted the importance of ethical climate where everyone

accepts the new normal (including unethical conduct such as FC) and they will live in

the new perceived normative environment or the new ethical climate. This supports K.

D. Martin and Cullen (2006) that a firm’s work climate can reflect organisational

policies. Findings from this study suggest firms resort to misconduct as part of its

‘policy’ in attaining their goals (Vardi, 2001). In addition, Prabowo and Cooper (2016)

suggested that memories of a firm’s culture are built through past interactions and

activities, and findings from this study concur with this. Furthermore, findings

substantiate APRA (2018, p. 81) that corporate culture is difficult to shift once

established. Participants suggested that past interactions and activities that constantly

break the rules have higher incidents of FC. Therefore, participants suggested firms

should aim to improve their ethical climate in an effort to curb unethical conduct, a

finding that supports Wimbush and Shepard (1994) and Wimbush et al. (1997).

Lastly, findings from this study regarding ethical education are strongly

supported in the literature. For example, participants felt that ethical education: (1) is

important for employees to understand the consequences of their actions; (2) is

required to prevent fraudulent and corrupt acts; and (3) should increase employees’

overall moral competence (Halbouni et al., 2016; D. R. May et al., 2014; Tormo-carbó


et al., 2016). Regarding moral training, van der Wal et al. (2016) posited that bottom-

up internalisation (training and strengthening employees’ moral competence) is

preferred compared to top-down imposition of rules and regulations. However,

participants in this study added that in terms of ethical education, a two-pronged

approach of educating and enforcing the rules regularly was crucial and is a new

finding that has emerged from this study.

6.3.1 Two-pronged approach.

Many participants suggested that a two-pronged approach to ethical education

and ethical reinforcement is required to raise employees’ awareness regarding

unethical behaviour. Participants opined that without consistent ethical reinforcement,

employees would forget what they have learned and would not conform to a firm’s

ethical standard. Additionally, this constant reminder would minimise the chance of

employees feigning ignorance because they “forgot” or “did not know that they could

not do certain things”. Finally, the two-pronged approach would embed an anti-fraud

and anti-corrupt mindset, assisting employees to understand what is expected of them

should they come across FC incidents.

The final attribute of the STER model is risk culture and is discussed in the

following section.

6.4 Risk Culture

The final research question for this thesis was: What are the elements of poor

risk culture that most commonly contribute to incidents of fraud and corruption?

In regard to risk culture, most participants agreed that risk assessments are not

on the manager’s ‘radar’. This corresponds with Palermo et al. (2017) who posited that

most managers are still unwilling to conduct risk assessments and that risk assessments

mean very little to decision-makers. Furthermore, participants highlighted the ongoing


Banking Royal Commission as an example of risk-taking culture that ignores rules and

boundaries due to being over-focussed on revenue, echoing Flamholtz and Randle

(2012) and Sims and Brinkmann (2003) on poor risk management, and Pan et al.

(2017) on the influence of a firm’s risk culture to its decision-making activities. This

condition could be described as risk-taking with no precaution and findings from this

study strongly support this notion. For instance, several participants explained that

firms think that they are not vulnerable to incidents of FC and thus, did not undertake

proper risk assessments. Therefore, despite recommendations on managing risks

proactively to respond and mitigate problems as early as possible (APRA, 2015; Naude

& Chiweshe, 2017), findings from this study demonstrate that Australian firms are still

reluctant in undertaking proper fraud and corruption risk assessments and often act

reactively instead of proactively.

Findings regarding the role of regulators to dictate and enforce more rules concur

with Zalewska’s (2016) recommendation on how regulators should be more involved

in regulating a firm’s risk assessment activities. Similarly, findings from this study

confirm that having a robust standard for FC-related risks and stressing the importance

of having a risk culture and risk management strategy concur with APRA (2015, 2016,

2017). In addition, findings from this study identify the importance of managing fraud

associated risks and having a consistent approach to risk management, a finding that

also concurs with the APRA Report (2018). Participants generally agreed that despite

regulations, incidents of FC are still occurring – if not increasing – in Australia, and

participants advocate for more rules and regulations for increased risk management to

mitigate these conditions. Risk culture also includes attitudes to FC minimisation

programs such as whistle-blowing and emerged as an important finding from this


study. Participants discussed whistle-blower programs as a crucial aspect of risk

culture and is discussed next.

6.4.1 Risk culture and whistle-blower programs.

According to many participants, whistleblowing programs are one of the most

effective methods to identify hidden incidents of fraud and corruption and also act as

a deterrent. They suggested that a robust whistle-blower program enables people who

want to report FC activities to do so with confidence. Participants mentioned this

several times when they discussed topics such as tone from the top, ethics and risk

culture but most felt it was appropriate as part of a risk culture program.

Participants suggest that the state of whistle-blower culture in Australia is quite

poor mainly because regulations do not adequately protect whistle-blowers, rather,

they are used to alienate whistle-blowers as problematic employees. This condition

persists due to allowing organisations or managers to identify the person who blows

the whistle on corrupt and/or fraudulent behaviour. Based on participants’ views in

implementing a whistle-blower program in Australian firms, they identify several

‘cultural’ and other obstacles. The first is the Australian culture that perceives whistle-

blower programs as ‘dob in a mate’ or to report on your colleagues/friends as ‘taboo’.

The second obstacle is identified by participants as poor protection for whistle-

blowers. Findings from this study suggest that Australian whistle-blowers are hesitant

because they fear reprisals from within the organisations. Participants also suggest that

some firms’ whistle-blower programs are just ‘tick-box’ exercises and do not ponder

the ramifications should someone use the program. Therefore, based on these findings,

whistle-blower programs have been added to the STER model.


Summary of the Four Attributes

Table 6.1 provides a summary of the findings from this study, that is, the sub-

attributes for each of the corporate culture attributes and their role as FC contributors.

It also provides side-by-side comparisons with the extant literature. New sub-

attributes, such as corrupted sub-group, are marked with asterisks (*). As seen in Table

6.1, there is one new sub-attribute for each section (corrupted sub-group, risk-to-role

approach, ethical enforcement, and whistle-blower protection program).

Section 6.5 presents the revised conceptual model that demonstrates the

relationship between corporate culture and incidents of FC.


Table 6.1

Comparison of findings on corporate culture attributes and sub-attributes with extant literature

Shared Values (S) Tone from the Top (T) Ethics (E) Risk Culture (R)

Sub-

attributes

& Extant

Literature

Employees’ lack of self-

validation (Cameron et al.,

2009; Crémer, 1993; Van den

Steen, 2010)

Ignoring the rules (Biggerstaff

et al., 2015; Brennan &

McGrath, 2007; Lail et al.,

2015; Liu, 2016; Ogbor, 2001;

Sims & Brinkmann, 2003;

Wimbush & Shepard, 1994)

Lack of clarity on ethical rules

(Ashforth & Anand, 2003;

Treviño et al., 1998)

Lack of appropriate risk

framework (i.e., reactive risk

assessment, over-focussed on

revenue and assuming that

firms are invulnerable to FC

(Flamholtz & Randle, 2012;

Naude & Chiweshe, 2017;

Palermo et al., 2017; Pan et

al., 2017; Sims & Brinkmann,

2003)

Employers shaping malleable

culture (Cameron et al., 2009;

DeBacker et al., 2015; Ogbor,

2001)

Authorisation of misconduct

(Ashforth & Anand, 2003;

Van den Steen, 2010)

Negative ethical climate (K.

D. Martin & Cullen, 2006;

Vardi, 2001; Wimbush &

Shepard, 1994; Wimbush et

al., 1997)

The lack of regulators’

interference to mitigate risks

(Zalewska, 2016)

Peer pressure (Guiso et al.,

2015; Liu, 2016)

Poor example from CEOs or

top management (i.e.,

tolerance against problematic

employee and no dialogue

between C-suites and

employees) (Shin, 2012)

Poor ethical education

(Halbouni et al., 2016; D. R.

