1. Introduction
The main function of accounting is to provide reliable information about organizational activities [
1]. In view of this, control activities ensure that the accounting transactions are being properly recorded, the events and the true equity bookkept, economic and financial situation of an organization disclosed according to standards. However, in recent decades, several organizations have had their names mingled with fraud, showing, therefore, that the systems of external and internal control have failed at some national and international levels, thus generating concern, and shaking the relationship with investors. In fact, corporate fraud has become a worldwide phenomenon with large and far-reaching consequences on virtually all firms’ stakeholders and the economy as a whole [
2].
In the same line of thought, Karyono [
3] observed that it could be likened to organizational activities that “have grown from uncertainty to risky situations, similarly fraudulent”. In this context, the Brazilian Anti-Corruption Law No. 12,846/2013 provides for administrative and civil liability of legal entities for the practice of illegal acts [
4].
In some cases, the reason was the greed of some individuals to falsify records and or alter the order of things to obtain their own benefit. For instance, the Enron case—tax fraud scandal in the energy sector, which has raised doubts about the integrity of the United States’ financial system and has resulted in actions that curb tax crimes and illicit practices—after analyzing evidence and deliberations, it was concluded that Kenneth Lay, founder, and Jeffrey Skilling, ex-president, conspired to artificially inflate profits and that they took steps to hide the millions in losses and distort the true financial condition of the company. Through these actions, it was possible to divert the company’s money for personal use. Noteworthy, that accounting fraud is all the means used to purposely manipulate a company’s accounting information, whether with the intention of passing on wrong information to investors, or to omit information in order to reduce the tax burden, or to benefit third parties or oneself. Similarly, fraud is the main source of human greed and the absolute arrogance of human nature, and this is innate in those who perpetuate it, who are never content with what they have, or always take advantage of a perceived failure of control [
5].
Frauds are made with the intention of not being detected. They would hardly be identified during the audit work, so the accounting controls through the control environment assessed by the auditors seek to preserve the company’s image and reputation, through the assessment of internal controls to monitor and report what happens in the company, inasmuch as their effectiveness avoids errors, protects assets and provides reliable information to stakeholders. In the same vein, frauds may be rooted in material misstatement provoked by overriding of internal controls. So, an eye on the control structure is necessary to track any loophole being eventually created so that it would be perpetrated later. In agreement with Wulandari and Nuryatno [
6] the effectiveness of internal control systems will increase fraud prevention in the organization.
In this logic, internal audits aim to “help organizations carry out adequate controls, evaluating their effectiveness and efficiency and encouraging continuous improvement” [
7] (p. 55). Thus, “the risk of fraud requires the internal auditor to develop preventive measures to prevent them” [
8] (p. 11). For ACFE [
9] a factor of fraud in the company is caused by the low performance of internal controls, these must be processes carried out and controlled by governance, management and other employees in order to impress trust and compliance with the entity’s objectives. The implementation of internal control contributes to reducing management complicity in relation to fraud [
10]. In agreement, Agoes [
11] (p. 162) adds that “reliability must extend to the financial statements, which will result in efficiency and effectiveness of operations in compliance with the laws”.
In the same line of thought, internal controls are actions that can occur in different ways, depending on the segments of the organizations. Just as fraud can happen in any organization, regardless of the sector or type of trade they are in; it is noteworthy that no matter how many controls exist, there are situations that can lead a person under pressure to resort to fraud, as described by Cressey [
12], in his triangle of fraud model. There is pressure to avoid personal failures, or to want to maintain a status, that is, a high standard of living incompatible with the remuneration received, and even the pressures for the company’s performance to look good. Typically, these individuals have been with the company for years and hold a position of trust and take advantage of their knowledge of the internal controls, or their inefficiency. De facto, internal control quality on management guidance have potential implications for other management decisions [
13].
Prior studies focused on the conceptual framework, Imoniana and Nohara [
14] highlighting the most important dimension of Committee of Sponsoring Organizations of the Treadway Commission (COSO) as control environment. Maybe because it acts on the umbrella level of control activities in the organization. Control environment positively and significantly influence fraud detection and prevention in the institution [
15]. In the same vein, expanding on the foundations of fraud theory, and a simple model of fraud, followed by the well-known Fraud Triangle [
16] and the similarities of the corporate frauds [
17]. Also, in the recent literatures Kupec et al. [
18] drew on practical comparison of internal audit and internal control concepts in the marketing environment. While Pham [
19] investigated how internal control affect bank credit risk of joint stock commercial banks in Vietnam. They found that internal controls have an impact on bank credit risk. Ma et al. [
20] explored the relationship between internal control, environmental investment, and green innovation using data from 2014–2019 for A-share listed companies in Shanghai and Shenzhen, China. All the mentioned literatures have not been able to connect the internal control functions to sustainability development goals in view of curbing corporate frauds. In this vein, drives a need for the current study to explore this gap for the study of Internal Control Functions (ICF) in connection to sustainable development goals to combat fraud.
Thus, it is augmented that the internal control environment influences sustainable development goals in order to combat corporate fraud. Investigating the control functions and understanding their activities in the mitigation of accounting fraud and errors does become quintessential. Therefore, this research aims to analyze how the internal control environment connects to the sustainable development goals (SDGs) to curb corporate fraud and thus contribute to the improvement of management processes, so that organizations are able to work more on mitigating controls that prevent errors and even frauds.
After this introduction, the remainder of this paper is structured as follows.
Section 2 presents the underpinning literature.
Section 3, the outline of the research question and methodological procedures.
Section 4 is followed by the results and the analysis of the study.
