THE RELATIONSHIP BETWEEN INTERNAL CONTROL, REGULATION AND FRAUD WITH RISK MANAGEMENT AS A MODERATING VARIABLE

DOI:10.31933/DIJEMSS Abstract: Some Government agencies have a poor strategy in dealing with risk because they consider risk management only a formality. This research aims to determine the relationship of the implementation of internal control, regulation and fraud with risk management as a moderating variable, a case research in the Tangerang City Government. This research is a type of quantitative causal, data collection using a questionnaire to 100 respondents of government officer. Data analysis using SmartPLS. Seven research models partially support hypotheses which are statistically positive and significant effects of the relationship between internal control, regulation, risk management and fraud. except for H5 and H7 which are statistically negative and weak significant relationship. The result could be used by government as a study material to evaluate the regulation to managing risk in government.


INTRODUCTION
The difference in last two decades is the speedy rate of transformation and the raise level of citizen's expectancy of excellent public service motivated by their familiarity from private sector. With it, a part of risk management shows within the business. An progressively level of risk takes entitled intended for the implementation of an cohesive method to risk managing (Farrell & Gallagher, 2015).
A new paradigma of government risk management approaches involve procedures regulation in order to face a number of risk. The mandatory regulation for risk management in government agencies is Government Regulation No. 60 of 2008 concerning Government Internal Control Systems (SPIP). In 2017, Tangerang City has compiled a Mayor Regulation on Risk Assessment Guidelines as a derivative of the Government Regulation No. 60. Risk management have a role in helping government agencies to identify and analyze risks that threaten the achievement of their objectives and determine the steps for how these risks will be handled.
However, the reality on the ground is not in line with expectations, most governments are very poor in implementing risk management, aside from the fact that risk management is new, understanding of risk management among employees is also low. The poor implementation of risk management in the Government, the cause is still unknown, whether due to lack of understanding of regulations due to lack of regulatory socialization or other causes.
In addition to risk management, the effectiveness of Government Internal Control Systems (SPIP) implementation must also be a concern, because government agencies will experience multiple benefits, namely among others increasing Government Internal Control Systems (SPIP) maturity levels, ensuring optimal optimization of objectives and closing fraud gaps.
From the background of the problems outlined above, the problems that will be discussed in this study are the influence of the implementation of internal control, understanding of regulations and fraud with risk management as a moderating variable, case studies in Tangerang City Government.

LITERATURE REVIEW Risk management
There is not much literature describing risk categories in the public sector, especially government. Risk management could be termed by means of the presentation of actions intended to diminish the adverse effect of certainty consider the probability of losess (Shanmugam et al., 2012). Risk categories classified into: strategic risk management of regional government, strategic risk management of departement and operational risk management of departement (Peraturan Deputi PPKD Nomor 4 Tahun 2019, n.d.). While the risk categories that apply in the Ministry of Finance in accordance with KMK No. 577 / KMK.01 / 2019, that are the risk of state finances and state assets, policy risk, repute risk, fraud risk, legal risk, compliance risk, and operative risk. Based on Presidential the Government Regulation No.60 of 2008, risk sources can be divided into internal risk and external risk. The application of risk management depends on the size, diversity and type of institution.
Government risk management approach adopting Enterprise Risk Management (ERM). ERM according to (Soltanizadeh et al., 2014) is a top down methodology which assesing to strategic, operating, and monetary risk to attain the aids of policy, effective and proficient operations, trustworthiness of monetary reporting, and regulatory obedience.

Internal control
The definition of internal control as defined by (Pemerintah, 2008) is an integral procedure in activities carried out constantly by the leadership and all personnel to deliver acceptable assurance in the accomplishment of governmental objectives through effective and efficient accomplishments, trustworthiness of monetary reporting, safety of government assets, and securing obedience with the policies and rules. Meanwhile, the five components of internal control are: 1) control environment, containing how organization gives the power and obligation, 2) risk assessment is an examination of the risk related with the achievement of objectives and decisive how risk should be managed, 3) control activities are strategies to help the management directions are proper, 4) information and communication that happen in all staff must obtain a clear command from the highest management, and 5) monitoring is a controlling accomplishments of management and staff in carrying out their obligations (Bharaditya et al., 2017).
A method of internal controls theoretically inhibits mistakes and fraud through increasing governmental as well as it guaranteeing obedience with relatable procedures (Rae & Subramaniam, 2008). Internal control are processes put into place that would help organization to deal with swiftly fluctuating monetary and competitive situations, fluctuating priorities, and rearrangement for upcoming evolution (Gesare et al., 2016).

