the role of corporate culture as a contributor to … · the role of corporate culture as a...
TRANSCRIPT
THE ROLE OF CORPORATE
CULTURE AS A CONTRIBUTOR TO
FRAUD AND CORRUPTION IN
AUSTRALIA: PERCEPTIONS OF
FORENSIC ACCOUNTANTS AND
INDUSTRY PROFESSIONALS
Billy Lukmanjaya
BCULA (TAYLOR’S), MBUS (QUT)
Submitted in fulfilment of the requirements for the degree of
Master of Philosophy (Accountancy)
School of Accountancy
QUT Business School
Queensland University of Technology
2019
The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic
Accountants and Industry Professionals i
ii The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic
Accountants and Industry Professionals
Keywords
Corporate Culture, Corporate Misconduct, Corruption, Ethics, Forensic Accounting,
Fraud, Risk Culture, Shared Values, Tone from the Top.
The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic
Accountants and Industry Professionals iii
Abstract
The Inquiry Panel asked how a well-known and sophisticated organisation
such as the Commonwealth Bank (CBA) could have the governance
weaknesses, serious professional misbehaviour, ethical lapses and compliance
failures that were identified. They concluded that ‘A complex interplay of
organisational and cultural factors has been at work.’ Australian Prudential
Regulation Authority (APRA), Final Report of the Prudential Inquiry into the
Commonwealth Bank of Australia (2018, p. 3)
As noted above, the impact of corporate culture on an organisation’s risk profile has
been evidenced over the last several decades by a range of high profile scandals and
corporate collapses. In Australia, the 2018 Royal Commission into Misconduct in the
Banking, Superannuation and Financial Services and the Australian Prudential
Regulation Authority’s release of the CBA Prudential Inquiry Final Report into the
Commonwealth Bank of Australia have both exposed a range of examples of poor
corporate culture leading detrimentally to higher risks of fraud, corruption and broader
economic losses.
This thesis focusses on the role organisational culture plays as a contributor to
incidents of fraud and corruption. As a qualitative inductive study, semi-structured
interviews are used with forensic accountants and senior management who have
worked in multiple fraud and corruption investigations to explore and identify
common characteristics around firm culture that impact incident rates. Building on
existing research in the organisational, finance, accounting, management and ethics
disciplines around culture/corruption links, this thesis identifies key attributes that are
contributors in this respect, and they include shared values, tone from the top, ethics
and risk culture.
iv The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic
Accountants and Industry Professionals
The study then presents a conceptual framework developed from prior literature, the
STER model (Shared Values; Tone from the Top; Ethics and Risk Management), to
illustrate the relationship between corporate culture and incidents of economic crime.
Findings from this research substantiate and expand existing conceptual frameworks,
demonstrating that shared values within an organisation can influence employees’
perceptions of what is acceptable, that employees will mirror management’s conduct,
that the combination of ethical culture, ethical education and ethical climate could
serve as preventive measures to fraudulent and corrupt acts, and that proactive risk
assessments would minimise the chances of fraud and corruption incidents occurring.
This model serves as a pathway for future research in further exploring the relationship
between corporate culture and incidents of fraud and corruption, aids organisations in
nurturing anti-fraud and anti-corrupt corporate culture, and complements the 2018
Royal Commission into Misconduct in the Banking, Superannuation and Financial
Services to better understand the role of corporate culture in contributing to corporate
misconduct.
The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic
Accountants and Industry Professionals v
Table of Contents
Keywords ................................................................................................................................. ii
Abstract ................................................................................................................................... iii
Table of Contents ......................................................................................................................v
List of Figures ........................................................................................................................ vii
List of Tables ........................................................................................................................ viii
List of Abbreviations .............................................................................................................. ix
Acknowledgements ................................................................................................................ xii
Supervisors ............................................................................................................................. xii
Chapter 1: Introduction ............................................................................................ 1
1.1 Background .........................................................................................................................1
1.2 Growth and Cost of Fraud and Corruption .........................................................................3
1.3 Corporate Culture ................................................................................................................4
1.4 Fraudulent Cases and Corporate Culture – U.S. and Australia .........................................10
1.5 Motivation, Purpose and Research Question ....................................................................13
1.6 Methodology .....................................................................................................................14
1.7 Contributions.....................................................................................................................14
1.8 Summary and Thesis Outline ............................................................................................15
Chapter 2: Literature Review ................................................................................. 17
2.1 Fraud and Corruption (FC) ...............................................................................................17
2.2 Corporate Governance (CG) .............................................................................................25
2.3 Corporate Culture, Fraud and Corruption .........................................................................28
2.4 Gaps in the Literature ........................................................................................................46
2.5 Summary ...........................................................................................................................51
Chapter 3: Conceptual Framework ....................................................................... 53
3.1 Research Question ............................................................................................................53
3.2 Conceptual Background ....................................................................................................53
3.3 Conceptual Framework .....................................................................................................60
3.4 Summary ...........................................................................................................................62
Chapter 4: Methodology .......................................................................................... 63
4.1 Research Design ................................................................................................................63
4.2 Participants and Sampling Strategy ..................................................................................64
4.3 Instruments ........................................................................................................................65
4.4 Trustworthiness of the Research Design ...........................................................................68
4.5 Procedures and Timeline ...................................................................................................72
vi The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic
Accountants and Industry Professionals
4.6 Analysis ............................................................................................................................ 74
4.7 Ethics and Potential Risks ................................................................................................ 76
4.8 Summary .......................................................................................................................... 78
Chapter 5: Results .................................................................................................... 81
5.1 Background Information .................................................................................................. 81
5.2 Evidence from Corporate Culture Attributes ................................................................... 83
Chapter 6: Discussion ............................................................................................ 107
6.1 Shared Values ................................................................................................................. 107
6.2 Tone from the Top .......................................................................................................... 109
6.3 Ethics .............................................................................................................................. 110
6.4 Risk Culture .................................................................................................................... 112
6.5 Revised and Refined STER Conceptual Model ............................................................. 117
6.6 Summary ........................................................................................................................ 120
Chapter 7: Conclusions .......................................................................................... 123
7.1 General Discussion ......................................................................................................... 123
7.2 Contributions .................................................................................................................. 125
7.3 Limitations ..................................................................................................................... 126
7.4 Future Research .............................................................................................................. 126
References 129
Appendices 144
The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic
Accountants and Industry Professionals vii
List of Figures
Figure 2.1. A Model of Decision-Making Incorporating Ethical Values (Fritzsche, 1991) .. 32
Figure 3.1. A Conceptual Framework of Corporate Culture and FC (STER Model). ........... 61
Figure 6.1. A Revised Conceptual Framework of Corporate Culture and FC (STER Model).
..................................................................................................................................... 118
viii The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic
Accountants and Industry Professionals
List of Tables
Table 2.1 ................................................................................................................................. 49
Table 4.1 ................................................................................................................................. 74
Table 5.1 ................................................................................................................................. 82
Table 5.2 ............................................................................................................................... 105
Table 6.1 ............................................................................................................................... 116
The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic
Accountants and Industry Professionals ix
List of Abbreviations
AAER : Accounting and Auditing Enforcement Releases
ACFE : Association of Certified Fraud Examiners
AIG : American International Group
APRA : Australian Prudential Regulation Authority
ASIC : Australian Securities and Investments Commission
BOD : Board of Directors
CBA : Commonwealth Bank of Australia
CDS : Credit Default Swap
CEO : Chief Executive Officer
CG : Corporate Governance
FC : Fraud and Corruption
FFR : Fraudulent Financial Reporting
FSF : Financial Statement Fraud
ISACA : Information Systems Audit and Control Association
MoA : Misappropriation of Assets
NAB : National Australia Bank
OECD : Organisation for Economic Cooperation and Development
PwC : PricewaterhouseCoopers
RMS : Risk Management Strategy
x The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic
Accountants and Industry Professionals
SEC : U.S. Securities and Exchange Commission
STER : Shared Values, Tone from the Top, Ethics, and Risk Culture
TMT : Top Management Team
UN : United Nations
US : The United States of America
The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic
Accountants and Industry Professionals xi
Statement of Original Authorship
The work contained in this thesis has not been previously submitted to meet
requirements for an award at this or any other higher education institution. To the best
of my knowledge and belief, the thesis contains no material previously published or
written by another person except where due reference is made.
Signature: QUT Verified Signature
Date: February 2019
xii The Role of Corporate Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of Forensic
Accountants and Industry Professionals
Acknowledgements
I would like to thank my family for believing in me. I would also like to express
my gratitude to my supervisors, Jeanette and Julie-Anne, as well as the research
student learning advisor, Jonathan for their outstanding and continuous support.
Supervisors
Dr Jeanette Van Akkeren
Principal Supervisor
QUT Business School, Accountancy
P: +61 7 3138 2061
Professor Julie-Anne Tarr
Associate Supervisor
QUT Business School, Accountancy
P: +61 7 3138 2880
Editors
I would like to thank professional editor, Claudia Butera from Editio who
provided academic editing service, according to the guidelines laid out in the QUT
‘Editing of Thesis Guidelines’.
Chapter 1: Introduction 1
Chapter 1: Introduction
The Inquiry Panel asked how a well-known and sophisticated organisation
such as the Commonwealth Bank (CBA) could have the governance
weaknesses, serious professional misbehaviour, ethical lapses and compliance
failures that were identified. They concluded that ‘A complex interplay of
organisational and cultural factors has been at work.’ Australian Prudential
Regulation Authority (APRA), Final Report of the Prudential Inquiry into the
Commonwealth Bank of Australia (2018, p. 3)
1.1 Background
The Global Financial Crisis of 2008 exposed a wide range of serious
shortcomings in the risk management systems surrounding the financial sectors. These
included not only weaknesses in internal control structures but also deficiencies in
institutional attitudes towards risk within organisations. In Australia, although APRA
regulated institutions fared better than many of their counterparts abroad, examples of
poor risk culture such as the 2001 failure of the insurance giant HIH Insurance and the
2004 National Australia Bank foreign currency trading losses underscored the impact
a poor organisational culture played in creating an environment with a dismissive
attitude to underlying risk.
A decade on, the 2018 Royal Commission into Misconduct in the Banking,
Superannuation and Financial Services Industry (henceforth known as the Banking
Royal Commission) and APRA’s Prudential Inquiry into the Commonwealth Bank of
Australia (CBA) (henceforth known as the APRA Report) have once more exposed
widespread weaknesses in frameworks and practices around governance, culture and
accountability of the country’s major financial institutions. Specifically, while
2 Chapter 1: Introduction
APRA’s report attributes CBA’s failures to ‘a complex interplay of organisational and
cultural factors’, the panel identified a range of cultural themes that ‘inhibited sound
risk management’, thereby leading to highly damaging outcomes including a
widespread sense of complacency, reactivity rather pre-emption regarding risk, an
outcome-driven focus, insularity and not learning from experiences/mistakes, and an
overly collegial and collaborative working environment which lessened the
opportunity for constructive criticism and timely decision-making (APRA, 2018, p.
83).
This thesis focusses on the role organisational culture plays as a contributor to
incidents of fraud (‘F’) and corruption (‘C’), exploring whether firm culture can lead
to fraud and corruption (‘FC’) incidents. Interviews with forensic accountants (who
have worked in multiple FC investigations) and senior management who are in some
way responsible for cultural leadership within their organisation were used to identify
common characteristics around firm culture that may – or may not – impact incident
rates are explored.
Fraud and corruption (FC) in the context of this study describes specific
economic crimes in the corporate world. Fraud, according to Chernousov (2012), is
“an intentional deception made for personal gain or to damage another individual;
fraud is a crime, and also a civil law violation” (p. 2). Fraud is also described as a
hidden activity (Brennan & McGrath, 2007, p. 49). Corruption is described as the
“misuse of public power, office or authority for private benefit – through bribery,
extortion, influence peddling, nepotism, fraud, speed money or embezzlement” (Brown
& Loosemore, 2015, p. 372) and “an act which takes place in a form of providing or
soliciting illicit benefits; and it is hard to detect” (Arewa & Farrell, 2015, p. 61). The
Chapter 1: Introduction 3
following section provides a perspective on the extent of economic crime in Australia
and an overview on how culture is recognised as a major contributor.
1.2 Growth and Cost of Fraud and Corruption
Despite many centuries of proactive intervention, research and regulatory reform
to address fraud and corruption, such crimes remain a costly and ‘obstinate threat’ to
both public and private organisations (PricewaterhouseCoopers [PwC], 2018).
Specifically, PwC results evidenced not only that the reported rate of fraud across all
territories globally had surpassed pre-2007 GFC levels – despite the resulting raft of
legislative reforms that arose out of this event – but have increased a further 13 percent
since between 2016 and 2018 (p. 5). Of particular consequence of this thesis, however,
was their finding that economic crimes committed by actors internal to the relevant
organisation had risen from 46 percent in 2016 to 52 percent in 2018 – making internal
actors a third more likely to commit acts of fraud and corruption. Moreover, of the
external actor-fraudsters, 68 percent could be categorised as ‘frenemies’ – that is
agents, vendors, shared service providers, customers – who were actually extended
parts of the organisation’s ‘family’ (p. 9).
Motivation to commit FC crimes, like the distribution of losses that come out of
them, is also complex and not easily broken down to one simple root cause. For
example, rational choice theory can be used to account for certain percentage of
incidents, but not all. FC motivators may arise out of simple cost/benefit equations but,
overall, research has shown drivers to be generally not only more extensive but also
often inter-related. Statistics on growth and losses from fraud and corruption
demonstrate the importance for ongoing research into the causes. As an example, for
over two decades the global accounting firm KPMG, in collaboration with the
University of Melbourne’s Department of Accounting has tracked economic crime
4 Chapter 1: Introduction
statistics. They documented that, out of the 155 frauds reported to Australian courts,
the most significant losses were due to embezzlement, fraudulent investment schemes
and ‘boiler room’ scams and these figures represent only those crimes that have been
reported (KPMG, 2018). For example, the Australian Institute of Criminology (AIC,
2013, p. 34) estimated that more than 50 percent of fraud is never reported or
prosecuted. Therefore, the extent of the problem and the cost to public and private
organisations is undoubtedly much higher. Costs from economic crimes also include
expenses incurred through regulation, detection, investigation, negotiation,
prosecution and recovery. These transaction costs, in turn, further multiply resources
lost that could otherwise be used to benefit a range of stakeholders including not just
shareholders, but also society more broadly (Smith, Jorna, Sweeney, & Fuller, 2014).
It is imperative, therefore, to better understand the causes of fraud and corruption in
Australia and this study will contribute to addressing this problem. The following
section outlines the contribution of corporate culture to fraud and corruption.
1.3 Corporate Culture
There has been much discussion in academic and industry publications on the
contribution of corporate culture to incidents of fraud and corruption. For example, the
Banking Royal Commission and the release of the findings by Australian Prudential
Regulation Authority (APRA) in its inquiry into the Commonwealth Bank of Australia
(CBA) highlighted culture as one of the three key areas of concern. Several academic
studies have also identified the relationship between corporate culture and incidents of
FC (see for example: Chen, Cumming, Hou, & Lee, 2016; Liu, 2016; Van Akkeren &
Buckby, 2017). The following sections define corporate culture and provide
justification for the focus of this thesis.
Chapter 1: Introduction 5
1.3.1 Corporate culture, fraud and corruption.
Organisational or corporate culture is defined as a set of shared assumptions and
collective behaviours that are passed on to new employees as a way of perceiving,
thinking and feeling (Ravasi & Schultz, 2006). Needle (2004) added that
organisational culture encompasses the values and behaviours that contribute to the
social and psychological environment of an organisation and represents the collective
values, beliefs and principles of organisational members. Needle (2004) also suggested
that culture can include, inter alia, the vision, values, norms, systems, symbols,
language, assumptions and habits. It is suggested that the culture within an
organisation is often linked to the management team (Kotter & Heskett, 1992; Schein,
1990), and can be manipulated and altered by leadership and members of the
organisation (Modaff, DeWine, & Butler, 2008). It is from this context that this
research aims to examine the relationship between organisational culture and incidents
of FC.
Many recent findings from APRA and the 2018 Banking Royal Commission
demonstrated that corporate culture is an important contributor to poor performance,
fraud and corruption. As Australian Securities & Investments Commission (ASIC)
previous chairman, Greg Medcraft, stated:
ASIC sees culture as a driver of conduct. A poor corporate culture can be a
driver of misconduct. (Medcraft, 2016a, p. 456)
This view was supported very recently by APRA when investigating the CBA scandal,
stating:
CBA…has a slow, legalistic and reactive, at times dismissive, culture [and]
characterises many of CBA’s dealings with regulators. (APRA, 2018, p. 4)
6 Chapter 1: Introduction
In response to the ongoing Banking Royal Commission, ASIC’s new Chairman,
James Shipton (2018), stated that Australia’s financial planning sector had
“insufficient imbedding of a professional mindset and culture in finance”.
Australia’s financial planning sector has been fraught with scandals, fraudulent
acts and heavy losses to the public despite enquiries and regulatory intervention into
conduct of planners and their products and services. Following the collapses of Storm
Financial, Opes Prime, and other similar industries, and despite regulatory
intervention, scandals continued to emerge. In 2009, the Parliamentary Joint
Committee on Corporations and Financial Services (henceforth known as the Ripoll
Report) identified incentive-based remuneration – an important part of an
organisation’s culture – as contributing to fraudulent and corrupt conduct. The culture
was described as sales-focussed (p. 32) with commission-types (p. 70) and other
remuneration-based incentives (p. 75). Similarly, recent findings emerging from the
Banking Royal Commission identified culture as a large contributor to poor conduct
throughout banking and insurance firms from the top down.
Findings from the Banking Royal Commission also highlighted many instances
of fraud and corruption including breaches to regulations in the Corporations Act.
Examples include: the CBA failing to report to ASIC that fees were charged for
services not delivered for two years; AMP for materially and deliberately misleading
ASIC about a very similar issue; National Australia Bank (NAB) and Westpac
Banking Corporation for being dishonest and giving inappropriate advice to clients;
and several individual planners from the banks being deceptive and misleading
(Danckert, 2018; McGowan & Davidson, 2018). One Banking Royal Commission
counsel, Rowena Orr, described AMP as having a dishonest culture and repeatedly
lying to ASIC (Han, 2018), while CBA is described as having a culture that only
Chapter 1: Introduction 7
focusses on ‘good news’, hence the withholding of information for two years (APRA,
2018, p. 82). What is consistent in all cases is that poor culture from the top down is a
major contributor to deceptive conduct including fraud and corruption, all of which
lead to substantial losses to the public.
Further supporting these findings, PwC (2016a) suggested that one of the key
variables that leads to unethical behaviour such as fraud and corruption is corporate
culture:
… promoting ethical behaviour in the financial services sector shows that a
“get-tough” approach to the management of performance has created a climate
of fear which, in turn, leads to unethical behaviours… anxiety caused by this
blame culture disrupts people’s capacity to make good decisions – and often
leads them to behave less well than those who are motivated by the potential
positive outcomes of success. (PwC, 2016a, p. 31)
In a more recent survey focussing specifically on fraud, PwC (2018) recommended
organisations improve employees’ behaviour through assessing the strengths and
weaknesses of their culture as well as promoting an honest and open culture throughout
the firm from top to bottom in order to curb incidents of FC. This is supported by
Arewa and Farrell (2015), Debacker, Heim, and Tran (2015), Liu (2016), and Sims
and Brinkmann (2003) who suggested that internal control measures will not curb
incidents of FC unless the culture of the organisation is addressed. The term ‘culture’
is often used to describe an organisation and is a multi-faceted concept and includes a
number of different contexts and attributes. The following section briefly examines the
extant literature and identifies attributes that collectively define ‘corporate culture’ for
this study.
8 Chapter 1: Introduction
1.3.2 Corporate culture attributes.
‘Corporate culture’ in this study consists of four attributes that have emerged
from the literature and often found in governance, accounting and management
journals: shared values, tone from the top, ethics and risk culture. Shared values is
described as “the shared philosophies, ideologies, values, assumptions, beliefs,
expectations, attitudes, and norms that knit a community together” (Ogbor, 2001, p.
594). Flamholtz and Randle (2012) described culture as relating to core organisational
values and “corporate culture consists of values, beliefs, and norms” (p. 77). The
second attribute, tone from the top, is defined as something that reflects the power and
values of the top management team (TMT) over their employees and that employee’s
behaviour is influenced by management (Fritzsche, 1991). A third attribute of
corporate culture is ‘ethics’, which consists of ethical culture (i.e., code of conduct),
ethical education and ethical climate (i.e., perceptions of rules and policies) within an
organisation and is normalised through different means – socialisation, punishment
and rewards (Victor & Cullen, 1988). The final attribute is risk culture, that is, “the
norms of behaviour for individuals and groups that shape the ability to identify,
understand, openly discuss, escalate and act on an institution’s current and future
challenges and risks” (APRA, 2018, p. 82). Based on APRA’s inquiry into CBA and
findings emerging from the Banking Royal Commission, risk culture is influenced by,
and a part, of an organisation’s culture. Risk-taking logic is divided into the logic of
opportunity and the logic of precaution and is explained in more detail in Chapter 2.
To date, no studies have combined these four corporate culture attributes as a
framework and examined how they impact on incidents of FC and this study aims to
address this gap.
Chapter 1: Introduction 9
A number of academic studies have identified organisational culture as a key
contributing factor to incidents of fraud and corruption (Arewa & Farrell, 2015;
Biggerstaff, Cicero, & Puckett, 2015; DeBacker et al., 2015; Liu, 2016; Ogbor, 2001;
Sims & Brinkmann, 2003; Van Akkeren & Buckby, 2017). One focussed on a specific
industry (Arewa & Farrell, 2015); others on a country (Biggerstaff et al., 2015;
DeBacker et al., 2015; Liu, 2016); another on a particular case (Sims & Brinkmann,
2003); and some on certain theories (Ogbor, 2001; Van Akkeren & Buckby, 2017).
For example, DeBacker et al. (2015) explored the role cultural factors play in shaping
the behaviour of tax evasion in the United States. Liu (2016) linked corrupt culture in
organisations to levels of corporate misconduct. Sims and Brinkmann (2003) discussed
how Enron’s unethical and non-compliant culture led to its demise. Despite the
different foci mentioned, corporate culture is cited in each of these papers as
contributing to incidents of FC. This study examines corporate culture from a broader
perspective than previous studies to gain deeper insights into its role in contributing to
fraud and corruption (FC) in Australian organisations.
In addition to academic publications, several industry publications have
identified the relevance of corporate culture and FC incidents (Darvall-Stevens, 2016;
Kirby, 2016; Lowers & Associates, 2013). Darvall-Stevens (2016) encouraged
organisations to empower their employees to speak up against misconduct and
improper behaviour; Kirby (2016) recommended an honest culture in curbing
fraudulent conduct; and, Lowers & Associates (2013) suggested firms have a robust
management culture and zero tolerance policies in mitigating FC incidents. Most
recently, findings emerging from the Banking Royal Commission identified culture as
a major contributor to fraudulent behaviour throughout the banking and insurance
sectors. The numerous scandals are described as “…systemic, shocking, endemic and
10 Chapter 1: Introduction
unconscionable behaviour… widespread [throughout the sector]” (ABC News
Breakfast, 2018).
Although there is much literature on the relationship between corporate culture
as a contributor to incidents of FC, it has been difficult to source Australian studies
that include a range of attributes that define corporate culture. This study seeks to
address this by examining the role of corporate culture and incidents of fraud and
corruption using the four attributes described earlier. For example, many of the studies
on organisational culture are limited to one or two attributes only, or a specific
industry. This study probes more specifically into the experiences of forensic
accountants and industry professionals who have investigated and/or experienced
economic crimes across many industry sectors. Perceptions of forensic accountants
and industry professionals as to the cultural dynamics within firms that lead to
incidents of fraud and corruption were examined.
Further definitions and explanations for the inclusion of the four attributes of
corporate culture and the links to FC are illustrated with several case studies and
discussed in detail in the literature review. The following section provides a brief
summary of FC cases where poor corporate culture is highlighted as a contributor.
1.4 Fraudulent Cases and Corporate Culture – U.S. and Australia
There are several examples where a poor organisational culture led to incidents
of fraud and corruption – in particular – a culture of aggressiveness, greed, dishonesty
and rule-breaking are identified as leading to fraudulent and corrupt acts. Two
organisations that demonstrate this are identified by Ashraf (2011) and Sims and
Brinkmann (2003) as WorldCom and Enron. In both cases, continually raising
expectations and unrealistic targets caused employees to violate rules and codes of
conduct. Enron’s employees broke the rules to avoid being publicly humiliated, whilst
Chapter 1: Introduction 11
WorldCom’s employees altered the existing accounting systems due to the firm’s
incentive-based remuneration.
A culture of poor management leadership is also identified as contributing to FC.
Sims and Brinkmann (2003) identified Enron’s executives were repeatedly found
violating organisation’s code of conduct for personal gain, which became the culture
throughout management levels. Moreover, Enron’s leadership promoted a culture of
aggressive competition, causing employees to ignore the code of conduct describing
Jeffrey Skilling (former Enron’s CEO) as promoting Enron’s aggressive culture.
Similarly, Ashraf (2011) explained that WorldCom’s Bernie Ebbers (former CEO) was
known for his excessive risk-taking. Further, he rejected efforts to establish a corporate
code of conduct that resulted in WorldCom’s aggressiveness and instilled a culture
where management was not to be questioned (p. 8). As these cases demonstrate, poor
corporate culture can lead to major incidents of fraud and corruption and substantial
losses to the public.
In Australia, there are many examples where a culture of non-compliance was
prevalent (McConnell, 2015). Poor governance, risk-taking, questionable practices
and improper corporate culture have resulted in many scandals, two of which are the
Commonwealth Bank of Australia (Ferrier, 2015) and National Australia Bank
(Ferguson & Williams, 2015).
CBA had a culture of non-compliance for almost ten years. The Storm Financial
scandal in 2009 was linked to CBA as the bank encouraged investors in leveraging
their houses to further invest in Storm (Barry, 2011). It is suggested that the CBA-
Storm scandal was due to the sales-and-bonus culture (FSU Australia, 2009). This
concurs with the Ripoll Report (2009) which stated that one reason for the collapse of
Storm Financial and similar institutions was due to the sales-focussed culture (p. 32).
12 Chapter 1: Introduction
In 2008, Jeff Morris, CBA’s whistle-blower described the bank’s financial
planning sector, Commonwealth Financial Planning (CFP), as corrupted (Barker,
2017). He added that corruption is a common occurrence and that CFP’s management
tried to hide their misconduct in order to defraud victims of compensation. In 2010,
ASIC implored CBA with Enforceable Undertaking to compensate their victims, but
CBA in 2014 admitted that it had misled ASIC on its compensation scheme (Morris,
2018). Recent findings from the Banking Royal Commission confirmed that poor
culture is a major contributor for ongoing acts of fraud and corruption in the banking
and insurance sectors.
Comparable to CBA, NAB has also demonstrated a systemic culture of non-
compliance and being revenue-focussed with little regard for the public interest. This
culture has been described as existing for almost 15 years (Gray, 2016). In 2004, NAB
hid the losses from its’ foreign exchange (forex) trading in London and was later
prosecuted due to the information given by a whistle-blower, Dennis Gentilin (Gray,
2016). Additionally, it is found that some NAB planners had forged clients’ signatures
or manipulated clients’ files to cover up their poor compliance (Ferguson & Williams,
2015). Finally, NAB’s head of broker services, Anthony Waldron, admitted that NAB
breached responsible lending laws by allowing unqualified people (without financial
background) as referrers to refer new customers to the bank for loans in return for
commissions (Introducer Program). Mr Waldron admitted that this incident happened
partly due to the bank’s culture of employee incentives that led to fraudulent conduct
(Lannin, 2018).
As seen from these cases, NAB and CBA are examples of organisations that, due
to poor culture from the top down, encourage their employees to break the rules to
meet their targeted results at the expense of their clients’ best interests. The violations
Chapter 1: Introduction 13
suggest that both CBA and NAB were consistently complacent in regard to their risk
culture (Eyers, 2017). In a report focussing on the banking sector, PwC (2017a)
suggested that the future of the banking sector may depend on a change in corporate
culture. The reports added that shared values or perceptions (as part of corporate
culture) need to be unambiguous; that it is necessary for set expectations to be clear;
and, the importance of leaders’ role (tone from the top) to reinforce these values by
being employees’ role models (p. 27).