Section 5 discourses the findings in the phase of the theoretical standing. Finally, in
Section 6, the study presents the conclusions.
2. Underpinning Literature
To further throw more light into the underpinning literatures which have been cited in one way or the other above, the study expatiates on the internal control environment, Sustainable Development Goals (SDGs), conceptions of corporate fraud, the mechanisms to combat fraud, the efficiency in combating fraud and lastly the summary of the conceptual relationships.
2.1. Internal Control Environment
The internal control environment includes a network of functions present in organized activities, in which “one designs and implements the accounting processes and internal controls. The main resources of this environment are harmoniously coordinated so that they are effective, and these are guided by strategies, policies, standards and business procedures” [
14] (p. 39). Internal control is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance [
21] (p. 5).
Committee of Sponsoring Organizations of the Treadway Commission (COSO) was created in 1985 in the USA, with the objective of preventing fraud and establishing improvements in the process of financial reporting. In 1992, COSO published the “Internal Control—Integrated Framework” [
21] that defined the concept of internal control, it also enhanced the arrangement of structures that would allow a better assessment of organizations and controls that would guarantee better operational, communication and compliance management.
In this period, a series of scandals involving organizations known worldwide were exposed. It was in this context that the Sarbanes-Oxley Act was most prominently enacted in the USA in 2002. In Brazil, the Anticorruption Act 12.846/2013 [
4], enacted in 2013 and which are clear examples of the government’s effort to ensure reliability in the business environment supports the effort to curb fraud and also discourage corruption. According to the Anticorruption Law Brazil [
4], “it provides for penalties such as an administrative fine—of up to 20% of the company’s gross revenue—and the leniency agreement instrument, which allows for a faster recovery of damages, in addition to investigative leverage”.
Generally, the internal control system has five components, but in 2004, COSO published the Enterprise Risk Management—integrated framework, this publication became known as COSO-II or COSO-ERM and underwent some changes with few components that were added [
22,
23]. COSO-II had as a proposal to expand its categories so that it had a more strategic vision, it has a more strategic scope related to the company’s business.
Furthermore, in the new publication, adaptations were made and in 2013 we arrived at the version (Internal Control—Integrated Framework Executive Summary) that prevailed as an auxiliary management tool, aimed at all hierarchical levels, and reflecting changes in the business environment. In fact, according to this said publication, the internal control system consists of five components: control environment, risk assessment, control activity, information and communication, and monitoring [
21]. These components can be further expatiated on as follows.
The control environment is responsible for the pace of the organization. According to Deloitte [
24] (p. 2), “control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization”. It influences the awareness of the idea of control in the minds of the people who work in the organization. In the first moment, the organization must establish its ethical values and its commitments—defining the functions of the entire administration.
All employees, regardless of hierarchical level, must be aligned with the company’s values, following all codes of conduct, and carrying out all types of training, standards that have been designated and human resources policies. For example, being able to whistleblow incorrect or suspicious cases. Ought to consider top management as affirmed by the International Organization of Supreme Audit Institutions (INTOSAI) [
25] (p. 19) that the attitudes established by top management is reflected in all aspects of management’s actions. The commitment, the involvement and support of top government officials and legislators in setting “the tone at the top” foster a positive attitude and are critical to maintaining a positive and supportive attitude towards internal control in an organization.
The second component is risk assessment, responsible for identifying, understanding, and categorizing between external and internal risks. Risks are assessed according to departments, sectors, processes and they are monitored with the independent controls. Vaughan and Vaughan [
26] (p. 30) revealed that, “risk management deals with designing and implementing procedures that minimize the occurrence of loss or the financial impact of the losses that do occur”.
The third component is control activity; it serves as a policy and procedure to ensure that the guidelines are being followed. The control activity can rely on technology, through systems developed by the company, or through control activities such as policies, segregation of activities, review, verification, reconciliation, supervision, and authorization for certain procedures to occur.
The penultimate component is information and communication. It is the activity responsible for identifying the events and informing those involved which measures will be adopted. The information must be of quality and timely appropriate, also current, accurate and available since everyone who needs it must be able to access it. INTOSAI [
25] (p. 35) revealed that “Information systems produce reports that contain operational, financial and non-financial, and compliance-related information and that make it possible to run and control the operation”.
Last but not the least, we have monitoring, a process that assesses the quality of the performance of internal controls. The other components may even exist, but they will not be useful if some form of monitoring is not done, periodically. De facto, it is the manager who has the task, to monitor all the control procedures, with the managerial monitoring functions. Periodic meetings, making checks and balances, comparing budget and realizations, oversee what the team has done in regard to accounting functions, constitute monitoring. It is necessary to carry out continuous evaluations and monitor the level of commitment of the employees so that the internal controls can efficiently analyze the operational monitoring while also being able to map corrective actions within the ideal time, if necessary. Within this component, we have a stronger presence of the internal audit, which is responsible for verifying whether the internal controls are being effective, appropriate and are being carried out in the best way.
Therefore, it is clear that internal control, regardless of the type of organization, aims at a risk-oriented approach. A good model implemented in organizations can provide confidence, compliance with laws and improvements in the use of resources.
2.2. Sustainable Development Goals (SDGs)
Considering the social well-being, the United Nations (UN) decided to take the bull by the horns in order to protect the planet, so that the current demands were met, but without harming the next generations. In other words, pave a way for a better generation to come.
So, in September 2015, the 193 member countries of the United Nations came together and adopted a measure aimed at sustainable development, the 2030 Agenda [
27]. The agenda covers 5 issues (or the “5 Ps”): people, prosperity, peace, partnerships, and the planet.