May et al., 2014; Tormo-carbó

et al., 2016) Poor whistle-blower protection

program*

Corrupted sub-group* The lack of risk-to-role

approach* Lack of ethical enforcement*


6.5 Revised and Refined STER Conceptual Model

This study aimed to gain a deeper understanding on the relationship between corporate

culture and incidents of fraud and corruption. Findings that emerged lead to a revised

framework that helps to explain the relationship between ‘culture’ and incidents of fraud and

corruption. Views of forensic accountants and industry professionals were important to this

study as they are deeply involved in investigating FC cases and/or have experienced FC

incidents.

The overarching research question for this study was ‘Is there a connection between

corporate culture and incidents of fraud and corruption in Australian organisations?’ Four

additional research questions were asked in relation to each of the corporate culture attributes

of shared values (S), tone from the top (T), ethics (E) and risk culture (R). New findings

emerged, leading to the refinement of the conceptual framework displayed in Figure 6.1.


Figure 6.1. A Revised Conceptual Framework of Corporate Culture and

FC (STER Model).

Sources Findings from this study and extant literature (Crémer, 1993;

Cullen et al., 1989; Flamholtz & Randle, 2012; Fritzsche, 1991; Guiso et

al., 2015; Hambrick & D’Aveni, 1992; Liu, 2016; Ogbor, 2001; Palermo

et al., 2017; Shin, 2012; Sims & Brinkmann, 2003; Van Akkeren &

Buckby, 2017; van der Wal et al., 2016; Victor & Cullen, 1988;

Wimbush et al., 1997)

Ethics - Ethical Culture

- Ethical Education

- Ethical Climate

Employee’s lack of self-validation

Employers shaping malleable

culture

Peer pressure from colleagues

Corrupted values within sub-group*

Ignoring the rules

Authorisation of misconduct

Tolerance against problematic

employee

Lack of dialogue between C-suites

and employees

Lack of risk-to-role approach*

Lack of clarity on ethical rules

Negative ethical climate

Poor ethical education

Lack of ethical enforcement*

Reactive risk assessment

Over-focussed on revenue

Assume that the firm is invulnerable

to FC

Lack of regulators’ interference

Poor whistle-blower protection

policy*

Corporate

Culture

Fraud and

Corruption (FC)

: are a part of

: shape

: contributes to

Risk Culture

Tone from the Top

Shared Values


6.5.1 Summary of findings.

A new finding for the first attribute of ‘Shared Values’ related to sub-groups

forming in organisations to participate in fraud and corruption and that the sub-group

did not necessarily represent the entire organisation’s culture. Participants suggested

that corrupted values are not always shared with everyone in the organisation and FC

conduct can occur due to the existence of a corrupted sub-cultural group. This new

sub-attribute was added to the revised conceptual model in Figure 6.1 under shared

values. Therefore, apart from corrupted sub-group, findings agree with extant

literature. Thus, in answering the first research question, findings from this study

demonstrate that shared values do shape an organisation’s culture and contribute to

incidents of fraud and corruption.

The second research question on ‘tone from the top’ relates to the influence of

leadership to bring positive or negative outcomes for the firm and its employees

(Hambrick, 2007). Findings from this study concur with prior research on the

importance of having a robust management team or CEO in curbing FC incidents

(Brennan & McGrath, 2007; dela Rama, 2012; Liu, 2016), and how poor tone from

the top may contribute to corporate failure (Hambrick & D'Aveni, 1992; Sims &

Brinkmann, 2003). Therefore, findings demonstrate that tone from the top contributes

to incidents of fraud and corruption. The new finding that organisations need to have

a risk-to-role approach has also been added to the STER model. It is worth noting that

despite the concept not being new in the risk management area, the connection between

risk and tone from the top to mitigate FC incidents is a new concept for this study.

‘Ethics’, as the third corporate culture attribute consists of ethical culture, ethical

climate and ethical education. Findings concur with the literature that FC incidents

happened partly due to organisations not having clear ethical rules, a negative ethical


climate and lack of ethical education. These findings support the extant literature that

ethical culture as systems (Ashforth & Anand, 2003; Treviño et al., 1998) and ethical

climate as perceptions (K. D. Martin & Cullen, 2006; Wimbush & Shepard, 1994;

Wimbush et al., 1997) are important in shaping an anti-FC corporate culture. In

addition, ethical education was recommended in the literature as a measure to improve

employees’ moral competence (Halbouni et al., 2016; D. R. May et al., 2014; Tormo-

carbó et al., 2016) and findings from this research confirms this. Therefore, in

answering the third research question, findings concur that the three elements of ethics

contribute to incidents of fraud and corruption in Australian organisations. The new

sub-attribute that emerged, that is, the two-pronged approach of ethical education and

ethical reinforcement has also been added to the STER model.

The final corporate culture attribute, ‘risk culture’ is explained as the perceptions

of individuals and groups within an organisation that influence the way they deal with

risk-related activities (APRA, 2016). Findings from this study concur with the extant

literature with participants suggesting that a lack of proactivity, poor discipline and

attitude toward risk assessment and excessive risk-taking contribute to FC incidents.

Therefore, in relation to research question four, risk culture, or lack thereof, is a

contributor to fraud and corruption in Australian organisations. It is worth noting that

participants had strong views on the importance of whistle-blower programs and the

role of government regulators for ensuring whistle-blower protection programs are in

place. This is a new finding for ‘risk culture’ and has been added to the STER model.

6.6 Summary

This chapter presented a discussion of findings from this study and compared

those findings to the extant literature. Findings identify the importance role of

corporate culture and its four attributes (shared values, tone from the top, ethics and


risk culture) in contributing to incidents of fraud and corruption. A revised STER

model was presented to encompass all findings emerging from this study. In the final

chapter, conclusions are presented as well as the theoretical and practical contributions

of this study, limitations and prospects for future research.

Chapter 7: Conclusions 123

Chapter 7: Conclusions

This chapter concludes the study by providing a general discussion of the

findings from empirical evidence gathered to answer the research question:

‘Is there a connection between corporate culture and incidents of fraud and

corruption in Australian organisations?’

This is followed by the theoretical and practical contributions of this study, the

limitations, and, finally, opportunities for future research are presented.

7.1 General Discussion

Although prior research has studied corporate governance instruments in

mitigating incidents of fraud and corruption (FC), only a few have specifically

investigated the contribution of corporate culture in Australian organisations and most

only included one or two cultural attributes. This study provides valuable insights into

the causes of fraudulent and corrupt misconduct by examining views of participants

from a more comprehensive corporate culture perspective. To achieve this, the ‘STER’

framework was developed from the literature and included four attributes that together

define corporate culture comprehensively. Furthermore, to examine the framework,

the study sourced empirical evidence from participants whose knowledge and

experience yielded valuable cognisance on corporate culture and how it contributes to

incidents of economic crimes such as fraud and corruption.

Corporate culture has been deemed by Australian regulators such as ASIC and

APRA as a driver of conduct and organisations have been reminded on many occasions

to have a positive corporate culture. However, despite the constant notices, the state of

Australian corporate culture has been highlighted as lacking as the recent and ongoing

124 Chapter 7: Conclusions

Banking Royal Commission demonstrates. They suggest that poor corporate culture is

a major contributor to a number of scandals that have occurred in the Australian

banking and insurance sectors (CBA, NAB and AMP to name a few) and their findings

demonstrate that the culture of banking and insurance sectors are, amongst other

things, non-compliant, deceptive, corrupted and performance-focussed. Even though

the Banking Royal Commission focusses only on the culture of abovementioned

industries, having an anti-fraud and anti-corrupt corporate culture applies to all

Australian organisations because, as established from findings in this study, corporate

culture can lead to FC incidents, which are associated with a high cost to the Australian

economy. Although regulators such as ASIC and APRA have been criticised for a lack

of effective monitoring, it could be argued that Australian organisations need to take

responsibility for nurturing an ethical corporate culture to minimise the risks of

succumbing to unethical conduct such as FC. This study serves as an aid for

organisations and regulators to encourage a positive corporate culture by examining a

range of cultural attributes and the development of the STER model to explain the

relationship between corporate culture and FC.