As a brief review of the literature and industry publications has demonstrated,
there is a link between corporate culture and incidents of fraud and corruption, and
highlights the importance of this topic. This study seeks to examine the nature of
corporate culture and gain deeper insights into the impact of culture on an
organisation’s ability to minimise incidents of FC. Therefore, the research problem for
this study is: Is there a connection between corporate culture and incidents of fraud
and corruption in Australian organisations? The next section explains the motivations
behind this study.
1.5 Motivation, Purpose and Research Question
The motivation for this study is to gain deeper insights into the growing problem
of FC regardless of increased regulation and oversight. Prior research has examined
the relationship between corporate culture and incidents of FC through different
means: interview, experiment and document analysis. However, to date, it is difficult
to source studies that have combined the four corporate culture attributes (shared
values, tone from the top, ethics and risk culture) and develop them as a framework in
addressing the relationship between corporate culture and incidents of FC.
Furthermore, it is difficult to source literature that gathers empirical evidence from
forensic accountants and industry professionals on this relationship. Therefore, this
14 Chapter 1: Introduction
research aims to develop a corporate culture framework to gain deeper insights into
the role of corporate culture as a contributor to FC incidents. The purpose of this study
is to discourse the connection mentioned, using the experiences and perspectives of
forensic accountants and industry professionals who have investigated these types of
cases or who have experienced fraud and corruption. Forensic accountants were
chosen as they conduct fraud investigations to present information for legal
proceedings and accordingly, they gather greater FC-related information than auditors
(Imoniana, Antunes, & Formigoni, 2013).
1.6 Methodology
The methodological approach for this study was semi-structured interviews
(face-to-face and/or phone interview) with forensic accountants and industry
professionals. This study used purposive sampling as it has specific requirements from
certain participants (Zikmund, 2003). A qualitative approach was used for this research
due to its suitability for studying social and cultural phenomena (Myers, 1997), as well
as its ability to probe for further information from participants (Gable, 1994). Interview
method was specifically selected as it is one of the method to produce rich data and
gain deep insights (Schultze & Avital, 2011). Eight professionals (seven forensic
accountants and one compliance manager) were interviewed in this study. In ensuring
representation, participants’ experience in the industry ranges from six to 32 years.
Furthermore, their role varied from individual consultants to partners in ‘Big Four’
accounting firms. The methodological approach is explained in more detail in Chapter
4: Methodology.
1.7 Contributions
The academic contribution of this study is the development of a conceptual
framework of corporate culture based on the literature and refined through the
Chapter 1: Introduction 15
collection of empirical evidence. The framework provides opportunity for future
research to further explore the attributes of corporate culture needed to better
understand the relationship of FC incidents in an organisational context.
For practitioners and regulators, findings from this study complement the
ongoing Banking Royal Commission in identifying the impact of corporate culture on
incidents of FC and encourage firms to examine their corporate culture to minimise
incidents of FC. These findings can also be disseminated to relevant industry
publications. The next section summarises Chapter 1 and provides the outline for the
remainder of this thesis.
1.8 Summary and Thesis Outline
Incidents of economic crime in the form of fraud and corruption are still a threat
to the global and Australian economy. Several cases of FC in the U.S. and Australia,
coupled with academic, industry and government publications have highlighted the
importance of corporate culture and its relationship with FC. It is even more crucial to
address the problem in Australia, as (1) the cost of FC is substantial; (2) when
compared to the rest of the world, Australian businesses suffer more incidents of fraud
and corruption as against the global average (52% vs 36% respectively; PwC, 2016b,
p. 1); and (3) findings emerging from the Banking Royal Commission demonstrated
that poor corporate culture in the banking and insurance sector is a major contributor
to fraud and corruption.
The remainder of this thesis is as follows. Chapter 2 reviews the literature in
relation to the four attributes of corporate culture: shared values, tone from the top,
ethics and risk culture demonstrating the relationship to incidents of fraud and
corruption (FC). Based on the academic literature in Chapter 2, the conceptual
framework used in this study is presented in Chapter 3 and the research questions are
16 Chapter 1: Introduction
provided. Chapter 4 discusses and justifies the methodology, including the research
design, methodological approach, participants, instruments, procedures and timelines,
analysis, ethics and finally, potential risks. Chapter 5 presents the findings for the
research questions derived from interviews with forensic accountants and industry
professionals. Chapter 6 compares prior literature to the findings. Finally, in Chapter
7 the conclusion, including limitations, contributions to academic and practitioners,
and possible future research are discussed.
Chapter 2: Literature Review 17
Chapter 2: Literature Review
This chapter surveys the academic literature that explores the economic crimes
comprising workplace fraud and corruption. It further looks at studies into culture in
workplaces. Areas covered under fraud, corruption and culture literature have had
extensive supporting research but at this time, despite the various high-profile
corporate examples covered in the popular press (Enron, NAB, CBA, WorldCom,
Parmalat and Olympus, to name a few) minimal studies, if any, exist into how
corporate culture influences fraud and corruption. In this respect, this study into the
experience and perceptions of experts who work ‘at the coal face’ in this context is
important in helping to advance this area.
This chapter begins by reviewing research around fraud (2.1.1) and corruption
(2.1.2) (collectively ‘FC’) in financial statement, reporting and management contexts.
Literature on corporate governance (‘CG’) is discussed and briefly describes fraud and
corruption from perceptions that surround this area (2.2). Section 2.3 considers culture
and corporate culture more generally. Finally, section 2.4 concludes the chapter,
identifying the potential contribution this thesis may make to this dynamic field.
2.1 Fraud and Corruption (FC)
2.1.1 Fraud.
Fraud, as set out in Chapter 1, is defined as wrongful or criminal deception
intended to result in financial and personal gain. Fraud, however, is an overarching
classification that encompasses a range of different types of actions capable of being
deemed fraudulent activities. This definition is further complicated in corporate
18 Chapter 2: Literature Review
contexts wherein financial and operational complexities can involve multiple options
for reporting or discharging performance indicia.
2.1.1.1 Economic impact of fraud research.
Many scholars and professional organisations have researched financial
consequences of fraud in corporate contexts. Albrecht, Albrecht, Albrecht, and
Zimbelman (2016) focussed on the impact financial statements that conceal the real
bottom line of a company’s operations can cause, reported that more than 50 percent
of U.S. corporations impacted by this type of fraud suffered losses in excess of
$500,000. Kranacher, Riley, and Wells (2010) suggested that the collapse of Enron
resulted in a $70 billion market capitalisation loss. Switzer’s (2007) research estimated
the legislative reaction to this in the form of the Sarbanes-Oxley Act of 2002 increased
compliance costs of companies by an average of $5.1 million. Additional indirect
economic losses in relation to Enron were further documented by Kranacher et al.
(2010) as including additional legal costs, insurance premium increases, heightened
regulation and supervision costs, loss of productivity, and – importantly for cultural
impact purposes around corporations – adverse impact on employees’ moral and loss
of productivity.
A number of high-profile professional reports are produced by organisations
such as the global accounting firm PwC and the Association of Certified Fraud
Examiners (ACFE). The ACFE 2018 Global Study on Occupational Fraud and Abuse,
Report to the Nations, estimated losses in excess of $7 billion globally with 22 percent
of cases they surveyed losing more than $1 million each. Of their survey group, more
than half of all losses were attributed to internal control weaknesses and that fraudsters
who had been with their company for longer stole twice as much (ACFE, 2018, pp. 4-
5). PwC’s Global Economic Crime and Fraud Survey 2018 reported a significant
Chapter 2: Literature Review 19
upswing in fraud cases (49 percent) and that asset misappropriation, consumer fraud
and cybercrime were the most frequently reported frauds across industries (PwC, 2018,
p. 8). In relation to the potential link between culture and fraud, they also reported that
52 percent of all fraud reported was committed by internal employees. Of the 40
percent of external crimes, 68 percent were committed by ‘frenemies’ – that is
individuals related to the organisation such as agents, vendors, customers and shared
service providers (PwC, 2018, p. 9).
Gullkvist and Jokipii’s (2013) research focussed on what they described to be
the most common type of corporate economic crime, which was misappropriation of
assets (MoA). This involved “the theft of an entity’s assets, and is often perpetrated
by employees, in relatively small and immaterial amounts” (p. 45). They argued that
MoA is not as severe as fraudulent financial reporting (FFR) in relation to the amount
of losses, but it nevertheless accounted for more than 50 percent of economic crime
(Gullkvist & Jokipii, 2013), and comprised around 90 percent of fraud cases in 2016
(Johansson & Carey, 2016). Other research demonstrated that MoA is an operational
risk and a significant cost to organisations (ACFE, 2014; Coram, Ferguson, &
Moroney, 2008; Johansson & Carey, 2016; KPMG, 2013).
Research into motivations behind fraud evidenced that fraud can occur with the
best of intentions. Cressey (1953) found that the great majority of fraudsters did so to
meet financial obligations. He noted, however, that other factors included
opportunistic openings (capacity to commit and conceal crimes) and rationalisation.
Skousen and Wright (2006) were amongst the researchers continuing studies into
motivational factors validating pressure, opportunity and rationalisation variables in
associated with financial statement fraud and identifying particular traits in relevant
organisations as including weak governance structures, inventory turnover and profit
20 Chapter 2: Literature Review
trends (Schuchter & Levi, 2015; Skousen, Smith, & Wright, 2009; Skousen & Wright,
2006).
Recent findings from PwC highlighted the reality of motivations outside that of
self-interest. The 2018 Report observed on the basis of survey feedback that:
Fraud needn’t necessarily be a malicious or selfish act. From a legal point of
view, there are actually two kinds of fraud – fraud committed for personal gain
(such as embezzlement, or false reporting intended to boost compensation)
and fraud committed for “corporate motives” (such as the survival of the
company, or the protection of the workforce). The latter could occur with the
best of intentions set on increasing the company’s success. For example, what
might start as a sales strategy designed to increase market share and
profitability (to the benefit of employees) might ultimately morph into
fraudulent sales tactics. Either way, the result is the same: the executive suite
will be held responsible. (PwC, 2018, p. 26)
Bonny, Goode, and Lacey (2015) further extended differentiation in motivation to
commit workplace fraud by exploring gender differentiation, concluded that offender
gender balances were evenly balanced for most firms, with the exception of banking
firms where females significantly outnumbered males. In conclusion, however,
regardless of motivation, Van Akkeren and Buckby’s (2017) research evidenced that
organisations will continue to suffer from losses unless a risk averse culture to fraud
is adopted.
2.1.1.2 Fraud boundaries and complexities – Implication for corporate
culture.
Numerous scholarly works have provided guidance around the definitional
interface between earnings management, fraudulent financial reporting (FFR), and
Chapter 2: Literature Review 21
financial statement fraud (FSF).1 Swai and Mbogela (2016) provided a good example
of the difficulties inherent in drawing lines between normal commercial activities and
those which may be deemed fraudulent. They argued that earnings management was a
financial strategy used by the management of a company to manipulate the company’s
earnings to mislead stakeholders or achieve the targeted numbers. The rationale behind
this is income smoothing – that is, rather than having years of roller coaster returns in
the form of remarkably good or bad earnings, through adding and removing cash from
reserve accounts, more stable outcomes can be projected (Investopedia, n.d.). This is
a legitimate accounting strategy but when income smoothing – or other equivalents
becomes too ‘abusive’ the Security and Exchange Commission (SEC) deems it to be
“a material and intentional misrepresentation of results’ that constituted fraud
(Investopedia, n.d.). In this respect, Perols and Lougee’s (2011) findings added further
support as they identified characteristics likely to increase the chances of firms being
fraudulent included earnings management, meeting or beating analyst forecasts and
inflated revenue.
Gullkvist and Jokipii (2013, p. 45) characterised fraudulent financial reporting
(FFR) as “intentional misstatements, including omissions of amount or disclosures in
financial statements, to deceive financial statement users”. They distinguished it from
financial statement fraud (FSF), the subject matter of Perols and Lougee’s (2011)
work. FSF, according to Perols & Lougee “occurs when managers use accounting
practices that do not conform to generally accepted accounting principles (GAAP) to
alter financial reports to either mislead some stakeholders about the underlying
economic performance of the company or to influence contractual outcomes that rely
1 Appendix A sets out the ACFE “Occupational Fraud and Abuse” Fraud Tree which outlines in full
the range of economic crimes and their interrelationship.
22 Chapter 2: Literature Review
on reporting accounting numbers” (Perols & Lougee, 2011, p. 40). Clearly the two are
distinct but, as Perols and Lougee’s findings highlighted, both FSF and FFR can also
interface with each other in that FSF arose when a method to reverse accruals from
earnings management is adopted, while FFR occurred when managers chose to
implement improper accounting policies in order to achieve or inflate their bonuses
(Perols & Lougee, 2011, p. 41).
Brennan and McGrath (2007) argued that corporate culture can lead to FFR
when, as set out in the example above, employees were pressured to meet financial
goals, fearing punishment or humiliation should they fail to do so. Enron, as discussed
in section 1.4, illustrated the impact culture can have in this respect (Albrecht &
Searcy, 2001; Kranacher et al., 2010). The broader losses suffered through the collapse
of the company were estimated to be $70 billion in market capitalisation as well as the
loss of 21,000 jobs (and in many instances, savings) (Kranacher et al., 2010). Although
Enron’s compensation and performance management systems were designed to retain
and reward its most valuable employees, the system, in the context of a dysfunctional
corporate culture, fuelled further employees’ obsessions with short-term earnings in
order to maximise bonuses. Examples cited in subsequent legal proceedings after the
company’s collapse included the fact employees constantly tried to start deals, often
with no regard to the quality of cash flow or profits, in order to enhance their
performance review ratings. Additionally, to help deal-makers and executives meet
performance levels for large cash bonuses and stock options, accounting results were
recorded as soon as possible to keep up with the company’s stock price.
Spathis (2002) identified additional ways financial statements may have been
manipulated due to the complexities of accounting regulations and corporation laws
including “overstating assets, sales and profit, as well as understating liabilities,
Chapter 2: Literature Review 23
expenses, and losses” (p. 179), adding that the manipulation of sales and profits can
be accomplished by “changing accounting methods, tweaking cost estimations, and
shifting the period when expenses and revenues are included in the results” (p. 180).
All, however, mirror legitimate practices with the ‘tipping point’ one way or the other
around employee behaviour often being driven by the culture of companies (Brennan
& McGrath, 2007), particularly, as Dunn (2004) documented, as shaped by senior
management with excessive power.
Warren Buffet perhaps best summed up the tension between legitimate earnings
management and corporate cultures wherein activities in this respect are allowed to
become sufficiently aggressive that they shade into fraud territory when he observed:
Managers that always promise to “make the numbers” will at some point be
tempted to make up the numbers.
2.1.2 Corruption.
Corruption is described as the “misuse of public power, office or authority for
private benefit – through bribery, extortion, influence peddling, nepotism, fraud, speed
money or embezzlement” (Brown & Loosemore, 2015, p. 372). Several studies have
examined corruption broadly. Ashforth and Anand (2003) examined collective
corruption (cooperation between two or more individuals) at a group level, and how
corruption, in general, became a normalised practice, that is, become embedded into
everyday activities for those groups. Their results suggested that ‘prevention is better
than cure’ and that a proactive response was more effective than a reactive one. Van
der Wal, Graycar, and Kelly (2016) concluded that firms tend to dismiss the idea of
corruption because they fear for the damage it may cause should corrupt activities in
their firm be unearthed. Liu (2016), supported this argument and posited that
24 Chapter 2: Literature Review
employees indirectly contributed to corrupting the firm’s culture by ignoring corrupt
activities inside the organisation, which in turn may attract corrupt individuals.
It is argued that corruption may occur in organisations of a certain size, as
discussed in DeBacker et al. (2015). They observed that corruption levels in an
organisation in the U.S. are related to the size of the firm. The bigger the size, the
higher the level of corruption. Equally important, Arewa and Farrell (2015) suggested
that corrupt activities may also happen in particular industries, such as construction
industries that used lengthy supply chains and complex contractual arrangements,
including confidential negotiations in deciding whose interest comes first, which made
them susceptible to corruption and were often undetected. However, Brown and
Loosemore (2015) added that despite being common in construction industries, the
definition of corruption was relative depending on a country’s culture. The same can
be said about a firm’s culture as different firms may have different levels of tolerance
on corrupt activities based on the rules and values inside those firms (Brown &
Loosemore, 2015).
From the literature, although it is mentioned that corporate culture has a role,
there is limited research that directly links corporate culture to incidents of FC
(DeBacker et al., 2015; Liu, 2016), in the Australian context (Brown & Loosemore,
2015). Therefore, further investigation on the role of corporate culture to incidents of
FC using empirical evidence would provide deeper insights and is the aim of this study.
The next section discusses corporate governance (CG) in general, and the extent it
relates to culture and incidents of FC. This is followed by an examination of ‘corporate
culture’, which is one of the many attributes of governance.
Chapter 2: Literature Review 25
2.2 Corporate Governance (CG)
Corporate governance is crucial because poor governance may lead to incidents
of fraud and corruption (Brennan & McGrath, 2007; Chapple, Ferguson, & Kang,
2009; Coram et al., 2008; dela Rama, 2012; Dunn, 2004; In'airat, 2015; Van Akkeren
& Buckby, 2017). Therefore, it is important to understand the role of governance in
curbing these incidents. Corporate Governance (CG) is “the framework of rules,
relationships, systems and processes within and by which authority is exercised and
controlled within corporations” (ASX Corporate Governance Council, 2014, p. 3) and
in order to be effective, there is the need for authority in corporate governance
(Monem, 2011). O'Shea (2005) suggested that good corporate governance includes,
but is not limited to, a strong, involved board of directors (BODs); a balance of
executive and non-executive directors; division of responsibilities between chairman
and chief executives; formal and transparent procedures; and maintenance of a sound
system of internal control (pp. 34-35). Australian Prudential Regulation Authority
(APRA, 2016) defined CG as “a set of relationships between a company’s
management, its board, its shareholders and other stakeholders which provides the
structure through which the objective of the company are set…” (p. 8). The set of
relationships mentioned, according to ASIC (n.d.), are the components of CG which
include, inter alia, shareholder engagement, director oversight, executive
remuneration, managing conflicts, and culture.
Corporate culture, according to ASIC, is important due to its ability in shaping
corporate governance frameworks and practices. Greg Medcraft, previous ASIC’s
chairman, explained that “culture influences people’s attitudes” and “ASIC sees
culture as a driver of conduct” (Medcraft, 2016a, p. 456). John Price, ASIC’s
Commissioner, posited that good governance can be achieved by having the right
26 Chapter 2: Literature Review
culture (Price, 2015). Notably, this research focussed on corporate culture because the
importance of corporate culture has been highlighted as a critical matter in relation to
minimising FC (Geriesh, 2003; Information Systems Audit and Control Association
[ISACA], 2012; C. May, 2003; Soltani, 2014), yet there is little empirical evidence
that demonstrates this relationship. However, before delving further into the
relationship between corporate governance, corporate culture, and incidents of FC, the
relationship between corporate governance and incidents of FC itself should first be
understood. The next subsection discusses prior research that had examined this
relationship.
2.2.1 Corporate governance, fraud and corruption.
This subsection highlights the importance of corporate governance in an
organisation’s attempt to minimise FC. As the focus of this study is on the link between
incidents of FC and corporate culture, the subsection identifies several corporate
governance mechanisms in relation to fraudulent acts, followed by a definition of
culture as it relates to corporate governance.
There are many research papers in the accounting field that demonstrate the
relationship between poor governance and incidents of fraud and corruption (see for
example: Brennan & McGrath, 2007; Chapple et al., 2009; Coram et al., 2008; dela
Rama, 2012; Dunn, 2004; In'airat, 2015; Van Akkeren & Buckby, 2017). In their
paper, Van Akkeren and Buckby (2017) categorised corporate governance
mechanisms in relation to fraudulent acts identifying five areas of relevance to FC:
composition and role of the board of directors (BODs); tone from the top; internal
control environment; internal and external audit function; and strength and
composition of audit committees. In'airat (2015) focussed on the significance of CG
components (internal control, internal audit and external audit) in relation to fraud and
Chapter 2: Literature Review 27
concluded that these CG components need to be implemented effectively in curbing
fraudulent activities. Brennan and McGrath (2007) emphasised the relationship
between tone from the top in shaping the right attitude towards effective internal
controls for the purpose of curbing fraudulent financial statements. Coram et al. (2008)
discussed the link between having a better internal audit function and the chances for
organisations in detecting misappropriation of assets (MoA). Dela Rama (2012)
stressed the importance of having better corporate governance in mitigating the effects
of corruption. Tan, Chapple, and Walsh (2017) explained that in curbing fraudulent
activities, having a good governance in a firm is essential.
As stated by Van Akkeren and Buckby (2017), the literature demonstrated that
having effective governance in an organisation may be one of the keys to preventing
fraudulent activities, and that lack of governance enabled fraud and corruption to
occur. Although culture is an underlying feature of corporate governance, the literature
focussed more on the audit function, internal control measures and the composition of
the board of directors (BODs). Consequently, the examination of culture has often
been overlooked and/or empirical evidence is not gathered. Therefore, this study
specifically focusses on the relationship between corporate culture and incidents of
FC. The next subsection discusses prior research that has analysed the relationship
between corporate governance and culture.
2.2.2 Corporate governance and corporate culture.
Corporate governance is related to culture because culture influences the
structure and execution of governance in organisations. Different organisation may
deal with both internal and external issues in a different manner, depending on the type
of culture that exists, for example, complying with regulators. Licht (2001) argued that
governance and/or organisational policies are dependent on values, which is one
28 Chapter 2: Literature Review
attribute of corporate culture, held by decision makers. Similarly, Llopis, Gonzalez,
and Gasco (2007) suggested that functional corporate governance is needed to help
organisations in consolidating ethical values from top to bottom. Furthermore, Mintz
(2005) emphasised how culture underpins corporate governance in ensuring
compliancy in a firm. Having the right corporate culture for the purpose of negotiation
or discussion, such as organisation policies, is also recommended for the discussion to
be productive (Rafiee & Sarabdeen, 2012).
There is also evidence from practitioners on the importance of corporate culture
as a part of CG. The COBIT 5 framework by the Information Systems Audit and
Control Association (ISACA, 2012) gave prominence to the importance of corporate
culture and how often it is underestimated as a success factor in governance and
management activities (p. 27). In addition, the Board’s role as one aspect of corporate
governance is argued to be critical in driving the right cultural change within an
organisation (Australian Institute of Company Directors [AICD], 2016).
This study examines the relationship previous literature has identified between
corporate culture and corporate misconduct to gain more profound insights into how a
poor organisational culture may lead to incidents of FC. The next section provides an
examination of empirical studies that identify the link between corporate culture and
FC. In particular, the section describes the attributes from the literature that define
corporate culture, which includes shared values, tone from the top, ethics and risk
culture in an organisational context and how each can lead to incidents of FC.
2.3 Corporate Culture, Fraud and Corruption
Even though there are many variables that may be affected by organisational
culture, such as job satisfaction (Pacheco, Westhuizen, Ghobadian, Webber, &
O'Regan, 2016) and employee retention (Patel & Conklin, 2012), they are not within
Chapter 2: Literature Review 29
the scope of this thesis. Instead, studies that identified corporate culture as contributing
to FC are examined. Further, although the notion of subcultures have been mentioned
several times under the umbrella of organisational culture theory (Gregory, 1983;
Hatch & Zilber, 2012; J. Martin & Siehl, 1983), it is not discussed for the purpose of
this research, as it is not the primary focus of this study. However, the researcher
acknowledges the probability of subculture in influencing incidents of FC as identified
by Van Akkeren and Buckby (2017).
Corporate culture is defined by Schein (1990, p. 111) as: “(a) a pattern of basic
assumptions, (b) invented, discovered, or developed by a given group, (c) as it learns
to cope with its problems of external adaptation and internal integration, (d) that has
worked well enough to be considered valid and, therefore (e) is to be taught to new
members as the (f) correct way to perceive, think, and feel in relation to those
problems”. Schein divided culture into three fundamental levels: observable artefacts,
values, and basic underlying assumptions. In other words, underlying assumptions are
employees’ shared beliefs of an organisation and its environment, and serve as a guide
for the employees’ thoughts and behaviours (Campbell & Göritz, 2014). Similar to
Schein, another definition of corporate culture is “the set of important understandings
(often unstated) that members of a community share in common” (Sathe, 1983, p. 6).
Furthermore, a parallel definition is provided by Sinclair (1993) who argued that
organisational culture “… includes deep-seated and enduring values, at the most
fundamental or inner level, with artefacts and symbols, procedures and
arrangements…” and “… it consists of what people believe about how things work in
their organisations and the behavioural and physical outcomes of these beliefs” (p.
64).
30 Chapter 2: Literature Review
It has been argued that corporate culture is such a strong force, it can hinder or
foster an organisation’s growth (Linnenluecke & Griffiths, 2010). Supporting this,
Pinho, Rodrigues, and Dibb (2014) posited that corporate culture has the ability to
influence “a firm’s choice of outcome and the means to achieve these outcomes,
including organisational structure and processes” (p. 377). In the context of this
thesis, poor corporate culture can hinder an organisation’s growth while fostering acts
of FC. Several studies have assessed the value of corporate culture as a part of CG and
discussed its role in contributing to FC. Geriesh (2003) identified that characteristics
of companies being convicted of illegal actions usually had a corporate culture that
allowed or facilitated such activities. Similarly, Ji, Rozenbaum, and Welch (2017)
concluded that firms associated with low rated corporate culture have a higher chance
of getting Accounting and Auditing Enforcement Releases (AAER) from the U.S.
Securities and Exchange Commission (SEC). C. May (2003) argued that having a
culture of vigilance (emphasising safety) often leads to a productive working
environment and normalisation of said culture would benefit organisations in the long-
run. This is supported by Soltani (2014) who discussed how ethical climate shapes
organisational culture (p. 254). Soltani also suggested that a CEO’s ethical leadership
may affect the organisation’s ethical culture and that tone from the top has an influence
on corporate culture which contributed to the integrity of financial reporting (p. 255).
Soltani added that culture itself may create opportunistic managers in the time of crisis
(p. 265) and how company culture might be the key mechanism in mitigating
fraudulent behaviour (p. 270).
Finally, different studies have also highlighted attributes that are relevant to this
thesis. For example, shared values and tone from the top are identified as necessary
factors in transforming an organisation’s culture (Armenakis, Brown, & Mehta, 2011),
Chapter 2: Literature Review 31
using terms such as cultural leader and cultural carrier (tone from the top) and cultural
internalisation as well as formal/informal management practices (shared values).
Another example is ethics or the ethical climate of the organisation, and has been
confirmed as contributing to a firm’s attitude towards fraudulent acts (Domino,
Wingreen, & Blanton, 2015), or how unethical culture plays an important role in
financial statement fraud (Morgan & Burnside, 2014). Another example is risk culture,
which is considered critical for organisational outcomes (Palermo, Power, & Ashby,
2017). The next four subsections examine shared values, tone from the top, ethics and
risk culture and provide evidence on how they relate to incidents of FC.
2.3.1 Corporate culture and shared values.
According to Ogbor (2001), corporate culture is needed because it unifies the
people in the organisation where common values and beliefs meet together, which in
turn forms an institution based on those similar interests. Ogbor suggested that there
are some positive impacts out of forming this unified and consistent community such
as top management sharing enthusiasm with employees, setting the right norms in the
organisation and ensuring similar attitudes toward certain problems. However, the
same can be said about the negative effects. For instance, managers could shape a
corrupt organisational culture by gathering individuals with common values and
beliefs, which may result in a unified and tight-knitted corrupt society. Ogbor (2001)
explained that this side of corporate culture is a method for managers in creating their
ideal or, in this context, corrupt organisation (p. 591). Management may induce this
culture by utilising simple means such as daily socialisation, where they share their
corrupt values with people who have the same opinion as them (Kleinberg, 2014).
Literature that supports Ogbor and specifically related to corporate culture and
FC includes Cameron, Chaudhuri, Erkal, and Gangadharan (2009); DeBacker et al.
32 Chapter 2: Literature Review
(2015); and Liu (2016). For example, DeBacker et al. (2015) suggested that daily
socialisation in the workplace is a way to shape new employees to the company’s
liking. Besides socialisation, the authors also suggested different means such as
education, selection of employees with similar values, and provision of incentives (p.