The objectives intend to end poverty; world without hunger, that people can eat three square meals, healthier, through more nutritious agriculture. Issues such as health, education, gender equality and inequality are also included in the objectives. Thinking about the environment, one have the protection and conservation of aquatic and terrestrial ecosystems, as well as urgently thinking about actions to combat climate change. In this way, private organizations are also involved in actions that promote more decent work environments, without harming the soil itself or economic growth.
Organizations are becoming signatories to the Global Compact and end up having some opportunities to be able to operate in new markets, attract new investors and have an appreciation of the company’s image, which adds in a positive way to its stakeholders.
Objective 16 “Peace, Justice and Effective Institutions” See
Figure 1, aims to reduce violence (physical, sexual, or psychological), end abuses, exploitation and trafficking of children, ensure equal access to justice, reduce illegal weapons and reduce corruption. Also entail developing more transparent organizations, ensuring inclusive decisions, strengthening the participation of developing countries on a global scale, providing legal identity for all and public access to information.
Goal 16.5 aims to drastically decrease corruption and any kind of bribery, especially tax evasion. For this reason, it is so important to have good internal control, in order to avoid that those invoices are not issued, or that the amount is wrong, or with fraudulent amounts. Thus, objective 16 of the SDG is a good means of ensuring decreases in corruption, especially for ministries of justice, whose remunerations, in most cases, are higher than those of other ministries are monitored.
By guaranteeing the lowest number of frauds, the government now has more revenues to be able to meet societal expenditures—such as health, education, transportation, leisure and tourism, among others. Therefore, it would contribute to the goal and to the development of the society. Brazil, according to the dashboard developing to follow the progress of countries with respect to Agenda 2030, is in a bad position, with most of the challenges remaining.
2.3. Corporate Fraud
The word fraud originates from the Latin and according to the Cambridge dictionary, fraud is: “something illegal a person does in order to get money” [
29]. In the case of accounting fraud, it is for profit, and the vast majority are misappropriation of assets Imoniana and Murcia [
17], that is, the theft of revenue from the organization, its inventories, payroll fraud and the misuse and illegal use of a Commercial transaction. Some common and practical examples are the acceptance of bribes, extortion and even conflicts of interest. Fraud in financial statements involve the intentional misrepresentation of financial or non-financial information to mislead others who depend on them to make economic decisions. Common examples such as overestimation of income, liabilities or expenses are frauds that have grown overtime among employees. KPMG’s Fraud Survey 2003 [
30] documented a marked increase in overall fraud levels since its 1998 survey, with employee fraud by far the most common type of fraud and also the survey also noted that fraudulent financial reporting had more than doubled from 1998 Wolfe and Hermanson [
31]. KPMG [
32] Insider threat was the most significant fraud and corruption challenge also, those with inside knowledge are often best placed to exploit vulnerabilities and take advantage of an organization when it is distracted and are often able to take steps to conceal their conduct and delay detection. This trend seems to be in line with the uncalled-for large accounting frauds practiced by employees in charge of top operational responsibilities.
Fraud cases can occur regardless of the sector, as exemplified by the Enron case [
33], an energy company that went bankrupt in 2001, and the Lehman Brothers case, an investment bank and provider of other services that operated globally. However, there are some frauds that may be more associated with some characteristics of the sector. In the case of health insurance, we have schemes related to false charges and adulteration of diagnoses. In the real estate sector, there may be what became known as the
Ponzi scheme, fraudulent negotiations in a pyramid scheme that involves promises of high returns in a short period, thus, false statements from brokers occur. There are also schemes for financial institutions that create new mortgage accounts and loans. Therefore, each sector has its own particular fraud.
In addition to accounting fraud, cases of corporate espionage can occur when information about business plans, customer or product information is passed on to unauthorized individuals. There is also a risk of misuse of sensitive information for personal performance or passing it on to competing organizations.
Another aspect that must be considered is the reason that lead people to commit fraud. The fraud triangle, a model developed by Donald Cressey [
12] is conditioned by three factors: rationalization, opportunity, and pressure. The study was done by the sociologist through interviews with fraudsters.
The first aspect is the pressure caused by financial problems, a potential fraudster must feel that the pressure is not shareable, that it must be dealt with alone. The fear of loss by occupation, or standard of living, makes the individual generally believe that the problem is impossible to solve legally. Therefore, if the problem persists, the end result will be financial collapse. Often, the pressure problem is related to a personal or external problem, such as excessive debt or job loss.
The second aspect of the triangle is opportunity, which is often related to the necessary knowledge, information, or inadequate internal controls. In this second aspect, it is more common for two, or more, people to commit fraud by collusion and conspiring to gain access to parts of the system.
Finally, we have the question of rationalization as the last side of the triangle. The act itself is justified by situations and reasons, usually personal reasons. One can quote, for instance, the ideology that a person does not feel recognized in his work or have the feeling of being smarter than the people around him, therefore, they commit fraud justifying that they are getting something that would be rightfully theirs and merit.
Certainly, there are several reasons that lead people to commit fraud, so within the company there are incentives to report suspected cases. For example, pressure and coercion within the organization or an individual’s unwillingness to share tasks, or even go on vacation for fear of discovery and involvement of another person in their activities.
Occasionally, the fraudster who steals to relieve financial pressure may be tempted to get extra money and at that point, the accidental fraudster can turn into a regular fraudster. With that in mind, organizations adopt measures, such as internal controls and the hiring of forensic accountants. Forensic accountants are used by assurors, lawyers, government agencies and companies of all sizes, from small businesses to multinationals, in analyzes needed in courts of law as expert support. They are necessary in cases of fraud and embezzlement, as well as matters involving insurance, personal injury, business disputes, business interruption, divorce and marital disputes, construction, environmental damage, cybercrime, product liability, business appraisal, to mention just a few.
