Optimization of Control Self Assessment Application to Minimize Fraud

This article discussed a method that can be done by a company to minimize fraud action by applying Control Self Assessment (CSA). The study was conducted by studying literature on the topics discussed that were presented descriptively in a systematic manner through the review one by one from the initial problem to solve the problem. It can be concluded that CSA is one form of auditing practices that emphasizes anticipatory action (preventive) of the act of detection (detective) that the concept of modern internal audit which is carried more precise in application. It is one alternative that is most efficient and effective in reducing fraud.


INTRODUCTION
The business world is a competitive world. Many people are choosing to compete in this path rather than a career as an employee, but only a fraction is able to survive. Changes is felt more dynamic when goods or services are offered to the market which tend to have a short life cycle, and relevant strategies only last for a certain period of time since it is influenced by many internal and external factors.
The volatility of the business world is the most difficult challenge for an Internal Auditor. Internal Audit is positioned as an independent unit which does not seem a lot of work but only to supervise employees who has negative intentions to the company. In fact, many critical points within the internal contain potential risks, administrative weakness and lack of knowledge about control over bussiness operations from the bussiness owner. Kumaat (2011) concluded that the view of the role of Internal Audit depends on your point of view in which the position is located. In general, it can be divided into 3 groups: From the perspective of Senior Management (Strategic Level), the viewpoint of the colleagues (colleagues and auditee), and from the internal audit practitioners. We can find a lot of Internal Auditor trapped in viewpoint of other parties (audit trap), where the activity of auditor eventually no longer refers to its independency that they should preserve. Being neutral is impossible when faced with the choice of what is right and wrong, between the interests of business benefits or interests of the people, or between internal policies with government regulations. However, the perceptions of truth turned out to be unequal. Besides, greater importance is usually also affected by authorities competition between they who affect the interests of it.
The vigilancy of Internal Auditor in detecting fraud or malicious intent of a person or a group of employees is needed in terms of overseeing the operations of the company. The act of fraud is not an easy case nor the events that have occurred accidently. Institute of Internal Auditors (IIA) (2009) defines fraud as: "... any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage." Basically, good business players will definitely have awareness of the importance of internal controls in order to be in line with the business objectives and are ready to face the opportunities and challenges outside the institution as well as in the future. Challenges are not only coming from outside of the company, but a challenge or a threat from within is one of the toughest challenge and could have been avoided if the company has good control. Fraud is one fairly complex challenge that must be faced, because not only of its deadly silence trait, but the scope of the fraud activity is also not done by one person but a group of them who shares the same bad influences.
Like any other Asian countries, specifically Southeast Asia, Indonesia as a developing country is quite familiar with a series of life principles and civic of a typical, such as gotong royong (mutual aid). Local wisdom is able to form a personal sublime and relatively harmonious society. On the other hand, on extreme viewpoint, it turns out that this principle play a huge role in fostering the practice of Corruption, Collusion and Nepotism (KKN), which manage to bring the name of Indonesia in the top ranks ranks of the most corrupted country in the world. Indah Wulandari in Republika dated December 8, 2014 based on data Corruption Perception Index (ICW), said that Indonesia was ranked 107 out of 177 of the cleanest countries in the world. This indicates that the extent of the fraud in Indonesia has been recognized by the world, and that in handling, Indonesia still have much to improve in searching for methods that are suitable for both business and government sectors.
Based on the mentioned background article, the author discusses and offers a control method that can be done by the company to minimize fraud actions. Control Self Assessment (CSA) is a technique risk assessment that can be used by various companies with several advantages in its application, particularly in establishing a healthy risk culture and encourage a bottom-up mehod in the implementation of operational risk management of an organization.
It is expected that this control can be an alternative for Indonesia in the midst of business opportunities from micro to medium scope. Making profuse profits is only a short-term goal of a business, to survive in the midst of competition in the dynamic business world is so supposed to be the long-term goal for every business player in the country.