124). In their study, Cameron et al. (2009) mentioned that everyday experiences of
corruption have an impact in shaping individuals’ attitudes towards corruption. In this
case, everyday experiences can be translated to individuals’ daily life in the corporate
world or even group norm, which in a corporate context is defined as corporate culture
(Liu, 2016). Liu’s findings showed that group norms have a two and a half times
greater impact in shaping a corrupt corporate culture as opposed to internal norms. An
internal norm is defined as a norm set by an individual based on his/her values, while
a group norm is described as a norm enforced or socialised between groups of people
through rewards and punishment systems (Liu, 2016, p. 322).
The importance of group norms (or shared values), which is the combination of
different personal values, in influencing organisational culture is emphasised by
Fritzsche (1991) and demonstrated in Figure 2.1.
Figure 2.1. A Model of Decision-Making Incorporating Ethical Values (Fritzsche, 1991)
Chapter 2: Literature Review 33
The model suggested that one’s personal values can be shared with and/or modified
by others using daily socialisation (DeBacker et al., 2015) as a medium. Therefore,
one who has corrupt values could share them with other people in the organisation and
change its culture, or the organisation may corrupt someone’s ethical values by
exposing them to a corrupt organisational culture. In the context of this research, the
internal and external impact may be an individual’s or an organisation’s tendency to
commit fraudulent and corrupt acts. However, changing one’s and/or an organisation’s
culture is not a simple task. Thus, other criteria may or may not need to be present,
such as tone from the top or, as described in this figure, role-set configuration. This
term is discussed more in the next subsection.
It has also been argued that shared knowledge has a role in contributing to a
culture’s strengths or weaknesses (Crémer, 1993). Supporting this view, Van den Steen
(2010) acknowledged shared beliefs as part of corporate culture and stated that those
beliefs may lead to advantages and disadvantages. This could be seen by his example
using employees’ shared experiences in the firm, which will develop into shared
beliefs through time. Therefore, the experiences and beliefs that employees shared are
critical. Further, Medcraft (2016b) argued that culture is a set of shared values that
may lead to different outcomes depending on the strength of the said culture. His
argument is reinforced in the Global Fraud Survey by Ernst & Young (EY, 2016) that
explained how cultural factors that are shared, such as loyalty, could be the reason why
fraudulent and corrupt activities are not reported. Thus, positive corporate culture
serves as an asset (e.g., Starbucks) and negative organisational culture may lead to an
organisation’s demise (e.g., Enron) (Flamholtz & Randle, 2012).
A good example of corporate culture focussing on shared values is provided by
Guiso, Sapienza, and Zingales (2015) which discussed the value of corporate culture.
34 Chapter 2: Literature Review
The authors provided a pseudo case, where a firm with an impeccable customer care
record always tries its best to educate its employees in order to live up to the customers’
expectations. Therefore, it is a shared social norm, enforced by all people in the firm
that employees need to try their hardest in promoting the best customer service because
that is the essence of the firm. Consequently, an employee with a negative attitude
towards customers will be shunned by other employees because he/she does not live
up to the company’s values. For that reason, when positive values are shared, these
values may mitigate moral hazards, and when these values are negative, they may lead
to corporate misconduct.
A recent illustration is provided by APRA’s report in regard to its inquiry into
the CBA (2018). The report stated that “shared mindsets impact on behaviours,
because what people do is influenced by who they are and what they believe and value,
whether they are aware of this or not” (p. 82). The report also added an example to the
statement demonstrating that CBA’s business units’ employees view control functions
as obstacles to achieve their short-term incentives rather than the bank’s overall
profitability.
Another instance given by APRA is how the combination of individual
behavioural norms would have a negative impact towards the bank’s organisation
culture. APRA explained how the culture inside CBA often only mentions ‘good news’
while keeping the ‘bad news’ as quiet as possible. These behavioural norms are similar
to Liu’s (2016) findings on group norms. Employees are influenced by others inside
the bank to change their ‘common practice’. The conditions mentioned are interrelated
with CBA’s risk culture which is discussed further in section 2.3.4.
In this study, shared values form the ‘S’ of the STER model (shared values, tone
from the top, ethics and risk). This model is further explained in Chapter 3. The
Chapter 2: Literature Review 35
following subsection provides a review of the literature on the impact of ‘tone from
the top’ on incidents of FC.
2.3.2 Corporate culture and tone from the top (leadership).
An important consideration for this study is tone from the top, which is identified
as a part of corporate culture (Biggerstaff et al., 2015; Brennan & McGrath, 2007;
Fritzsche, 1991; Liu, 2016; Schein, 1985; Sims & Brinkmann, 2003). Brennan and
McGrath (2007) found that senior management (leaders) were responsible for most
fraudulent activities (financial statement fraud) and that the board of directors (BODs)
are responsible for setting an organisational tone so that internal controls could be
more [or less] effective. Biggerstaff et al. (2015) added that an unethical culture comes
from the top level of leadership (CEOs in particular), highlighting the need for tone
from the top that sets strong leadership and an anti-fraud environment. They noted that
firms with CEOs who receive bonuses are more likely to engage in fraudulent activities
(p. 99), such as financial reporting fraud or overstating firms’ profits. Their results
demonstrated that externally hired CEOs are more likely to alter the firms' culture
effectively. Liu (2016) also emphasised the role of leaders in producing and nurturing
corporate culture in curbing corrupt activities. These indicate the importance of tone
in setting the right culture in a company in terms of risks of FC.
The link between corporate culture and leadership is identified by Sims and
Brinkmann (2003) using Enron as an example. They found that there were no ethical
boundaries because rule-breaking activities were encouraged by the leadership. In his
research, Finkelstein (1992) used different dimensions of power, namely: structural,
ownership, expert, and prestige power and posited that top management (being CEO
and other managers), when given enough power, have the abilities to influence
decision-making activities. This suggested that powerful leadership can decide
36 Chapter 2: Literature Review
whether to involve their firm in corrupt activities. Similarly, using Figure 2.1, Fritzsche
(1991) explained how top management have more influence than one’s peers in terms
of decision-making, using the term role-set configurations. This term also means that
employees’ behaviours depend on the actual role played by the manager. This
argument is supported by Van den Steen (2010), where he argued that managers have
the power to choose what they want their employees to learn, a condition that is called
“manager-forced learning” (p. 618). These arguments strengthen that of Ashforth’s
and Anand’s (2003) which explained that leaders do not always need to engage in the
act of corruption themselves in influencing employees’ perceptions. They can simply
reward or punish the employees depending on their conduct in order to send them a
message of what is expected of them in an organisation, which is referred to as an
“authorisation act of corruption”. Employees will use their perception of their
superiors as well as the knowledge they have learned when faced with unethical
conduct, which in this case, included acts of FC.
Tone from the top within a corporate culture is argued as critical as it reflects the
power of upper echelons (Ogbor, 2001). Wimbush and Shepard (1994) supported this
view, and posited that despite having good ethical policies, the primary influence on
individuals’ ethical behaviour is stronger with what those individuals have learned
from their supervisor. Therefore, employees were likely to mimic their superiors
because they were the ones with the power to judge employees and decide whether
those employees deserve rewards or punishments (p. 642). Similarly, Lail, MacGregor,
Stuebs, and Thomasson (2015) discussed the role of a strong tone from the top in
promoting a resilient anti-fraud corporate culture and how a weak tone may lead to
fraudulent behaviour.
Chapter 2: Literature Review 37
Further evidence of the importance of leadership and tone from the top is
provided in a study examining the influence of CEO’s ethical leadership to an
organisation’s ethical climate and employees’ perceptions of it. Shin’s (2012) study
demonstrated that CEOs play a significant role in establishing and promoting a code
of conduct throughout the organisation. This is because CEOs bring their own personal
values or beliefs, and then share it with everyone from top to bottom. It should be
noted, however, that since a CEO has the means and abilities to positively influence
an institution’s ethical climate, it can also negatively influence others and that can
include wrongdoings of FC.
An example of adverse effects from management can be seen from a study
investigating the relationship of top management team’s (TMT) deterioration with
organisational failure by Hambrick and D'Aveni (1992). They concluded that the
decline of TMT and the decline of organisations are related and act like a downward
spiral where one brings down the other. Another negative impact from TMT is related
to the size of TMT and CEO dominance in organisations (Haleblian & Finkelstein,
1993). Their findings suggested that in a turbulent environment, a larger team is
preferred to smaller teams, and dominant CEOs (centralised organisations) have
critical roles in the firms’ poor performance. Daboub, Abdul, Priem, and Gray (1995)
investigated the link between TMT characteristics and illegal corporate activities.
However, the definition of corporate culture that they provided fits more to shared
values rather than tone from the top, for example, “shared norms, values, and beliefs”
(p. 142) and socialisation as a means of shaping employees’ behaviours (p. 140). This
may suggest that there is a connection between shared values and tone from the top.
In addition, although they briefly discussed the possible link between culture (as
external and internal antecedent factors) and its influence on TMT in committing
38 Chapter 2: Literature Review
corporate criminal activity, they neither examine further nor focus on corporate culture
to find its relationship to FC incidents, which is the focus of this research. Finally, a
very recent example from APRA’s inquiry into the CBA has revealed that CBA’s
leadership had not “practised what they preached” (2018, p. 87). This condition is
another example of the prominence of setting the right tone for an organisation (Lail
et al., 2015; Liu, 2016; Shin, 2012; Sims & Brinkmann, 2003).
There is also a connection between tone from the top and ethics, as explained by
Wimbush and Shepard (1994). In their paper, they explained how supervisors
influence employees through verbal or non-verbal communication on what is ‘right’
or ‘wrong’ in their opinion. These ‘rights’ and ‘wrongs’ could either be based on a
code of conduct (ethics) or personal opinion. The employees then communicate with
each other, spreading the supervisors’ opinions which enforces the policies throughout
the organisation. Wimbush and Shepard (1994) explained that the role of supervisors
is to moderate between rules and practices (p. 643), which further suggests having an
ethical tone from the top is critical in an organisation.
The link between tone from the top and corruption is also identified by van der
Wal et al. (2016). They used the term “good apple, bad barrel”, meaning that the
organisational structure and culture (e.g., unrealistic targets or pressure) may infect
healthy apples, which in this case are the employees of a company. Hauk and Saez-
Marti (2002) argued that corrupt culture is transmitted from older agents to younger
(newer) agents just like parents set examples for their children. Supporting this, Fisman
and Miguel (2007) provided a parking ticket example in their research where they
analysed the parking behaviour of United Nations (UN) officials in Manhattan. They
found that officials from countries with high levels of known corruption accumulated
more unpaid parking violations. This implies that one’s corrupt culture is highly
Chapter 2: Literature Review 39
related to one’s home country, and therefore, an assumption can be made that one’s
home country is the parent (Barr & Serra, 2010). This assumption supported the
argument on corrupt culture being transmitted from ‘parents’ to ‘children’ (Hauk &
Saez-Marti, 2002). Despite having different unit of analyses, the studies mentioned
above may provide some insights on how these conditions can be translated to a
corporate context. For example, in an organisational context, parents are managers and
children are employees and how managers conduct themselves will be mirrored by
employees. Therefore, this thesis may complement the studies above by exploring,
amongst other aspects of culture, tone from the top from a corporate perspective.
As the literature demonstrates, tone form the top is relevant to the culture of a
firm and a potential contributor to FC. Together with shared values, it forms the ‘T’ of
the STER model (shared values, tone from the top, ethics and risk). The next
subsection discusses ethics and its role in guiding organisations to minimise FC, and
how the normalisation of different kind of ethics (e.g., corrupt and fraudulent ethics)
may lead to incidents of FC.
2.3.3 Corporate culture and ethics.
Ethics is another important attribute of corporate culture and the link between
the ethics of an organisation and incidents of FC has been identified. Previous studies
suggest that one of the red flags that can be related to fraudulent activities is unethical
or dishonest management behaviour (Gullkvist & Jokipii, 2013). Therefore, this
subsection further explores the relationship between corporate culture and ethics,
which consists of ethical culture, ethical education and ethical climate, and how it may
or may not have a role as a contributor to incidents of FC.
40 Chapter 2: Literature Review
2.3.3.1 Ethical culture.
Treviño, Butterfield, and McCabe (1998) described ethical culture as a construct
that “emphasises the phenomenal level of culture – the more conscious, overt, and
observable manifestations of culture such as structures, systems, and organisational
practices, rather than the deeper structure of values and assumptions” (p. 451).
Hence, culture in this context is normative, that is, how it should be. This normative
understanding is supported by having rules and regulations such as a code of conduct.
In regard to fraud and corruption, having explicit and direct formal
institutionalisation on ethical conduct (i.e., rules, code of conduct) in a company is
argued by Ashforth and Anand (2003) as preferable as opposed to implicit and indirect
informal institutionalisation (i.e., socialisation, shared values, promotion, rewards for
good behaviour, etc). This statement contradicts previous research which emphasised
more on the latter (Crémer, 1993; DeBacker et al., 2015; Medcraft, 2016b; Van den
Steen, 2010). Nevertheless, van der Wal et al. (2016) stressed the importance of ethics
and the rules surrounding it by giving an example of bottom-up internalisation. They
posited that bottom-up internalisation of organisational values by promoting
employees’ ethical behaviour (strengthening their moral competence and awareness
training) is preferred compared to top-down imposition of rules and regulation,
because the former results in a more positive image of the employees (they are trusted
for what they do), as opposed to the latter, where it results in a negative image of the
employees (the reason rules are imposed on them is because they are not trusted to do
their job).
2.3.3.2 Ethical education.
D. R. May, Luth, and Schwoerer (2014) attested the importance of ethical
education in increasing employees’ moral competence. In their study, they focussed
Chapter 2: Literature Review 41
on how business ethics education has positive impacts on increasing one’s moral
efficacy, moral meaningfulness, and moral courage. Likewise, Tormo-carbó, Seguí-
mas, and Oltra (2016) recommended enhancing employees’ professional ethical
behaviour by learning the consequences of their actions through formal courses.
Finally, supporting both arguments, Halbouni, Obeid, and Garbou (2016) suggested
organisations that promote a culture of honesty by adopting business ethics programs
are better able to prevent, detect and deter fraudulent acts (p. 616).
Ethical rules and education are important in promoting an ethical culture within
the organisation. However, so is ethical climate as it influences the decision-making
progress in an organisation (Duh, Belak, & Milfelner, 2010). Therefore, an
organisation’s ethical climate may determine whether the organisation is susceptible
to incidents of fraud and corruption.
2.3.3.3 Ethical climate.
Ethical climate is described by Cullen, Victor, and Stephens (1989) as one
component that defines organisational culture. They explained ethical climate as a
combination of shared perceptions/values (see subsection 2.3.1) and processes in
dealing with ethical issues. Further, it is “one type of work climate that reflects
organisational procedures, policies, and practices with moral consequences” and it
influences the decision-making process in an institution (K. D. Martin & Cullen, 2006,
p. 177). Similarly, Vardi (2001) posited that ethical climate is “perceived
representation of the organisation’s goals and the means and ways adopted for goal
attainment” (p. 327). An example of an adverse ethical climate is the banking and
insurance sectors that are currently being reviewed under the Banking Royal
Commission due to their incentive-focussed culture (see section 1.4). The institutions’
42 Chapter 2: Literature Review
goals are all sales-driven and they incentivised their employees to increase those
numbers regardless of impact on their clients.
In order for an ethical work climate to exist and persist, there should be
normative patterns inside the organisation that the people acknowledge (or perceived
to exist within the organisation), which is referred to as institutionalisation (Victor &
Cullen, 1988). Since the people inside the institution acknowledge the climate, they
act according to the normalised practice in the organisation. In relation to FC,
Wimbush, Shepard, and Markham (1997) suggested managers to understand the work
climate in their organisation as a proactive measure in curbing unethical conduct.
Wimbush and Shepard (1994) also proposed that having a better ethical climate leads
to minimising costs that are caused by poor performance or counterproductive
behaviours (e.g., absenteeism) and other unethical behaviours (e.g., kickbacks).
Previous research provides insights into organisational ethical culture, ethical
education and ethical climates to better understand how ethical culture as rules, ethical
education, and ethical climate as perceptions shape ‘normal practice’ in an
organisation, and how ‘normal’ may lead to acts of FC. Ethics, together with shared
values and tone from the top, shapes the ‘E’ in the STER model in Chapter 3. The next
subsection explains the last attribute of corporate culture, that is, risk culture and how
it relates to incidents of FC by utilising several cases from prior research.
2.3.4 Risk culture.
APRA (2016) defined risk culture as “the norms and traditions of behaviour of
individuals and groups within an organisation that determine the way in which they
identify, understand, discuss, and act on the risks the organisation confronts and the
risks it takes” (p. 7). APRA (2017) stressed the importance of having a strong risk
culture to “support the ability of the institution to operate consistently within its risk
Chapter 2: Literature Review 43
appetite” (p. 3), with risk appetite defined as ‘the amount and type of risk that an
organisation is willing to take in order to meet their strategic objectives’ (Institute of
Risk Management [IRM], n.d.). APRA also underscored that a solid risk management
strategy (RMS) must be able to “instil an appropriate risk culture across the
institution” (p. 8). An organisation’s risk culture, APRA contended, is reflective of the
influence of that organisation’s overall culture on how it manages organisational risks
(2018, p. 82).
A risk management strategy, according to APRA (2017) is a document that must
be maintained by an APRA-regulated institution,2 which contains the strategy to
manage risk within an institution. APRA (2017, p. 7) listed the necessary elements
needed in a risk management framework:
a) credit risk;
b) market and investment risk;
c) liquidity risk;
d) insurance risk;
e) operational risk;
f) risks arising from the strategic objectives and business plans; and
g) other risks that, singly or in combination with different risks, may have
a material impact on the institution.
APRA, in their Fraud Risk Management document (2015), expected institutions to
include abovementioned risk elements in their framework and how to manage fraud
2 APRA oversees banks, credit unions, building societies, general insurance and reinsurance
companies, life insurance, private health insurance, friendly societies and most members of the
superannuation industry (APRA, n.d.).
44 Chapter 2: Literature Review
risks (internal and external) associated with them. Despite the document specifically
tailored for registrable superannuation entity (RSE), a fraud risk management is
recommended for all Australian organisations. In addition, APRA recommended
organisations include a risk appetite statement covering the possibility of fraud risks
and a risk management strategy (RMS) to minimise the likelihood of fraud to occur.
In its inquiry report into the CBA, APRA explained that despite there being no
single best practice for a sound risk culture, there are some elements that are
recommended. These elements include “constructive challenge from a range of
perspectives, timely and transparent information flows without fear of blame, and a
consistent approach to risk management through the economic cycle” (2018, p. 83).
Furthermore, APRA suggested organisations to reward employees in relation to risk-
taking accordingly. This suggestion is due to the incentive-driven culture that shrouds
the Australian banking and insurance sectors. The report added that employees are
reactive towards risks (p. 85), perceive risk management as a low priority
‘administrative task’ (p. 86) and do not fully execute ‘walking the talk’ in regard to
risk management (p. 87). This report further showed that failing to uphold a proper
risk culture may lead firms to corporate misconduct.
In addition to APRA, concerns regarding organisations’ risk culture have been
voiced by industry and academic publications. For example, the Organisation for
Economic Cooperation and Development (OECD, 2014), in a report discussing a risk
management framework, explained that one of the greatest shocks from the financial
crisis was its prevalent failure of risk management (p. 12). EY, in the Global Fraud
Survey (2016), emphasised the need for companies to recognise the impact of culture
on business risk, further highlighting the importance of culture and risks within
organisations.
Chapter 2: Literature Review 45
Many academic studies also identify the importance of risk management, such
as Naude and Chiweshe (2017) who suggested that it is expected for businesses to
identify, respond and mitigate risks early by proactively undertaking risk assessment.
Pan, Siegel, and Wang (2017) posited that an organisation’s risk culture may be crucial
in influencing the organisation’s decision-making activities. Palermo et al. (2017)
provided another view, explaining that there are two logics which are related to risk-
taking: logic of opportunity and logic of precaution (p. 155). Logic of opportunity is
where risk-taking and entrepreneurism are favoured, while logic of precaution means
to regulate risk and exercise control, mitigating excessive risk-taking. They suggested
that organisations risk logic is shifting from logic of opportunity (innovative risk-
taking in a period of growth) to logic of precaution (condemning excessive risk-taking
in a period of crisis) after the Global Financial Crisis (GFC). Poor risk culture can be
seen as taking unnecessary risks or even implementing ‘riskiness’ as a policy, and they
cited the GFC as an example of excessive risk-taking.
Excessive risk-taking can lead to serious fraudulent acts and this was
demonstrated in the Enron case where there was a culture of risk-taking and this was
encouraged as long as great results were achieved (Sims & Brinkmann, 2003). Enron’s
rewards system provides a useful example: win-at-all-costs. In that type of
environment, any measure, no matter how risky, is considered innovative and brave,
and included fraudulent activities. Another instance of a risk-seeking company was the
American International Group (AIG) (Flamholtz & Randle, 2012). Frank Cassano, the
leader of AIG’s Financial Products Group, changed its corporate culture from ‘just
about anyone could question a trade’ to a risk-seeking culture without adequate
information and understanding of Credit Default Swap’s (CDS) risks and rewards. The
46 Chapter 2: Literature Review
organisational culture also became flawed as nobody would challenge Cassano’s ideas
and as a result, AIG almost collapsed if not for the Federal Reserve bailout.
In regard to risk-taking activities caused by remuneration in the banking sector,
Zalewska (2016) suggested regulators to have active participation in regulating firms
to minimise their risk-taking activities. Similarly, Bezzina, Grima, and Mamo (2014)
recommended firms to be more disciplined in their risk management as an effective
measure to thwart economic turbulence such as the GFC. They asserted that the
strength of one’s risk culture in order to survive a financial crisis and how it can be
achieved is through leadership, involvement, learning, accountability and
communication. In addition, a board that understand the firm’s philosophy is needed
in order to drive the risk culture even further (Schein, 1985). However, contrary to the
recommendation, the results from Palermo et al. (2017) showed that risk assessment
means very little to decision-makers and some managers are less willing to do the
assessment on their own. They prefer to have someone to do it for them or ‘hold their
hand’. The managers’ unwillingness to conduct risk assessment may be one indicator
on why incidents of FC occur in the first place, because they could not determine the
risks until after the fraudulent incident occurred.
Based on the concerns raised above, risk culture serves as the final component
of ‘R’ in the STER model and is explained further in Chapter 3. After reviewing the
literature, several gaps in the literature can be identified. Those gaps are discussed in
the following section.
2.4 Gaps in the Literature
The reviewed literature provided useful insights into the relationship between
corporate culture and fraud and corruption, and aided in the identification of the
attributes that define corporate culture. However, there are several gaps that need to
Chapter 2: Literature Review 47
be addressed to ensure the research question for this study (Is there a connection
between corporate culture and incidents of fraud and corruption in Australian
organiastions?) is properly addressed.
Gaps identified include the following: various studies did not provide empirical
evidence (Crémer, 1993; Flamholtz & Randle, 2012; Fritzsche, 1991; Ogbor, 2001),
others focussed on specific places or cases which are not related to the Australian
organisational context (Brennan & McGrath, 2007; Cameron et al., 2009; DeBacker
et al., 2015; Fisman & Miguel, 2007; Liu, 2016; Sims & Brinkmann, 2003; Soltani,
2014). Another identified gap is that although previous research used different
methods in gathering their data (quantitative or experimental), it was difficult to source
literature that examined the role of corporate culture and FC through in-depth
interviewing of professionals who identify causes of fraud and corruption as part of
their role (Biggerstaff et al., 2015; Cameron et al., 2009; Guiso, Sapienza, & Zingales,
2006; Guiso et al., 2015; Liu, 2016; Van den Steen, 2010). Professionals such as
forensic accountants were able to provide their view of a firm’s culture due to their
intimate knowledge of the crime during a forensic investigation. Furthermore,
corporate management opinions were explored as many have experienced FC first-
hand. This study probes for in-depth insights into culture and the relationship to
incidents of FC using a qualitative approach through in-depth interviewing.
Another gap relates to definitions or attributes of corporate culture. Although
most prior research defined the attributes of corporate culture, these definitions vary
substantially; or, if similar, they focussed on one or two attributes (Ashforth & Anand,
2003; Beasley, 1996; Biggerstaff et al., 2015; Crémer, 1993; Daboub et al., 1995;
Finkelstein, 1992; Guiso et al., 2015; Haleblian & Finkelstein, 1993; Hambrick &
D'Aveni, 1992; Johansson & Carey, 2016; Liu, 2016; Palermo et al., 2017; Shin, 2012;
48 Chapter 2: Literature Review
Van Akkeren & Buckby, 2017; Wimbush & Shepard, 1994; Wimbush et al., 1997).
For example, a study by Liu (2016) explored the role of corrupt culture in influencing
corporate misconduct and how it may be inherited. Culture, in her study, includes
shared values (“shared values and beliefs…” (p. 309) and “lower level employees
having similar values as their leaders” (p. 310)); and tone from the top (“leaders
create and disseminate culture within the organisation” (p. 309)). Although similar to
this study, several aspects of culture were not included (i.e., ethics and risk culture),
particularly as they relate to incidents of FC. In another study, Van Akkeren and
Buckby (2017) identified the connection between criminology theory and incidents of
fraudulent activities committed by individuals and groups. The study mentioned
shared values (“The sub-groups that formed within these organisations adopted
norms…” and “…behaviour of those involved in corporate scandals may have been
learned from others through socialisation…” (p. 386)) as well as tone from the top as
part of corporate governance (p. 387). However, in the context of FC, they focussed
more on only two aspects of culture (i.e., shared values and tone from the top).
Finally, studies identified in the literature review do not specifically discuss the
relationship between corporate culture and FC and only one paper utilised forensic
accountants’ expert opinions as its empirical resource (Van Akkeren & Buckby, 2017),
but did not focus on all attributes of culture identified as relevant in this thesis. This
study aims to fill these gaps by investigating the relationship between corporate culture
and incidents of FC in Australian organisations using the perceptions and experiences
of forensic accountants and industry professionals. In addition, a corporate culture
(STER) framework is developed, providing a useful guide for future researchers. The
overall summary of each individual attribute of corporate culture and the gaps attached
to them are provided in table form (Table 2.1).
Chapter 2: Literature Review 49
Table 2.1
Summary of the four cultural attributes and their gaps
Attribute(s) and Author(s) Summary Gaps
Shared Values (S)
Cameron et al. (2009);4 Crémer (1993);1
DeBacker et al. (2015);3,4 Flamholtz and Randle
(2012);3,4 Fritzsche (1991);1 Guiso et al.
(2015);3,4 Liu (2016);3,4 Medcraft (2016b);5
Ogbor (2001);1,2 Van den Steen (2010)3
Shared values in the form of daily
socialisation may shape employees to
the company’s liking
Group norms are stronger than internal
norms
Shared experience may develop to
shared beliefs through time, therefore
critical
As referred from superscript:
1. Studies do not have empirical evidence
2. Studies focussed on certain theories
3. Studies are not based on Australian
context
4. Studies have different unit of analysis
(e.g., country instead of corporate
context, or focussed on specific
industry)
5. Cited articles are not research papers
Tone from the Top (T)
Ashforth and Anand (2003);1,2 Barr and Serra
(2010);3,4 Biggerstaff et al. (2015);3,4 Brennan
and McGrath (2007);3 Daboub et al. (1995);1
Finkelstein (1992);3,4 Fisman and Miguel
(2007);3,4 Fritzsche (1991);1 Haleblian and
Finkelstein (1993);3 Hambrick and D'Aveni
(1992);3 Hauk and Saez-Marti (2002);1 Lail et al.
(2015);2,3 Liu (2016);3,4 Ogbor (2001);1,2 Schein
(1985); Shin (2012);3,4 Sims and Brinkmann
(2003);1,3,4 Van den Steen (2010);3 van der Wal
et al. (2016);4 Wimbush and Shepard (1994)1,2
Senior management are responsible for
setting organisational tone, positive or
negative
Management holds more power
compared to one’s peers in decision-
making process
Leaders can control what they want their
employees to learn
Employees tend to mimic their
supervisors
50 Chapter 2: Literature Review
Ethics (E)
Arewa and Farrell (2015);3,4 Ashforth and Anand
(2003);1,2 Brown and Loosemore (2015);4 Cullen
et al. (1989);3 Duh et al. (2010);3,4 Gullkvist and
Jokipii (2013);3,4 Halbouni et al. (2016);3,4 K. D.