2.4. Mechanisms to Combat Fraud
Studies [
26,
34,
35,
36,
37] emphasize that the risk of fraud is related to lack or inefficiency in this sense of ICF; organizations need to implement good governance and control practices in order to strengthen trust and improve organizational performance [
37].
An effective internal control system is the major mechanism to curb fraud in organizations. For example, the Sarbanes-Oxley Act (2002) requires an annual audit of organizations that report to Securities & Exchange Commission (SEC) by providing management’s report on their internal controls, and Australia’s ASA 210 requires auditors to evaluate the design of the internal control systems to assess the risk of fraud [
34].
Thus, the level of risk has to be mapped and counteracted with a mitigating approach for either preventive, detective, or corrective controls implemented by the management, considering the volume of resources available to the decision maker. In the same vein, Vaughan and Vaughan [
26] (p. 17) observed that risk is, “a condition in which there is a possibility of an adverse deviation from a desired outcome that is expected or hoped for.” The same authors stressed on risks between physical, morals and ethics. Physical risks are related to actions, behaviors or physical conditions that pose a danger. In the case of moral risks, they refer to risks resulting from immoral behavior, such as lies or fraud. Finally, moral hazards result from conditions or circumstances that tend to lead people or institutions to adopt a more careless or reckless attitude. Some risks, when neglected, can cause an extremely negative exposure for the company. There is a chance that the organization is associated with fraud, or with errors. In addition to internal controls, it is necessary to adopt mechanisms to combat fraud, so that the risk decreases.
A survey by Deloitte, in 2019 [
38], on fraud surveillance, showed that the mechanisms adopted are prevention, detection, investigation, correction and monitoring.
While a Global Research Report on Economic Fraud and Crime conducted in 2018 by PwC [
39] reveals how technology works as an ally in combat, through predictive analysis, voice recognition, natural language generation, natural language processing and machine learning. Use of passwords and protection software are essential for prevention, too. As well as the use of antivirus, system update and firewall, ensuring that information is not defrauded either by internal or external users, through techniques such as phishing.
Thus, in the era of technology, investing in this area to curb fraud is not always something that organizations are willing to study and implement in their budget without conviction, but may be at disadvantage in the market if it is in the same sector where such resources are advancing. Therefore, it is up to companies to adopt other mechanisms, such as anti-fraud organizational training in support of any employee lack of awareness. It serves to keep employees always up to date and in line with their responsibilities, especially with confidential and sensitive information.
2.5. Efficiency in Combating Fraud
It is important to remember that fraud is a crime and is subject to a fine or penalty of 1 to 5 years imprisonment in Brazil. Thus, organizations seek measures that aim to maintain the work environment to adhere to code of ethics by respecting its values, therefore, there are several channels for reporting within the organization. Most of the times, they are anonymous channel that enables whistleblowing with perfect protection for the person who reveals the fraud scheme. It is capable of dealing with and properly handling complaints with utmost secrecy in order to address any case of fraud with appropriate responses, because to be taken seriously, policies should streamline adequate measures, so that people who think about committing fraud, know its consequences. According to Ozili [
40], research on fraud is of paramount importance because investors and the public depend on the reliability of information disclosed in financial reports.
The adoption of a fraud prevention policy, as well as compliance and risk committee, ensures that management has greater control over its environment. This is same with the adoption of general administrative policies, human resources policies, internal controls, and IT with special attention on security policy. All these measures need to be clear to employees, either through interactive training, such as a simulator, or by reading the rules and regulations available to the employee who should read and be sensitized about the subject.
According to Perera, Freitas, and Imoniana [
35], informational asymmetry is another factor that allows a scenario for fraud to occur, as it is one of the main reasons for the fraudster to come up with a context to practice the act aiming at personal advantages, causing problems for third parties. Thus, internal and external audits guarantee a reduction in information asymmetry and monitoring of company activities that helps to prevent fraud cases.
2.6. Summary of the Conceptual Relationships
The Conceptual Relationships in
Figure 2 developed using the coggle platform tends to summarize the literature review. From the accounting perspective at the core of reporting, it was possible to relate fraud to assurance of accounting information, by analyzing the scenario, risks, preventions and how this can impact sustainable development, especially thinking about the 2030 agenda proposed by the UN. This study de facto paid much emphasis to SDG 16, Promote peaceful and inclusive societies for sustainable development, provide access to justice for all and build effective, accountable and inclusive institutions at all levels. As encapsulated in its sub goals, having as function the development of more transparent institutions with participation of every individual. Meaning to emphasis all tiers of the government and the stakeholders at large. Thus, it was possible to relate the development of internal control mechanisms, especially with the definition of what is proposed by COSO framework through its publications and division of the components.
2.7. Context Based on Brazilian Environment
Owing to the singularity of the Brazilian environment, with special participation to upholding the resources of the amazon, makes it unique in environmental preservation. Brazil has been termed as the heart of the world because Amazon has the largest biodiversity on the planet. The representation of Brazil in cushioning the world in regard to the provision for the natural resources of the Amazon, makes it special when we discuss issues relating to ESG [
41]. Imoniana et al. (2020) [
42] notes, it also stands out because it has the largest rainforest and the richest biodiversity in the world and a population of more than 200 million inhabitants. De facto, the Amazon stores the equivalent of five years’ worth of global emissions that sums all of the world’s five-year carbon emissions.