The results from this study suggest that organisational culture can contribute to

FC conduct through four attributes: shared values, tone from the top, ethics and risk

culture. It is hoped that these findings may help organisations mitigate FC incidents

by highlighting the range of cultural issues that need to be addressed. Positive shared

values and strong management leadership are recommended in order to propagate an

anti-FC culture. Additionally, results from this study endorse having clear ethical rules

and regulations, having a positive ethical climate and robust ethical education systems

within organisations. Furthermore, organisations and their employees need to

acknowledge that continuous FC-related risk assessments are needed as FC incidents


can occur to even the most cautious, risk-averse organisations. Finally, having risk

awareness, coupled with a robust whistle-blower protection program would shape a

vigilant risk culture and would offset the chance of FC occurring, which aligns to

APRA’s recommendation in its inquiry report into the CBA (2018).

As the importance of this study has been highlighted, the next section lists the

academic and practical contributions.

7.2 Contributions

This study provides contributions to both theory and practice.

7.2.1 Contribution to theory.

The first academic contribution of this study is the development and refinement

of a corporate culture (STER) framework in explaining the relationship between

various attributes of corporate culture and incidents of fraud and corruption. To date,

no prior research has developed a comprehensive conceptual framework specifically

to explain the relationship between the four corporate culture attributes used in this

study and incidents of FC. Furthermore, this study extends previous work on corporate

culture and the impact of culture on organisations in fraud mitigation. Second, this

research provides empirical evidence from forensic accountants and industry

professionals by gathering deep insights from their expert knowledge and experiences

in relation to causes of fraud and corruption from a cultural perspective.

7.2.2 Contribution to practice.

The practical contribution of this study is to complement findings from

practitioners (industry publications) and regulators (the ongoing Royal Commission)

to better understand the relationship between corporate culture and incidents of FC. It

is hoped that this study will encourage management to improve their organisation’s

126 Chapter 7: Conclusions

culture, therefore mitigating incidents of FC. This study also highlights the importance

of having a whistle-blower program as a part of risk management culture.

7.3 Limitations

There are several limitations in this study. First, the relationship between

corporate culture and incidents of FC would be better understood by viewing the

events leading to the misconduct and the actual crime through a first-person

interpretation, that is, by interviewing the perpetrators. This would provide a more

profound understanding on an organisation’s culture and how it contributes to FC

incidents. Despite this limitation, all participants interviewed in this study were experts

in their field, most having investigated fraudulent incidents and were strongly

supportive of the cultural approach of this study. Another limitation was that only

Australian-based practitioners were interviewed and only eight interviews conducted

due to time constraints and difficulties in recruiting participants. However, the insights

provided by participants from in-depth interviews were extensive and are

representative of other practitioners.

7.4 Future Research

The results of this study provide several pathways for future research. First,

future research may include interviewing perpetrators of fraud and corruption to

determine the cultural factors that influenced their decision to commit fraud and/or

corruption. This would provide a deeper understanding and could possibly further

expand the STER model. Second, future research may include more corporate culture

attributes that extant literature has suggested contributed to incidents of FC. Third,

future studies could focus on specific industry sectors and investigate whether

corporate culture is industry specific, and whether the four attributes contributes to


incidents of fraud and corruption. Finally, quantitative methods may be used to

potentially validate and test the model for future research.

To conclude, findings from this Master thesis titled: The Role of Corporate

Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of

Forensic Accountants and Industry Professionals aligns well with findings from the

Banking Royal Commission and should provide a warning to organisations that

without a strong ethical climate and awareness of appropriate corporate culture,

incidents of fraud and corruption will continue to emerge. As the Banking Royal

Commission found:

Culture plays a major role in the successful embedding of better risk outcomes

as part of large programs. In many cases, effective risk management can be

impeded by behaviours and shared mindsets that can render the risk

management framework ineffective… messaging from senior leadership is

particularly important for achieving cultural change but so, too, is senior

leadership demonstrating commitment to the objectives through their actions

and decisions. (APRA, 2018, p. 97)

References 129

References

ABC News Breakfast. (2018, 20 Apr). Banking royal commission revelations 'worse

than I thought', says former ACCC boss. ABC News. Retrieved from

http://www.abc.net.au/news/2018-04-20/banking-royal-commission-allan-

fells-accc-reaction/9679182

Albrecht, W. S., Albrecht, C. O., Albrecht, C. C., & Zimbelman, M. F. (2016). Fraud

Examination (5th ed.): Cengage Learning.

Albrecht, W. S., & Searcy, D. J. (2001). Top 10 reasons why fraud is increasing in the

U.S. Strategic Finance, 82(11), 58-61. Retrieved from

https://gateway.library.qut.edu.au/login?url=https://search.proquest.com/docv

iew/229742929?accountid=13380

Arewa, A. O., & Farrell, P. (2015). The culture of construction organisations: The

epitome of institutionalised corruption. Construction Economics and Building,

15(3), 59-71. doi:10.5130/AJCEB.v15i3.4619

Armenakis, A., Brown, S., & Mehta, A. (2011). Organizational Culture: Assessment

and Transformation. Journal of Change Management, 11(3), 305-328.

doi:10.1080/14697017.2011.568949

Ashforth, B. E., & Anand, V. (2003). THE NORMALIZATION OF CORRUPTION

IN ORGANIZATIONS. Research in Organizational Behavior, 25, 1-52.

doi:http://dx.doi.org/10.1016/S0191-3085(03)25001-2

Ashraf, J. (2011). The Accounting Fraud @ Worldcom: The Causes, The

Characteristics, The Consequences, and The Lessons Learned. (Honours),

University of Central Florida, Orlando, Florida. Retrieved from

http://etd.fcla.edu/CF/CFH0003811/Ashraf_Javiriyah_201105_BSBA

Association of Certified Fraud Examiners (ACFE). (2014). Report to the Nations.

Retrieved from https://www.acfe.com/rttn/docs/2014-report-to-nations.pdf

Association of Certified Fraud Examiners (ACFE). (2018). Report to the Nations.

Retrieved from https://www.acfe.com/report-to-the-nations/2018/

ASX Corporate Governance Council. (2014). Corporate Governance Principles and

Recommendations. Retrieved from Australia:

https://www.asx.com.au/documents/asx-compliance/cgc-principles-and-

recommendations-3rd-edn.pdf

Australian Institute of Company Directors (AICD). (2016, 01 Aug). The role of the

board in corporate culture. Retrieved from

https://aicd.companydirectors.com.au/membership/company-director-

magazine/2016-back-editions/august/the-role-of-the-board-in-corporate-

culture

130 References

Australian Institute of Criminology (AIC). (2013). Australian crime: Facts & figures:

2012. Retrieved from Canberra: https://aic.gov.au/publications/facts/2012

Australian Prudential Regulation Authority (APRA). (2015). Prudential Practice

Guide SPG 223 - Fraud Risk Management. Australia: Australian Prudential

Regulation Authority (APRA) Retrieved from

https://www.apra.gov.au/sites/default/files/prudential-practice-guide-spg-223-

fraud-risk-management-june-2015.pdf.

Australian Prudential Regulation Authority (APRA). (2016). Risk Culture. Australian

Prudential Regulation Authority Retrieved from

https://www.apra.gov.au/sites/default/files/161018-information-paper-risk-

culture1.pdf.

Australian Prudential Regulation Authority (APRA). (2017). Prudential Standard

CPS 220. Australia: Australian Prudential Regulation Authority (APRA)

Retrieved from https://www.apra.gov.au/sites/default/files/Prudential-

Standard-CPS-220-Risk-Management-%28July-2017%29.pdf.

Australian Prudential Regulation Authority (APRA). (2018). Prudential Inquiry Into

The Commonwealth Bank Of Australia. Retrieved from Australia:

https://www.apra.gov.au/sites/default/files/CBA-Prudential-Inquiry_Final-

Report_30042018.pdf

Australian Prudential Regulation Authority (APRA). (n.d.). Australian Prudential

Regulation Authority. Retrieved from https://www.apra.gov.au/about-apra

Australian Securities & Investments Commission (ASIC). (2018, 31 May 2018).

Senate Economics Legislation Committee: Opening Statement by ASIC Chair,

James Shipton - 30 May 2018. Retrieved from https://asic.gov.au/about-

asic/media-centre/speeches/senate-economics-legislation-committee-opening-

statement-by-asic-chair-james-shipton-30-may-2018/

Australian Securities & Investments Commission (ASIC). (n.d., 20 Oct 2014).