Martin and Cullen (2006);1,2 D. R. May et al.
(2014);3,4 Tormo-carbó et al. (2016);3,4 Treviño
et al. (1998);3,4 van der Wal et al. (2016);4 Vardi
(2001);3,4 Victor and Cullen (1988);3,4 Wimbush
and Shepard (1994);1,2 Wimbush et al. (1997)3,4
Having rules are argued to be preferable
compared to informal institutionalisation
An ethical education is recommended to
increase employees’ moral competence
Ethical climate may influence
employees’ perceptions inside an
organisation
Risk Culture (R)
Bezzina et al. (2014);3,4 Flamholtz and Randle
(2012);3,4 Naude and Chiweshe (2017);1,3
Palermo et al. (2017);3,4 Pan et al. (2017);3,4
Schein (1985); Sims and Brinkmann (2003);1,3,4
Zalewska (2016)1,3,4
Strong risk culture is needed to prevent
excessive risk-taking
A risk management strategy is needed to
calculate risks within an organisation
Risk assessment is not a priority for
decision-makers
Regulators active participations are
needed to minimise excessive risk-
taking
Overall gaps from this study:
The lack of forensic accountants and industry professionals’ views and perceptions as
experts who have investigated and/or experienced incidents of FC based on corporate
culture
The lack of a comprehensive framework addressing the relationship between corporate
culture and incidents of FC
Chapter 2: Literature Review 51
2.5 Summary
The relationship that corporate culture has with incidents of FC is critical, as
highlighted in this chapter. However, there are several gaps found in the literature,
which are unit of analyses (Cameron et al., 2009; DeBacker et al., 2015; Fisman &
Miguel, 2007); different methods (Biggerstaff et al., 2015; Liu, 2016); different
cultural context (Crémer, 1993; Hambrick & D'Aveni, 1992; Liu, 2016; Van Akkeren
& Buckby, 2017); and lack of empirical evidence gathered from forensic accountants
and industry professionals expert opinions in a cultural context (Van Akkeren &
Buckby, 2017). In answering the overarching research question, this study explores
these gaps and develops a framework based on empirical evidence.
The next chapter presents the conceptual framework that is developed from the
review of the literature on economic crime, governance and organisational culture.
This framework is then used in answering the overarching research question with its
four attribute-related questions.
Chapter 3: Conceptual Framework 53
Chapter 3: Conceptual Framework
There continues to be a clear acknowledgement of the importance of creating
an environment where the right people take the right action at the right time.
(PwC, 2017b, p. 17)
3.1 Research Question
The purpose of this study is to better understand the relationship between the
role of corporate culture and incidents of fraud and corruption (FC). To gain a deeper
understanding, an overarching question needs to be asked:
‘Is there a connection between corporate culture and incidents of fraud and corruption
in Australian organisations?’
Chapter 2: Literature Review has identified four organisational culture attributes
that are found and/or suggested to be associated with incidents of FC: shared values
(S), tone from the top (T), ethics (E) and risk culture (R). The following section
identifies the conceptual foundations adapted from the literature review for the
development of the ‘STER’ model used in this study. Four specific research questions
relevant to this study are also identified and explained in the next section.
3.2 Conceptual Background
Literature that shapes the conceptual model focussed on four attributes of
corporate culture: shared values, tone from the top, ethics and risk culture. The
predominance of these four attributes was discussed in detail in the literature review,
specifically section 2.3. These cultural attributes may explain how incidents of FC
persist despite strong regulatory requirements for Australian organisations from the
Australian Prudential Regulation Authority (APRA) and Australian Securities &
54 Chapter 3: Conceptual Framework
Investments Commission (ASIC). The researcher acknowledges that corporate culture
is not limited to these four attributes alone. However, for this study, these four were
selected because of the high correlation between the presence of these factors and FC
incidents (potential and existing) documented in accounting, finance, ethics and
management studies (for example, see Flamholtz & Randle, 2012; Liu, 2016; Palermo
et al., 2017; Sims & Brinkmann, 2003; Van Akkeren & Buckby, 2017), as well as
industry publications (HLB Mann Judd, 2017; PwC, 2017b). Subsection 3.2.1
describes shared values together with the first research question.
3.2.1 Shared values.
The management literature suggested that certain shared informal norms in an
organisation are reflected by employees’ behaviour (Armenakis et al., 2011; Ogbor,
2001). This aligns with Schein’s (1985) definition of organisational culture, which is
the assumptions and values concerning how things work in an organisation. Hatch and
Zilber (2012, p. 95) described organisational culture as “tacit knowledge that drives
organisational actors in potent ways that engage their full being in processes from
which organisational culture arises”. Hatch and Zilber (2012) further explained that
tacit knowledge can operate within emotional and aesthetic consciousness, which leads
to certain behaviours in everyday activities. In this study, emotional and behavioural
knowledge take the form of employees’ perceptions of how ‘things are done around
here’ (Arewa & Farrell, 2015, p. 62). As Arewa and Farrell (2015) explained, when
employees perceive it is normal for corrupt acts to happen in their workplace, they will
adjust themselves to that condition. This condition then shapes employees’ daily
behaviour.
The ethics and finance literature on corporate culture also suggested that shared
values played a role in contributing to FC. For example, Fritzsche (1991) argued that
Chapter 3: Conceptual Framework 55
shared values from daily socialisation between people in the organisation may shape
individuals’ perceptions of fraudulent and corrupt activities (Arewa & Farrell, 2015;
DeBacker et al., 2015). Liu (2016) argued that group norms, which were enforced
shared values, had two and a half times greater impact in shaping a corrupt corporate
culture than internal norms, which were based on personal values. Liu illustrated this
phenomenon using an individual’s predisposition towards insider trading, which
remains even though he/she moved to a different organisation. Correspondingly,
Cameron et al. (2009) identified how everyday experiences shape individual’s
perceptions toward corrupt activities. Their experimental study showed that an
individual builds a greater tolerance towards corrupt activities once he/she is exposed
to such activities on a daily basis.
These examples support the position that shared values can be significant factors
in spreading fraudulent and corrupt acts, and that, in turn, tolerance for these acts may
increase due to employees’ everyday exposure to these influences. An example of
shared values influencing corporate culture and FC was the Enron case. Enron’s
employees shared a culture that pushed the limits of propriety and put the individual
before everyone else to avoid public humiliation. The employees used any means
necessary to save themselves, including fraudulent and corrupt activities (see
subsection 1.4).
Although demonstrated as a contributor to FC, shared values can vary greatly in
definition, and across organisations. This study examined shared values, their
composition, and how they may result in acts of FC. Therefore, based on these
arguments, the first research question in relation to organisational culture is:
RQ1: How do shared values contribute to incidents of fraud and corruption?
56 Chapter 3: Conceptual Framework
The next subsection explains tone from the top and highlights the second
research question.
3.2.2 Tone from the top.
Tone from the top is the second attribute of corporate culture that emerged from
the management literature. Tone from the top is explained by Hambrick (2007, p. 334)
as the combination of experiences, values and personalities of executives and how
these combinations significantly influence their understandings of different conditions,
and in the end, make their business decisions. Hambrick concluded that leaders engage
in acts that may bring either positive or negative outcomes for an organisation and its
employees. This is because leaders are the key decision-makers who determine
whether or not to involve the organisation in fraudulent and/or corrupt activities by
condoning or condemning the related activities. This argument is supported by finance,
accounting, management and ethics literature discussing the role of leadership in
nurturing or curbing fraudulent and/or corrupt activities (Brennan & McGrath, 2007;
dela Rama, 2012; Finkelstein, 1992; Liu, 2016; Sims & Brinkmann, 2003).
Tone from the top has been argued as reflecting leaders’ behaviour to
employees’ conduct related to fraudulent and corrupt acts inside an organisation.
Despite its relevance, the means and to what extent tone from the top contributes to
FC is still unclear in Australian industries. This study explored tone from the top and
how it may result in acts of FC. Thus, the second research question in relation to
organisational culture is:
RQ2: How does tone from the top contribute to incidents of fraud and
corruption?
The second research question assisted in answering how tone from the top in
Australian organisation may lead to incidents of FC. The next subsection clarifies the
Chapter 3: Conceptual Framework 57
role of ethics as one of the organisational culture attributes and presents the third
research question.
3.2.3 Ethics.
Ethics is the third attribute of corporate culture literature and takes three forms
within an organisation, that is, ethical climate, ethical culture and ethical education. K.
D. Martin and Cullen (2006) described ethical climate as “a type of work climate that
is best understood as a group of prescriptive climates reflecting the organisational
procedures, policies, and practices with moral consequences” and how it
“influences… subsequent behaviour in response to ethical dilemmas” (p. 177). These
behaviours are shared amongst everyone in the organisation (be it employees or
managers), and therefore, it is crucial for employers and employees to understand an
organisation’s ethical climate (Wimbush & Shepard, 1994; Wimbush et al., 1997).
Ethical climate, as part of ethics, is relevant for this study as it helps to shape corporate
culture and attitudes to fraud and corruption.
Ethical culture is described as focussing on the more conscious and observable
manifestations of culture, such as structures and systems, rather than the hidden
perceptions, such as shared values and assumptions (Treviño et al., 1998). The
organisational, ethics and finance literature have examined different methods of
achieving a culturally ethical organisation. Prior research suggested that having
explicit and direct formal institutionalisation, such as rules and a code of conduct is
preferred (Ashforth & Anand, 2003; van der Wal et al., 2016) as opposed to shared
values and daily socialisation (DeBacker et al., 2015). Other research focussed on the
importance of ethical education in the organisation to strengthen employees’ moral
competence in dealing with unethical behaviour (D. R. May et al., 2014; Tormo-carbó
et al., 2016). Nevertheless, ethical culture and ethical education are argued to be able
58 Chapter 3: Conceptual Framework
to curb unethical or counterproductive behaviours, such as acts of FC (Halbouni et al.,
2016; Wimbush & Shepard, 1994).
Ethical climate differs to ethical culture. As explained above and in the literature
review (see subsection 2.3.3), ethical culture is a control measure that is embedded in
the system, such as rules, regulations and recommended education. Treviño et al.
(1998) defined ethical culture as “a subset of organisational culture, representing a
multidimensional interplay among various ‘formal’ and ‘informal’ systems of
behavioural control that are capable of promoting either ethical or unethical
behaviour” (p. 451). Hence, ethical culture is normative because it describes the
ethical rules inside an organisation. Although ethical climate is explained as reflecting
the organisational procedures and practices (K. D. Martin & Cullen, 2006), it leans
more towards group perceptions of those procedures and practices. Perceptions are not
normative, and they could change depending on the situations. Hence, what is
perceived as ‘normal’ inside an organisation may change based on the everchanging
experiences (Prabowo & Cooper, 2016).
Despite their differences, people sometimes confuse ethical climate and ethical
culture, or even use them interchangeably. This is understandable due to their
similarities. Both ethical culture (as rules) and ethical climate (as perceptions) may
influence how an organisation deals with incidents of fraud and corruption using a
code of conduct and group perceptions of practices inside the organisation. Thus, both
of these ethical attributes, together with ethical education, may help each other in
creating a robust system to deter FC incidents.
As ethics entails three components in this study, how these components (either
individually or the combination of them) contribute to incidents of FC is still unclear.
Chapter 3: Conceptual Framework 59
Therefore, based on the reviewed literature, the third research question for this study
is:
RQ3: How does ethics contribute to incidents of fraud and corruption (FC)?
This research question aids in investigating how these three ethical components
contribute to FC in Australia. The final subsection discusses risk culture as the final
attribute of corporate culture and highlights the final research question for this study.
3.2.4 Risk culture.
Risk culture is the final attribute emerging from the literature, including research
in accounting, management, finance and business ethics. APRA (2016) defined risk
culture as “the norms and traditions of behaviour of individuals and groups within an
organisation that determine the way in which they identify, understand, discuss, and
act on the risks the organisation confronts and the risks it takes” (p. 7). They also
highlighted the importance of having a risk management strategy (RMS) and risk
management framework (see subsection 2.3.4). An organisation without a proper RMS
may be a victim to incidents of fraud and corruption. Further, with a proper RMS, an
organisation can decide when to pursue and avoid risk without risking the
organisation’s well-being.
Several academic and industry publications have stressed the significance of
having a sound corporate risk culture, especially its relation to FC. Sims and
Brinkmann (2003) explained how a risk-taking culture in an organisation may not have
positive outcomes, using Enron’s incentive-driven culture as their example. Ernst &
Young’s (EY) Global Fraud Survey (2016) emphasised the importance of the
relationship between a corporate risk culture and overall business risks. Further, the
OECD (2014) stressed sound risk management in preventing a financial crisis.
Palermo et al. (2017) cited the Global Financial Crisis (GFC) as an example on why
60 Chapter 3: Conceptual Framework
excessive risk-taking should be discouraged, identifying poor risk culture as being
associated with poor risk assessment by management. Palermo et al. (2017) also added
that management is somewhat reluctant in properly assessing a firm’s risk (see
subsection 2.3.4). Arguably, this condition may be the reason why incidents of FC can
occur.
Risk culture can take many forms and includes a number of approaches in
attempts to minimise FC. What is unclear is how risk culture (or lack thereof)
contributes to incidents of FC, that is, what are the most common elements of risk
culture that have resulted in FC. Therefore, the final research question in relation to an
organisation’s risk culture is:
RQ4: How does risk culture contribute to incidents of fraud and corruption?
This research question aids in the exploration of the way in which a company’s
risk culture contributes to FC in Australia.
The aforementioned literature from organisational, ethical, accounting,
management and finance journals aided in the identification of four cultural attributes
and related research questions. The conceptual framework established from the
literature aids in visualising corporate culture and the relationship to incidents of FC.
The next section presents the conceptual framework used for this study.
3.3 Conceptual Framework
In responding to the research questions, this study developed a conceptual
framework based on the literature discussed in Chapter 2. This framework identified
the relationship between the four organisational culture attributes and incidents of FC
within an Australian context. The conceptual model for this study is displayed in
Figure 3.1.
Chapter 3: Conceptual Framework 61
Figure 3.1. A Conceptual Framework of Corporate Culture and FC (STER Model).
Adapted from different papers (Crémer, 1993; Cullen et al., 1989; Flamholtz & Randle, 2012;
Fritzsche, 1991; Guiso et al., 2015; Hambrick & D'Aveni, 1992; Liu, 2016; Ogbor, 2001; Palermo et
al., 2017; Shin, 2012; Sims & Brinkmann, 2003; Van Akkeren & Buckby, 2017; van der Wal et al.,
2016; Victor & Cullen, 1988; Wimbush et al., 1997)
This framework uses an interdisciplinary approach that captures attributes
identified in prior studies on corporate culture and incidents of FC drawing from
studies in organisational, management, ethics and finance literature. The framework
visually illustrates how shared values, tone from the top, ethics and risk culture may
shape an organisation’s culture, and how they may contribute to incidents of FC. It
should be noted, however, that in relation to FC, corporate culture is not limited only
to these aspects and not all cultural aspects need to be present for FC to occur. What
is unclear is the level of impact (if any) each attribute may have on incidents of FC
and, therefore, gathering empirical evidence aided in answering the research questions
Contributes to
Shared values
(S)
Tone from
the top (T) Ethics (E)
Risk culture
(R)
Shapes
Organisational/Corporate
Culture
Fraud and corruption (FC)
62 Chapter 3: Conceptual Framework
for this study. The four attributes were specifically chosen due to the consistent
emergence throughout the literature and their relationship (potential and existing) with
incidents of FC. The framework can be used to explain the events, decisions, reactions
and actions of organisations and individuals within them, and how each, or a
combination of factors, may lead to incidents of FC (Van Akkeren & Buckby, 2017,
pp. 388-389). The majority of empirical studies on FC have not focussed on ‘corporate
culture’ as a major contributor and/or do not include all four attributes of corporate
culture identified in this study. Thus, this framework is developed based on the
combination of a review of the literature, in particular, studies that have argued the
importance of these four attributes and their possible link to incidents of FC.
3.4 Summary
The STER Model is generated from the literature and is a visual aid for exploring
how different attributes of corporate culture may contribute to incidents of FC based
on cases investigated by forensic accountants and events experienced by industry
professionals.
A review of the literature demonstrates the need for further empirical evidence
on how corporate culture contributes to incidents of FC. The model, therefore, assists
in answering the four research questions by guiding the researcher in exploring this
topic.
The next chapter (Methodology) outlines the chosen research design for this
study including sampling, how data is analysed, how trustworthiness is achieved,
ethical considerations, and finally, identifies the potential risks of this study.
Chapter 4: Methodology 63
Chapter 4: Methodology
The methodology adopted in this study is qualitative, using interviews with
forensic accountants and industry professionals to investigate the relationship between
the four attributes of corporate culture and incidents of FC. This chapter describes and
justifies the design adopted to answer the research questions identified in the previous
chapter. The first section (4.1) of this chapter discusses the research design that was
used in the study and the stages by which the research design was implemented. The
second section (4.2) details the participants in the study and reasons for their inclusion.
The third and fourth explains the instruments used in the study and justifies their use
(4.3) outlining the procedures used and the timeline for completion of each stage of
the study (4.4). Data analysis is discussed in the fifth section (4.5) with the chapter
concluding (4.6) by outlining the ethical considerations of the research and identifying
potential problems and risks.
4.1 Research Design
A qualitative inductive research design using semi-structured interviews was
used to solicit deep insights into this topic. This approach was chosen to enable an in-
depth exploration of social and cultural perceptions on incidents of FC. Qualitative
research was selected over quantitative as it provided the capacity to probe into greater
depth and obtain more information (Gable, 1994), which is particularly useful when
addressing complex organisational cultural issues. Manning and Kunkel (2014)
observed that qualitative research allowed richer data based on participant-driven
understandings (p. 435) and that participants subjectivity can “help bring ideas or
concepts into focus that might otherwise elude researchers” (p. 436). This framework
therefore, enables fuller exploration of forensic accountants’ and industry
64 Chapter 4: Methodology
professional’s subjective perceptions as to the interface between corporate culture and
the FC cases they have investigated and/or experienced. Further, similar prior research
has validated a qualitative inductive approach for examining the relationship between
corporate culture and incidents of FC (Goodstein, Butterfield, & Neale, 2016; Van
Akkeren & Buckby, 2017).
Further explanations on the number of participants and the reasons this research
used semi-structured interviews are provided in section 4.2 and section 4.3
respectively. The next section details the participants and sampling strategy for this
qualitative inductive study.
4.2 Participants and Sampling Strategy
Purposeful sampling is used in gathering data in this study. Zikmund (2003)
explained that in this framework samples selected need to have appropriate
characteristic to serve the specific purpose (p. 382). Teddlie and Yu (2007), in
comparing purposive and probability sampling, found purposive sampling to be better
suited to address a specific purpose related to the research questions, that is, samples
are selected based on the probability of informing the research questions. Thus,
purposive sampling is preferable as forensic accountants and industry professionals
have the specialised knowledge on the role of organisational culture and incidents of
FC from cases they have investigated and/or experienced. As Young observes, one of
the forensic accountants’ job requirements in investigating a case includes looking into
a company’s culture (Young, 2014). Industry professionals, which in this study are
compliance managers, were chosen because part of their role is to ensure firms having
an honest, ethical and compliance culture (Interligi, 2010; Jenkinson, 1996) in
preventing compliance risk which includes fraud and corruption (Dominic, 2018). For
Chapter 4: Methodology 65
these reasons, both forensic accountants and industry professionals were able to
provide deep insights into the causes of FC from a cultural perspective.
In purposive sampling, the sample size is typically small, fewer than thirty, and
concentrates more on the depth of the information (Teddlie & Yu, 2007, p. 84).
Approximately twelve forensic accountants and industry professionals were chosen to
participate in this research and eight in total accepted that invitation. Although many
attempts were made to source further participants, time constraints of participants, in
part due to many being involved in the Banking Royal Commission, hindered this
process. However, the number of participants was not fixed and data collection was
complete when data saturation was achieved, that is, the point in data collection and
analysis process was reached when no new categories or themes emerge, which
supports DiCicco‐ Bloom and Crabtree (2006, p. 317). Although sampling was
purposive, the participants selected were randomly chosen to minimise both
participant bias risk in responses and researcher bias in participant selection (Zikmund,
2003). This was done by using the “RAND” function in Microsoft Excel to randomly
generate numbers that are associated with each of the potential participant’s names.
The following section describes the instruments used for data collection process.
4.3 Instruments
4.3.1 Interviews.
The data collection instrument was semi-structured interviews. Interviews are
the most commonly used data collection method in qualitative research (DiCicco‐
Bloom & Crabtree, 2006; Kallio, Pietilä, Johnson, & Kangasniemi, 2016), and are
capable of generating rich data (Schultze & Avital, 2011). In the interview method,
Schultze and Avital (2011) highlighted the importance of having an interview protocol
(see Appendix B), identifying its dual purposes as (p. 3):
66 Chapter 4: Methodology
(1) To outline the steps and questions to be taken and asked in order to extract
relevant responses from the participants; and
(2) To minimise the possibility of the researcher on interfering with the data
extraction process (see section 4.7 for further explanation).
Guest, Bunce, and Johnson (2006) suggested that approximately 88 percent of the
necessary data can be obtained with only 12 interviews. Therefore, in this study data
saturation was expected well within twelve interviews.
Barriball and While (1994) listed several advantages of using interviews as the
method for data collection (p. 329). These included:
(1) Better response rates as contrasted against a questionnaire survey;
(2) A better-suited method for exploring subjective subject matter, such as
attitudes, values, beliefs and motives;
(3) Better researcher capacity to measure the validity of responses by observing
non-verbal indicators such as, for example, body language;
(4) Greater consistency in that this method “can facilitate comparability by
ensuring that all questions are answered by each respondent” (Barriball &
While, 1994, p. 329); and
(5) Better validation of response integrity through the ability to ensure all
answers are purely from the respondents.
Further, face-to-face contact with the researcher may motivate participants to engage
actively in the interview. These advantages align with this study’s aims to: (1) explore
subjective views of forensic accountants and industry professionals; (2) ensure that
Chapter 4: Methodology 67
they respond to every question and, where appropriate, generate further probative
questions and answers; and (3) observe non-verbal indicators during the interview.
Finally, Van Akkeren and Buckby (2017) and Campbell and Göritz (2014) have
demonstrated the usefulness of the interview method in studying economic crime.
4.3.1.1 Semi-structured interview.
Semi-structured interviews are the most widely used interviewing method
(DiCicco‐ Bloom & Crabtree, 2006, p. 315). DiCicco-Bloom and Crabtree argued that
structured interviews often produced data that is quantitative in nature, while Dana,
Dawes, and Peterson (2013) highlighted that unstructured interviews may be subject
to limited validity due to randomness. Dana et al. explained that without at least some
interview structure, there is no capacity to compare responses. Combining both of
these issues, Fontana and Frey (2000) summarised the advantages of structured
interviews as including consistency and reliability with the primary disadvantage
being the inability to follow emergent new lines of inquiry (less chance of probing).
Unstructured interviews, therefore, advanced the flow of the process in a manner
similar to a conversation, facilitating generation of rich data but carry the risk of
acquisition of unusable data due to superfluous information. Therefore, the semi-
structured interview method combined both the strengths from other methodological
approaches while minimising the weaknesses.
As explained above, the advantages of semi-structured interviews included
versatility and flexibility (Kallio et al., 2016). Semi-structured interviews were also
useful in establishing reciprocity (or mutual exchange) between the researcher
(interviewer) and participants as the interviewer is able to improvise follow-up
questions based on the participants’ responses (p. 2955).
68 Chapter 4: Methodology
The next section outlines design integrity for this research aimed at ensuring
trustworthiness.
4.4 Trustworthiness of the Research Design
In ensuring the credibility, transferability, dependability, and confirmability of
the research, this study follows guidelines established by Shenton (2004).
4.4.1 Credibility.
Credibility as a factor goes to ensuring whether the study measures what is
initially intended, that is, “how congruent are the findings with reality?” (Shenton,
2004, p. 64). Credibility is achieved, according to Shenton, through seven
mechanisms. These include (pp. 64-69):
(a) adopting a well-established research method;
(b) being familiar with the culture of the participants’ organisations prior to data
collection;
(c) doing random sampling of participants;
(d) giving participants the opportunity to refuse their participation to ensure their
honesty;
(e) using iterative questioning to probe for further explanations;
(f) working with thick descriptions (that is paying attention to contextual detail
in observing and interpreting social meaning) of the matter being investigated;
and
(g) examining prior research.
Point A is achieved by adopting a qualitative interview method that has been
shown to be useful in research related to economic crimes (Campbell & Göritz, 2014;
Chapter 4: Methodology 69
Van Akkeren & Buckby, 2017); point B, the culture of participants, by “consulting to
appropriate documents” (i.e., academic and industry publications) prior to interviews
to become more familiar with participants’ responsibilities (Shenton, 2004, p. 65);
point C, random sampling, through identification of this study’s participants (forensic
accountants and industry professional) which was narrowed to twelve with data
saturation used as the collection cut-off determinant (see section 4.2); point D through
the ethics approved protocol of enabling participants to refuse participation before,
during and up to four weeks after completion of the interview; point E through the use
of iterative questioning to probe for deeper explanation; point F, thick description is
addressed and discharged in the analysis and discussion section of chapter 6; and,
finally, point G, the examination of previous research findings is outlined in chapters
2 and 3 and findings from this study will be compared with the extant literature.
4.4.2 Transferability.
Shenton (2004) explained transferability as the extent a study can be applied to
other circumstances (p. 69). The requirements of achieving transferability include (p.
70):
(a) giving a full description of the number of participants;
(b) describing any restriction in the type of participants included in the study;
(c) explaining how the data collection will be employed;
(d) identifying the number and length of the data collection sessions; and
(e) recording the time period for data collection.
As explained in Section 4.2, the number of participants was expected to be
approximately twelve or the relevant point at which data saturation occurred. The type
of participants (i.e., forensic accountants and industry professionals) was restricted by
70 Chapter 4: Methodology
their expertise and experience in investigating incidents of FC and the insights this
background provided into the role corporate culture played in contributing to these
incidents (Dominic, 2018; Interligi, 2010; Jenkinson, 1996; Young, 2014). The method
of data collection, point C, was semi-structured interview because it is the most
commonly used data collection method for an interview (DiCicco‐ Bloom & Crabtree,
2006), and its ability to probe for further question and getting rich data (Schultze &
Avital, 2011). As per point D, the survey size is outlined and the length of each
interview was 30-45 minutes with the outline of interview procedures and the time
period for this activity (point E) described further in section 4.5: Procedures and
Timeline. In line with data collection protocols, the processes around consent from
interviewees and their organisations along with the requisite documents (i.e., letter of
invitation and participant consent form), timelines, transcripts and other information
gathered will be stored and retained in accordance with QUT Ethics Committee
requirements and archival best practice.
4.4.3 Dependability.
Dependability in qualitative research is similar to reliability in a quantitative
study, that is, similar results should be obtained if, assuming all things being constant
with prior research (participants and context), the same methods were applied
(Shenton, 2004, p. 71). Shenton listed three ways of attaining dependability (pp. 71-
72):
(a) explaining the step-by-step of the research design;
(b) describing the stage of data gathering; and
(c) giving reflective appraisal post-data collection.
Chapter 4: Methodology 71
The research design, point A, is a qualitative method, utilising semi-structured
interviews with forensic accountants and industry professionals as the source of data.
The description of the procedures of data gathering (point B) included ethical
application, consent procurement and documentation around timelines for completion
(see section 4.5). Results from the interview were analysed using a content analysis
method, which included three-step procedures: open, axial and selective coding. It is
further described in section 4.6. Reflective appraisal of the method includes
explanation of varying results derived from interviews (Chapter 5: Results),
comparisons with literature review findings (Chapter 6: Discussion) and
limitation/future research directions in the concluding chapter (Chapter 7:
Conclusion).
4.4.4 Confirmability.
Confirmability, like objectivity in a quantitative study, means to ensure that the
result of the research is not unduly influenced by the subjectivity of the researcher
(Shenton, 2004). Shenton further explained that confirmability can be realised by (p.