So, when we visit the issues of SDG in Brazil it is synonymous to mandatory compliance to the rules by the management of the organizations in this environment. In the same way of thought [
41] observed that the Central Bank of Brazil with the role of a watchdog, eventually suggests the guidelines for sustainability reporting. Central Bank of Brazil launched a sustainability agenda in September 2020, with the objective of standardizing and monitoring the national financial system in sustainability aspects [
43].
Nonetheless, the issue of internal control to assist in curbing fraud becomes a bone of contention in upholding the role of sustainability in this environment as a result of diversified interests. It has become rampant in the media, reporting cases of fraud amongst the civil servants in Brazil. Apart from the Enron case, that also affected Brazil, there have been cases of Parmalat, Banco Panamericano, just to mention but few and recently a most notorious case of Car Wash (Lava Jato) that corroded the top tie government officials still being judged till date, as Supreme Court advice not to have a prejudgment. Milton Ribeiro falls amid the worsening of the crisis that began after reports pointed out that evangelical pastors would be charging bribes to release funds from the ministry [
44]. Being a fresh case involving the Minister of Education in the schema of providing kickbacks to his cronies. However, no hope is lost, the creation of Anti-Corruption Law No. 12,846/2013 [
4] signal a light at the end of the tunnel.
3. Research Question and Methodological Procedures
In order to examine how internal control environments, connect to sustainable development to curb corporate fraud, this paper sought to answer the following research question: How do internal control environments connect to sustainable development to curb fraud in Brazil?
To answer this question, the study adopted a qualitative research approach anchored on a discourse analysis. For Richardson [
45], qualitative research is a way of studying the nature of the social phenomenon and a valid research option. Qualitative research proposes describing and studying subjects’ actual actions in real-life contexts Gephart [
46].
In the same vein, the discourse analysis followed Laclau and Mouffe [
47] and Bourdieu [
48]. According to Laclau and Mouffe [
47] (p. 96) “whereas the classical notion of ‘real object’ excludes contradiction, a relation of contradiction can exist between two objects of discourse”. And in the same way of thought, Bourdieu [
48] observed that in particular social conditions, certain words do have power.
Furthermore, data corpora and methods provide a concise description of the source of data and the means of their interpretation, as well as what supports the inferences being presented.
3.1. Data Corpora
Interviewing 20 respondents who are either independent auditors, internal auditors, or employees of the controller’s department of a conglomerate of ecommerce, paved way for the analysis and triangulation with archival data derived from control environments. Concerning the interviews, data corpus was from the narratives of employees of the controller`s department of a mentioned conglomerate and auditors. Also performed a content analysis of archival data derived from control activities of the organization and mounting data of 2030 UN agenda.
3.2. Method
The interpretive constructivist perspective drawing upon discourse analysis is the focus of this study as per Laclau and Mouffe [
47] and Bourdieu [
48]. Preferring this method, Guénin-Paracini, Gendron, and Morales [
49] drew upon argument that relies on a macro analysis of discourses surrounding the Global Financial Crisis to better understand why neoliberal governance is so resilient to the crises that frequently affect all or part of the economy. In the same vein, this method is adopted to unveil the understanding of phenomena such as controls in organizational environment and fraud in connection to sustainability.
The model adopted for discourse analysis was the one based on interviews conducted through an interview guide that assists in constructing the data on lived experience of the practitioners and employees within the organization about control environments and fraud mitigation processes. In effect, there was a reaffirmation of the participant’s consent in relation to the research, and it was decided to omit the name of the interviewees to maintain anonymity. Professionals interviewed bear specific knowledge of the accounting department, the experience of auditing and SDG. The interviews were conducted online with open-ended questions during the period of 13 March 2021 and the respondents were allowed to respond to the questions freely. The respondents were aged between 25 and 40 years, with a diversified year of working experience in the field of auditing and controllership departments.
Subsequently, such responses were thematically analyzed in order to verify from a broader perspective and with a more symbolic reasoning. The demography of the respondents is available in
Table 1.
Still, a thematic analysis coupled with discourse analysis assisted in organizing the ideas and significances derived from the contemplations of the results. De facto, after transcribing the interviews, it was possible to verify the relationships that emphasize internal control and the issue of fraud and sustainability. According to Bourdieu [
48] (p. 53) “Words derive their power from an institution that has its own logic—qualifications, ermine and robes, the professorial chair, the ritual formulae, the participants’ belief, etc.”
Bauer and Gaskell [
50] (p. 75) found that “Discourse analysis is the name given to a variety of different approaches to the study of texts, which have developed from different theoretical traditions and diverse disciplinary locations”.
Again, the discourse analysis based on Laclau and Mouffe [
47] and Bourdieu [
48] were exercised in this study. A general analysis of all responses was made and separated by categories, according to the direction of the interpretations, symbols, and findings of the interviewees’ narratives.
4. Result and Analysis
Figure 3 presents a preview of the results. It shows the relationship between the internal control and collaboration to monitor activities, holding to control environment to curb fraud and the responsibilities through the control culture. Also brings to limelight, the COSO, the 16-SDG, the monitoring procedures, and the general repercussions of fraud in connection to sustainable development goals.
So, in this analysis one derives from [
51] (p. 420) that pointed out that “discourse analysts challenge the common-sense view that language is a purely descriptive medium used to convey information about the real world”. The discourse also allows a broad and critical view posed on a subject by a group of people and to interpret how a said group understands certain subjects and how it communicates. Bourdieu [
48] (p. 54) argues that “the transmission of that discourse is subject to the very laws of cultural diffusion that it sets out”. In order to further expatiate on the analysis, the code structure in other words thematic suggested by Merriam [
52] (p. 37) is used to present the results of “the analysis and interpretation—the findings—reflect the constructs, concepts, language, models, and theories that structured the study in the first place”.