Corporate Governance. Retrieved from http://asic.gov.au/regulatory-

resources/corporate-governance/

Barker, A. (2017, 30 Nov). Banking royal commission: Speaking out against CBA had

'horrific impact' on whistleblower. ABC News. Retrieved from

http://www.abc.net.au/news/2017-11-30/banking-whistleblower-jeff-morris-

tells-of-horrific-impact/9212536

Barr, A., & Serra, D. (2010). Corruption and culture: An experimental analysis.

Journal of Public Economics, 94(11), 862-869.

doi:10.1016/j.jpubeco.2010.07.006

Barriball, K. L., & While, A. (1994). Collecting data using a semi‐ structured

interview: a discussion paper. Journal of Advanced Nursing, 19(2), 328-335.

doi:10.1111/j.1365-2648.1994.tb01088.x

Barry, P. (2011, February). In the eye of the storm: The collapse of storm financial.

The Monthly Retrieved from

References 131

https://www.themonthly.com.au/issue/2011/february/1299634145/paul-

barry/eye-storm

Beasley, M. S. (1996). An Empirical Analysis of the Relation between the Board of

Director Composition and Financial Statement Fraud. The Accounting Review,

71(4), 443-465. Retrieved from

http://www.jstor.org.ezp01.library.qut.edu.au/stable/248566

Berg, B. L., & Lune, H. (2012). Qualitative research methods for the social sciences

(8th ed.). Boston: Pearson.

Bezzina, F., Grima, S., & Mamo, J. (2014). Risk management practices adopted by

financial firms in Malta. Managerial Finance, 40(6), 587-612.

doi:10.1108/MF-08-2013-0209

Biggerstaff, L., Cicero, D. C., & Puckett, A. (2015). Suspect CEOs, unethical culture,

and corporate misbehavior. Journal of Financial Economics, 117(1), 98-121.

doi:10.1016/j.jfineco.2014.12.001

Bonny, P., Goode, S., & Lacey, D. (2015). Revisiting employee fraud: gender,

investigation outcomes and offender motivation. Journal of Financial Crime,

22(4), 447-467. doi:10.1108/JFC-04-2014-0018

Brennan, N. M., & McGrath, M. (2007). Financial Statement Fraud: Some Lessons

from US and European Case Studies. Australian Accounting Review, 17(2), 49-

61. doi:10.1111/j.1835-2561.2007.tb00443.x

Brown, J., & Loosemore, M. (2015). Behavioural factors influencing corrupt action in

the Australian construction industry. Engineering, Construction and

Architectural Management, 22(4), 372-389. doi:10.1108/ECAM-03-2015-

0034

Cameron, L., Chaudhuri, A., Erkal, N., & Gangadharan, L. (2009). Propensities to

engage in and punish corrupt behavior: Experimental evidence from Australia,

India, Indonesia and Singapore. Journal of Public Economics, 93(7), 843-851.

doi:10.1016/j.jpubeco.2009.03.004

Campbell, J.-L., & Göritz, A. S. (2014). Culture Corrupts! A Qualitative Study of

Organizational Culture in Corrupt Organizations. Journal of Business Ethics,

120(3), 291-311. doi:10.1007/s10551-013-1665-7

Chapple, L., Ferguson, C., & Kang, D. (2009). Corporate governance and

misappropriation. Journal of Forensic and Investigative Accounting, 1(2), 1-

26. Retrieved from

https://www.researchgate.net/publication/228282970_Corporate_Governance

_and_Misappropriation

Chen, J., Cumming, D., Hou, W., & Lee, E. (2016). CEO Accountability for Corporate

Fraud: Evidence from the Split Share Structure Reform in China. Journal of

Business Ethics, 138(4), 787-806. doi:10.1007/s10551-014-2467-2

132 References

Chernousov, V. (2012). Corporate Fraud Prevention, Detection and Investigation.

Paper presented at the 2012 ACFE European Fraud Conference.

http://www.acfe.com/uploadedFiles/ACFE_Website/Content/european/Cours

e_Materials/2012/2A_Chernousov-cpp.pdf

Coram, P., Ferguson, C., & Moroney, R. (2008). Internal audit, alternative internal

audit structures and the level of misappropriation of assets fraud. Accounting

& Finance, 48(4), 543-559. doi:10.1111/j.1467-629X.2007.00247.x

Crémer, J. (1993). Corporate culture and shared knowledge. Industrial and Corporate

Change, 2(1), 351-386. doi:10.1093/icc/2.1.351

Cressey, D. R. (1953). Other People's Money: A study in the Social Psychology of

Embezzlement. Glencoe, Illinois: Free Press.

Cullen, J. B., Victor, B., & Stephens, C. (1989). An ethical weather report: Assessing

the organization's ethical climate. Organizational Dynamics, 18(2), 50-62.

doi:http://dx.doi.org/10.1016/0090-2616(89)90042-9

Daboub, A. J., Abdul, M. A. R., Priem, R. L., & Gray, D. A. (1995). Top Management

Team Characteristics and Corporate Illegal Activity. The Academy of

Management Review, 20(1), 138-170. doi:10.2307/258890

Dana, J., Dawes, R., & Peterson, N. (2013). Belief in the unstructured interview: The

persistence of an illusion. Judgment and Decision Making, 8(5), 512-520.

Retrieved from

http://gateway.library.qut.edu.au/login?url=https://search.proquest.com/docvi

ew/1439417462?accountid=13380

Danckert, S. (2018, 27 April). Banks should face court too over conduct breaches. The

Sydney Morning Herald. Retrieved from

https://www.smh.com.au/business/banking-and-finance/banks-should-face-

court-too-over-conduct-breaches-20180427-p4zc4w.html

Darvall-Stevens, R. (2016, 11 Aug). Why company culture is the key to mitigating

fraud, bribery and corruption risk. Accountants Daily. Retrieved from

https://www.accountantsdaily.com.au/columns/9400-why-company-culture-

is-the-key-to-mitigating-fraud-bribery-and-corruption-risk

DeBacker, J., Heim, B. T., & Tran, A. (2015). Importing corruption culture from

overseas: Evidence from corporate tax evasion in the United States. Journal of

Financial Economics, 117(1), 122-138. doi:10.1016/j.jfineco.2012.11.009

dela Rama, M. (2012). Corporate Governance and Corruption: Ethical Dilemmas of

Asian Business Groups. Journal of Business Ethics, 109(4), 501-519.

doi:10.1007/s10551-011-1142-0

DiCicco‐ Bloom, B., & Crabtree, B. F. (2006). The qualitative research interview.

Medical Education, 40(4), 314-321. doi:10.1111/j.1365-2929.2006.02418.x

Dominic, P.-R. (2018). A model for preventing corruption. Journal of Financial

Crime, 25(2), 545-561. doi:10.1108/JFC-11-2014-0048

References 133

Domino, M. A., Wingreen, S. C., & Blanton, J. E. (2015). Social Cognitive Theory:

The Antecedents and Effects of Ethical Climate Fit on Organizational Attitudes

of Corporate Accounting Professionals--A Reflection of Client Narcissism and

Fraud Attitude Risk. Journal of Business Ethics, 131(2), 453-467.

doi:http://dx.doi.org/10.1007/s10551-014-2210-z

Duh, M., Belak, J., & Milfelner, B. (2010). Core Values, Culture and Ethical Climate

as Constitutional Elements of Ethical Behaviour: Exploring Differences

Between Family and Non-Family Enterprises. Journal of Business Ethics,

97(3), 473-489. doi:10.1007/s10551-010-0519-9

Dunn, P. (2004). The Impact of Insider Power on Fraudulent Financial Reporting.

Journal of Management, 30(3), 397-412. doi:10.1016/j.jm.2003.02.004

Ernst & Young (EY). (2016). Corporate misconduct - individual consequences.

Retrieved from http://www.ey.com/Publication/vwLUAssets/ey-global-fraud-

survey-2016/$FILE/ey-global-fraud-survey-final.pdf

Eyers, J. (2017, 13 Aug). Banks have 'rosy' view of risk culture. The Australian

Financial Review. Retrieved from http://www.afr.com/business/banking-and-

finance/financial-services/banks-have-rosy-view-of-risk-culture-20170812-

gxuz5g

Ferguson, A., & Williams, R. (2015, 21 February). Whistleblower's NAB leak reveals

persistent bad behaviour in financial planning, fuels royal commission calls.