METHODS
The study was conducted by studying the literature on the topic discussed. It was presented descriptively in a systematic way to review from the initial problem to problem solving, and ends with a conclusion based on the exposure that has been delivered. There are two key words that are discussed in this article, namely fraud and Control Self-Assessment (CSA). The authors take fraud as the main topic and offer CSA as an alternative workarounds for entrepreneurs.

RESULTS AND DISCUSSIONS
Fraud is an incredible occurrence, the handling of crime in corporate environments is a rare experience, and only owned by a handful of auditors. The selected auditors typically are those 'timid' people in the sense of daring and assertive, intelligent and experienced. This is related to constraints that usually found as follows: (1) difficulty of collecting evidence, there is removal attempt of evidence related to the crime; (2) acts of fraud often committed together since related to system violations; (3) there are consequences of loosing friendship, possibilities to be threaten individually so nobody is willing to be a witness; (4) The denial by the perpetrator to divert to other issues, for example, administrative error, the value of loss is not significant, victims of slander and so forth.
When cases of fraud, manipulation and embezzlement relatively experienced by the Internal Audit team or take place systemically, it can be concluded that the company have a low HR integrity in internal control system and risk management. It can be said that the capabilities of their Internal Audit team in crime prevention is questioneable. Substances that want to be presented is that the company is running normally, thus crime is relatively rare. Pickets (2005) described four main components cause of fraud as follows: (1) Motive, the existence of motive or reason is the main cause of fraud. The usual motive is the dissatisfaction of employees both in financial terms and the policy management of the company.
(2) Attraction, personal benefits which tend to be safer is the main attraction for the perpetrators of fraud. (3) Opportunity, opportunity as the beginning of fraud is often blamed. (4) Concealment, in contrast to theft, fraud is more common in concealment actions that can be done by making a false report. Downing (2015) explained the concept of "The Fraud Triangle". On the concept mentioned, it is said that an executive officer is at the center of a fraud ("I") and is surrounded by three main causes: Greed, Pride and Element. (1) Greed is a major factor, the desire for more and used his position to get what he wants. (2) Pride, arrogance is one of the supporting leg of "Fraud Triangle". An executive who has too much pride, or a sense of self soar, may think he is better, smarter, more skilled or superior to others. He would not allow anyone to question their decision. (3) Entitlement, the last leg of "Fraud Triangle" is right. An executive officer feel that he deserves anything he wantsmoney, fame, bonuses, football-sized offices, and beautiful assistant. He has to get these things because he is "worthy". The level of selfishness can cause all sorts of slimy decisions and behavior. The concept of fraud triangle can be seen in Figure 1. Figure 1 The Executive Fraud Triangle Skousen et al. (2008) also mentioned that there are three factors that cause fraud (fraud triangle) and then in more detail to do research to share some proxy at each of these factors as follows: (1) Pressure, in terms of satisfying the needs of analysis could lead to errors in expressing opinion, which is measured by financial stability, external pressure, manager's personal financial situation and meeting financial targets. In financial stability, the general manager will face pressure to commit fraudulent financial statements when the financial stability or the economy is in danger state. In external Pressure, the ability to meet the requirement to pay a debt or fulfill the requirements of the debt is widely recognized as a source of external pressure. In managers' personal financial situation, when an executive has a significant financial stake in a company, their personal financial situation could be jeopardized by the company's financial performance. Meeting financial targets, ROA (Return on Assets) is one common measurement tool used to measure efficiency of the asset. (2) Opportunity, is the result of circumstances that provide opportunities for fraud, measured by the nature of the industry, ineffective monitoring and organizational structure. In nature of industry, the opportunities arise will be different for each company in distinct industry that will greatly vary for each industry. Ineffective monitoring, control effectiveness will be tested for sure to minimize the chance. Organizational structure that is complex and unstable can be an opportunity for fraud. (3) Rationalization, attitude or character is an important thing that drives a person to commit fraud. Integrity Management (attitude) is a major determinant of the quality of financial reports. When the integrity of the managers is questioned, the reliability of financial statements is also being doubted.