72):
(a) acknowledging researcher’s subjectivity; and
(b) describing the audit trail of the research, including its results.
In acknowledging subjectivity (point A), beliefs regarding decisions made and
methods adapted are said to be explained. The researcher believes that forensic
accountants and industry professionals are suitable sources in exploring the
relationship between corporate culture and incidents of FC based on the
aforementioned literature (Dominic, 2018; Imoniana et al., 2013; Interligi, 2010;
Jenkinson, 1996; Young, 2014).
72 Chapter 4: Methodology
An audit trail (point B), that is, the step-by-step procedures regarding this
research is explained throughout this thesis, from the method adaption (Chapter 4:
Methodology), results of the interview (Chapter 5: Results) and the analysis of those
results (Chapter 6: Discussion). Audit trail also includes the method to store the
interview data. During the transcription of the interview data, data were de-identified
in order to safeguard the participants’ anonymity and confidentiality. For instance,
participants’ names and positions were coded and stated without the name of their
organisations. Hard copies will be kept securely for 15 years, as per the Queensland
State Archives Schedule, in a locked filing cabinet inside the principal supervisor’s
room at the university. Soft copies are kept electronically on the password-protected
QUT mainframe drive.
The next section outlines the procedures taken in gathering the interview data
from participants. In addition, the timeline for data collection is provided, as well as
the write-up for the remainder of the chapters.
4.5 Procedures and Timeline
4.5.1 Procedures.
There were a number of procedures that were taken to ensure the trustworthiness
of this study. First, ethical approval was sought from the university (QUT). Once
approved, the method for contacting participants was derived from QUT guidelines
with standard introductory letters and permission forms. Institutions were contacted
via email and/or phone call. Several documents were attached in the email: a
participant consent form, an information sheet, two letters of invitations (for the
institutions and the participants), an introduction letter, and a permission advice. For
analysing the data, there was also a transcriber confidentiality agreement for an
external transcriber to ensure the participant data remained confidential. Once
Chapter 4: Methodology 73
participants and their institutions agreed to be interviewed, they were contacted for
further details of the activity and given a chance to ask further questions. The
permission from the head of each firm was included in the interview consent
documents sent out by email to individual participants who had agreed to participate
in this study. Finally, several dates were set for the interview process.
This study has received ethical approval from QUT Ethics Committee.
According to the Committee, it is mandatory to give the participants continuous
consent. Therefore, participants may withdraw their participation before, during and
after four weeks of the initial interview. Should they choose to withdraw from the
interview, the data will be destroyed, provided that it is still within the four-week
period. This option for participants does not have any implication toward the
participants’ relationship with QUT, the researcher or supervisors. Participants were
informed via verbal communication and consent form that the interview and any
reports produced from the interview would remain anonymous and stored
electronically in a password-protected folder.
The interview questions included the four attributes of corporate culture
discussed in Chapter 3 and their relationship (potential and existing) with incidents of
FC. At the beginning of each interview, permission to record was obtained from all
interviewees both verbally and in written form. Again, participants’ anonymity was
assured.
4.5.2 Timeline.
The timeline for the procedures in this study are listed in Table 4.1.
74 Chapter 4: Methodology
Table 4.1
Timeline for procedures
Steps Procedures Timeline
1 Thesis write-up: Chapter 1 – Chapter 4 Completed November 2017
2
Ethical approval and interview
questions (draft)
Completed September 2017
(together with Thesis write-up)
3
Acquiring participants’ contacts and
contacting them
March 2018
4 Interview and transcribing April - June 2018
5
Chapter 5 (Results) and Chapter 6
(Discussion) write-up
April - June 2018
6
Ongoing consultation and Chapter 7:
Conclusion write-up
Finished by August 2018
The next section (4.6) discusses the steps taken in analysing the data extracted
from participants.
4.6 Analysis
The data from participants’ interviews were analysed using a detailed, three-step
content analysis procedure (Berg & Lune, 2012; Goodstein et al., 2016; Van Akkeren
& Buckby, 2017): open, axial and selective coding. The first stage involved the
researcher coding interview data based on the four research questions using NVivo 11
software. The software allowed for the coding of major themes emerging from the
data. The coding stage is referred to as the three-step coding (Glaser & Strauss, 1967;
Chapter 4: Methodology 75
Strauss & Corbin, 1998). As explained by Goodstein et al. (2016), the first step is
identifying the code and may include “a single word, a phrase, a sentence, an entire
paragraph, or even parts of separate sentences or paragraphs” (p. 22). This is referred
to as ‘thought units’ or ‘lower-level nodes’.
The second stage comprised categorisation of the interview data from the first
stage into themes by identifying emerging patterns from the data. Data from the first
stage was grouped under emerging categories (e.g., grouping management-related
concepts into ‘tone from the top’), which were related to the research questions of this
study (Miles & Huberman, 1994). This stage was iterative and intersubjective where
the researcher compared similarities and differences between ‘thought units’ while
organising the emergent categories. By the end of this stage, differences across
categories were maximised while differences within categories were minimised. In
ensuring the consistency of this stage, the researcher conducted frequent ‘reality
checks’, including rereading the original interview transcripts and revisiting and
revising themes as necessary (Goodstein et al., 2016, p. 22). Any irrelevant ‘thought
units’, which were not necessarily related to corporate culture, its attributes and
incidents of FC, were removed. To increase the reliability of this stage, the researcher
asked for the supervisors’ opinions to ensure interview bias was minimised and
interpretation of data was in line with the research objectives for this study. This step
was undertaken because the supervisors do not know the interview results, therefore,
reducing the threat of familiarity with the data.
The final stage involved grouping the categories of data into different themes,
which is also called ‘top-level domain nodes’. Similar to the second stage, this stage
was also iterative and intersubjective. Further, this stage included comparing the
emerging pattern with the provided ‘STER’ framework from Chapter 3 to determine
76 Chapter 4: Methodology
whether or not the data supported the concepts. It is possible for additional cultural
attributes to appear from the rich interview data and this was the case in this study.
Therefore, additional attributes were used in refining the ‘STER’ model. The purpose
of this final step was to group different categories into much broader themes, which
then were analysed and compared to prior literature and the conceptual model. ‘Reality
checks’ were also completed to ensure that the data were consistent. This three-stage
analysis was completed once data saturation was achieved.
The following section outlines the ethical considerations of this research and
potential risks and threats to the results.
4.7 Ethics and Potential Risks
This study is classified as potential low-risk research, and any potential risks
were highlighted by the researcher when submitting ethical approval to the university’s
Ethics Committee. The approval number provided by the committee is 1700000819.
Potential ethical risks for the interview process are identified by Barriball and While
(1994) and Fontana and Frey (2000), and include informed consent, right to privacy
and protection from harm. In addition, the following were identified:
(1) Minor discomfort during the interview;
(2) Inconvenience due to the needs to give their time in participating in the
interview;
(3) Inconvenience due to the feeling of being coerced into participating in the
interview;
(4) Inconvenience due to the probability of their identity being known to
public; and
(5) Probability of participants refusing the interview being recorded.
Chapter 4: Methodology 77
The researcher and the supervisors identified several ways in mitigating these
potential risks. For instance, ongoing consent was given to participants providing
reassurance knowing they can withdraw their participation for up to four weeks after
the initial interview. An agreement between the researcher and the participants was
achieved before the interview, reducing the chance of the participants being
uncomfortable in sparing their time for the interview. Participants were also given the
opportunity to opt-out from the audio recording, meaning the researcher would have
to rely only on note-taking during the interview, and recollection of events after the
interview. Finally, participants were reassured that their anonymity would be
guaranteed by safeguarding their data. Hard copies will be kept securely for 15 years,
as per the Queensland State Archives Schedule, in a locked filing cabinet inside the
principal supervisor’s room at the university. Soft copies are kept electronically on the
password-protected QUT mainframe drive. Although this study collected and stored
data that may be individually identifiable, the report produced is in a form to ensure
participants are not re-identifiable. To achieve this, identifiers were removed and
replaced by codes that do not directly link the data to participants.
In the context of the interview itself, Myers and Newman (2007) listed several
problems and pitfalls that may hinder or even stop the interview process (pp. 4-5). The
ones that are relevant to this study are listed below together with potential mitigating
acts:
Artificiality of the interview – interrogating a complete stranger. Solution –
build rapport with the participants right from the start of the interview
Lack of trust – the possibility of participants choosing not to disclose certain
information. Solution – the participants may trust the interviewer better if
78 Chapter 4: Methodology
the interviewer is familiar with their occupations plus reassurances on
anonymity to improve trust
Lack of time – data are incomplete, due to the lack of time or collected data
are unreliable, due to participants forming their opinions under time
pressure. Solution – have an agreed upon length prior to the interview, for
example, 30-45 minutes and allow participants to tell their story
Ambiguity of language (Fontana & Frey, 2000) – the process of extracting
information out of interviewees is not straightforward. Further, English is
not the researcher/interviewer’s first language, therefore, this method may
be daunting. Solution – wording the questions carefully and repeating the
interviewee’s answers if unsure of their responses. Audio recording and
transcription of the interviews also assisted with this.
In transcribing the data using content analysis, there is always the possibility of
researcher’s bias (Goodstein et al., 2016). This condition was minimised by consulting
academic supervisors as they are viewing the data from different perspectives from
that of the researcher’s.
4.8 Summary
In explaining the relationship between the attributes of corporate culture with
incidents of FC, this research utilises a qualitative method by conducting semi-
structured interviews with forensic accountants and industry professionals. These
participants were purposively chosen due to their expertise and the researcher’s belief
that they have the knowledge on the relationship between corporate culture and FC
incidents. For this research to be trustworthy, its credibility, transferability,
dependability and confirmability were tested using specific guidelines (Shenton,
Chapter 4: Methodology 79
2004). After completing the initial interviews, content analysis (with NVivo 11) was
used in analysing the data. Further details regarding analysis are provided in Chapter
6: Discussion. This research has been approved by the QUT Ethical Committee with
ethics approval number 1700000819. Potential risks of this research are highlighted
together with potential ethical problems. The next chapter, Chapter 5: Results,
provides the findings from the data derived from interviews based on the perceptions
of participants.
Chapter 5: Results 81
Chapter 5: Results
This chapter presents findings from the semi-structured interviews. Findings are
presented in a sequential order to address each of the research questions identified in
Chapter 3: Conceptual Framework. The first section highlights the background
information of the participants which includes their role, firm size, education,
experience and main task in the workforce. Following this, evidence from the
interviews is presented beginning with shared values, tone from the top, ethics and risk
culture. A summary table of the findings is presented, which concludes the chapter.
5.1 Background Information
This section highlights the demographics of participants. The study sourced
forensic accounting experts with field experience and industry professionals with first-
hand knowledge. The sample chosen includes managers, partners and directors across
a range of firm sizes. A total of eight interviews were conducted through two mediums:
face-to-face (4) and telephone interview (4). To ensure a broad representation for the
collection of data, the participants’ roles vary from individual consultants to partners
of ‘Big Four’ accounting firms. Furthermore, although most participants are from
Queensland firms, many had worked interstate previously, and one participant was
based in Victoria. Finally, the length of participants’ experience ranges from six to 32
years, therefore providing different perceptions from those who are relatively new to
the field through to those with long standing experienced. Table 5.1 summarises the
geographical location of the informants, their role and the size of the firm.
82 Chapter 5: Results
Table 5.1
Demographic information of participants including the geographic location, their role, and the size of the firm
Participants ID Location Role Firm size Highest Education Experience Main Focus
Participant A Queensland Independent
Consultant Small Master’s degree 27 years
Fraud
Investigation
Participant B Queensland Director Medium CA 32 years Commercial
Litigation
Participant C Queensland Senior Manager Medium CA 7 years
Forensic
Investigation and
Dispute
Participant D Queensland Manager Medium Bachelor’s degree 6 years Forensic
Investigation
Participant E Victoria Senior Consultant Medium Master’s degree 30 years
Forensic
Investigation
[Corporate
Misconduct]
Participant F Queensland Partner Large MBA 19 years
Forensic
Investigation
[Corporate
Misconduct]
Participant G Queensland Partner Medium Bachelor’s degree 23 years Cyber
Investigation
Participant H Queensland Manager N/A Bachelor’s degree 10 years Compliance and
Risk
Note. CA = Chartered Accountants; MBA = Master of Business Administration
Chapter 5: Results 83
Participants are labelled alphabetically (e.g., Participant A, B, C etc) to ensure
anonymity. Interviews with participants covered several key issues of the interface
between corporate culture and incidents of FC including:
the role of shared values
tone from the top
role of an organisation’s ethics and risk culture as an influential driver
for whether employees commit fraudulent and corrupt acts
5.2 Evidence from Corporate Culture Attributes
This section presents views from participants based on the study’s conceptual
framework to answer the four research questions. It provides discussion of
participants’ opinions as to whether shared values, tone from the top, ethics and risk
culture contribute to incidents of fraud and corruption in Australia. The section also
identifies new concepts that have emerged from the interviews, which are discussed
further in Chapter 6: Discussion.
5.2.1 Shared values.
Research question one (RQ1) seeks evidence to examine the question:
“How do shared values contribute to incidents of fraud and corruption (FC)?”
Participants were asked whether, in cases they have investigated, shared values play
any role towards FC. Participants identified that shared values contributed to FC
incidents in three ways:
1) employees’ lack of self-validation,
2) employers shaping malleable culture, and
3) peer pressure from colleagues.
84 Chapter 5: Results
5.2.1.1 Employees’ lack of self-validation.
Self-validation refers to employees independently validating whether
instructions accord with formal institutional rules, regulations, procedures and
requirements or merely assume they are doing their job because everyone else is doing
the same activity. Participants gave examples on how employees frequently err in this
respect, falling into the latter category of accepting directions and performing duties
in compliance with surrounding practices, that is, they merely ‘did as they were told’
as the following examples demonstrate:
…I'm doing some work with one large company at the moment. It's very much
a new employee arrives and - so I'm sitting down with them and saying, well
why are you doing it this way? Because someone showed me how to do it. But
they don't question it. They don't ever pull out the policies or the procedures.
Then it just becomes this gap between what they're supposed to be doing and
what they're actually doing. So if they even think that something mightn't be
right and think something doesn't look right, they don't know how to
investigate it anyway, they don't know how to troubleshoot it because they
haven't been taught… (Participant A)
…they might be an accounts administrator or an accounts officer - someone
that's just responsible for the processing of a payment, not so much the
approval - they've identified something that has been suspicious to them but
they believe is normal practice within the organization…They get into that
sort of general pattern where this is okay. (Participant D)
Participants suggested that employees did not realise they were acting
unethically due to their beliefs that it is a normal practice within the organisation.
These examples also overlapped with comments around the importance of ethical
Chapter 5: Results 85
education for employees including not acting as they were programmed to do so (see
subsection 5.2.3.3).
5.2.1.2 Employers shaping malleable culture.
‘Malleable culture’ in the context of this study refers to a corporate culture that
is easily influenced by employers and precipitating negative results. Participants gave
several examples regarding the employers’ role in shaping/influencing culture, mostly
using the means of incentivisation:
This has come out in the Royal Commission, I’ve been following it fairly
closely… So [the Banks] are strongly incentivised to go and sell business in a
very competitive environment and as I say sometimes people can operate up
to the boundary but then if you're continuously operating at the boundary then
inevitably you will cross the boundary for example, in your working career.
(Participant E)
Culturally I've seen it's acceptable for those teams to be wined, dined, maybe
receiving gifts and they far exceed what's considered generally appropriate. It
just becomes it's okay and we've had discussions with clients saying, well this
is a serious issue and they say well no, that's just the way a tender works. As
an extreme, I've seen an instance where a successful bidder, after winning a
tender, took the pitch team out to celebrate, which involved a trip away for a
weekend. I think okay, that seemed quite over the top and they said no, it was
a large contract. It was a lot of work and it was everyone - the person running
that particular team wasn't able to attend the trip and received a boat. They
said it was a similar value. I'm going, well that doesn't make it right.
(Participant G)
86 Chapter 5: Results
The incentivisation culture described above suggest that daily socialisation,
specifically using the means of incentives, is an effective way for management to
create their ideal organisation. This culture was acceptable due to everyone’s daily
exposure to such culture.
5.2.1.3 Peer pressure from colleagues.
Participants identified fraudulent and/or corrupt culture becoming the norm due
to peer/colleague pressure. Peer pressure, equivalent to group norms, have a stronger
influence in shaping corporate culture as opposed to internal norms, that is, when faced
with peer pressure, people have two choices: to give in or to be shunned by others
because they do not fit in. Several participants provided insights into situations they
had encountered where the need to conform with the organisation’s practices in order
to be accepted by their peers became problematic. The quotes below provide two
examples:
… people will conform to a standard which is the overriding standard within
any organisation. So if someone comes to an organisation that has a really
high standard of ethical behaviour and conduct, then they will lift themselves
to that level because they need to conform. It's part of human nature and they'll
feel out of place if they don't. If they go into an organisation that turns up to
work at nine o'clock, and 10 o'clock goes and has a game of cards, and
lunchtime goes to the pub every day and comes back, and if someone who's
not used to that turns up in that environment they will lower their standards
because they will be part of this conformity. (Participant B)
So if you're working in a workplace where everybody does the wrong thing
and they basically ignore the code of conduct then that's what you'll do.
Because you want to be accepted by the group, and the way to be accepted by
Chapter 5: Results 87
the group is to behave like the group and to adopt the shared values of the
group. (Participant E)
Participants suggested that shared social norm is enforced by the people within
the firm and employees who behaved unnaturally (in comparison to the social standard
within the firm) are likely to be shunned by their cohorts. This condition emphasises
the need for having a positive culture in a firm in order for people to reject bad apples
in the firm and not vice versa. The following highlights participants’ views on sub-
cultures and how they impact on acts of fraud and corruption and is a new finding for
this study.
5.2.1.4 Corrupted values within a sub-group.
Three participants observed that corrupted values can be limited to a sub-group
within an organisation. They suggested that risky behaviours or practices may occur
only within a specific group and not spread to the rest of the organisation as occurred
with HIH Insurance, Enron and other high-profile cases. The following provide some
excerpts of participant views:
It just seemed that there was a culture, a boys' club if you want to call it, within
that entity, that then ended up - it was just so toxic that they were all I suppose
fuelling each other and doing the same things. If he's doing it, I'm doing it,
that type of thing. (Participant C)
I would say a company as a whole. If they're that big you wouldn't have the
company as a whole having a bad culture. I think it would be either units
within that culture - selected teams who have bad culture - and it's gone
throughout the whole team - this is what they believe is correct and this is how
we'll do things. (Participant D)
88 Chapter 5: Results
I think - the vast majority of the cases I've looked at, the - if there has been a
person or a group of people whose values haven't aligned with the stated
position of the corporation. You've usually got a manager or a group of
managers or a team somewhere whose values diverge from the corporate
values. That's by far the more common case. I do think it's pretty rare that that
- the organisation in entirety has unethical values. (Participant F)
Participants suggested that groups of employees with poor culture could be hidden and
commit fraudulent acts without others in the organisation knowing. As ‘corrupted sub-
group’ does not fit into the original ‘STER’ model, it will be considered “new” for the
purpose of this research and it will be examined further in the following chapter.
5.2.1.5 Promoting good shared values.
Participants also suggested the notion of promoting a strong culture of shared
values within a firm as one measure to minimise incidents of FC confirming the
importance of positive shared values. Below are example quotes from participants:
Then hiring appropriate and promoting appropriate employees is important
within a culture. If you have someone that's really good and honest as part of
your culture and is a leader in your place. You promote the appropriate ones
and you don't promote and reward people who don't fit that culture. So it's
important to understand that is important. (Participant B)
What we're talking about is some companies have had a $500 - we've seen in
years gone by that had a - you know, that they won't bother investigating
anything that's a complaint about $500 or less. You have to have that zero
tolerance that no one can get away with anything in regards to fraudulent or
corrupt conduct and I think if that's enforced the you know okay, I can't even
try for this $200 thing or $100 thing. (Participant D)
Chapter 5: Results 89
Summary of Shared Values
Regarding the first RQ ‘How do shared values influence FC conduct’, most
participants opined that incidents occurred because employees mimic others in their
daily activities. The action they copy from their colleagues might be considered
‘minor’: such as taking $20 without reporting it, or using company’s credit card to pay
for things that are not related to the business; or much of a bigger scale: such as bribery
to achieve a firm’s targeted result (Participant B, C, D and E). To add, it was suggested
that perpetrators may undertake these actions because they just did what they were told
without evaluating the consequences or they wanted to be accepted by their peers to
avoid other people distancing themselves because the perpetrators were not “one of
us”. Although they may seem reluctant at first, with time and daily exposure to such
acts, they would adjust their standards to that of the culture of the firm.
Participants were also asked how to promote good values within a company and
recommended that management have strong anti-fraud policies and behaviours, and
that these, combined with consistent reminders, such as ethical training (discussed in
subsection 5.2.3.3) or zero tolerance policies, would improve shared values within a
firm.
The next subsection discusses the second element of the STER model, that is,
tone from the top.
5.2.2 Tone from the top.
Research Question two (RQ2) focusses on tone from the top and asks:
“How does tone from the top contribute to incidents of fraud and corruption (FC)?”
Participants were asked questions related to management and leadership and the role
90 Chapter 5: Results
each played in cases they have investigated and how leadership contributed to FC.
Findings were that management contributed to FC by:
1) ignoring the rules and
2) authorising FC misconduct.
Each is addressed below.
5.2.2.1 Ignoring the rules.
Participants suggested that FC incidents occurred because people failed to
adhere to rules and regulations. Participants’ offered examples:
I've seen businesses where there's definitely - the owner's gone, well the rules
don't apply to me, and the tone from the top and the culture's just not been
good within the organisation. Because if the owner doesn't - if it's not good
enough for the owner, then why carry - why should the employees follow the
rules? So I've seen that in some instances and they've been ones that we've
had to go and do investigations for. (Participant A)
An organisation that has a very high turnover in a particular industry.
Everything was pretty relaxed. The business was owned by a number of
people in the family and they pretty well did what they liked. Someone wanted
to go out and spend $5000 on something they would. Someone wanted to take
some cash out of the bank and they'd cash a cheque. The brothers would run
around doing whatever they wanted to. So that developed this relaxed culture
in the organisation where there wasn't any controls, there wasn't any
purchasing protocol, there wasn't any budget process. So everyone else in the
organisation decided, well, this is all - if they can do it this is going to be easy.
So pretty well they were - it was a free-for-all. I mean they lost over $10
million over… (Participant B)
Chapter 5: Results 91
By doing what they please, management perpetrators set the example or tone for
other employees, that is, that it is acceptable to undertake such acts because their
supervisor is doing the same thing.
5.2.2.2 Authorisation of misconduct.
The culture of accepting gifts highlighted earlier in the ‘shared values’ section
evidenced that management do not have to model best practice behaviour themselves
for employees to follow. Rather, participants suggested that incentivisation may arise
through the use of inappropriate or misplaced ‘reward’ systems. Examples provided
included rewards such as holidays, parties and gifts – in lieu of praise and annual
appraisal adjustments – for employees upon completion of major projects.
Despite, for example, Participant G’s explanation about accepting gifts being
inappropriate (see section 5.2.1.2), employees that this participant had interviewed
during forensic investigations accepted and enjoyed the gifts as they regarded them as
a reward for their work. This situation empowers employees’ beliefs that what they do
is right because they are constantly praised and rewarded.
Another reason provided by participants on why tone from the top is imperative
for an organisation’s culture was due to employees assuming that management conduct
is standard and, consequently, try to follow their conduct.
Participant E provided the following example:
Because people look up to those above them on the organisational chart and
they are motivated to…servicing that person's needs as conveyed to them by
that person on behalf of the organisation. Most people are motivated towards
being seen as complying with instructions, working towards achieving the
organisation's goals as conveyed to them by their management team. So they
92 Chapter 5: Results
look up to those people and to a degree they would adopt their behaviours.
(Participant E)
Participant E’s response demonstrates the importance of having the right person
in a management role and that employees try to please management by following their
instructions.
Another reason why leadership is important is because employees look up to
management and therefore assume what management does is within the acceptable
boundaries. When asked the reason why employees did not realise they are conducting
fraudulent or corrupt activities, one participant commented:
[Junior staff] don't want to be coming across as one of these people that are
opposing a view or trying to highlight something that might be inappropriate,
given that they might think what might happen to me if I do this? I'm just
going to just do my job, get done what I'm paid for and just go home at the
end of the day. Others are…naïve to the fact of what's going on and it's not
until that stage where you outline what the actual policies and procedures
say…that's when it clicks that something was wrong. (Participant D)
Participants suggested that employees learn what they are taught and then
emulate these procedures. Therefore, the quote suggests that employees are either
ignorant or naïve to the fact that they were acting unethically.
5.2.2.3 Improving tone.
Due to the importance of this issue, participants were also asked on how to
improve tone from the top in curbing further misconduct. Below are examples
provided by participants:
Zero tolerance. From what I've seen, it's the companies that actually if they
have a fraud or corruption issue, turn around, investigate it fully, pass it to the
Chapter 5: Results 93
police and are open and honest about what happened and why it happened and
who's involved, that type of thing. Then that sends a message down the line to
say, well this isn't acceptable behaviour. (Participant C)
Having a chief risk officer or somebody in that risk role endorsing and then a
CEO actually coming out and saying, this is really important to us. This is
something that we're focusing on, this is part of our culture. (Participant G)
I think if you brought an external specialist in and put them in front of a board
and said this is why you need a fraud and corruption program. It will put you
in jail. It would change the thinking around fraud and corruption programs.
But I don't think it happens at that level. I would call it a risk to role approach.
Those high-risk roles like your board of directors, need to know a lot more
about fraud and corruption than say your payroll officers. So take a risk to role
approach. (Participant H)
Analysis of participants views identified five major points on how tone from the
top can be improved: (1) having a zero-tolerance policy in the firm, (2) be firm with
every employee even if they are considered indispensable to the company, (3) educate
employees from top to bottom on FC, (4) the importance of dialogue between the C-
suites and employees in the firm and (5) taking a risk-to-role approach.
Summary of Tone from the Top
To summarise, findings suggest that tone from the top contributes or enables
incidents of FC by demonstrating to employees the poor face of management (i.e.,
ignoring rules). Participants argued that management may also influence employees’
conduct by authorising such conduct using means such as punishments and rewards.
Participant also emphasised that management sets an example and because employees
94 Chapter 5: Results
try to please them, committed acts that they may not otherwise have been inclined to
do.
There are four important points on how to improve tone from the top provided
by participants: the importance of zero tolerance; the need to act on the professional
assessment completed by external parties; the importance of having dialogues between
C-suite executives and everyone else in the firm; and the implementation of risk-to-
role approach. Participant G suggested that C-suites’ endorsements carry more weight
to the message and signal to everyone in the firm that starting from the top, everyone
needs to take fraud and corruption seriously. Of equal importance, Participant H’s
recommendation on taking a risk-to-role approach suggested that risk awareness starts
from top management. Similar to ‘corrupted sub-group’ in section 5.2.1.4, risk-to-role
approach is considered as a “new” finding for the purpose of this research and will be
discussed in the next chapter.
The next subsection examines the third attribute of the STER model, that is,
ethics.
5.2.3 Ethics.
The third RQ (RQ3) asked “How does ethics contribute to incidents of fraud and
corruption (FC)?”
In terms of ethics, participants were asked questions related to the role of ethic’s
in either preventing or enabling FC incidents to occur. Questions covered three main
topics: ethical rules, ethical climate and ethical education.
5.2.3.1 Ethical rules.
Most participants agreed that having clear and concise rules are needed to
minimise FC incidents. Examples of participants’ responses regarding the importance
of having clear ethical rules and regulations are listed below:
Chapter 5: Results 95
If you define what - you know, have statements and try to define what is
ethical behaviour for an organisation that relates to that organisation, so I
guess you need to think about what it is you do and sell or what it is - and then
make - so people understand what's right and wrong. (Participant G)
I think it really goes back to the behaviours that are allowed to manifest. So
people in my experience test what they can get away with. If they find that
they can get away with they will continue. Usually the incidents of those type
of behaviours get more and more severe as they go along. So it's more that
they're not pulled into line, they're not reprimanded about non-compliant
behaviour. (Participant H)
Participants suggested that having clear rules and regulations is an effective
measure for curbing incidents of FC. Many added the importance of having clear and
proper ethical guidelines within a firm to remove ambiguity, as well as to prevent
people from circumventing the rules.