4.1. Management Commitment
Through the majority of the respondents, within the dimensions of COSO control environment, fraud is manifested mainly by the lack of commitment to integrity and values, as well as the lack of monitoring of internal controls. The justification is that an internal control without supervision increases the failure to comply with the procedures, which can lead to errors that can also lead to fraud. An effective control environment allows employees to recognize their responsibilities and duties within the organization and end up motivated to commit to what has been assigned to them. Thus, it is worthwhile checking through monitoring and even recycling training so that the knowledge of employees is aligned with that of the organization.
I believe that the commitment of those endowed with the power to manage the organisation will show the examples for the running of the business (R12).
Eventually, showing the ‘tone at the top’ which would set the pace for other collaborators of the organisation would cushion this relationship. In fact, role models in this regard could be said to provide a solid ground to be toed by employees in the lower cadre.
4.2. Monitoring Activities
This study also sought to draw from item 16—Peace, Justice, & Strong Institutions of SDG, precisely on building effective accountable and even institutions for analysis and discussions. After analyzing the archives of SDG-16, the vast majority of respondents agreed that the dimension in which fraud is mostly manifested is in the attempts deemed as normal to corrupt and bribe in all its forms, and illegal movements. These are considered activities that are difficult to monitor and are easily disguised, requiring more constant and in-depth supervision. Through the sustainable development report dashboard, it is possible to verify that the biggest challenge remains objective 16 in the case of Brazil. The lack of monitoring control that is available to higher echelon people that hinders the cases of corruption. In view of what has been seen as a setback in the fight against corruption in Brazil, the Organization for Economic Cooperation and Development (OECD) has taken an unprecedented decision: create a permanent monitoring group on the subject in Brazil [
53]. This shows that the monitoring activities done by the management is
sine qua non to instill control and also enhance its adherence by whoever is to exercise the control activity. Ouchi [
54] classify the
ex post monitoring as output control.
In order to enhance the monitoring functions, the institutions have to be up and doing particularly to ensure responsibilities. Thus, following the Bourdieu [
48] perception of social world and the ways individual react to them; control environments depend on these structures.
4.3. Ethical Values and Integrity
The research tried to find out what is the similarity between the dimensions of the control environment and the objective of sustainable development-16 in relation to the fight against fraud. Thus, the consensus was that the similarity occurs in the institution’s commitment to ethical values, aiming at integrity before stakeholders, especially in the case of audited companies. The internal controls of COSO based on the monitoring activities, allow, in a way, guidelines that will promote the path for more responsible and effective institutions. In addition to the possibility of adding value to operations during a review process, due to the involvement in a series of models and rules to be followed to achieve significant standards of reliability and transparency for users of information in general.
4.4. Training as Top Managerial Strategy
In most of the evaluated cases, the company’s top management causes the internal processes to be constantly reviewed and questioned, thus, it was possible to notice that the majority adopted training to increase adherence to the internal controls. Training allows an increase in the culture of awareness and transparency about risks and the need for internal controls. In addition, there is a continuous performance monitoring and, a more effective communication. In view of the aforementioned, according to Bourdieu [
48] (p. 53), “in each historical situation, it is the whole set of factors (which are in any case not independent) varies, upon defining the power relationship and, consequently, the strategies aimed at transforming it”.
In line with this, R1 and R3 observed:
Top management has enabled greater speed and assertiveness in the response to possible flaws in internal controls, creating training as effective action plans in the treatment of these flaws.
Other methods that can be adopted to contribute to the adherence to internal controls are the establishment of more challenging goals, creation of effective programs of compliance, so that safer ecosystems are developed for organizations in general.
4.5. Interconnection of Internal Control Dimensions
Through the interviews we verified the superiority of the control environment among other dimensions of COSO in view of SDG to curb fraud because it is through the control environments that institutions demonstrate independent governance structure and promoting the assumption of responsibilities by employees. Thus, the successful manipulation of control environment is seen as the best way to curb fraud, as it is responsible for the corporate culture that actively seeks to curb illicit and harmful acts. Based on this culture, this mental state, the employees of this company will seek to create conditions to identify and prevent fraud, contributing SDG-16. However, it is worth mentioning that it was possible to verify that, in the opinion of the majority, the control environment can only perform its functions correctly, if there are other components, so it does not function in isolation. Alone it would not be one hundred percent effective. Control activities, for example, will assess whether the top management is actually fulfilling its objective through the establishment of rules of compliance with the internal policies and procedures, which are the basis of work for the internal audit. In addition, in order for the various areas of the organization, as well as internal audit to actually be able to spend energy effectively, it is extremely necessary to adopt a continuous process of assessing risks and controls, which must also guide the work of internal audit through assessment risk matrices. Thus, we realize that control environments, when combined with other environments and dimensions, collaborate in the awareness of associates, monitoring their activities and the consequent reduction in cases of fraud.
4.6. Monitoring of Errors
The independent procedures otherwise monitoring, which can be manual or automated through a system serves as a vigilance for the actions exercised by the collaborators. Simons [
55] characterized it as Diagnostic Control Systems (DCS) which are information systems that managers use to monitor organizational outcomes and correct deviations from present standards of performance. So, even though they do not interrupt the day-to-day operations, they act on the preventive and corrective level of controls.