The same study also conducted by Lou and Wang (2009) which states that there is a positive correlation between fraud and pressure from company's superior factor, complex transactions factor, corporate manager of integrity factor, or a decrease in the quality of relationship between a company and its auditors. Moeller (2005) argues that there are several reasons that cause Internal Auditor fails to detect fraud: (1) Reluctant to search for cheating. Auditor has an opinion tendency that the fraud investigation is not the responsibility of the internal auditor but more into legal entities' obligations such as the police. (2) Overconfidence to the auditee. A sense of friendship and colleagues as working for the same company can reduce the independence of the internal auditor.
(3) The quality of auditing is less noticed by the Management. (4) The Management does not concern about fraud. The possibility of finding a fraud event will be even greater if the procedures and the scopes of audit are expanded. But this is not supported by the Management who wanted the auditor to examine different areas, which in this case, according to the auditors; their focus is just on lower-level risk areas.
(5) The auditor is not focusing on high-risk fraud areas.
Internal Control is affected by people at every level of the organization. In the world of audit, the Committee of Sponsoring Organizations (COSO) consists of people from each of the sponsor agency and the supporting staff, the committee is collaborating to develop a framework controls that are integrated to help putting the focus back on the ability of management, auditors and board. The document is known as the COSO report. COSO recommends the auditor to examine and consider the factors that are related to humans before giving opinions. The official policy focus on what the management needs to happen. Corporate culture determines what actually happens, and what rules are broken, bent, or ignored.
Auditor's standard devices include equipment to dig deeper and identify weaknesses and violations of the procedures and control activities where this equipment is based on the power of clarity, focus and specifications. The Institute of Internal Auditors (IIA) (2007) divides the definition of Control Self-Assessment (CSA) into three syllables that can be interpreted as follows: (1) Control: it means the framework of integrated broad consider all internal factors primarily affecting the achievement of organizational objectives. Tend to be systemic in scope.
(2) Self (in the words of self-assessment) is a fundamental criterion for the CSA, it distinguishes with other audit processes. CSA has the opposite opinion with other audit processes which has wide scope of control wide and fast changes that means to form an accurate risk assessment from the current control requires all the knowledge and expertise of people who perform the task. (3) Assessment: it can be interpreted by the evaluation of control. CSA avoids the risks associated with subjectivity by collecting subjective opinion of a lot of different observers, usually in groups, in order to identify general patterns prior to the judgment. In CSA, the information collected and discussed interactively by people who are close to the action, before the opinion is given. Objectivity will increase if anyone outside independent facilitates the process. Corrective action tends to be taken if participants find the source of the problem and make the decision to solve it. Based on those three words, CSA can be described as follows: "A process whereby employee teams and management, at local and executive levels, continuously maintain awareness of all material factors affecting the likelihood of achieving the organization's objectives, thereby enabling them to make appropriate adjustments. To promote independence, objectivity, and quality within the process, as well as effective governance, it is desirable that internal auditors are involved in the process and that they independently report results to senior management and board committees."(The Institute of Internal Auditors (IIA), 2007) It can be interpreted as follows: a process where employees and management from lower level to executive, continued to maintain awareness of the factors that influence the achievement of organizational goals, allowing them to make appropriate adjustments. To support the independence, objectivity, and quality in the process, as well as effective governance, it is expected that the internal auditor is involved in the process reporting the results independently to senior management and board committees. To improve the independence, objectivity, and quality in processes and effective governance it is expected that the internal auditor was involved in the process and independently reporting the results to senior management and the board of commissioners.
CSA is basically aimed at involving the management and all employees to be active in evaluating and measuring the effectiveness of internal controls in order to achieve business objectives. With the implementation of CSA, it is expected that: (1) The organization can achieve the purpose of internal control to involve both management and employees.