5.2.3.2 Ethical climate or ‘what is normal’.
A number of participants commented on how, despite having regulations,
employees were still engaged in misconduct due to their actions being considered
normal practice within the firm:
What's happened in the case of the Royal Commission is brokers will get
someone who comes in who's a bit on the edge of somebody who's suitable to
get loan funding, they'll find a way or means to get that loan application over
the line. Now if that means fudging documentation or turning a blind eye to
factors that would mean that this person shouldn't get financed then they'll do
it. That's the sort of culture that I'm talking about… (Participant E)
96 Chapter 5: Results
We've seen some examples where it's just always been allowed to happen..
…because it's been done once - it starts to grow and what maybe wasn't okay
last year is now okay because the amounts increase or the number of people
doing something gets - we do see that it's very hard to unwind that type of
culture.
…It's probably illegal, it's in breach of all these policies, it's not okay. So that
change becomes really difficult. We find that it's also very difficult to get buy-
in from senior people because if they were also doing this, they're accepting
that they've been doing something wrong as well? (Participant G)
These normal practices identified by participants are what is referred to in
Chapter 2 as ‘ethical climate’. Participants opined that sometimes misconduct is
allowed to happen due to people assuming the conduct as acceptable. This is because
the rules may not be clear, or because it is a normal practice in the firm despite the
rules. Once everyone accepts the new normal, they will live in the new perceived
normative environment or the new ethical climate. As explained by Participant G, once
the ethical climate is changed, it can be quite difficult to change it back to how it is
supposed to be.
5.2.3.3 Ethical education and policies enforcement.
Most participants acknowledged the importance of ethical education and for the
constant reminder/enforcement of ethical education and rules within a firm as a
preventive FC measure. In terms of ethical education, participants strongly agreed that
employees need to be trained ethically:
I think the problem is when policies aren't properly - or employees don't
understand policies. So it's the whole you stick policies on the shelf and people
don't read them. The number of times I've done fraud investigations, in
Chapter 5: Results 97
interviewing the person you think's done it and they go, I didn't know I couldn't
do that. Oh it's amazing. (Participant A)
I think that's - it's a two-pronged approach. You definitely need policies and
procedures, but you need people to know about them and need them trained
up on them, need them to understand what happens if they come across a
potential fraud or a corruption problem or incident and know what their
responsibilities are. (Participant C)
It's more than a policy. It's an actual - it's got to be understood. There is various
ways to educate people. But they do need to understand that they need to be
given the opportunity to query on it, work through scenarios, dilemmas and
see how it works. (Participant F)
Together with ethical education, participants also recommended employees
consistently follow the rules or that they should be regularly enforced:
There's a practice, if you have an expense this is how we reimburse you. You
can't just go and take cash out of a tin or out of the till and go and reimburse
yourself, there is a process. So conformity with processes, again, [instils it].
The last thing we have is proper discipline when the code of culture of honesty
is broken. So dealing with people appropriately who step out of line with
respect to that culture. From taking the ream of photocopy paper home, to
filling up your car, your wife's car with your work fuel card, dealing with those
appropriately is important as well. (Participant B)
…actually enforcing the policy I think is even more important than just
training or having the policy… So you need to make your staff aware of what's
there and how we do things in this organisation.
98 Chapter 5: Results
But unless you enforce it, employees could just go off and do whatever they
want. It's that standard thing where people will say oh, I haven't read the code
of conduct. …unless you're actively enforcing it and having the proper
controls in place… (Participant D)
It needs to be - they need to demonstrate those values as well in their actions
and behaviours. But no, I think it's critically important to set the standard or
the benchmark, so that people know what's expected of them in that
organisation. (Participant F)
Although ethical education is in the original ‘STER’ model, ethical
reinforcement that participants recommended is not. Therefore, the combination of
ethical education and ethical reinforcement will be treated as a “new” finding for the
purpose of this research under the name ‘two-pronged approach’. This finding will be
further discussed in the next chapter.
Summary of Ethics
In summary, based on the findings from participants, ethics may contribute to
incidents of FC by firms not having clear sets of rules and regulations, negative ethical
climate (corrupt normative environment) and the lack of education and enforcement
of policies inside a firm.
To improve the overall ethics (ethical culture, ethical education and ethical
climate) within a firm, participants’ suggestions are to have clear sets of rules, a robust
ethical education program, constant enforcement of these rules and programs via
leading by example, and finally, empowering employees to speak up when there is
fraudulent or corrupt behaviour occurring within the organisation.
The final subsection analyses the final attributes of STER, that is, risk culture.
Chapter 5: Results 99
5.2.4 Risk culture.
The final RQ (RQ4), in relation to risk culture, is “What are the elements of poor
risk culture that most commonly contribute to incidents of fraud and corruption?”
In seeking out the answer to this question, participants were asked questions
related to a firm’s risk culture, such as the importance of having a risk framework or
risk assessment, the role of regulators and why some firms do not undertake fraud risk
assessment.
5.2.4.1 Risk framework’s role.
To answer the first point, the importance of risk framework inside an
organisation, participants discoursed:
I definitely think that if they've got a risk framework around fraud, then even
if they have fraud it gets picked up faster. So frauds don't cost the organisation
as much because they don't last as long, and employees are more willing to
come forward about it as well. (Participant A)
You might think in your organisation yeah, all my employees are fine. We've
done our background checks. We've done everything right. Everyone is good.
Then it just takes sort of a couple of incidents for some employee and then
they switch like that. So as part of that whole risk culture you need to be
continuously going through these risks and updating it on a regular basis.
(Participant D)
Doing a fraud risk assessment and a fraud control plan is not going to wipe
out the risk, it'll just help you to minimise the risk. So you can't say that this
sort of behaviour won't happen. But if you've got the appropriate treatment
plans in place, it'll be either aimed at preventing the fraud from occurring in
100 Chapter 5: Results
the first place, or secondly if it does occur, you're going to pick it up quickly.
(Participant E)
In addition, some respondents highlighted and commended firms that
proactively completed risk assessments to curb incidents of FC before it happens:
We're actually doing one at the moment and it's a proactive one and they
haven't suffered a loss or a fraud that we know of. They've just come to us and
they want to revamp what they've got in place. [Do it on] a benchmark against
best practice and what they've got in their policies and where their holes are
and doing risk assessments through initially an online survey and then more
direct one-on-one workshops or groups. (Participant C)
A lot of our clients who actually have dedicated risk teams seem to be quite
proactive. So they are employed to identify, manage and mitigate risk. They
will organise fraud risk assessments and different other risk assessments as a
tool to help them do their job. They tend to take that quite seriously and they
use that process to identify gaps as I said and actually make improvements.
(Participant G)
These examples establish that the chances of a firm suffering from FC are
minimised by being proactive, which in turn minimises the cost and reputational
damage related to FC.
5.2.4.2 Reactive risk assessment.
Despite a few positive instances, participants suggested that most firms
undertook risk assessment only after they have experienced incidents of FC, which
means, risk assessment is more reactive rather than proactive:
…at the moment unfortunately still very much until something happens and
the likes of us or someone comes in, do you have this in place, do you have
Chapter 5: Results 101
that in place? Didn't even know that existed or you didn't know, just it was on
a to-do list but we haven't gotten round to it or that type of thing. (Participant
C)
It's reactive, yeah. The same thing is true, and this is an important point, the
fidelity guarantee insurance. So fidelity guarantee insurance is what will
insure an organisation against workplace fraud, and we have a lot of clients
who have got fidelity guarantee insurance but then when you look at the cover
they've got say a $2 million cover, on the basis that they think in their worst
nightmares they might have a $1 million fraud would be absolutely worst case
scenario. Then they have a $20 million fraud and they're short $18 million,
and that has happened. (Participant E)
One hundred per cent reactive. No one has got a mature compliance program.
(Participant H)
These examples provided by participants demonstrate that most firms still do not
take fraud and corruption risk assessment seriously. Participants were also asked about
the reasons why firms are reactive, or why they did not undertake any fraud and
corruption risk assessments. Most participants suggested that firms do not take it
seriously because they do not believe that incidents of FC would happen to them,
because risk assessment is an unnecessary cost, or because they do not want to accuse
any of their employees. Examples from participants are provided below:
…fraud…it's a different type of risk, but it should be considered a risk just
like occupational health and safety. So it's another risk and it should be dealt
with in the same process. But people just freak out about fraud risk and they
102 Chapter 5: Results
don't want you going in and talking to their employees because they'll think
we're accusing them of fraud. (Participant A)
Yeah. It's quite - it's more common than you think. Fraud is always considered
as part of a risk register but they seem to put the incidence of fraud as not very
likely to happen or the consequence maybe not as severe as it should be… It
is again one of those things that people think they're immune from it and
they're fine and their business is okay. They don't fully understand maybe
where could be vulnerable in the business. Then once something happens -
again it goes back to this whole thing - things just blow up. (Participant D)
Once driven, that has been the competitive environment that we're now in and
we have been in for many years of course, where for every dollar you spend
on overhead is a dollar off your bottom line. A lot of senior executives in
business, they see things like internal control and risk management and so on
as an overhead for which they're not returning any profit. So the senior
executives are interested in investing in revenue generation but they're not
interested in investing in loss prevention, on the basis that what I would be
preventing may not happen anyway. (Participant E)
5.2.4.3 The role of regulators.
In responding to the answers provided above, a follow-up question was asked on
what the regulators could do to promote the importance of fraud and corruption risk
assessment. Respondents agreed that regulators should do more and put more rules in
place. Examples that advocated more rules are as follows:
I think it should be more prevalent in the regulators' legislations, yeah.
Particularly the reporting of it. (Participant B)
Chapter 5: Results 103
I think if there was a particular legislation that said, you have to have this, you
should have this in place, protect customers, and with the privacy stuff coming
out and notifiable breaches as well, sort of forcing companies that have been
subject to a cyber-attack or losing people's information, that they have to
report it, that type of thing can only help, I think. Just to be more transparent.
I think similarly with fraud and corruption issues that if they don't report, then
there's heavier sanctions and that type of thing. (Participant C)
5.2.4.4 Whistle-blower program.
Participants also strongly advocated for a robust whistle-blower program as a
part of an organisation’s risk culture:
…I think would be having sufficient detection in place - or detection strategies
and mechanisms in place to ensure - and making their employees aware of
these detection strategies so they know there's no sort of area where they can
target if they want to try and find a weakness. Whistle-blower is one detection.
It's one of the key ones - you know, another employee speaking out.
(Participant D)
We run a number of whistle-blower services for a number of clients. What we
see is that as long as the messaging through the organisation is appropriate, it
sort of aligns to a culture of doing the right thing… I think that's a really
important thing to give people that opportunity. (Participant G)
The importance of whistle-blower program is not in the original STER model and
hence, it will be considered as a “new” finding for the purpose of this thesis and it will
be discussed further in Chapter 6: Discussion.
104 Chapter 5: Results
5.2.4.5 How to ameliorate a firm’s risk culture.
Finally, participants were asked about measures to improve an organisation’s
overall risk culture. They proposed that firms realise that incidents of FC can happen
in any organisation and to have appropriate assessments in place. Examples from
participants are presented below:
It comes back to the basics. It's making sure that risk assessments are done.
Risk shouldn’t be, oh now we have to deal with risk; it should just be part of
the everyday work environment. That's a hard process to get to, be it
occupational health and safety or fraud or harassment or whatever component
of risk it is. It takes time to get to that point. But that's a gradual process that
an organisation has to work with, everyone within the organisation, to build
to a point where you don't have to think about it, it's just automatically part of
what you do. (Participant A)
To realise that fraud and corruption can occur and cause significant damage.
(Participant E)
…what's the risk? What's your stated position? What's your values? What's
your risk appetite and your tolerance? …how do you propagate that through
the business? How do you get that message out? Part of their job - whatever
their job is, their day job, there should be an element of it is that you are also
responsible for managing risk. (Participant F)
Summary of Risk Culture
Findings highlight several elements of poor risk culture that contribute to
incidents of FC: (1) lack of proactivity, (2) firms trying to cut their [overhead] costs,
(3) firms not believing that incidents of FC could happen to them, (4) firms not wanting
Chapter 5: Results 105
to offend any of their employees by undertaking preventive actions against economic
crimes, and (5) the lack of whistle-blower program inside an organisation.
Participants also provided their views on how to improve an organisation’s risk
culture, which included: (1) undertaking risk assessments proactively, (2) realising that
Australian firms are vulnerable to economic crimes, (3) enhancing the reporting of
these incidents, (4) embedding risk assessment as part of the firm, until it is natural to
do so, (5) the Government to enact new rules or strengthen their existing regulations,
and (6) implementing a robust whistle-blower program.
Table 5.2 provides a visual summary of the findings for this chapter, outlining
the most prominent contributors for incidents of FC for each of the corporate culture
attributes based on percentages of participants’ responses for each attribute. New
findings are highlighted in asterisks (*).
Table 5.2
Summary of FC contributors for each of corporate culture attributes
Shared Values Tone from the Top Ethics Risk Culture
Employees’ lack
of self-validation
(37.5%)
Ignoring the rules
(100%)
Lack of clarity
on ethical rules
(75%)
Lack of appropriate
risk framework
(100%)
Employers’
shaping malleable
culture (50%)
Authorisation of
misconduct (25%)
Negative
ethical climate
(87.5%)
Reactive risk
assessment (50%)
Peer pressure
from colleagues
(37.5%)
Poor example from
leadership (i.e., tolerance
against problematic
employee and no
dialogue between C-
suites and employees)
(25%)
Poor ethical
education
(75%)
Lack of proactive
role from
regulators (87.5%)
Corrupted values
within sub-
group* (37.5%)
Lack of risk-to-role
approach* (12.5%)
Lack of ethical
enforcement*
(87.5%)
Lack of robust
whistle-blower
protection
program* (100%)
106 Chapter 5: Results
According to participants, the most prominent aspects of corporate culture that
contribute to incidents of FC are leadership ignoring the rules, lack of appropriate risk
framework and lack of robust whistle-blower protection program. These findings will
be discussed further in the following chapter. The next chapter begins with a discussion
of the results from this chapter and compares findings with the extant literature in
Chapters 2 and 3. Following this, an examination of several new concepts that have
emerged from participants and not in the original STER model will be discussed.
Chapter 6: Discussion 107
Chapter 6: Discussion
This chapter compares findings with the extant literature in an attempt to answer
the research questions outlined in Chapter 3: Conceptual Framework. The chapter
begins with a comparison of STER contributors with the extant literature in the
following order: shared values, tone from the top, ethics and risk culture. This is
followed by presenting the revised and refined conceptual STER model based on
findings from the previous chapter.
6.1 Shared Values
The first research question asked: How do shared values contribute to incidents
of fraud and corruption?
Responses provided in relation to shared values regarding employees’ lack of
self-validation support several studies discussed in Chapter 2. For example,
employees’ shared knowledge within the firm gradually develop into shared beliefs
through time (Crémer, 1993; Van den Steen, 2010) and therefore employees do not
question other employees’ actions. This is an example of shared knowledge which
morphs to shared beliefs. Findings in this study concur with Cameron et al. (2009) as
they posited that everyday experiences of corruption can shape employees’ attitudes
towards it. In the case of shared values, even though it could be argued that employees
are not that naïve, they may believe the organisation is corrupt and therefore continue
doing what is expected of them.
The incentivisation culture mentioned by participants aligns with ‘employers
shaping malleable culture’ and concurs with the notion that daily socialisation,
specifically using the mean of incentives, is an effective way for management to create
108 Chapter 6: Discussion
their ideal organisation (DeBacker et al., 2015; Ogbor, 2001). Similarly, it was found
that the culture of receiving gifts was acceptable due to everyone’s daily exposure to
such culture, which concurs with Cameron et al. (2009). The reason why it is difficult
for these types of incidents to come to light may be because most employees enjoy the
benefits. Thus, as long as they are rewarded and incentivised, they are comfortable and
prefer to preserve the situation – a finding that supports Ernst & Young (2016) that
shared culture increases the likelihood of FC incidents not been reported.
Shared values also includes ‘peer pressure’ and findings from this study suggest
that corrupt culture becomes the norm inside a firm due to the influence of peer
pressure. As Liu (2016) posited, group norms have a stronger influence in shaping
corporate culture as opposed to internal norms. Findings from this study support Guiso
et al. (2015) and Liu (2016) that people within an organisation choose between
conformity or alienation with their peers in their workplace.
The final question relating to shared values examined participants’ views on
improving organisational shared values. Participants’ suggestions concur with Ogbor
(2001) who suggested that positive shared values unify people together as setting the
right values helps to shape people’s attitudes towards certain problems, which in the
context of this research is fraud and corruption being unacceptable.
6.1.1 Corrupted sub-group in an organisation.
A new finding that emerged from this study and not previously identified in the
literature was that corrupted values may only be shared within a small group of
employees within a firm, or a different ‘sub-culture’. Therefore, within an
organisation, findings suggest that employees are eventually bound or belong to only
specific group/s to commit FC. This means it is possible for corrupted individuals to
Chapter 6: Discussion 109
group without influencing the rest of the organisation. Therefore, as corrupted sub-
culture is a new finding for this study, it was added to the STER model.
6.2 Tone from the Top
The second research question asked: How does tone from the top contribute to
incidents of fraud and corruption?
Findings from participants concur strongly with the extant literature, in
particular, that senior management is, and should be, held responsible for most
fraudulent activities (Brennan & McGrath, 2007), and the important role of leadership
in strengthening an unethical culture within a firm (Biggerstaff et al., 2015).
Furthermore, the literature emphasises the critical value of the power that management
holds over their employees (Lail et al., 2015; Ogbor, 2001; Wimbush & Shepard,
1994) and this study confirms these findings. Participants suggested that by breaking
the rules, management sets poor examples for employees which will then continue
cascading to the lowest rank employees. This finding was demonstrated in the Enron
case, where rule-breaking activities were encouraged and lead to a firm’s demise (Sims
& Brinkmann, 2003), and as Liu (2016) suggested, top management needs to
encourage an anti-fraud and anti-corrupt corporate culture. Findings from this study
strongly support this view.
The incentivisation culture is not only part of ‘shared values’ identified in the
previous section, but also relevant to leadership. For example, findings demonstrate
that top management has the ability to choose what they want their employees to learn
by encouraging them to participate in said culture using the means of excessive
rewards after a successful project. This example concurs with Ashforth and Anand
(2003) who suggested that accepting gifts is an ‘authorisation act of corruption’ or
‘manager-forced learning’ (Van den Steen, 2010). Also, the APRA Report (2018)
110 Chapter 6: Discussion
emphasised that encouragement and rewards by leadership reflect the organisation’s
culture more than a mission statement.
Findings from this study suggest that poor management examples contribute to
FC as top management have the power and ability to control the firm; and that
employees try to please them by mimicking what they do. To improve tone from the
top, participants confirmed Shin (2012) that the significance of the CEO’s role in
establishing and promoting ethical conduct in the organisation is paramount in
minimising occurrences of FC.
Findings from this study on ‘tone from the top’ as a corporate culture attribute
concur with the literature, with the exception of one finding, a risk-to-role approach,
which is explained in the next section.
6.2.1 Risk-to-role approach.
Participants identified a risk-to-role approach to minimising FC as a leadership
initiative. Participants suggested that risk awareness starts at the top of the
organisational hierarchy. The higher the person’s position, the higher the need for that
person to understand risks associated with their organisation (including fraud and
corruption risks). As this approach is a new finding for tone from the top, it was added
to the STER model.
6.3 Ethics
The third research question asked: How do ethics contribute to incidents of fraud
and corruption? There are three components of ‘ethics’ discussed in this section, that
is, ethical rules, ethical climate and ethical education.
Participants’ responses regarding firms having clear ethical rules or policies are
in line with that of Ashforth’s and Anand’s (2003) who posited that having explicit
Chapter 6: Discussion 111
ethical conduct in a firm is preferred as opposed to implicit and indirect informal
institutionalisation. Furthermore, Treviño et al. (1998) explained that having an ethical
culture, which in this case is represented by having clear rules and a code of conduct,
is equivalent to a normative system within a firm. Therefore, by having an ethical
culture, organisations expect employees to follow the rules. Findings from this study
support this with the majority of participants advocating organisations having clear
definitions and rules on what is considered non-ethical behaviour.
Findings also highlighted the importance of ethical climate where everyone
accepts the new normal (including unethical conduct such as FC) and they will live in
the new perceived normative environment or the new ethical climate. This supports K.
D. Martin and Cullen (2006) that a firm’s work climate can reflect organisational
policies. Findings from this study suggest firms resort to misconduct as part of its
‘policy’ in attaining their goals (Vardi, 2001). In addition, Prabowo and Cooper (2016)
suggested that memories of a firm’s culture are built through past interactions and
activities, and findings from this study concur with this. Furthermore, findings
substantiate APRA (2018, p. 81) that corporate culture is difficult to shift once
established. Participants suggested that past interactions and activities that constantly
break the rules have higher incidents of FC. Therefore, participants suggested firms
should aim to improve their ethical climate in an effort to curb unethical conduct, a
finding that supports Wimbush and Shepard (1994) and Wimbush et al. (1997).
Lastly, findings from this study regarding ethical education are strongly
supported in the literature. For example, participants felt that ethical education: (1) is
important for employees to understand the consequences of their actions; (2) is
required to prevent fraudulent and corrupt acts; and (3) should increase employees’
overall moral competence (Halbouni et al., 2016; D. R. May et al., 2014; Tormo-carbó
112 Chapter 6: Discussion
et al., 2016). Regarding moral training, van der Wal et al. (2016) posited that bottom-
up internalisation (training and strengthening employees’ moral competence) is
preferred compared to top-down imposition of rules and regulations. However,
participants in this study added that in terms of ethical education, a two-pronged
approach of educating and enforcing the rules regularly was crucial and is a new
finding that has emerged from this study.
6.3.1 Two-pronged approach.
Many participants suggested that a two-pronged approach to ethical education
and ethical reinforcement is required to raise employees’ awareness regarding
unethical behaviour. Participants opined that without consistent ethical reinforcement,
employees would forget what they have learned and would not conform to a firm’s
ethical standard. Additionally, this constant reminder would minimise the chance of
employees feigning ignorance because they “forgot” or “did not know that they could
not do certain things”. Finally, the two-pronged approach would embed an anti-fraud
and anti-corrupt mindset, assisting employees to understand what is expected of them
should they come across FC incidents.
The final attribute of the STER model is risk culture and is discussed in the
following section.
6.4 Risk Culture
The final research question for this thesis was: What are the elements of poor
risk culture that most commonly contribute to incidents of fraud and corruption?
In regard to risk culture, most participants agreed that risk assessments are not
on the manager’s ‘radar’. This corresponds with Palermo et al. (2017) who posited that
most managers are still unwilling to conduct risk assessments and that risk assessments
mean very little to decision-makers. Furthermore, participants highlighted the ongoing
Chapter 6: Discussion 113
Banking Royal Commission as an example of risk-taking culture that ignores rules and
boundaries due to being over-focussed on revenue, echoing Flamholtz and Randle
(2012) and Sims and Brinkmann (2003) on poor risk management, and Pan et al.
(2017) on the influence of a firm’s risk culture to its decision-making activities. This
condition could be described as risk-taking with no precaution and findings from this
study strongly support this notion. For instance, several participants explained that
firms think that they are not vulnerable to incidents of FC and thus, did not undertake
proper risk assessments. Therefore, despite recommendations on managing risks
proactively to respond and mitigate problems as early as possible (APRA, 2015; Naude
& Chiweshe, 2017), findings from this study demonstrate that Australian firms are still
reluctant in undertaking proper fraud and corruption risk assessments and often act
reactively instead of proactively.
Findings regarding the role of regulators to dictate and enforce more rules concur
with Zalewska’s (2016) recommendation on how regulators should be more involved
in regulating a firm’s risk assessment activities. Similarly, findings from this study
confirm that having a robust standard for FC-related risks and stressing the importance
of having a risk culture and risk management strategy concur with APRA (2015, 2016,
2017). In addition, findings from this study identify the importance of managing fraud
associated risks and having a consistent approach to risk management, a finding that
also concurs with the APRA Report (2018). Participants generally agreed that despite
regulations, incidents of FC are still occurring – if not increasing – in Australia, and
participants advocate for more rules and regulations for increased risk management to
mitigate these conditions. Risk culture also includes attitudes to FC minimisation
programs such as whistle-blowing and emerged as an important finding from this
114 Chapter 6: Discussion
study. Participants discussed whistle-blower programs as a crucial aspect of risk
culture and is discussed next.
6.4.1 Risk culture and whistle-blower programs.
According to many participants, whistleblowing programs are one of the most
effective methods to identify hidden incidents of fraud and corruption and also act as
a deterrent. They suggested that a robust whistle-blower program enables people who
want to report FC activities to do so with confidence. Participants mentioned this
several times when they discussed topics such as tone from the top, ethics and risk
culture but most felt it was appropriate as part of a risk culture program.
Participants suggest that the state of whistle-blower culture in Australia is quite
poor mainly because regulations do not adequately protect whistle-blowers, rather,
they are used to alienate whistle-blowers as problematic employees. This condition
persists due to allowing organisations or managers to identify the person who blows
the whistle on corrupt and/or fraudulent behaviour. Based on participants’ views in
implementing a whistle-blower program in Australian firms, they identify several
‘cultural’ and other obstacles. The first is the Australian culture that perceives whistle-
blower programs as ‘dob in a mate’ or to report on your colleagues/friends as ‘taboo’.
The second obstacle is identified by participants as poor protection for whistle-
blowers. Findings from this study suggest that Australian whistle-blowers are hesitant
because they fear reprisals from within the organisations. Participants also suggest that
some firms’ whistle-blower programs are just ‘tick-box’ exercises and do not ponder
the ramifications should someone use the program. Therefore, based on these findings,
whistle-blower programs have been added to the STER model.
Chapter 6: Discussion 115
Summary of the Four Attributes
Table 6.1 provides a summary of the findings from this study, that is, the sub-
attributes for each of the corporate culture attributes and their role as FC contributors.
It also provides side-by-side comparisons with the extant literature. New sub-
attributes, such as corrupted sub-group, are marked with asterisks (*). As seen in Table
6.1, there is one new sub-attribute for each section (corrupted sub-group, risk-to-role
approach, ethical enforcement, and whistle-blower protection program).
Section 6.5 presents the revised conceptual model that demonstrates the
relationship between corporate culture and incidents of FC.
116 Chapter 6: Discussion
Table 6.1
Comparison of findings on corporate culture attributes and sub-attributes with extant literature
Shared Values (S) Tone from the Top (T) Ethics (E) Risk Culture (R)
Sub-
attributes
& Extant
Literature
Employees’ lack of self-
validation (Cameron et al.,
2009; Crémer, 1993; Van den
Steen, 2010)
Ignoring the rules (Biggerstaff
et al., 2015; Brennan &
McGrath, 2007; Lail et al.,
2015; Liu, 2016; Ogbor, 2001;
Sims & Brinkmann, 2003;
Wimbush & Shepard, 1994)
Lack of clarity on ethical rules
(Ashforth & Anand, 2003;
Treviño et al., 1998)
Lack of appropriate risk
framework (i.e., reactive risk
assessment, over-focussed on
revenue and assuming that
firms are invulnerable to FC
(Flamholtz & Randle, 2012;
Naude & Chiweshe, 2017;
Palermo et al., 2017; Pan et
al., 2017; Sims & Brinkmann,
2003)
Employers shaping malleable
culture (Cameron et al., 2009;
DeBacker et al., 2015; Ogbor,
2001)
Authorisation of misconduct
(Ashforth & Anand, 2003;
Van den Steen, 2010)
Negative ethical climate (K.
D. Martin & Cullen, 2006;
Vardi, 2001; Wimbush &
Shepard, 1994; Wimbush et
al., 1997)
The lack of regulators’
interference to mitigate risks
(Zalewska, 2016)
Peer pressure (Guiso et al.,
2015; Liu, 2016)
Poor example from CEOs or
top management (i.e.,
tolerance against problematic
employee and no dialogue
between C-suites and
employees) (Shin, 2012)
Poor ethical education
(Halbouni et al., 2016; D. R.