Thinking about the preventive and detective controls adopted by the areas, half of the interviewees observed that the interplay of information usage is the most adopted method. One of the main reasons is the ease of evaluating the information, either in a direct way (through statements by the organization and third parties), or indirectly, so that it is possible to identify errors, fraud, money laundering. The second most used method is the follow-up method, which ensures that if a problem is identified, measures are taken to correct these errors, showing that the remedies have been tracked. In addition, other methods that collaborate for more effective internal controls are the use of transaction records, verification of subsequent events and data analytics, all of which help employees to learn more about the business and to reduce the levels of errors.
4.7. Effectiveness of Internal Controls
Having an eye on what goes on with monitoring tools that are not merely operational through assessment may turn the independent controls to be more effective. In fact, from the elective of monitoring procedures that are managerial, many chose training as a good means inasmuch as it helps to avoid errors of principle, or it enhances innovation in some manners. Other procedures that have been commented on are the review of control reports using automated procedures, the review of policies and standards.
R8 said that,
In my experience, I think that continuous assessment with external audit firms and the internal audit department helps and force management to appreciate compliance with internal controls.
In addition, R11 opined,
I believe that having more challenging goals is a good way to have internal control, since to implement a new goal, it is necessary to have a review of activities and find errors and even improve existing processes.
This certainly could be arrived at if a cycle such as the PDCA (Plan, Do, Check, Act) could be toed in order to create a room for continuous recycling and innovation for better running of the organisation.
4.8. Building a Sustainable Organisation as Per Auditing
The vision portrayed by the external audit on going concern is to assure the integrity and financial reality of organisations in view of sustainability. Through independent reports, the information being released gains greater credibility and helps external users, such as investors, for example, in their decision-making and opinion about the organization.
Through the interpretation of the interview, it became clear that for workers, there is a hierarchical control and supervision of activities. These reveal the presence of a “politics of production” and challenge the idea that the development of capitalism is the effect solely of the laws of competition and the exigencies of accumulation. Richard Edwards [
56], in Contested Terrain, distinguishes three main forms of control: simple control based on vigilance; technical control, corresponding to the subordination of the worker to the rhythm of the machine as found on the assembly line; and finally, bureaucratic control. In respect of this, Laclau and Mouffe [
47] observe that it manifests through the institutionalization of hierarchical power—by which control depends no longer on the physical structure of the labour process, as in the previous case, but on its social structure.
In the words of R11,
External auditing can verify certain accounting and practical aspects of sustainable policies adopted by organizations and ensure that the disclosure of this information is been done correctly and in accordance with international standards.
In addition, R15 and R19 said that,
The objective of the external audit is to verify all the accounts in the company’s financial statements and see if they represent a fair image of the organization being audited, if it is demonstrating the truth, the impact is positive for society, especially if the company in question does social actions.
The external audit can assist with the identification and questioning of possible deficiencies in the business model, so that processes can be changed, without running the risk of disclosing with material misstatement. In this regard, after validation by the external auditors, it is more certain that the actions taken are really aligned with the sustainability strategy. Within the actions aligned with those of the SDG, organizations are committed to improving the management of climatic factors and enhancing the transparency of practices.
4.9. Internal Control Connection to SDG to Curb Fraud
In an uncalled for scenario, if a management is involved in a fraud scheme and is discovered, according to the data collected, the vast majority agree that in qualitative aspects, fraud would cause information asymmetry and negative relationships. Also, in the most critical cases organization would lose credibility, trust, reputation and in the most extreme scenarios could go bankrupt.
Since internal controls are the works of the management and they do not seem to be concerned about its effectiveness, nobody would believe in the existing process in view of sustaince (R19).
Sustainable development could be hindered since its connection to internal controls could be deemed as weak inasmuch as there would be problems with the instituions such tax authorities, with fines and a number of consequencies. Thus, it was possible to see that in the majority’s opinion, the company and its stakeholders (suppliers, customers, investors, etc.) would be committed, to actions related to sustainable development, as well as the subject of greater transparency in response to the situation.
In the same line of thought, R16 observed,
The company will lose resources, mainly with the policies of other organizations of not being related to fraudulent suppliers and fraudulent services. Many people will be laid off and the image on the market may be tarnished, thus harming the entire local population.
In the opinion of R4 depending on the degree of fraud, there could be an administrative change, adds,
The company’s visibility as sustainable would be affected, however, there would be a strengthening of internal controls and an increase in actions in order to improve the company’s image.
4.10. Repercussions of Fraud
Analyzing the responses, it was possible to verify which are the most commented words related to the impacts on operations in the qualitative aspect shown in
Figure 4. Thus, noteworthy that among the words, there is an emphasis on the negative aspect that would have on the company’s reputation and credibility, since many customers and suppliers would not like to be associated with a company that commits fraud. If stakeholders continued to patronise, there would always be a distrust and even a negative relationship. Other highlighted aspects are the political impact and the information asymmetry that this would cause, which can lead to the bankruptcy of the company and consequently to the unemployment of its employees.
Additionally, there is also an aspects related to efficiency shown in
Figure 5. Evaluating the words, it is noticeable that effectively, the company may have to pay fines, in addition to providing incorrect values, hampering the goals, the financial costs and the results. Thus, if the company decrees bankruptcy, in addition to the damage it would cause, it would have the problem with the financial impact caused to everyone involved, for example with unpaid dividends.
Overall, the study is impactful inasmuch as understanding the processes of internal control is necessary to promote improvements and generate more egalitarian society with tracking of fraud, comparing values and lively institutions [
57]. Thus, an effective internal control environment may characterize a hope in the institutions in view of their functions in enhancing the sustainable development.