(2) Improves the internal control and risk management in the company. (3) Increases the responsibility and accountability of management and all employees through internal control and risk management. (4) Increases awareness of the risks. (5) By increasing the above issues, the ability of HR in the organization will also increase. The success of the CSA's work meetings create the organization's request. Teams that attend the work meeting, usually hold another one with the facilitators since they want to dig deeper into the problems and get the solution. CSA also often expected to be given internally as an integral learning process for the organization.
There are five key components to produce a success work meeting: (1) The facilitator will conduct interviews with the management and other participants before the meeting begins in order to get an understanding of the main goals, current goals and significance in relation to the overall organizational strategy. In addition, research on the documentation available for the purpose of trying to understand the functions, processes and team dynamics. Facilitators should also avoid the risk of giving too early opinion that could threaten objectivity during the work meeting.
(2) The team that attend the meeting need time to think and explore ideas that emerge. It should begin with the exchange of ideas on what operations are going well for the team as well as the main obstacles they face in achieving the main goals and objectives. Then, it should be followed by identifying the major problems that become impediment to efficiency and effectiveness. When the problem is being identified, the facilitators should also note the aspects that need help from outsider so that assistance can be offered after the meeting ends. (3) The participants are satisfied because their problem have been identified and discussed. To listen attentively to the participants' thoughts and receive responses are far more important than technology. (4) Returns summary of discussion immediately and make a vote. If the facility team spend time tidying up the document, as is usually done for the audit report, the two bad things that might happen is that participants re struggling with routine tasks, and when the final document emerged, pride of ownership over the findings will be lost and treated as a report by outsiders. (5) Action determines success. Teams and managers have to decide what action should be taken first because they rarely have time to perform all that have been discussed. Analysis or depth investigation are necessary to define the extent of the problem.
The implementation of CSA can be seen from several points of views, the first implication is for employees, management, auditors and the board. From the client's perspective, the CSA auditor is a facilitator that provides a useful forum agenda that allows clients find themselves the real situation and decide the necessary changes. The future and consultative orientation will add value to executives and team of employees. Consequently, CSA meeting often asked by clients and holds every year in the entire organization. From the viewpoint of senior management, CSA offers an excellent study on the latest information regarding the arising risks and opportunities to compare their strategies with current reality and make necessary adjustments to ensure the objectives are realistic and achievable (the main purpose of control). From the viewpoints of directors, commissioners, audit committees and other parties in corporate governance, CSA has a significant impact, in this case, the COSO has expanded the scope of internal audit review including every factor that significantly affects the efficiency, effectiveness or operational legality.
The second point of view is the independence, objectivity, and ethics of facilitators. Research before the meeting is very important because the facilitator obtains external independent benchmarks to be used as a comparison. Ethics must also be kept by the facilitator in two important ways: the first one is by recognizing CSA dependency on the openness and honesty of their own on individuals. The correct approach is providing opinions and consideration of individual actions and explore the roots of problems, inquire the group what they can do to eliminate the problem, where major problems are usually originated from culture or system. The second important thing that should be done is the need to manage the potential conflict. Event facilities are instantaneous, interactive and visible. Facilitators should investigate potential conflicts of interest with their supervisors and take appropriate action before the assignment.
The third point of view is the relationship between CSA with other internal audit activities. CSA has a very broad scope, gather information and interactive material quickly and spend a little time for verification and reporting. From the viewpoint of audit manager, CSA is a method of determining the risk quickly and reliably at macro level, the CSA is not designed for deeper investigation and an ideal tool to identify risks and high value areas that would be beneficial for auditing. If the problem is clear and organization move fast to discuss, then audit may not be necessary done because detection, acceptance and improvements have been done.
When the problem is major but not well defined, the issue should be explored deeper or use the audit tool to find the weakness. In the implementation, CSA suggests that the function of audit is to verify or validate matters that have been revealed in a work meeting. Work meeting filters the group's opinion that is almost impossible for the entire group to lie. If the facilitators question the certainty of the opinion of the group, most participants will acknowledge that they have been prejudiced, so it takes sensitivity and the submission of questions interactively.