Risk Assessment Regulation
Tangerang City Government has issued a risk assessment regulation in the form of Mayor Regulation No. 33 of 2017. The preparation of risk management is equipped with a template to provide a reference for working unit (SKPD) in preparing it. This regulation has been communicated and informed to all employees. Risk management regulation-opposed organization are more probable to gather bigger amounts of risk in recoverable loose than risk management regulation organization (Khanin & Mahto, 2012).
According to Hood et el.'s definition, risk regulation can be distinct as an executive interfence with market or public practices to controller potential opposing moments. It is significant to emphasise the description of risk regulation. On the one hand, it is nearly deliberate dangers, and the other hand, it is nearly adjusting the dangers on which one has composed risk register (Gelert, 2016).

Fraud
Miscarriage to avoid and detect fraud has serious penalties for organization such as regional government. An Australian and New Zealand KPMG study exposed a various of fraudulent actions including monetary statement fraud, stealing of properties, information theft and receiving of rewards or corruption (Rae & Subramaniam, 2008).
The Association of Certified Fraud Examiners (ACFE) categorizes fraud in numerous categorizations recognized as the fraud tree, that are: fraudulent monetary reports, misappropriation of properties, and corruption. There are three situational aspects that someone obligates fraud known as fraud triangle, namely: 1) pressure relates to employee's impulse as a effect of greediness or individual monetarist force, while 2) opportunity Available Online:https://dinastipub.org/DIJEMSS Page 971 mentions to softness in the system where the employee has a authority, and the last is 3) rationalization, denotes reasoning of fraudulent performance as an worker's lack of individual honesty or other ethical thought (Rae & Subramaniam, 2008).

Hypothesis
The thought of framework is illustrated in the following model:

Picture 1. Thinking Framework
The research hypothesis is as follows: H₁ : Internal control has a significant relationship on risk management H₂ : Understanding regulation has a significant relationship on risk management H₃ : Risk management has a significant relationship on fraud prevention H₄ : Internal control has a significant relationship on fraud prevention H₅ : Understanding regulations has a significant relationship on fraud prevention H₆ : Internal control has a significant relationship on fraud prevention through risk management H₇ : Understanding regulation has a significant relationship on fraud prevention through risk management

Research methods
This study uses primary data, causal quantitative, purposive sampling and crosssectional research. The type of quantity measure of variables used in this research is the Likert scale while to distinguish categories, use the interval scale. Operational variables along with dimensions and indicators of each variable used may possibly be seen in the resulting

Population and Research Samples
The populace of this research is entirely officer (PNS) in the Tangerang City Government, totaling 8,261 people as of June 13, 2019, spread over 43 regional work units (SKPD). The sample in this study was 100 employees, the number of samples determined using the Slovin formula, which is calculated by the formula n = N / (1 + Ne2) where n = the total of samples, N = total populace (8,261) and e = error acceptance (10 %). The sample is chosen based on special conditions that are considered of indicating population character (Daito, 2011).