The Sydney Morning Herald. Retrieved from

http://www.smh.com.au/business/banking-and-finance/whistleblowers-nab-

leak-reveals-persistent-bad-behaviour-in-financial-planning-fuels-royal-

commission-calls-20150217-13hv1f.html

Ferrier, S. (2015, 28 Oct). Commonwealth Bank compensation scheme for victims of

financial planning scandal 'a joke', Senate inquiry hears. ABC News. Retrieved

from http://www.abc.net.au/news/2015-10-28/cba-denying-compensation-to-

victims-of-financial-planning/6892624

Finkelstein, S. (1992). Power in Top Management Teams: Dimensions, Measurement,

and Validation. The Academy of Management Journal, 35(3), 505-538.

doi:10.2307/256485

Fisman, R., & Miguel, E. (2007). Corruption, Norms, and Legal Enforcement:

Evidence from Diplomatic Parking Tickets. The Journal of Political Economy,

115(6), 1020. Retrieved from http://www.jstor.org/stable/10.1086/527495

Flamholtz, E. G., & Randle, Y. (2012). Corporate culture, business models,

competitive advantage, strategic assets and the bottom line. Journal of HRCA

: Human Resource Costing & Accounting, 16(2), 76-94.

doi:http://dx.doi.org/10.1108/14013381211284227

Fontana, A., & Frey, J. H. (2000). The Interview: From Structured Questions to

Negotiated Text. In N. K. Denzin & Y. S. Lincoln (Eds.), Handbook of

Qualitative Research. Thousand Oaks, California: Sage.

134 References

Fritzsche, D. J. (1991). A model of decision-making incorporating ethical values.

Journal of Business Ethics, 10(11), 841-852. doi:10.1007/bf00383700

FSU Australia. (2009, 04 Sep). Sales-and-bonus culture directly linked to Storm

Financial collapse. Retrieved from http://www.fsunion.org.au/News-

Views/Media/Media-Releases/Salesandbonus-culture-directly-linked-to.aspx

Gable, G. (1994). Integrating case study and survey research methods: an example in

information systems. European Journal of Information Systems, 3(2), 112-126.

doi:http://dx.doi.org/10.1057/ejis.1994.12

Geriesh, L. (2003). Organizational culture and fraudulent financial reporting. The CPA

Journal, 73(3), 28-32. Retrieved from

http://gateway.library.qut.edu.au/login?url=http://search.proquest.com/docvie

w/212291677?accountid=13380

Glaser, B. G., & Strauss, A. L. (1967). The discovery of grounded theory: strategies

for qualitative research (1 ed.). New York: Aldine Pub. Co.

Goodstein, J., Butterfield, K., & Neale, N. (2016). Moral Repair in the Workplace: A

Qualitative Investigation and Inductive Model. Journal of Business Ethics,

138(1), 17-37. doi:http://dx.doi.org/10.1007/s10551-015-2593-5

Gray, J. (2016, 31 March). Dennis Gentilin, National Australia Bank whistleblower,

probes the origins of ethical failure. The Australian Financial Review.

Retrieved from http://www.afr.com/brand/boss/dennis-gentilin-nab-

whistleblower-probes-the-origins-of-ethical-failure-20160310-gnflth

Gregory, K. L. (1983). Native-View Paradigms: Multiple Cultures and Culture

Conflicts in Organizations. Administrative Science Quarterly, 28(3), 359-376.

doi:10.2307/2392247

Guest, G., Bunce, A., & Johnson, L. (2006). How Many Interviews Are Enough?:An

Experiment with Data Saturation and Variability. Field Methods, 18(1), 59-82.

doi:10.1177/1525822x05279903

Guiso, L., Sapienza, P., & Zingales, L. (2006). Does Culture Affect Economic

Outcomes? Journal of Economic Perspectives, 20(2), 23-48.

doi:10.1257/jep.20.2.23

Guiso, L., Sapienza, P., & Zingales, L. (2015). The value of corporate culture. Journal

of Financial Economics, 117(1), 60-76.

doi:http://dx.doi.org/10.1016/j.jfineco.2014.05.010

Gullkvist, B., & Jokipii, A. (2013). Perceived importance of red flags across fraud

types. Critical Perspectives on Accounting, 24(1), 44-61.

doi:http://dx.doi.org/10.1016/j.cpa.2012.01.004

Halbouni, S. S., Obeid, D., & Garbou, A. (2016). Corporate governance and

information technology in fraud prevention and detection: Evidence from the

UAE. Managerial Auditing Journal, 31(6/7), 589-628. doi:10.1108/MAJ-02-

2015-1163

References 135

Haleblian, J., & Finkelstein, S. (1993). Top Management Team Size, CEO Dominance,

and Firm Performance: The Moderating Roles of Environmental Turbulence

and Discretion. The Academy of Management Journal, 36(4), 844-863.

doi:10.2307/256761

Hambrick, D. C. (2007). Upper Echelons Theory: An Update. Academy of

Management. The Academy of Management Review, 32(2), 334-343.

Retrieved from

http://gateway.library.qut.edu.au/login?url=http://search.proquest.com/docvie

w/210972230?accountid=13380

Hambrick, D. C., & D'Aveni, R. A. (1992). Top Team Deterioration As Part of the

Downward Spiral of Large Corporate Bankruptcies. Management Science,

38(10), 1445-1466. Retrieved from

http://www.jstor.org.ezp01.library.qut.edu.au/stable/2632673

Han, M. (2018, 30 April). Banking royal commission: AMP's misleading of ASIC

explained. Australian Financial Review. Retrieved from

https://www.afr.com/business/banking-and-finance/banking-royal-

commission-amps-misleading-of-asic-explained-20180430-h0zfy9

Hatch, M. J., & Zilber, T. (2012). Conversation at the Border Between Organizational

Culture Theory and Institutional Theory. Journal of Management Inquiry,

21(1), 94-97. doi:10.1177/1056492611419793

Hauk, E., & Saez-Marti, M. (2002). On the Cultural Transmission of Corruption.

Journal of Economic Theory, 107(2), 311-335. doi:10.1006/jeth.2001.2956

HLB Mann Judd. (2017, 29 Aug). Fraud and Organisational Culture. Retrieved from

https://probonoaustralia.com.au/news/2017/08/fraud-organisational-culture/

Imoniana, J. O., Antunes, M. T. P., & Formigoni, H. (2013). THE FORENSIC

ACCOUNTING AND CORPORATE FRAUD. Journal of Information

Systems and Technology Management : JISTEM, 10(1), 119-144.

doi:10.4301/S1807-17752013000100007

In'airat, M. (2015). The Role of Corporate Governance in Fraud Reduction - A

Perception Study in the Saudi Arabia Business Environment. Journal of

Accounting and Finance, 15(2), 119-128. Retrieved from


ew/1726773248?accountid=13380

Information Systems Audit and Control Association (ISACA). (2012). Cobit 5: A

Business Framework for the Governance and Management of Enterprise IT (6

ed.). United States of America: ISACA.

Institute of Risk Management (IRM). (n.d., 2016). Risk appetite and tolerance.