The fourth viewpoint is the quality needed for the CSA facilitator team. Training and technology are very helpful but on condition that personal qualities such as honesty, empathy and respect for others must be met. Trust generated through open communication and showed with a good attitude, but it can be eleminated fast with carelessness or actions that are not genuine. The facilitator should have attitude of respect for others, interpersonal skills, inquisitive, good listener and driven to deliver value to clients and organizations, and to also have good knowledge about systemic control, healthy skepticism, expertise in the provision of facilities, organizational capability and experts knowledge of software and hardware used in meeting or in the reporting process. Also, the facilitator must have the analytical expertise as well as great and fast in learning are used to understand what have been said and turn it into meaningful conclusions for the organization.
Picket (2005) stated the eight steps to incorporate the CSRA (Control and Risk Self-Assessment) into management process in general: (1) Stage one -General Interest: build interest and focus towards pro-organization to get a different specialists team about their aprroach with risk management. (2) Stage two -rumblings of research: collecting database of best practice guide and compare it with other similar companies. Make a list of things that will be discussed in formulating and implementing the company's risk policy.
(3) Stage three -Responsible person: defining roles and responsibilities, particularly a champion who can set the direction for the organization. (4) Stage four -top management interest: ensure that the Board of Directors (BOD) support risk management as one of the company's objectives. One way is to ask the BOD (and audit committee) to conduct an assessment of the risks inherent ten on their own. (5) Stage five -awareness seminars: it is very important to set keyplayers in the company and jointly provide insight and make sure every manager accepts the responsibility to manage the risk of each work. (6) Stage six -infrastructure build: build a system of appropriate information to categorize and capture the risk activities into reporting format. Then, it has to be decided whether this will occur throughout the organization, or only at high risk-profile area. (7) Stage seven -risk exercise: the need to conduct surveys and or workshops in accordance with the structure and the business environment. (8) Stage eight-Integrated: generally based on defining the role and competence of the Chief Risk Officer (CRO) and ensuring that the risk assessment process is reviewed and updated on a regular basis and or any changes in the risk profile, as shown in Figure 2. CSA is both simple and complex. Simple because it involves a group with the same goal and share their experiences to identify opportunities for improvement. Things that are not measurable are anticipated with the effort of identification as follows: (1) Preparation before the meeting is inadequate. (2) Provide no time for the group to brainstorm before introducing auditors' agenda. (3) Ignoring the aspect of "self" in self -assessment. (4) Conflict of interest on the facilitator. (5) Damaging trust group. (6) Too many work meetings and inadequate analysis. (7) Do not keep promises or make too many promises. (8) Insensitive to the needs and concerns of participants. (9) Questionnaire. (10) Deep into trouble without knowing how to solve it.

CONCLUSIONS
Fraud is an act of corruption aimed to provide personal gain of an employee or group of employees that perform jointly. In contrast to theft, fraud is more camouflaged easily and tend not to be seen by small or narrow scope of audit. Fraud can be detected early to understand the risks of each line of the company's operations, understanding risk is expected to be dominated by all elements of management which can then perform risk-assessment in each work area.
CSA is one form of auditing practices that emphasizes anticipatory action (preventive) of the act of detection (detective) that the concept of modern internal audit which is carried more precise in application. CSA makes all parties participate more actively in advancing the performance of the organization, both in terms of efficiency and effectiveness. In addition, the CSA, in terms of costs with the assumption that the system has been running optimally will have a significant impact. CSA was very attentive to the competence of each member of the organization at every level with each other to be mutually affecting the performance of each organization. Therefore, if there is incongruity occurs it will be known quickly thus CSA can look for the best solution that is more applicable and representative through discussion. CSA is one alternative that is most efficient and effective in reducing fraud since it is simple. Simple because it involves a group with the same goal and share their experiences to identify opportunities for improvement.