Research Methods and Data Analysis
This research uses a questionnaire as the main data. The validity of the research questionnaire was carefully calculated to ensure valid and unbiased answers. Validity is the ability of the question items in the instrument to represent all the dimensions of the concept being studied (Daito, 2007).
The questionnaire contained of dual measures. The first measure contains the respondent's identity, while the second measure contains the respondents' perceptions which are divided into four groups of questions. Group 1 about internal control, group 2 about understanding regulations, group 3 about risk management, and group 4 about fraud prevention.
This research belongs to causal quantitative research. The questionnaire was distributed from November 2019 to January 2020 through the Google form link http://bit.ly/KuesionerTesisElis and completion of the online questionnaire is considered complete when the respondent clicks on the questionnaire on the google form. The questionnaire was distributed to 10 regional work units (SKPD) and returned as many as 105 questionnaires but only 100 were analyzed according to the needs of the sampling analysis while 5 other questionnaires were eliminated. Statistical description using the Partial Least Square -Structural Equation Modeling (PLS-SEM) program. There are 7 points Likert scale fluctuating from 1 strongly disapprove to 7 strongly approve.

FINDINGS AND DISCUSSION Description of Research Object
This study was conducted using the perception of 100 civil servants in the Tangerang City Government environment in a sampling spread over 10 regional work units (SKPD) that are considered representative of the Government, namely SKPD which handles policy makers, planning, supervision, income, finance, staffing, and services. When viewed from gender, female respondents were 60% and male were 40%. In terms of position, the respondents are echelon officials as much as 77% and implementing staff 23%. Respondents with a work period of 1 year to 10 years constitute the majority of this study as much as 43%, whereas when viewed from the level of education, respondents with S2 graduates dominate in this study or by 60%.

Statistic analysis
Analysis to examination the hypotheses that have been resolute using statistical techniques is the method of partial regression analysis with SmartPLS 3.2.9 (Partial Least Square) software. In PLS Path Modeling there are 2 (two) models, the outer model and the inner model. Tests on the outer model are performed for testing the validity and reliability testing. PLS-SEM platform was successively until the statistics was valid with loading factor values > 0.5, loading AVE > 0.5 and p values < 0.05 as required. The reliability measured by cronbach's alpha value > 0.7. The picture below shows that X₁ . The results of cross loading through discriminant validity testing using the PLS Algorithm method indicate that the crossloading value results in a good discriminant validity. This is indicated by the relationship value of the indicator to its variable is greater than the value of the correlation of indicators to other variable as shown in the table below:  Based on the AVE test results above, all constructs are valid because they have a loading factor > 0.5.
A questionnaire is assumed to be reliable if a one's answer to a statement is stable or stable from irregularly. The table below shows that all constructs or variables are sufficient (reliability) because cronbach alpha and composite reliability > 0.8 means that all constructs are reliable and all tests reliably have solid reliability. The table below explains the results of the evaluation of the coefficient of determination or R-square of the research variables. Based on the above data, the R-square value of the fraud prevention variable is 0.571, meaning that the internal control variable and the regulation understanding variable simultaneously and jointly influence the fraud prevention variable by 0.571, while the rest of 0.429 is influenced by other variables outside this regression equation or other variables not examined. Likewise, the R-square value of the risk management variable is 0.592. This means that the internal control variable and the regulation understanding variable simultaneously and jointly influence the fraud prevention variable by 0.592. While the remaining 0.408 is influenced by other variables outside this regression equation or other variables not examined.

Hypothesis test
The hypothesis testing stage is carried out to get the results of whether the hypothesis is accepted or not through testing the path coefficients. The output path coefficients using the PLS bootstrapping procedure are presented below:

CONCLUSIONS AND RECOMMENDATIONS Conclusion
Built on the examination outcomes, it can be determined as follows: H₁ : Internal control has a positive and significant relationship on risk management. This means that if the implementation of internal control strong then the risk management would be strong. The implementation of SPIP is carried out in mandatory of the Government Regulation 60/2008, especially in the element of risk assessment so that risk management in the Tangerang City Government is well developed. This result were related to (Shanmugam et al., 2012), (Gesare et al., 2016), and (Bayyoud, 2015) research.
H₂ : Understanding risk assessment regulations has a positive and significant relationship on risk management. The result indicates that understanding of risk assessment regulations is a substantial causal factor to increasing risk management. It could be conclude that if the managemenet ensures all employee understand their risk regulations at that point, the achievement of risk management will be sure. This research in line with (Popoola et al., 2015) and (Damayanti et al., 2017) research.
H₃ : Risk management has a positive and significant relationship on fraud prevention. This means that if the risk management is strong then the prevention of fraud would be success. Although our results were supported statistically, we found that risk management has not yet been built in the direction of fraud prevention, including the standardization of risk categories, risk owners, and rewards for regional work units (SKPD) that could manage the risk well organized. However, the results support the findings of previous researcher (Rozmita & Mohammad, 2015).
H₄ : Internal control has a positive and significant relationship on fraud prevention implies that internal control contributes towards the effectiveness of fraud prevention. It could therefore be concluded that if internal control is extensively and dynamically improved it would greatly reduce fraud. This outcome is constant with the research of (Hidayat BT et al., 2008), (Ratna Mappanyuki, Hari Setyawati, n.d.), and (Rae & Subramaniam, 2008).
H₅ : Understanding of risk assessment regulations has a negative and weak significant relationship on fraud prevention. This means that if understanding of regulations is weak it will translate to increasing fraud and if understanding of regulations is strong then it would be reduce fraud. This result is supported by the research of (Dhermawati, 2013) and (Yudistira et al., 2017).
H₆ : Internal control has a positive and significant relationship on fraud prevention through risk management. This means that if the risk management is strong moderates the internal control implementation, the prevention of fraud would be strong. Statistical inference revealed the result but risk management has not been evaluated effectively by the internal auditor, especially in the direction of fraud prevention. This can be seen from the risk assessment guidelines that apply in the Tangerang City Government, there are still gaps that should be evaluated to build more effective risk management, among others related to: the regulation of risk management has not been set, the risk impact standardization has not been determined, the standardization of causes of risk has not been determined yet, there is no regulation on risk map yet, and there is no risk management structure has been established. This outcome is in harmony with the research by (Ratna Mappanyuki, Hari Setyawati, n.d.).
H₇ : Understanding regulations has a negative and weak significant relationship on fraud prevention through risk management. This implies that the understanding of regulations through risk management is a significant contributing factor to increasing or reduce the fraud. This happens because risk management is still not built into fraud prevention. The Risk-based Annual Supervision Work Program (PKPT) has not yet been fully implemented by the Tangerang City Inspectorate as an internal auditor institution. Risk management is only limited to fulfilling formality obligations so that the submission of the Budget Work Plan (RKA) is approved. Thus, the result of this research in link with the result of research showed by (Yudistira et al., 2017).

Suggestion
Based on the conclusions above, we would seem to suggest that this research could be used by government as a study material to evaluate the regulation to managing risk government with the following suggestions: 1. The first hypothesis proves that if the implementation of internal control strong then the risk management would be strong. To prevent this achievment, risk assessment as a second component of internal control need to be evaluated periodically. 2. Providing educational facilities for selected employees to obtain risk management certification in order to become change agents of risk management within the Tangerang City Government. 3. A risk management context should be contain in the Mayor Regulation on risk management. The regional government risk management context is broadly classified into: regional government strategic risk management, regional work units (SKPD) strategic risk management and regional work units (SKPD) operational risk management.
In setting the context it should also include who the risk owner is, and reward for regional work units (SKPD) who can manage the risk well. 4. Effectively control physical access to an asset, facilities, and information. 5. The impact of risk management standardization, especially towards fraud prevention should be contain in the Mayor Regulation on risk management. The risk impact categories that are widely used by government agencies include: reputation risk, performance risk, financial risk, and legal risk (fraud). 6. The standardization causes of risk and risk map should be contain in the Mayor Regulation on risk management. A commonly used as standardization of the causes of risk are man, money, machine, and method. The risk management structure also needs to be included in the Mayor Regulation. The risk management structure generally consists of the risk management committee, the risk owner unit as the first lines of defense. Next up is the chief risk officer who is supported by the risk management unit, and the internal compliance unit as the second lines of defense and the internal audit unit as the third lines of defense.
7. Risk assessment approach should be consideration in planning supervision of the auditor internal departement. Beside that, the government should providing risk assessment application with the intention of it could be monitored in real time, so that a monitoring report on the risk assessment could be processed.