Retrieved from https://www.theirm.org/knowledge-and-resources/thought-

leadership/risk-appetite-and-tolerance.aspx

Interligi, L. (2010). Compliance culture: A conceptual framework. Journal of

Management and Organization, 16(2), 235-249. Retrieved from

136 References

https://gateway.library.qut.edu.au/login?url=https://search.proquest.com/docv

iew/577560767?accountid=13380

Investopedia. (n.d., 2 Mar 2018). What is earnings management? Retrieved from

https://www.investopedia.com/ask/answers/191.asp

Jenkinson, D. (1996). Compliance Culture. Journal of Financial Regulation and

Compliance, 4(1), 41-46. doi:10.1108/eb024866

Ji, Y., Rozenbaum, O., & Welch, K. T. (2017). Corporate Culture and Financial

Reporting Risk: Looking Through the Glassdoor. Retrieved from

https://ssrn.com/abstract=2945745

Johansson, E., & Carey, P. (2016). Detecting Fraud: The Role of the Anonymous

Reporting Channel. Journal of Business Ethics, 139(2), 391-409.

doi:10.1007/s10551-015-2673-6

Kallio, H., Pietilä, A. M., Johnson, M., & Kangasniemi, M. (2016). Systematic

methodological review: developing a framework for a qualitative semi‐structured interview guide. Journal of Advanced Nursing, 72(12), 2954-2965.

doi:10.1111/jan.13031

Kirby, D. M. (2016, 05 May). The Importance of Company Culture in Fraud

Prevention. Business 2 Community. Retrieved from

http://www.business2community.com/human-resources/importance-

company-culture-fraud-prevention-01527343#FYTC4TSBeuPR5hbS.97

Kleinberg, J. (2014). The Dynamics of Corruptogenic Organizations. International

Journal of Group Psychotherapy, 64(4), 420-443.

doi:10.1521/ijgp.2014.64.4.420

Kotter, J. P., & Heskett, J. L. (1992). Corporate culture and performance. New York:

Free Press.

KPMG. (2013). A survey of Fraud, Bribery and Corruption in Australia & New

Zealand 2012. Retrieved from Auckland:

www.kpmg.com/au/en/issuesandinsights/articlespublications/fraud-

survey/pages/fraud-bribery-corruption-survey-2012.aspx?chan=story1

KPMG. (2018, 13 Feb). Fraud Barometer: October 2016 – September 2017. Retrieved

from https://home.kpmg.com/au/en/home/insights/2018/02/fraud-barometer-

october-2016-september-2017.html

Kranacher, M.-J., Riley, R., & Wells, J. T. (2010). Forensic Accounting and Fraud

Examination: Wiley.

Lail, B., MacGregor, J., Stuebs, M., & Thomasson, T. (2015). The Influence of

Regulatory Approach on Tone at the Top. Journal of Business Ethics, 126(1),

25-37. doi:10.1007/s10551-013-1992-8

Lannin, S. (2018, 15 March). Only fraction of eligible NAB customers compensated

over fraudulent loan scandal, royal commission hears. ABC News. Retrieved

References 137

from http://www.abc.net.au/news/2018-03-14/nab-executive-admits-bank-

breaches-responsible-lending-laws/9547220

Licht, A. N. (2001). The Mother of All Path Dependencies: Toward a Cross-Cultural

Theory of Corporate Governance Systems. Delaware Journal of Corporate

Law, 26(1), 147-205. Retrieved from

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=266910&download=yes

Linnenluecke, M. K., & Griffiths, A. (2010). Corporate sustainability and

organizational culture. Journal of World Business, 45(4), 357-366.

doi:https://doi.org/10.1016/j.jwb.2009.08.006

Liu, X. (2016). Corruption culture and corporate misconduct. Journal of Financial

Economics, 122(2), 307-327.

doi:http://dx.doi.org/10.1016/j.jfineco.2016.06.005

Llopis, J., Gonzalez, M. R., & Gasco, J. L. (2007). Corporate governance and

organisational culture: The role of ethics officers. International Journal of

Disclosure and Governance, 4(2), 96-105.

doi:http://dx.doi.org/10.1057/palgrave.jdg.2050051

Lowers & Associates. (2013). Why Corporate Culture Matters in Fraud Control.

Retrieved from http://blog.lowersrisk.com/corporate-culture-fraud/

Manning, J., & Kunkel, A. (2014). Making meaning of meaning-making

research:Using qualitative research for studies of social and personal

relationships. Journal of Social and Personal Relationships, 31(4), 433-441.

doi:10.1177/0265407514525890

Martin, J., & Siehl, C. (1983). Organizational culture and counterculture: An uneasy

symbiosis. Organizational Dynamics, 12(2), 52-64.

doi:https://doi.org/10.1016/0090-2616(83)90033-5

Martin, K. D., & Cullen, J. B. (2006). Continuities and Extensions of Ethical Climate

Theory: A Meta-Analytic Review. Journal of Business Ethics, 69(2), 175-194.

doi:10.1007/s10551-006-9084-7

May, C. (2003). Dynamic Corporate Culture Lies at the Heart of Effective Security

Strategy. Computer Fraud & Security, 2003(5), 10-13.

doi:https://doi.org/10.1016/S1361-3723(03)05011-5

May, D. R., Luth, M. T., & Schwoerer, C. E. (2014). The Influence of Business Ethics

Education on Moral Efficacy, Moral Meaningfulness, and Moral Courage: A

Quasi-experimental Study. Journal of Business Ethics, 124(1), 67-80.

doi:10.1007/s10551-013-1860-6

McConnell, P. (2015, 04 June). War on banking’s rotten culture must include

regulators. The Conversation. Retrieved from

https://theconversation.com/war-on-bankings-rotten-culture-must-include-

regulators-42767

138 References

McGowan, M., & Davidson, H. (2018, 27 April). Banking royal commission:

Westpac, AMP and CBA may have breached Corporations Act – as it

happened. The Guardian. Retrieved from

https://www.theguardian.com/australia-news/live/2018/apr/27/banking-royal-

commission-financial-advice-groups-under-microscope-live

Medcraft, G. (2016a). The regulatory perspective: Corporate culture, corporate values

and ethics. Governance Directions, 68(8), 456-457. Retrieved from

https://search-informit-com-

au.ezp01.library.qut.edu.au/documentSummary;res=IELAPA;issn=2203-

4749;py=2016;vol=68;iss=8;spage=456

Medcraft, G. (2016b). Tone from the top: Influencing conduct and culture. Law and

Financial Markets Review, 10(3), 156-158.

doi:10.1080/17521440.2016.1244421

Miles, M. B., & Huberman, A. M. (1994). Qualitative data analysis: an expanded

sourcebook (2nd ed.). Thousand Oaks: Sage Publications.

Mintz, S. M. (2005). Corporate Governance in an International Context: legal systems,

financing patterns and cultural variables. Corporate Governance: An

International Review, 13(5), 582-597. doi:10.1111/j.1467-8683.2005.00453.x

Modaff, D. P., DeWine, S., & Butler, J. A. (2008). Organizational communication:

foundations, challenges, and misunderstandings (2nd ed.). Boston:

Pearson/Allyn and Bacon.

Monem, R. (2011). The One.Tel Collapse: Lessons for Corporate Governance.

Australian Accounting Review, 21(4), 340-351. doi:10.1111/j.1835-

2561.2011.00151.x

Morgan, A. R., & Burnside, C. (2014). Olympus Corporation Financial Statement

Fraud Case Study: The Role That National Culture Plays On Detecting And

Deterring Fraud. Journal of Business Case Studies (Online), 10(2), 175-184.

Retrieved from


ew/1516952858?accountid=13380

Morris, J. (2018, 27 April). 'I gift wrapped Commonwealth Bank for ASIC and it did

nothing'. The Sydney Morning Herald. Retrieved from

https://www.smh.com.au/business/banking-and-finance/i-gift-wrapped-

commonwealth-bank-for-asic-and-it-did-nothing-20180427-p4zbyk.html

Myers, M. D. (1997, 1 Mar 2018). Qualitative Research in Information Systems.

Retrieved from http://www.qual.auckland.ac.nz/

Myers, M. D., & Newman, M. (2007). The qualitative interview in IS research:

Examining the craft. Information and Organization, 17(1), 2-26.

doi:https://doi.org/10.1016/j.infoandorg.2006.11.001

Naude, M. J., & Chiweshe, N. (2017). A proposed operational risk management

framework for small and medium enterprises. South African Journal of

References 139

Economic and Management Sciences, 20(1).

doi:http://dx.doi.org/10.4102/sajems.v20i1.1621

Needle, D. (2004). Business in context: an introduction to business and its

environment (4th ed.). London: Thomson Learning.

O'Shea, N. (2005). Governance how we've got where we are and what's next.

Accountancy Ireland, 37(6), 33-37. Retrieved from


ew/223171416?accountid=13380

Ogbor, J. O. (2001). Critical theory and the hegemony of corporate culture. Journal of

Organizational Change Management, 14(6), 590-608.

doi:10.1108/09534810110408015

Organisation for Economic Cooperation and Development (OECD). (2014). Risk

Management and Corporate Governance. Retrieved from

http://www.oecd.org/daf/ca/risk-management-corporate-governance.pdf

Pacheco, G., Westhuizen, D. W. d., Ghobadian, A., Webber, D. J., & O'Regan, N.