May et al., 2014; Tormo-carbó
et al., 2016) Poor whistle-blower protection
program*
Corrupted sub-group* The lack of risk-to-role
approach* Lack of ethical enforcement*
Chapter 6: Discussion 117
6.5 Revised and Refined STER Conceptual Model
This study aimed to gain a deeper understanding on the relationship between corporate
culture and incidents of fraud and corruption. Findings that emerged lead to a revised
framework that helps to explain the relationship between ‘culture’ and incidents of fraud and
corruption. Views of forensic accountants and industry professionals were important to this
study as they are deeply involved in investigating FC cases and/or have experienced FC
incidents.
The overarching research question for this study was ‘Is there a connection between
corporate culture and incidents of fraud and corruption in Australian organisations?’ Four
additional research questions were asked in relation to each of the corporate culture attributes
of shared values (S), tone from the top (T), ethics (E) and risk culture (R). New findings
emerged, leading to the refinement of the conceptual framework displayed in Figure 6.1.
118 Chapter 6: Discussion
Figure 6.1. A Revised Conceptual Framework of Corporate Culture and
FC (STER Model).
Sources Findings from this study and extant literature (Crémer, 1993;
Cullen et al., 1989; Flamholtz & Randle, 2012; Fritzsche, 1991; Guiso et
al., 2015; Hambrick & D’Aveni, 1992; Liu, 2016; Ogbor, 2001; Palermo
et al., 2017; Shin, 2012; Sims & Brinkmann, 2003; Van Akkeren &
Buckby, 2017; van der Wal et al., 2016; Victor & Cullen, 1988;
Wimbush et al., 1997)
Ethics - Ethical Culture
- Ethical Education
- Ethical Climate
Employee’s lack of self-validation
Employers shaping malleable
culture
Peer pressure from colleagues
Corrupted values within sub-group*
Ignoring the rules
Authorisation of misconduct
Tolerance against problematic
employee
Lack of dialogue between C-suites
and employees
Lack of risk-to-role approach*
Lack of clarity on ethical rules
Negative ethical climate
Poor ethical education
Lack of ethical enforcement*
Reactive risk assessment
Over-focussed on revenue
Assume that the firm is invulnerable
to FC
Lack of regulators’ interference
Poor whistle-blower protection
policy*
Corporate
Culture
Fraud and
Corruption (FC)
: are a part of
: shape
: contributes to
Risk Culture
Tone from the Top
Shared Values
Chapter 6: Discussion 119
6.5.1 Summary of findings.
A new finding for the first attribute of ‘Shared Values’ related to sub-groups
forming in organisations to participate in fraud and corruption and that the sub-group
did not necessarily represent the entire organisation’s culture. Participants suggested
that corrupted values are not always shared with everyone in the organisation and FC
conduct can occur due to the existence of a corrupted sub-cultural group. This new
sub-attribute was added to the revised conceptual model in Figure 6.1 under shared
values. Therefore, apart from corrupted sub-group, findings agree with extant
literature. Thus, in answering the first research question, findings from this study
demonstrate that shared values do shape an organisation’s culture and contribute to
incidents of fraud and corruption.
The second research question on ‘tone from the top’ relates to the influence of
leadership to bring positive or negative outcomes for the firm and its employees
(Hambrick, 2007). Findings from this study concur with prior research on the
importance of having a robust management team or CEO in curbing FC incidents
(Brennan & McGrath, 2007; dela Rama, 2012; Liu, 2016), and how poor tone from
the top may contribute to corporate failure (Hambrick & D'Aveni, 1992; Sims &
Brinkmann, 2003). Therefore, findings demonstrate that tone from the top contributes
to incidents of fraud and corruption. The new finding that organisations need to have
a risk-to-role approach has also been added to the STER model. It is worth noting that
despite the concept not being new in the risk management area, the connection between
risk and tone from the top to mitigate FC incidents is a new concept for this study.
‘Ethics’, as the third corporate culture attribute consists of ethical culture, ethical
climate and ethical education. Findings concur with the literature that FC incidents
happened partly due to organisations not having clear ethical rules, a negative ethical
120 Chapter 6: Discussion
climate and lack of ethical education. These findings support the extant literature that
ethical culture as systems (Ashforth & Anand, 2003; Treviño et al., 1998) and ethical
climate as perceptions (K. D. Martin & Cullen, 2006; Wimbush & Shepard, 1994;
Wimbush et al., 1997) are important in shaping an anti-FC corporate culture. In
addition, ethical education was recommended in the literature as a measure to improve
employees’ moral competence (Halbouni et al., 2016; D. R. May et al., 2014; Tormo-
carbó et al., 2016) and findings from this research confirms this. Therefore, in
answering the third research question, findings concur that the three elements of ethics
contribute to incidents of fraud and corruption in Australian organisations. The new
sub-attribute that emerged, that is, the two-pronged approach of ethical education and
ethical reinforcement has also been added to the STER model.
The final corporate culture attribute, ‘risk culture’ is explained as the perceptions
of individuals and groups within an organisation that influence the way they deal with
risk-related activities (APRA, 2016). Findings from this study concur with the extant
literature with participants suggesting that a lack of proactivity, poor discipline and
attitude toward risk assessment and excessive risk-taking contribute to FC incidents.
Therefore, in relation to research question four, risk culture, or lack thereof, is a
contributor to fraud and corruption in Australian organisations. It is worth noting that
participants had strong views on the importance of whistle-blower programs and the
role of government regulators for ensuring whistle-blower protection programs are in
place. This is a new finding for ‘risk culture’ and has been added to the STER model.
6.6 Summary
This chapter presented a discussion of findings from this study and compared
those findings to the extant literature. Findings identify the importance role of
corporate culture and its four attributes (shared values, tone from the top, ethics and
Chapter 6: Discussion 121
risk culture) in contributing to incidents of fraud and corruption. A revised STER
model was presented to encompass all findings emerging from this study. In the final
chapter, conclusions are presented as well as the theoretical and practical contributions
of this study, limitations and prospects for future research.
Chapter 7: Conclusions 123
Chapter 7: Conclusions
This chapter concludes the study by providing a general discussion of the
findings from empirical evidence gathered to answer the research question:
‘Is there a connection between corporate culture and incidents of fraud and
corruption in Australian organisations?’
This is followed by the theoretical and practical contributions of this study, the
limitations, and, finally, opportunities for future research are presented.
7.1 General Discussion
Although prior research has studied corporate governance instruments in
mitigating incidents of fraud and corruption (FC), only a few have specifically
investigated the contribution of corporate culture in Australian organisations and most
only included one or two cultural attributes. This study provides valuable insights into
the causes of fraudulent and corrupt misconduct by examining views of participants
from a more comprehensive corporate culture perspective. To achieve this, the ‘STER’
framework was developed from the literature and included four attributes that together
define corporate culture comprehensively. Furthermore, to examine the framework,
the study sourced empirical evidence from participants whose knowledge and
experience yielded valuable cognisance on corporate culture and how it contributes to
incidents of economic crimes such as fraud and corruption.
Corporate culture has been deemed by Australian regulators such as ASIC and
APRA as a driver of conduct and organisations have been reminded on many occasions
to have a positive corporate culture. However, despite the constant notices, the state of
Australian corporate culture has been highlighted as lacking as the recent and ongoing
124 Chapter 7: Conclusions
Banking Royal Commission demonstrates. They suggest that poor corporate culture is
a major contributor to a number of scandals that have occurred in the Australian
banking and insurance sectors (CBA, NAB and AMP to name a few) and their findings
demonstrate that the culture of banking and insurance sectors are, amongst other
things, non-compliant, deceptive, corrupted and performance-focussed. Even though
the Banking Royal Commission focusses only on the culture of abovementioned
industries, having an anti-fraud and anti-corrupt corporate culture applies to all
Australian organisations because, as established from findings in this study, corporate
culture can lead to FC incidents, which are associated with a high cost to the Australian
economy. Although regulators such as ASIC and APRA have been criticised for a lack
of effective monitoring, it could be argued that Australian organisations need to take
responsibility for nurturing an ethical corporate culture to minimise the risks of
succumbing to unethical conduct such as FC. This study serves as an aid for
organisations and regulators to encourage a positive corporate culture by examining a
range of cultural attributes and the development of the STER model to explain the
relationship between corporate culture and FC.
The results from this study suggest that organisational culture can contribute to
FC conduct through four attributes: shared values, tone from the top, ethics and risk
culture. It is hoped that these findings may help organisations mitigate FC incidents
by highlighting the range of cultural issues that need to be addressed. Positive shared
values and strong management leadership are recommended in order to propagate an
anti-FC culture. Additionally, results from this study endorse having clear ethical rules
and regulations, having a positive ethical climate and robust ethical education systems
within organisations. Furthermore, organisations and their employees need to
acknowledge that continuous FC-related risk assessments are needed as FC incidents
Chapter 7: Conclusions 125
can occur to even the most cautious, risk-averse organisations. Finally, having risk
awareness, coupled with a robust whistle-blower protection program would shape a
vigilant risk culture and would offset the chance of FC occurring, which aligns to
APRA’s recommendation in its inquiry report into the CBA (2018).
As the importance of this study has been highlighted, the next section lists the
academic and practical contributions.
7.2 Contributions
This study provides contributions to both theory and practice.
7.2.1 Contribution to theory.
The first academic contribution of this study is the development and refinement
of a corporate culture (STER) framework in explaining the relationship between
various attributes of corporate culture and incidents of fraud and corruption. To date,
no prior research has developed a comprehensive conceptual framework specifically
to explain the relationship between the four corporate culture attributes used in this
study and incidents of FC. Furthermore, this study extends previous work on corporate
culture and the impact of culture on organisations in fraud mitigation. Second, this
research provides empirical evidence from forensic accountants and industry
professionals by gathering deep insights from their expert knowledge and experiences
in relation to causes of fraud and corruption from a cultural perspective.
7.2.2 Contribution to practice.
The practical contribution of this study is to complement findings from
practitioners (industry publications) and regulators (the ongoing Royal Commission)
to better understand the relationship between corporate culture and incidents of FC. It
is hoped that this study will encourage management to improve their organisation’s
126 Chapter 7: Conclusions
culture, therefore mitigating incidents of FC. This study also highlights the importance
of having a whistle-blower program as a part of risk management culture.
7.3 Limitations
There are several limitations in this study. First, the relationship between
corporate culture and incidents of FC would be better understood by viewing the
events leading to the misconduct and the actual crime through a first-person
interpretation, that is, by interviewing the perpetrators. This would provide a more
profound understanding on an organisation’s culture and how it contributes to FC
incidents. Despite this limitation, all participants interviewed in this study were experts
in their field, most having investigated fraudulent incidents and were strongly
supportive of the cultural approach of this study. Another limitation was that only
Australian-based practitioners were interviewed and only eight interviews conducted
due to time constraints and difficulties in recruiting participants. However, the insights
provided by participants from in-depth interviews were extensive and are
representative of other practitioners.
7.4 Future Research
The results of this study provide several pathways for future research. First,
future research may include interviewing perpetrators of fraud and corruption to
determine the cultural factors that influenced their decision to commit fraud and/or
corruption. This would provide a deeper understanding and could possibly further
expand the STER model. Second, future research may include more corporate culture
attributes that extant literature has suggested contributed to incidents of FC. Third,
future studies could focus on specific industry sectors and investigate whether
corporate culture is industry specific, and whether the four attributes contributes to
Chapter 7: Conclusions 127
incidents of fraud and corruption. Finally, quantitative methods may be used to
potentially validate and test the model for future research.
To conclude, findings from this Master thesis titled: The Role of Corporate
Culture as a Contributor to Fraud and Corruption in Australia: Perceptions of
Forensic Accountants and Industry Professionals aligns well with findings from the
Banking Royal Commission and should provide a warning to organisations that
without a strong ethical climate and awareness of appropriate corporate culture,
incidents of fraud and corruption will continue to emerge. As the Banking Royal
Commission found:
Culture plays a major role in the successful embedding of better risk outcomes
as part of large programs. In many cases, effective risk management can be
impeded by behaviours and shared mindsets that can render the risk
management framework ineffective… messaging from senior leadership is
particularly important for achieving cultural change but so, too, is senior
leadership demonstrating commitment to the objectives through their actions
and decisions. (APRA, 2018, p. 97)
References 129
References
ABC News Breakfast. (2018, 20 Apr). Banking royal commission revelations 'worse
than I thought', says former ACCC boss. ABC News. Retrieved from
http://www.abc.net.au/news/2018-04-20/banking-royal-commission-allan-
fells-accc-reaction/9679182
Albrecht, W. S., Albrecht, C. O., Albrecht, C. C., & Zimbelman, M. F. (2016). Fraud
Examination (5th ed.): Cengage Learning.
Albrecht, W. S., & Searcy, D. J. (2001). Top 10 reasons why fraud is increasing in the
U.S. Strategic Finance, 82(11), 58-61. Retrieved from
https://gateway.library.qut.edu.au/login?url=https://search.proquest.com/docv
iew/229742929?accountid=13380
Arewa, A. O., & Farrell, P. (2015). The culture of construction organisations: The
epitome of institutionalised corruption. Construction Economics and Building,
15(3), 59-71. doi:10.5130/AJCEB.v15i3.4619
Armenakis, A., Brown, S., & Mehta, A. (2011). Organizational Culture: Assessment
and Transformation. Journal of Change Management, 11(3), 305-328.
doi:10.1080/14697017.2011.568949
Ashforth, B. E., & Anand, V. (2003). THE NORMALIZATION OF CORRUPTION
IN ORGANIZATIONS. Research in Organizational Behavior, 25, 1-52.
doi:http://dx.doi.org/10.1016/S0191-3085(03)25001-2
Ashraf, J. (2011). The Accounting Fraud @ Worldcom: The Causes, The
Characteristics, The Consequences, and The Lessons Learned. (Honours),
University of Central Florida, Orlando, Florida. Retrieved from
http://etd.fcla.edu/CF/CFH0003811/Ashraf_Javiriyah_201105_BSBA
Association of Certified Fraud Examiners (ACFE). (2014). Report to the Nations.
Retrieved from https://www.acfe.com/rttn/docs/2014-report-to-nations.pdf
Association of Certified Fraud Examiners (ACFE). (2018). Report to the Nations.
Retrieved from https://www.acfe.com/report-to-the-nations/2018/
ASX Corporate Governance Council. (2014). Corporate Governance Principles and
Recommendations. Retrieved from Australia:
https://www.asx.com.au/documents/asx-compliance/cgc-principles-and-
recommendations-3rd-edn.pdf
Australian Institute of Company Directors (AICD). (2016, 01 Aug). The role of the
board in corporate culture. Retrieved from
https://aicd.companydirectors.com.au/membership/company-director-
magazine/2016-back-editions/august/the-role-of-the-board-in-corporate-
culture
130 References
Australian Institute of Criminology (AIC). (2013). Australian crime: Facts & figures:
2012. Retrieved from Canberra: https://aic.gov.au/publications/facts/2012
Australian Prudential Regulation Authority (APRA). (2015). Prudential Practice
Guide SPG 223 - Fraud Risk Management. Australia: Australian Prudential
Regulation Authority (APRA) Retrieved from
https://www.apra.gov.au/sites/default/files/prudential-practice-guide-spg-223-
fraud-risk-management-june-2015.pdf.
Australian Prudential Regulation Authority (APRA). (2016). Risk Culture. Australian
Prudential Regulation Authority Retrieved from
https://www.apra.gov.au/sites/default/files/161018-information-paper-risk-
culture1.pdf.
Australian Prudential Regulation Authority (APRA). (2017). Prudential Standard
CPS 220. Australia: Australian Prudential Regulation Authority (APRA)
Retrieved from https://www.apra.gov.au/sites/default/files/Prudential-
Standard-CPS-220-Risk-Management-%28July-2017%29.pdf.
Australian Prudential Regulation Authority (APRA). (2018). Prudential Inquiry Into
The Commonwealth Bank Of Australia. Retrieved from Australia:
https://www.apra.gov.au/sites/default/files/CBA-Prudential-Inquiry_Final-
Report_30042018.pdf
Australian Prudential Regulation Authority (APRA). (n.d.). Australian Prudential
Regulation Authority. Retrieved from https://www.apra.gov.au/about-apra
Australian Securities & Investments Commission (ASIC). (2018, 31 May 2018).
Senate Economics Legislation Committee: Opening Statement by ASIC Chair,
James Shipton - 30 May 2018. Retrieved from https://asic.gov.au/about-
asic/media-centre/speeches/senate-economics-legislation-committee-opening-
statement-by-asic-chair-james-shipton-30-may-2018/
Australian Securities & Investments Commission (ASIC). (n.d., 20 Oct 2014).
Corporate Governance. Retrieved from http://asic.gov.au/regulatory-
resources/corporate-governance/
Barker, A. (2017, 30 Nov). Banking royal commission: Speaking out against CBA had
'horrific impact' on whistleblower. ABC News. Retrieved from
http://www.abc.net.au/news/2017-11-30/banking-whistleblower-jeff-morris-
tells-of-horrific-impact/9212536
Barr, A., & Serra, D. (2010). Corruption and culture: An experimental analysis.
Journal of Public Economics, 94(11), 862-869.
doi:10.1016/j.jpubeco.2010.07.006
Barriball, K. L., & While, A. (1994). Collecting data using a semi‐ structured
interview: a discussion paper. Journal of Advanced Nursing, 19(2), 328-335.
doi:10.1111/j.1365-2648.1994.tb01088.x
Barry, P. (2011, February). In the eye of the storm: The collapse of storm financial.
The Monthly Retrieved from
References 131
https://www.themonthly.com.au/issue/2011/february/1299634145/paul-
barry/eye-storm
Beasley, M. S. (1996). An Empirical Analysis of the Relation between the Board of
Director Composition and Financial Statement Fraud. The Accounting Review,
71(4), 443-465. Retrieved from
http://www.jstor.org.ezp01.library.qut.edu.au/stable/248566
Berg, B. L., & Lune, H. (2012). Qualitative research methods for the social sciences
(8th ed.). Boston: Pearson.
Bezzina, F., Grima, S., & Mamo, J. (2014). Risk management practices adopted by
financial firms in Malta. Managerial Finance, 40(6), 587-612.
doi:10.1108/MF-08-2013-0209
Biggerstaff, L., Cicero, D. C., & Puckett, A. (2015). Suspect CEOs, unethical culture,
and corporate misbehavior. Journal of Financial Economics, 117(1), 98-121.
doi:10.1016/j.jfineco.2014.12.001
Bonny, P., Goode, S., & Lacey, D. (2015). Revisiting employee fraud: gender,
investigation outcomes and offender motivation. Journal of Financial Crime,
22(4), 447-467. doi:10.1108/JFC-04-2014-0018
Brennan, N. M., & McGrath, M. (2007). Financial Statement Fraud: Some Lessons
from US and European Case Studies. Australian Accounting Review, 17(2), 49-
61. doi:10.1111/j.1835-2561.2007.tb00443.x
Brown, J., & Loosemore, M. (2015). Behavioural factors influencing corrupt action in
the Australian construction industry. Engineering, Construction and
Architectural Management, 22(4), 372-389. doi:10.1108/ECAM-03-2015-
0034
Cameron, L., Chaudhuri, A., Erkal, N., & Gangadharan, L. (2009). Propensities to
engage in and punish corrupt behavior: Experimental evidence from Australia,
India, Indonesia and Singapore. Journal of Public Economics, 93(7), 843-851.
doi:10.1016/j.jpubeco.2009.03.004
Campbell, J.-L., & Göritz, A. S. (2014). Culture Corrupts! A Qualitative Study of
Organizational Culture in Corrupt Organizations. Journal of Business Ethics,
120(3), 291-311. doi:10.1007/s10551-013-1665-7
Chapple, L., Ferguson, C., & Kang, D. (2009). Corporate governance and
misappropriation. Journal of Forensic and Investigative Accounting, 1(2), 1-
26. Retrieved from
https://www.researchgate.net/publication/228282970_Corporate_Governance
_and_Misappropriation
Chen, J., Cumming, D., Hou, W., & Lee, E. (2016). CEO Accountability for Corporate
Fraud: Evidence from the Split Share Structure Reform in China. Journal of
Business Ethics, 138(4), 787-806. doi:10.1007/s10551-014-2467-2
132 References
Chernousov, V. (2012). Corporate Fraud Prevention, Detection and Investigation.
Paper presented at the 2012 ACFE European Fraud Conference.
http://www.acfe.com/uploadedFiles/ACFE_Website/Content/european/Cours
e_Materials/2012/2A_Chernousov-cpp.pdf
Coram, P., Ferguson, C., & Moroney, R. (2008). Internal audit, alternative internal
audit structures and the level of misappropriation of assets fraud. Accounting
& Finance, 48(4), 543-559. doi:10.1111/j.1467-629X.2007.00247.x
Crémer, J. (1993). Corporate culture and shared knowledge. Industrial and Corporate
Change, 2(1), 351-386. doi:10.1093/icc/2.1.351
Cressey, D. R. (1953). Other People's Money: A study in the Social Psychology of
Embezzlement. Glencoe, Illinois: Free Press.
Cullen, J. B., Victor, B., & Stephens, C. (1989). An ethical weather report: Assessing
the organization's ethical climate. Organizational Dynamics, 18(2), 50-62.
doi:http://dx.doi.org/10.1016/0090-2616(89)90042-9
Daboub, A. J., Abdul, M. A. R., Priem, R. L., & Gray, D. A. (1995). Top Management
Team Characteristics and Corporate Illegal Activity. The Academy of
Management Review, 20(1), 138-170. doi:10.2307/258890
Dana, J., Dawes, R., & Peterson, N. (2013). Belief in the unstructured interview: The
persistence of an illusion. Judgment and Decision Making, 8(5), 512-520.
Retrieved from
http://gateway.library.qut.edu.au/login?url=https://search.proquest.com/docvi
ew/1439417462?accountid=13380
Danckert, S. (2018, 27 April). Banks should face court too over conduct breaches. The
Sydney Morning Herald. Retrieved from
https://www.smh.com.au/business/banking-and-finance/banks-should-face-
court-too-over-conduct-breaches-20180427-p4zc4w.html
Darvall-Stevens, R. (2016, 11 Aug). Why company culture is the key to mitigating
fraud, bribery and corruption risk. Accountants Daily. Retrieved from
https://www.accountantsdaily.com.au/columns/9400-why-company-culture-
is-the-key-to-mitigating-fraud-bribery-and-corruption-risk
DeBacker, J., Heim, B. T., & Tran, A. (2015). Importing corruption culture from
overseas: Evidence from corporate tax evasion in the United States. Journal of
Financial Economics, 117(1), 122-138. doi:10.1016/j.jfineco.2012.11.009
dela Rama, M. (2012). Corporate Governance and Corruption: Ethical Dilemmas of
Asian Business Groups. Journal of Business Ethics, 109(4), 501-519.
doi:10.1007/s10551-011-1142-0
DiCicco‐ Bloom, B., & Crabtree, B. F. (2006). The qualitative research interview.
Medical Education, 40(4), 314-321. doi:10.1111/j.1365-2929.2006.02418.x
Dominic, P.-R. (2018). A model for preventing corruption. Journal of Financial
Crime, 25(2), 545-561. doi:10.1108/JFC-11-2014-0048
References 133
Domino, M. A., Wingreen, S. C., & Blanton, J. E. (2015). Social Cognitive Theory:
The Antecedents and Effects of Ethical Climate Fit on Organizational Attitudes
of Corporate Accounting Professionals--A Reflection of Client Narcissism and
Fraud Attitude Risk. Journal of Business Ethics, 131(2), 453-467.
doi:http://dx.doi.org/10.1007/s10551-014-2210-z
Duh, M., Belak, J., & Milfelner, B. (2010). Core Values, Culture and Ethical Climate
as Constitutional Elements of Ethical Behaviour: Exploring Differences
Between Family and Non-Family Enterprises. Journal of Business Ethics,
97(3), 473-489. doi:10.1007/s10551-010-0519-9
Dunn, P. (2004). The Impact of Insider Power on Fraudulent Financial Reporting.
Journal of Management, 30(3), 397-412. doi:10.1016/j.jm.2003.02.004
Ernst & Young (EY). (2016). Corporate misconduct - individual consequences.
Retrieved from http://www.ey.com/Publication/vwLUAssets/ey-global-fraud-
survey-2016/$FILE/ey-global-fraud-survey-final.pdf
Eyers, J. (2017, 13 Aug). Banks have 'rosy' view of risk culture. The Australian
Financial Review. Retrieved from http://www.afr.com/business/banking-and-
finance/financial-services/banks-have-rosy-view-of-risk-culture-20170812-
gxuz5g
Ferguson, A., & Williams, R. (2015, 21 February). Whistleblower's NAB leak reveals
persistent bad behaviour in financial planning, fuels royal commission calls.
The Sydney Morning Herald. Retrieved from
http://www.smh.com.au/business/banking-and-finance/whistleblowers-nab-
leak-reveals-persistent-bad-behaviour-in-financial-planning-fuels-royal-
commission-calls-20150217-13hv1f.html
Ferrier, S. (2015, 28 Oct). Commonwealth Bank compensation scheme for victims of
financial planning scandal 'a joke', Senate inquiry hears. ABC News. Retrieved
from http://www.abc.net.au/news/2015-10-28/cba-denying-compensation-to-
victims-of-financial-planning/6892624
Finkelstein, S. (1992). Power in Top Management Teams: Dimensions, Measurement,
and Validation. The Academy of Management Journal, 35(3), 505-538.
doi:10.2307/256485
Fisman, R., & Miguel, E. (2007). Corruption, Norms, and Legal Enforcement:
Evidence from Diplomatic Parking Tickets. The Journal of Political Economy,
115(6), 1020. Retrieved from http://www.jstor.org/stable/10.1086/527495
Flamholtz, E. G., & Randle, Y. (2012). Corporate culture, business models,
competitive advantage, strategic assets and the bottom line. Journal of HRCA
: Human Resource Costing & Accounting, 16(2), 76-94.
doi:http://dx.doi.org/10.1108/14013381211284227
Fontana, A., & Frey, J. H. (2000). The Interview: From Structured Questions to
Negotiated Text. In N. K. Denzin & Y. S. Lincoln (Eds.), Handbook of
Qualitative Research. Thousand Oaks, California: Sage.
134 References
Fritzsche, D. J. (1991). A model of decision-making incorporating ethical values.
Journal of Business Ethics, 10(11), 841-852. doi:10.1007/bf00383700
FSU Australia. (2009, 04 Sep). Sales-and-bonus culture directly linked to Storm
Financial collapse. Retrieved from http://www.fsunion.org.au/News-
Views/Media/Media-Releases/Salesandbonus-culture-directly-linked-to.aspx
Gable, G. (1994). Integrating case study and survey research methods: an example in
information systems. European Journal of Information Systems, 3(2), 112-126.
doi:http://dx.doi.org/10.1057/ejis.1994.12
Geriesh, L. (2003). Organizational culture and fraudulent financial reporting. The CPA
Journal, 73(3), 28-32. Retrieved from
http://gateway.library.qut.edu.au/login?url=http://search.proquest.com/docvie
w/212291677?accountid=13380
Glaser, B. G., & Strauss, A. L. (1967). The discovery of grounded theory: strategies
for qualitative research (1 ed.). New York: Aldine Pub. Co.
Goodstein, J., Butterfield, K., & Neale, N. (2016). Moral Repair in the Workplace: A
Qualitative Investigation and Inductive Model. Journal of Business Ethics,
138(1), 17-37. doi:http://dx.doi.org/10.1007/s10551-015-2593-5
Gray, J. (2016, 31 March). Dennis Gentilin, National Australia Bank whistleblower,
probes the origins of ethical failure. The Australian Financial Review.