(2016). The Changing Influence of Societal Culture on Job Satisfaction across

Europe. British Journal of Management, 27(3), 606-627. doi:10.1111/1467-

8551.12150

Palermo, T., Power, M., & Ashby, S. (2017). Navigating Institutional Complexity: The

Production of Risk Culture in the Financial Sector. Journal of Management

Studies, 54(2), 154-181. doi:10.1111/joms.12241

Pan, Y., Siegel, S., & Wang, T. Y. (2017). Corporate Risk Culture. Journal of

Financial and Quantitative Analysis, 52(6), 2327-2367.

doi:10.1017/S0022109017000771

Parliamentary Joint Committee on Corporations and Financial Services. (2009).

Inquiry into financial products and services in Australia. Retrieved from

Canberra, Australia:

http://www.aph.gov.au/binaries/senate/committee/corporations_ctte/fps/repor

t/report.pdf

Patel, P. C., & Conklin, B. (2012). Perceived Labor Productivity in Small Firms—The

Effects of High‐ Performance Work Systems and Group Culture Through

Employee Retention. Entrepreneurship Theory and Practice, 36(2), 205-235.

doi:10.1111/j.1540-6520.2010.00404.x

Perols, J. L., & Lougee, B. A. (2011). The relation between earnings management and

financial statement fraud. Advances in Accounting, 27(1), 39-53.

doi:http://dx.doi.org/10.1016/j.adiac.2010.10.004

Pinho, J. C., Rodrigues, A. P., & Dibb, S. (2014). The role of corporate culture, market

orientation and organisational commitment in organisational performance: The

case of non-profit organisations. Journal of Management Development, 33(4),

374-398. doi:10.1108/JMD-03-2013-0036

140 References

Prabowo, H. Y., & Cooper, K. (2016). Re-understanding corruption in the Indonesian

public sector through three behavioral lenses. Journal of Financial Crime,

23(4), 1028-1062. doi:10.1108/JFC-08-2015-0039

Price, J. (2015, 26 May 2016). Culture, conduct and the bottom line. Retrieved from

http://asic.gov.au/regulatory-resources/corporate-governance/corporate-

governance-articles/culture-conduct-and-the-bottom-line/

PricewaterhouseCoopers (PwC). (2016a). Adjusting the Lens on Economic Crime:

Preparation brings opportunity back into focus. Retrieved from

https://www.pwc.com/gx/en/economic-crime-

survey/pdf/GlobalEconomicCrimeSurvey2016.pdf

PricewaterhouseCoopers (PwC). (2016b). Embedding Resilience: Cyber threats, Anti-

money laundering and Anti-bribery and corruption remains a persistent threat

to Australian organisations. Retrieved from

http://www.pwc.com.au/consulting/assets/global-economic-crime/global-

economic-crime-survey-2016-australian-report.pdf

PricewaterhouseCoopers (PwC). (2017a). Escaping the commodity trap: The future of

banking in Australia. Retrieved from Australia:

https://www.pwc.com.au/pdf/pwc-report-future-of-banking-in-australia.pdf

PricewaterhouseCoopers (PwC). (2017b). Risk and Compliance Benchmarking

Survey. Retrieved from Australia:

https://www.pwc.com.au/superannuation/risk-compliance-benchmarking-

survey-aug17.pdf

PricewaterhouseCoopers (PwC). (2018). Pulling fraud out of the shadows. Retrieved

from https://www.pwc.com/gx/en/services/advisory/forensics/economic-

crime-survey.html

Rafiee, V. B., & Sarabdeen, J. (2012). Cultural Influence in the Practice of Corporate

Governance in Emerging Markets. Communications of the IBIMA, 2012(2012),

1-10. doi:10.5171/2012.4444553

Ravasi, D., & Schultz, M. (2006). Responding to Organizational Identity Threats:

Exploring the Role of Organizational Culture. The Academy of Management

Journal, 49(3), 433-458. doi:10.2307/20159775

Sathe, V. (1983). Implications of corporate culture: A manager's guide to action.

Organizational Dynamics, 12(2), 5-23. doi:https://doi.org/10.1016/0090-

2616(83)90030-X

Schein, E. H. (1985). Organizational Culture and Leadership.

Schein, E. H. (1990). Organizational culture. American Psychologist, 45(2), 109-119.

doi:10.1037/0003-066X.45.2.109

Schuchter, A., & Levi, M. (2015). Beyond the fraud triangle: Swiss and Austrian elite

fraudsters. Accounting Forum, 39(3), 176-187.

doi:https://doi.org/10.1016/j.accfor.2014.12.001

References 141

Schultze, U., & Avital, M. (2011). Designing interviews to generate rich data for

information systems research. Information and Organization, 21(1), 1-16.

doi:http://dx.doi.org/10.1016/j.infoandorg.2010.11.001

Shenton, A. K. (2004). Strategies for ensuring trustworthiness in qualitative research

projects. Education for Information, 22(2), 63-75. doi:10.3233/EFI-2004-

22201

Shin, Y. (2012). CEO Ethical Leadership, Ethical Climate, Climate Strength, and

Collective Organizational Citizenship Behavior. Journal of Business Ethics,

108(3), 299-312. doi:10.1007/s10551-011-1091-7

Sims, R. R., & Brinkmann, J. (2003). Enron Ethics (or: Culture Matters More than

Codes). Journal of Business Ethics, 45(3), 243-256.

doi:10.1023/A:1024194519384

Sinclair, A. (1993). Approaches to organisational culture and ethics. Journal of

Business Ethics, 12(1), 63. Retrieved from


ew/198007763?accountid=13380

Skousen, C. J., Smith, K. R., & Wright, C. J. (2009). Detecting and predicting financial

statement fraud: The effectiveness of the fraud triangle and SAS No. 99. In M.

Hirschey, K. John, & A. K. Makhija (Eds.), Corporate Governance and Firm

Performance (Vol. 13, pp. 53-81): Emerald Group Publishing Limited.

Skousen, C. J., & Wright, C. J. (2006). Contemporaneous Risk Factors and the

Prediction of Financial Statement Fraud. SSRN, 1-41.

doi:http://dx.doi.org/10.2139/ssrn.938736

Smith, R., Jorna, P., Sweeney, J., & Fuller, G. (2014). Counting the costs of crime in

Australia: A 2011 estimate. Retrieved from Canberra: Australian Institute of

Criminology: https://aic.gov.au/publications/rpp/rpp129

Soltani, B. (2014). The Anatomy of Corporate Fraud: A Comparative Analysis of High

Profile American and European Corporate Scandals. Journal of Business

Ethics, 120(2), 251-274. doi:10.1007/s10551-013-1660-z

Spathis, C. T. (2002). Detecting false financial statements using published data: some

evidence from Greece. Managerial Auditing Journal, 17(4), 179-191.

doi:10.1108/02686900210424321

Strauss, A. L., & Corbin, J. M. (1998). Basics of qualitative research: techniques and

procedures for developing grounded theory (2nd ed.). Thousand Oaks: Sage.

Swai, J. P., & Mbogela, C. S. (2016). Accrual-Based versus Real Earnings

Management; The Effect of Ownership Structure: Evidence from East Africa.

ACRN Oxford Journal of Finance and Risk Perspectives, 5(2), 121-140.

Retrieved from http://www.acrn-journals.eu/resources/jofrp0502h.pdf

142 References

Switzer, L. N. (2007). Corporate governance, Sarbanes-Oxley, and small-cap firm

performance. The Quarterly Review of Economics and Finance, 47(5), 651-

666. doi:https://doi.org/10.1016/j.qref.2007.08.001

Tan, D. T., Chapple, L., & Walsh, K. D. (2017). Corporate fraud culture: Re-

examining the corporate governance and performance relation. Accounting &

Finance, 57(2), 597-620. doi:10.1111/acfi.12156

Teddlie, C., & Yu, F. (2007). Mixed Method Sampling: A Typology with Examples.

Journal of Mixed Methods Research, 1(1), 77-100.

doi:10.1177/2345678906292430

Tormo-carbó, G., Seguí-mas, E., & Oltra, V. (2016). Accounting Ethics in Unfriendly

Environments: The Educational Challenge. Journal of Business Ethics, 135(1),

161-175. doi:http://dx.doi.org/10.1007/s10551-014-2455-6

Treviño, L. K., Butterfield, K. D., & McCabe, D. L. (1998). The Ethical Context in

Organizations: Influences on Employee Attitudes and Behaviors. Business

Ethics Quarterly, 8(3), 447-476. doi:10.2307/3857431

Van Akkeren, J., & Buckby, S. (2017). Perceptions on the Causes of Individual and

Fraudulent Co-offending: Views of Forensic Accountants. Journal of Business

Ethics, 146(2), 383-404. doi:10.1007/s10551-015-2881-0

Van den Steen, E. (2010). On the origin of shared beliefs (and corporate culture). The

RAND Journal of Economics, 41(4), 617-648. Retrieved from

http://onlinelibrary.wiley.com/doi/10.1111/j.1756-2171.2010.00114.x/full

van der Wal, Z., Graycar, A., & Kelly, K. (2016). See No Evil, Hear No Evil?

Assessing Corruption Risk Perceptions and Strategies of Victorian Public

Bodies. Australian Journal of Public Administration, 75(1), 3-17.

doi:10.1111/1467-8500.12163

Vardi, Y. (2001). The effects of organizational and ethical climates on misconduct at

work. Journal of Business Ethics, 29(4), 325-337.

doi:10.1023/A:1010710022834

Victor, B., & Cullen, J. B. (1988). The Organizational Bases of Ethical Work Climates.

Administrative Science Quarterly, 33(1), 101-125. doi:10.2307/2392857

Wimbush, J. C., & Shepard, J. M. (1994). Toward an Understanding of Ethical

Climate: Its Relationship to Ethical Behavior and Supervisory Influence.

Journal of Business Ethics, 13(8), 637-647. doi:10.1007/BF00871811

Wimbush, J. C., Shepard, J. M., & Markham, S. E. (1997). An Empirical Examination

of the Relationship Between Ethical Climate and Ethical Behavior from

Multiple Levels of Analysis. Journal of Business Ethics, 16(16), 1705-1716.

doi:10.1023/a:1017952221572

Young, M. R. (2014). Financial fraud prevention and detection: governance and

effective practices. Hoboken, New Jersey: Wiley.

References 143

Zalewska, A. (2016). A New Look at Regulating Bankers’ Remuneration. Corporate

Governance: An International Review, 24(3), 322-333.

doi:10.1111/corg.12149

Zikmund, W. G. (2003). Chapter 16 : Sample Designs and Sampling Procedures. In

W. G. Zikmund (Ed.), Business Research Methods (7th ed., pp. 368-400):

Thomson/South-Western.

144 Appendices

Appendices

Appendix A

The Fraud Tree

Appendices 145

Appendix B

Interview Protocol

Organisational Culture and Fraud and Corruption (FC): Perceptions of

Forensic Accountants and Industry Professionals Research Project

MPhil Interview questions

Introductory Statement

This study is examining the role of ‘culture’ to incidents of fraud and corruption within

organisations. We seek your expert opinion based on your experiences of investigating

and/or experiencing these types of crimes as part of your professional role. In addition,

this interview may help in raising public awareness (academics and professionals) on

the relationship between corporate culture and incidents of fraud and corruption. There

are four main categories of ‘culture’ that have been identified for this study, that is:

shared values; ethics; tone from the top; and, risk culture. I will ask questions based

on each of cultural attributes. I am aware that these four can overlap with each other.

Therefore, I will try to separate them. First, I will ask you some demographic

questions.

Demographic

1. What is the size of your firm (SME, Mid-tier, Big 4)?

2. What is the highest degree you have completed?

3. For forensic accountants:

o How long have you worked in the forensic accounting profession?

o What is the main type of forensic work you undertake? E.g., forensic

investigator, forensic accountant, computer forensic expert, etc.

4. For industry professionals:

o How long have you worked in your current profession?

o Please briefly explain what role you do in your current profession.

Next, I will ask you some general questions related to fraud and corruption.

Fraud and Corruption – General Questions

5. In your investigation, you would have interacted with different people from a

diverse range of professions and industries.

o Are certain sized organisations more at risk from fraud occurring? (e.g., no.

of direct reports, no. of employees, etc.)

146 Appendices

o Are there particular professions/industries that are more likely to have

incidents of fraud and corruption occurring? (e.g., mining and oil industry,

banking, etc.)

Now, we are going to start on the four attributes of corporate culture starting with

shared values.

Culture as Shared values

Shared values: where common values and beliefs meet together.

Examples: organisation that hates corruption would punish any corrupt act. Or, corrupt

organisations would nurture corrupt acts until it is shared by everyone inside the

organisation.

6. In cases you have investigated, have you ever encountered cases where shared

values (e.g., individual’s daily exposure to corrupt culture, or provision of

incentives) was one of the main causes of FC occurring?

The next cultural attribute is tone from the top.

Culture and Tone from the top (leadership)

Tone from the top: the combination of experiences, values, and personalities that of

executives/leaderships and how these combinations significantly influence their

understandings of different conditions. These understandings are then reflected by the

employees because they see leaderships as their role models.

Example: An employee embezzles money because he/she learns it from his/her

supervisor.

7. Management, supervisors, and board of directors (BODs) have more power in

influencing or shaping corporate culture, be it positive or negative.

o Do you think this is true? If yes/no, why?

8. In cases you have investigated, have you ever encountered cases where tone from

the top was one of the main contributors to incidents of FC? Please explain.

9. What are the major aspects of tone from the top would you suggest that can

improve an organisation in their efforts to minimise fraud and corruption?

These set of questions are regarding culture and ethics.

Culture and Ethics

10. Do you think having strong ethical policies is useful for minimising FC?

Appendices 147

o How important it is to train and educate employees on acting ethically?

11. In cases you have investigated, does ethical corporate stance leads to incidents

of FC? E.g., written policies, normal practice inside organisations.

o Example of normal practice: corruption is normal within organisation and

vice versa

12. Have you ever encountered cases where lack of ethical rules and policies was,

in your opinion, one of the main contributors to incidents of FC? Please explain.

The last attribute is risk culture.

Risk Culture

Risk Culture: Whether an organisation undertakes fraud risk assessment on a

consistent basis and whether the organisation tends to be risk-taking or risk-averse.

13. Have you experienced cases where management takes risks or does not account

for potential fraud and corruption risks? Please briefly explain.

14. A recent study suggests that risk assessment means very little to decision-

makers, and some managers are very reluctant to undertake fraud and corruption

risk management processes. From your experience:

o Did organisations where you have investigated cases use risk management as

a way to minimise occurrences of fraud and corruption?

15. A risk management strategy is a document that must be maintained by APRA-

regulated institutions,3 which contains the strategy to manage different risks

(including fraud and corruption) within an institution. Examples of risks: credit

risk, liquidity risk, insurance risk, operational risk, etc.

APRA and other regulators have promoted organisations to implement a risk

management strategy.

o Do you think a firm’s risk management strategy plays a role in minimising

incidents of FC? Why?

16. Should regulators such as ASIC, APRA, the ASX be encouraging organisations

to manage their fraud risk better? If so, should additional regulations be put in

place?

3 The Australian Prudential Regulation Authority (APRA) oversees banks, credit unions, building

societies, general insurance and reinsurance companies, life insurance, private health insurance,

friendly societies and most members of the superannuation industry.

148 Appendices

17. What is your recommendation for improving an organisation’s risk culture?

General

18. What precautionary measures have you observed are most effective for

minimising FC?

19. Do you believe whistle-blower programs are an effective fraud deterrent? What,

if any, are the limitations of these programs in your experience?

20. Aside from the four attributes of culture identified in this study, are there other

aspects of corporate culture that you feel are critical for minimising fraud and

corruption?

21. Please give me a brief overview of a cases you have investigated where poor

culture, or its attributes, leads to FC [Anonymously].

Thank you for your time.

the role of corporate culture as a contributor to … · the role of corporate culture as a...

Documents