Retrieved from http://www.afr.com/brand/boss/dennis-gentilin-nab-
whistleblower-probes-the-origins-of-ethical-failure-20160310-gnflth
Gregory, K. L. (1983). Native-View Paradigms: Multiple Cultures and Culture
Conflicts in Organizations. Administrative Science Quarterly, 28(3), 359-376.
doi:10.2307/2392247
Guest, G., Bunce, A., & Johnson, L. (2006). How Many Interviews Are Enough?:An
Experiment with Data Saturation and Variability. Field Methods, 18(1), 59-82.
doi:10.1177/1525822x05279903
Guiso, L., Sapienza, P., & Zingales, L. (2006). Does Culture Affect Economic
Outcomes? Journal of Economic Perspectives, 20(2), 23-48.
doi:10.1257/jep.20.2.23
Guiso, L., Sapienza, P., & Zingales, L. (2015). The value of corporate culture. Journal
of Financial Economics, 117(1), 60-76.
doi:http://dx.doi.org/10.1016/j.jfineco.2014.05.010
Gullkvist, B., & Jokipii, A. (2013). Perceived importance of red flags across fraud
types. Critical Perspectives on Accounting, 24(1), 44-61.
doi:http://dx.doi.org/10.1016/j.cpa.2012.01.004
Halbouni, S. S., Obeid, D., & Garbou, A. (2016). Corporate governance and
information technology in fraud prevention and detection: Evidence from the
UAE. Managerial Auditing Journal, 31(6/7), 589-628. doi:10.1108/MAJ-02-
2015-1163
References 135
Haleblian, J., & Finkelstein, S. (1993). Top Management Team Size, CEO Dominance,
and Firm Performance: The Moderating Roles of Environmental Turbulence
and Discretion. The Academy of Management Journal, 36(4), 844-863.
doi:10.2307/256761
Hambrick, D. C. (2007). Upper Echelons Theory: An Update. Academy of
Management. The Academy of Management Review, 32(2), 334-343.
Retrieved from
http://gateway.library.qut.edu.au/login?url=http://search.proquest.com/docvie
w/210972230?accountid=13380
Hambrick, D. C., & D'Aveni, R. A. (1992). Top Team Deterioration As Part of the
Downward Spiral of Large Corporate Bankruptcies. Management Science,
38(10), 1445-1466. Retrieved from
http://www.jstor.org.ezp01.library.qut.edu.au/stable/2632673
Han, M. (2018, 30 April). Banking royal commission: AMP's misleading of ASIC
explained. Australian Financial Review. Retrieved from
https://www.afr.com/business/banking-and-finance/banking-royal-
commission-amps-misleading-of-asic-explained-20180430-h0zfy9
Hatch, M. J., & Zilber, T. (2012). Conversation at the Border Between Organizational
Culture Theory and Institutional Theory. Journal of Management Inquiry,
21(1), 94-97. doi:10.1177/1056492611419793
Hauk, E., & Saez-Marti, M. (2002). On the Cultural Transmission of Corruption.
Journal of Economic Theory, 107(2), 311-335. doi:10.1006/jeth.2001.2956
HLB Mann Judd. (2017, 29 Aug). Fraud and Organisational Culture. Retrieved from
https://probonoaustralia.com.au/news/2017/08/fraud-organisational-culture/
Imoniana, J. O., Antunes, M. T. P., & Formigoni, H. (2013). THE FORENSIC
ACCOUNTING AND CORPORATE FRAUD. Journal of Information
Systems and Technology Management : JISTEM, 10(1), 119-144.
doi:10.4301/S1807-17752013000100007
In'airat, M. (2015). The Role of Corporate Governance in Fraud Reduction - A
Perception Study in the Saudi Arabia Business Environment. Journal of
Accounting and Finance, 15(2), 119-128. Retrieved from
http://gateway.library.qut.edu.au/login?url=https://search.proquest.com/docvi
ew/1726773248?accountid=13380
Information Systems Audit and Control Association (ISACA). (2012). Cobit 5: A
Business Framework for the Governance and Management of Enterprise IT (6
ed.). United States of America: ISACA.
Institute of Risk Management (IRM). (n.d., 2016). Risk appetite and tolerance.
Retrieved from https://www.theirm.org/knowledge-and-resources/thought-
leadership/risk-appetite-and-tolerance.aspx
Interligi, L. (2010). Compliance culture: A conceptual framework. Journal of
Management and Organization, 16(2), 235-249. Retrieved from
136 References
https://gateway.library.qut.edu.au/login?url=https://search.proquest.com/docv
iew/577560767?accountid=13380
Investopedia. (n.d., 2 Mar 2018). What is earnings management? Retrieved from
https://www.investopedia.com/ask/answers/191.asp
Jenkinson, D. (1996). Compliance Culture. Journal of Financial Regulation and
Compliance, 4(1), 41-46. doi:10.1108/eb024866
Ji, Y., Rozenbaum, O., & Welch, K. T. (2017). Corporate Culture and Financial
Reporting Risk: Looking Through the Glassdoor. Retrieved from
https://ssrn.com/abstract=2945745
Johansson, E., & Carey, P. (2016). Detecting Fraud: The Role of the Anonymous
Reporting Channel. Journal of Business Ethics, 139(2), 391-409.
doi:10.1007/s10551-015-2673-6
Kallio, H., Pietilä, A. M., Johnson, M., & Kangasniemi, M. (2016). Systematic
methodological review: developing a framework for a qualitative semi‐structured interview guide. Journal of Advanced Nursing, 72(12), 2954-2965.
doi:10.1111/jan.13031
Kirby, D. M. (2016, 05 May). The Importance of Company Culture in Fraud
Prevention. Business 2 Community. Retrieved from
http://www.business2community.com/human-resources/importance-
company-culture-fraud-prevention-01527343#FYTC4TSBeuPR5hbS.97
Kleinberg, J. (2014). The Dynamics of Corruptogenic Organizations. International
Journal of Group Psychotherapy, 64(4), 420-443.
doi:10.1521/ijgp.2014.64.4.420
Kotter, J. P., & Heskett, J. L. (1992). Corporate culture and performance. New York:
Free Press.
KPMG. (2013). A survey of Fraud, Bribery and Corruption in Australia & New
Zealand 2012. Retrieved from Auckland:
www.kpmg.com/au/en/issuesandinsights/articlespublications/fraud-
survey/pages/fraud-bribery-corruption-survey-2012.aspx?chan=story1
KPMG. (2018, 13 Feb). Fraud Barometer: October 2016 – September 2017. Retrieved
from https://home.kpmg.com/au/en/home/insights/2018/02/fraud-barometer-
october-2016-september-2017.html
Kranacher, M.-J., Riley, R., & Wells, J. T. (2010). Forensic Accounting and Fraud
Examination: Wiley.
Lail, B., MacGregor, J., Stuebs, M., & Thomasson, T. (2015). The Influence of
Regulatory Approach on Tone at the Top. Journal of Business Ethics, 126(1),
25-37. doi:10.1007/s10551-013-1992-8
Lannin, S. (2018, 15 March). Only fraction of eligible NAB customers compensated
over fraudulent loan scandal, royal commission hears. ABC News. Retrieved
References 137
from http://www.abc.net.au/news/2018-03-14/nab-executive-admits-bank-
breaches-responsible-lending-laws/9547220
Licht, A. N. (2001). The Mother of All Path Dependencies: Toward a Cross-Cultural
Theory of Corporate Governance Systems. Delaware Journal of Corporate
Law, 26(1), 147-205. Retrieved from
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=266910&download=yes
Linnenluecke, M. K., & Griffiths, A. (2010). Corporate sustainability and
organizational culture. Journal of World Business, 45(4), 357-366.
doi:https://doi.org/10.1016/j.jwb.2009.08.006
Liu, X. (2016). Corruption culture and corporate misconduct. Journal of Financial
Economics, 122(2), 307-327.
doi:http://dx.doi.org/10.1016/j.jfineco.2016.06.005
Llopis, J., Gonzalez, M. R., & Gasco, J. L. (2007). Corporate governance and
organisational culture: The role of ethics officers. International Journal of
Disclosure and Governance, 4(2), 96-105.
doi:http://dx.doi.org/10.1057/palgrave.jdg.2050051
Lowers & Associates. (2013). Why Corporate Culture Matters in Fraud Control.
Retrieved from http://blog.lowersrisk.com/corporate-culture-fraud/
Manning, J., & Kunkel, A. (2014). Making meaning of meaning-making
research:Using qualitative research for studies of social and personal
relationships. Journal of Social and Personal Relationships, 31(4), 433-441.
doi:10.1177/0265407514525890
Martin, J., & Siehl, C. (1983). Organizational culture and counterculture: An uneasy
symbiosis. Organizational Dynamics, 12(2), 52-64.
doi:https://doi.org/10.1016/0090-2616(83)90033-5
Martin, K. D., & Cullen, J. B. (2006). Continuities and Extensions of Ethical Climate
Theory: A Meta-Analytic Review. Journal of Business Ethics, 69(2), 175-194.
doi:10.1007/s10551-006-9084-7
May, C. (2003). Dynamic Corporate Culture Lies at the Heart of Effective Security
Strategy. Computer Fraud & Security, 2003(5), 10-13.
doi:https://doi.org/10.1016/S1361-3723(03)05011-5
May, D. R., Luth, M. T., & Schwoerer, C. E. (2014). The Influence of Business Ethics
Education on Moral Efficacy, Moral Meaningfulness, and Moral Courage: A
Quasi-experimental Study. Journal of Business Ethics, 124(1), 67-80.
doi:10.1007/s10551-013-1860-6
McConnell, P. (2015, 04 June). War on banking’s rotten culture must include
regulators. The Conversation. Retrieved from
https://theconversation.com/war-on-bankings-rotten-culture-must-include-
regulators-42767
138 References
McGowan, M., & Davidson, H. (2018, 27 April). Banking royal commission:
Westpac, AMP and CBA may have breached Corporations Act – as it
happened. The Guardian. Retrieved from
https://www.theguardian.com/australia-news/live/2018/apr/27/banking-royal-
commission-financial-advice-groups-under-microscope-live
Medcraft, G. (2016a). The regulatory perspective: Corporate culture, corporate values
and ethics. Governance Directions, 68(8), 456-457. Retrieved from
https://search-informit-com-
au.ezp01.library.qut.edu.au/documentSummary;res=IELAPA;issn=2203-
4749;py=2016;vol=68;iss=8;spage=456
Medcraft, G. (2016b). Tone from the top: Influencing conduct and culture. Law and
Financial Markets Review, 10(3), 156-158.
doi:10.1080/17521440.2016.1244421
Miles, M. B., & Huberman, A. M. (1994). Qualitative data analysis: an expanded
sourcebook (2nd ed.). Thousand Oaks: Sage Publications.
Mintz, S. M. (2005). Corporate Governance in an International Context: legal systems,
financing patterns and cultural variables. Corporate Governance: An
International Review, 13(5), 582-597. doi:10.1111/j.1467-8683.2005.00453.x
Modaff, D. P., DeWine, S., & Butler, J. A. (2008). Organizational communication:
foundations, challenges, and misunderstandings (2nd ed.). Boston:
Pearson/Allyn and Bacon.
Monem, R. (2011). The One.Tel Collapse: Lessons for Corporate Governance.
Australian Accounting Review, 21(4), 340-351. doi:10.1111/j.1835-
2561.2011.00151.x
Morgan, A. R., & Burnside, C. (2014). Olympus Corporation Financial Statement
Fraud Case Study: The Role That National Culture Plays On Detecting And
Deterring Fraud. Journal of Business Case Studies (Online), 10(2), 175-184.
Retrieved from
http://gateway.library.qut.edu.au/login?url=https://search.proquest.com/docvi
ew/1516952858?accountid=13380
Morris, J. (2018, 27 April). 'I gift wrapped Commonwealth Bank for ASIC and it did
nothing'. The Sydney Morning Herald. Retrieved from
https://www.smh.com.au/business/banking-and-finance/i-gift-wrapped-
commonwealth-bank-for-asic-and-it-did-nothing-20180427-p4zbyk.html
Myers, M. D. (1997, 1 Mar 2018). Qualitative Research in Information Systems.
Retrieved from http://www.qual.auckland.ac.nz/
Myers, M. D., & Newman, M. (2007). The qualitative interview in IS research:
Examining the craft. Information and Organization, 17(1), 2-26.
doi:https://doi.org/10.1016/j.infoandorg.2006.11.001
Naude, M. J., & Chiweshe, N. (2017). A proposed operational risk management
framework for small and medium enterprises. South African Journal of
References 139
Economic and Management Sciences, 20(1).
doi:http://dx.doi.org/10.4102/sajems.v20i1.1621
Needle, D. (2004). Business in context: an introduction to business and its
environment (4th ed.). London: Thomson Learning.
O'Shea, N. (2005). Governance how we've got where we are and what's next.
Accountancy Ireland, 37(6), 33-37. Retrieved from
http://gateway.library.qut.edu.au/login?url=https://search.proquest.com/docvi
ew/223171416?accountid=13380
Ogbor, J. O. (2001). Critical theory and the hegemony of corporate culture. Journal of
Organizational Change Management, 14(6), 590-608.
doi:10.1108/09534810110408015
Organisation for Economic Cooperation and Development (OECD). (2014). Risk
Management and Corporate Governance. Retrieved from
http://www.oecd.org/daf/ca/risk-management-corporate-governance.pdf
Pacheco, G., Westhuizen, D. W. d., Ghobadian, A., Webber, D. J., & O'Regan, N.
(2016). The Changing Influence of Societal Culture on Job Satisfaction across
Europe. British Journal of Management, 27(3), 606-627. doi:10.1111/1467-
8551.12150
Palermo, T., Power, M., & Ashby, S. (2017). Navigating Institutional Complexity: The
Production of Risk Culture in the Financial Sector. Journal of Management
Studies, 54(2), 154-181. doi:10.1111/joms.12241
Pan, Y., Siegel, S., & Wang, T. Y. (2017). Corporate Risk Culture. Journal of
Financial and Quantitative Analysis, 52(6), 2327-2367.
doi:10.1017/S0022109017000771
Parliamentary Joint Committee on Corporations and Financial Services. (2009).
Inquiry into financial products and services in Australia. Retrieved from
Canberra, Australia:
http://www.aph.gov.au/binaries/senate/committee/corporations_ctte/fps/repor
t/report.pdf
Patel, P. C., & Conklin, B. (2012). Perceived Labor Productivity in Small Firms—The
Effects of High‐ Performance Work Systems and Group Culture Through
Employee Retention. Entrepreneurship Theory and Practice, 36(2), 205-235.
doi:10.1111/j.1540-6520.2010.00404.x
Perols, J. L., & Lougee, B. A. (2011). The relation between earnings management and
financial statement fraud. Advances in Accounting, 27(1), 39-53.
doi:http://dx.doi.org/10.1016/j.adiac.2010.10.004
Pinho, J. C., Rodrigues, A. P., & Dibb, S. (2014). The role of corporate culture, market
orientation and organisational commitment in organisational performance: The
case of non-profit organisations. Journal of Management Development, 33(4),
374-398. doi:10.1108/JMD-03-2013-0036
140 References
Prabowo, H. Y., & Cooper, K. (2016). Re-understanding corruption in the Indonesian
public sector through three behavioral lenses. Journal of Financial Crime,
23(4), 1028-1062. doi:10.1108/JFC-08-2015-0039
Price, J. (2015, 26 May 2016). Culture, conduct and the bottom line. Retrieved from
http://asic.gov.au/regulatory-resources/corporate-governance/corporate-
governance-articles/culture-conduct-and-the-bottom-line/
PricewaterhouseCoopers (PwC). (2016a). Adjusting the Lens on Economic Crime:
Preparation brings opportunity back into focus. Retrieved from
https://www.pwc.com/gx/en/economic-crime-
survey/pdf/GlobalEconomicCrimeSurvey2016.pdf
PricewaterhouseCoopers (PwC). (2016b). Embedding Resilience: Cyber threats, Anti-
money laundering and Anti-bribery and corruption remains a persistent threat
to Australian organisations. Retrieved from
http://www.pwc.com.au/consulting/assets/global-economic-crime/global-
economic-crime-survey-2016-australian-report.pdf
PricewaterhouseCoopers (PwC). (2017a). Escaping the commodity trap: The future of
banking in Australia. Retrieved from Australia:
https://www.pwc.com.au/pdf/pwc-report-future-of-banking-in-australia.pdf
PricewaterhouseCoopers (PwC). (2017b). Risk and Compliance Benchmarking
Survey. Retrieved from Australia:
https://www.pwc.com.au/superannuation/risk-compliance-benchmarking-
survey-aug17.pdf
PricewaterhouseCoopers (PwC). (2018). Pulling fraud out of the shadows. Retrieved
from https://www.pwc.com/gx/en/services/advisory/forensics/economic-
crime-survey.html
Rafiee, V. B., & Sarabdeen, J. (2012). Cultural Influence in the Practice of Corporate
Governance in Emerging Markets. Communications of the IBIMA, 2012(2012),
1-10. doi:10.5171/2012.4444553
Ravasi, D., & Schultz, M. (2006). Responding to Organizational Identity Threats:
Exploring the Role of Organizational Culture. The Academy of Management
Journal, 49(3), 433-458. doi:10.2307/20159775
Sathe, V. (1983). Implications of corporate culture: A manager's guide to action.
Organizational Dynamics, 12(2), 5-23. doi:https://doi.org/10.1016/0090-
2616(83)90030-X
Schein, E. H. (1985). Organizational Culture and Leadership.
Schein, E. H. (1990). Organizational culture. American Psychologist, 45(2), 109-119.
doi:10.1037/0003-066X.45.2.109
Schuchter, A., & Levi, M. (2015). Beyond the fraud triangle: Swiss and Austrian elite
fraudsters. Accounting Forum, 39(3), 176-187.
doi:https://doi.org/10.1016/j.accfor.2014.12.001
References 141
Schultze, U., & Avital, M. (2011). Designing interviews to generate rich data for
information systems research. Information and Organization, 21(1), 1-16.
doi:http://dx.doi.org/10.1016/j.infoandorg.2010.11.001
Shenton, A. K. (2004). Strategies for ensuring trustworthiness in qualitative research
projects. Education for Information, 22(2), 63-75. doi:10.3233/EFI-2004-
22201
Shin, Y. (2012). CEO Ethical Leadership, Ethical Climate, Climate Strength, and
Collective Organizational Citizenship Behavior. Journal of Business Ethics,
108(3), 299-312. doi:10.1007/s10551-011-1091-7
Sims, R. R., & Brinkmann, J. (2003). Enron Ethics (or: Culture Matters More than
Codes). Journal of Business Ethics, 45(3), 243-256.
doi:10.1023/A:1024194519384
Sinclair, A. (1993). Approaches to organisational culture and ethics. Journal of
Business Ethics, 12(1), 63. Retrieved from
http://gateway.library.qut.edu.au/login?url=https://search.proquest.com/docvi
ew/198007763?accountid=13380
Skousen, C. J., Smith, K. R., & Wright, C. J. (2009). Detecting and predicting financial
statement fraud: The effectiveness of the fraud triangle and SAS No. 99. In M.
Hirschey, K. John, & A. K. Makhija (Eds.), Corporate Governance and Firm
Performance (Vol. 13, pp. 53-81): Emerald Group Publishing Limited.
Skousen, C. J., & Wright, C. J. (2006). Contemporaneous Risk Factors and the
Prediction of Financial Statement Fraud. SSRN, 1-41.
doi:http://dx.doi.org/10.2139/ssrn.938736
Smith, R., Jorna, P., Sweeney, J., & Fuller, G. (2014). Counting the costs of crime in
Australia: A 2011 estimate. Retrieved from Canberra: Australian Institute of
Criminology: https://aic.gov.au/publications/rpp/rpp129
Soltani, B. (2014). The Anatomy of Corporate Fraud: A Comparative Analysis of High
Profile American and European Corporate Scandals. Journal of Business
Ethics, 120(2), 251-274. doi:10.1007/s10551-013-1660-z
Spathis, C. T. (2002). Detecting false financial statements using published data: some
evidence from Greece. Managerial Auditing Journal, 17(4), 179-191.
doi:10.1108/02686900210424321
Strauss, A. L., & Corbin, J. M. (1998). Basics of qualitative research: techniques and
procedures for developing grounded theory (2nd ed.). Thousand Oaks: Sage.
Swai, J. P., & Mbogela, C. S. (2016). Accrual-Based versus Real Earnings
Management; The Effect of Ownership Structure: Evidence from East Africa.
ACRN Oxford Journal of Finance and Risk Perspectives, 5(2), 121-140.
Retrieved from http://www.acrn-journals.eu/resources/jofrp0502h.pdf
142 References
Switzer, L. N. (2007). Corporate governance, Sarbanes-Oxley, and small-cap firm
performance. The Quarterly Review of Economics and Finance, 47(5), 651-
666. doi:https://doi.org/10.1016/j.qref.2007.08.001
Tan, D. T., Chapple, L., & Walsh, K. D. (2017). Corporate fraud culture: Re-
examining the corporate governance and performance relation. Accounting &
Finance, 57(2), 597-620. doi:10.1111/acfi.12156
Teddlie, C., & Yu, F. (2007). Mixed Method Sampling: A Typology with Examples.
Journal of Mixed Methods Research, 1(1), 77-100.
doi:10.1177/2345678906292430
Tormo-carbó, G., Seguí-mas, E., & Oltra, V. (2016). Accounting Ethics in Unfriendly
Environments: The Educational Challenge. Journal of Business Ethics, 135(1),
161-175. doi:http://dx.doi.org/10.1007/s10551-014-2455-6
Treviño, L. K., Butterfield, K. D., & McCabe, D. L. (1998). The Ethical Context in
Organizations: Influences on Employee Attitudes and Behaviors. Business
Ethics Quarterly, 8(3), 447-476. doi:10.2307/3857431
Van Akkeren, J., & Buckby, S. (2017). Perceptions on the Causes of Individual and
Fraudulent Co-offending: Views of Forensic Accountants. Journal of Business
Ethics, 146(2), 383-404. doi:10.1007/s10551-015-2881-0
Van den Steen, E. (2010). On the origin of shared beliefs (and corporate culture). The
RAND Journal of Economics, 41(4), 617-648. Retrieved from
http://onlinelibrary.wiley.com/doi/10.1111/j.1756-2171.2010.00114.x/full
van der Wal, Z., Graycar, A., & Kelly, K. (2016). See No Evil, Hear No Evil?
Assessing Corruption Risk Perceptions and Strategies of Victorian Public
Bodies. Australian Journal of Public Administration, 75(1), 3-17.
doi:10.1111/1467-8500.12163
Vardi, Y. (2001). The effects of organizational and ethical climates on misconduct at
work. Journal of Business Ethics, 29(4), 325-337.
doi:10.1023/A:1010710022834
Victor, B., & Cullen, J. B. (1988). The Organizational Bases of Ethical Work Climates.
Administrative Science Quarterly, 33(1), 101-125. doi:10.2307/2392857
Wimbush, J. C., & Shepard, J. M. (1994). Toward an Understanding of Ethical
Climate: Its Relationship to Ethical Behavior and Supervisory Influence.
Journal of Business Ethics, 13(8), 637-647. doi:10.1007/BF00871811
Wimbush, J. C., Shepard, J. M., & Markham, S. E. (1997). An Empirical Examination
of the Relationship Between Ethical Climate and Ethical Behavior from
Multiple Levels of Analysis. Journal of Business Ethics, 16(16), 1705-1716.
doi:10.1023/a:1017952221572
Young, M. R. (2014). Financial fraud prevention and detection: governance and
effective practices. Hoboken, New Jersey: Wiley.
References 143
Zalewska, A. (2016). A New Look at Regulating Bankers’ Remuneration. Corporate
Governance: An International Review, 24(3), 322-333.
doi:10.1111/corg.12149
Zikmund, W. G. (2003). Chapter 16 : Sample Designs and Sampling Procedures. In
W. G. Zikmund (Ed.), Business Research Methods (7th ed., pp. 368-400):
Thomson/South-Western.
144 Appendices
Appendices
Appendix A
The Fraud Tree
Appendices 145
Appendix B
Interview Protocol
Organisational Culture and Fraud and Corruption (FC): Perceptions of
Forensic Accountants and Industry Professionals Research Project
MPhil Interview questions
Introductory Statement
This study is examining the role of ‘culture’ to incidents of fraud and corruption within
organisations. We seek your expert opinion based on your experiences of investigating
and/or experiencing these types of crimes as part of your professional role. In addition,
this interview may help in raising public awareness (academics and professionals) on
the relationship between corporate culture and incidents of fraud and corruption. There
are four main categories of ‘culture’ that have been identified for this study, that is:
shared values; ethics; tone from the top; and, risk culture. I will ask questions based
on each of cultural attributes. I am aware that these four can overlap with each other.
Therefore, I will try to separate them. First, I will ask you some demographic
questions.
Demographic
1. What is the size of your firm (SME, Mid-tier, Big 4)?
2. What is the highest degree you have completed?
3. For forensic accountants:
o How long have you worked in the forensic accounting profession?
o What is the main type of forensic work you undertake? E.g., forensic
investigator, forensic accountant, computer forensic expert, etc.
4. For industry professionals:
o How long have you worked in your current profession?
o Please briefly explain what role you do in your current profession.
Next, I will ask you some general questions related to fraud and corruption.
Fraud and Corruption – General Questions
5. In your investigation, you would have interacted with different people from a
diverse range of professions and industries.
o Are certain sized organisations more at risk from fraud occurring? (e.g., no.
of direct reports, no. of employees, etc.)
146 Appendices
o Are there particular professions/industries that are more likely to have
incidents of fraud and corruption occurring? (e.g., mining and oil industry,
banking, etc.)
Now, we are going to start on the four attributes of corporate culture starting with
shared values.
Culture as Shared values
Shared values: where common values and beliefs meet together.
Examples: organisation that hates corruption would punish any corrupt act. Or, corrupt
organisations would nurture corrupt acts until it is shared by everyone inside the
organisation.
6. In cases you have investigated, have you ever encountered cases where shared
values (e.g., individual’s daily exposure to corrupt culture, or provision of
incentives) was one of the main causes of FC occurring?
The next cultural attribute is tone from the top.
Culture and Tone from the top (leadership)
Tone from the top: the combination of experiences, values, and personalities that of
executives/leaderships and how these combinations significantly influence their
understandings of different conditions. These understandings are then reflected by the
employees because they see leaderships as their role models.
Example: An employee embezzles money because he/she learns it from his/her
supervisor.
7. Management, supervisors, and board of directors (BODs) have more power in
influencing or shaping corporate culture, be it positive or negative.
o Do you think this is true? If yes/no, why?
8. In cases you have investigated, have you ever encountered cases where tone from
the top was one of the main contributors to incidents of FC? Please explain.
9. What are the major aspects of tone from the top would you suggest that can
improve an organisation in their efforts to minimise fraud and corruption?
These set of questions are regarding culture and ethics.
Culture and Ethics
10. Do you think having strong ethical policies is useful for minimising FC?
Appendices 147
o How important it is to train and educate employees on acting ethically?
11. In cases you have investigated, does ethical corporate stance leads to incidents
of FC? E.g., written policies, normal practice inside organisations.
o Example of normal practice: corruption is normal within organisation and
vice versa
12. Have you ever encountered cases where lack of ethical rules and policies was,
in your opinion, one of the main contributors to incidents of FC? Please explain.
The last attribute is risk culture.
Risk Culture
Risk Culture: Whether an organisation undertakes fraud risk assessment on a
consistent basis and whether the organisation tends to be risk-taking or risk-averse.
13. Have you experienced cases where management takes risks or does not account
for potential fraud and corruption risks? Please briefly explain.
14. A recent study suggests that risk assessment means very little to decision-
makers, and some managers are very reluctant to undertake fraud and corruption
risk management processes. From your experience:
o Did organisations where you have investigated cases use risk management as
a way to minimise occurrences of fraud and corruption?
15. A risk management strategy is a document that must be maintained by APRA-
regulated institutions,3 which contains the strategy to manage different risks
(including fraud and corruption) within an institution. Examples of risks: credit
risk, liquidity risk, insurance risk, operational risk, etc.
APRA and other regulators have promoted organisations to implement a risk
management strategy.
o Do you think a firm’s risk management strategy plays a role in minimising
incidents of FC? Why?
16. Should regulators such as ASIC, APRA, the ASX be encouraging organisations
to manage their fraud risk better? If so, should additional regulations be put in
place?
3 The Australian Prudential Regulation Authority (APRA) oversees banks, credit unions, building
societies, general insurance and reinsurance companies, life insurance, private health insurance,
friendly societies and most members of the superannuation industry.
148 Appendices
17. What is your recommendation for improving an organisation’s risk culture?
General
18. What precautionary measures have you observed are most effective for
minimising FC?
19. Do you believe whistle-blower programs are an effective fraud deterrent? What,
if any, are the limitations of these programs in your experience?
20. Aside from the four attributes of culture identified in this study, are there other
aspects of corporate culture that you feel are critical for minimising fraud and
corruption?
21. Please give me a brief overview of a cases you have investigated where poor
culture, or its attributes, leads to FC [Anonymously].
Thank you for your time.