5. Discussion
All said and done, results demonstrate that there is no significant relationship between the connection of internal control environment and the sustainable development goals aimed at curbing frauds. The effectiveness of internal control function (ICF) is tied to policies, management tone, connection of management procedures entangled with efficiency and accountability, and enforcement and obedience of rules and laws. Therefore, the argument that the internal control environment influences sustainable development goals in order to combat corporate fraud is parcially satisfied particularly when effectiveness of control is addressed. Thus, the bone of contention remains the curbing of fraud. Through data collection, it was possible to verify that, in the opinion of the majority of the respondents, within the dimensions of the COSO control environment, fraud is manifested mainly by the lack of commitment to integrity and values, as well as the lack of supervision of internal controls, in other words, monitoring functions. Since monitoring function is an administrative function of the higher echelon, if imbuilt with fraud scheme could be weakened in view of its perpetration. In the course of this, the experience of these respondents may be termed as perceptible conundrum however, this study ties to bring to limelight the say of these players in the realm of internal controls and sustainable development.
Even though [
20] mentioned that improvement of internal control has a significant positive impact on firm`s active adoption of environmental protection investment, the case is not the same when the issue of curbing fraud in view of SDG comes to limelight. So, firms should embrace a free fraud zones in their environments, the only panacea to enforce internal controls in view of sustainable development.
There are lots of discussions surrounding internal control, but it became clear that the seventeen COSO principles will only be useful if they are implemented together and that those responsible for governance, who are often not present in their daily lives, have a more critical view of what is happening. In this way, it is common for organizations to create committees, or to align actions with those responsible for key functions are adhering to internal controls in order to set the tone. From the results of the analysis, it was possible to verify that the organizations end up opting for training, since it is a way to recycle a certain subject and to make a certain subject more dynamic and interactive, instead of a meeting. According to Chiavenato [
58] (p. 367), “training is the systematic process that involves a change in the skills, knowledge, attitudes or behavior of employees, encouraging them to be more productive towards achieving organizational goals”. Evaluating the main monitoring activities, crossing information and follow-up are carried out through information systems that guarantee better data treatment, through the input, processing and output cycle. This also facilitates the tracking of information, helping to reduce the time and fees of the external auditor. In addition, as already mentioned, interested parties will have more confidence in the information that is transmitted, since the chances of being in compliance with Sarbanes-Oxley (SOX) or other regulating bodies are high, indicating a higher investment opportunities.
There will be a harmonious control environment, if employees are well aligned with the functioning of the processes and there is periodic monitoring. According to the INTOSAI [
25] (p. 41), “monitoring should also assess whether, in pursuit of the entity’s mission, the general objectives set out in the definition of internal control are being achieved”. So, without supervision, it is possible to realize that there is a potential risk of fraud in organizations. It is also possible to verify that organizations are training their employees but are not following more closely if they are doing the activities correctly, causing discomfort and overtime on the part of the employee who can often choose to leave because they do not feel that their work is relevant, moreover, this can cause major problems like mistakes—purposeful or not.
The power which exists in the control environment that shows interdependence within institutional functions, Bourdieu [
48] says should be constantly re-legitimised through an interplay of agency and structure. Thus, for instance, the agency that monitors internet in China employs millions. So, “nailing jelly to the wall” prompts the tools to put monitoring activities to work.
Therefore, the society through its institutions democratically has to have an eye on the power that dictates the tune through the control structure. For instance, who are connectors brought into the control environment without going through the normal processes of hiring and firing and what are their control activities. De facto, the functions of the said connectors ought to be segregated to avoid the building of a network that would cultivate fraud. This is necessary inasmuch as the evils of fraud are not farfetched. Stare at imponderable human tragedies which fraud and corruption have caused as nations unravel from hand to mouth; this will tell how harmful fraud is therefore, institutions should be fortified to curb this ill in view of UN 2030 agenda.
The control procedures could be termed as very essential to track frauds but its breach through purposefully architected power imposition template could give way for innumerable flaws which are overlooked through overriding controls or termed as normal. This culture of normalcy in a fragile control environment builds a foundation for inability to develop a sustainable environment.
The potential endogeneity problem in a control environment driven by unobservable CEO characteristics such as management interventions in the ICF or overriding of controls, create flaws in the operational processes. This is why internal control policies are purposely implemented so that errors of omission or compensation are tackled to mitigate the risk of material misstatement. This act minimizes information asymmetry and eventually tackles the reduction of accounting fraud.
Thus, not undermining the casual relation between internal control environment and fraud; grounded in Larcker and Rusticus [
59] this study being a qualitative research harnesses the endogeneity problems and their effects in this discussion. Kim and Li [
60] firm fixed effect and time fixed effect were applied to deal with endogeneity issues. De facto, monitoring procedures reduce the ineffectiveness of internal controls arising from problems of endogeneity.
Overall, the control environment is waxing stronger with the SDG under development and such environments becoming harmonious inasmuch as overriding controls with undemocratic powers and decisions are questioned against cronies. This is true as SOX for instance, states the rules for the punishment of transgression of powers entrusted on top management. Hence, it is quintessential to have the monitoring activities of the ICF in place vis-à-vis the extension of the use of powers of the top management.
6. Conclusions
This study sought to exame how do internal control environments connect to sustainable development to curb fraud in Brazil. Recently with the rise in issues involving environmental, social and governance practices (ESG) and in view of the UN’s commitment to sustainable development this issue has come to the top of agenda of leading institutions.
Based on the aforementioned, the analysis and discussion makes one conclude that the system of internal control has a positive effect to avoid errors and fraud. Internal auditing, together with the internal control system, especially the control environment well-articulated, influences the quality and accuracy of the information that is transmitted to the public. This could be whether related to the choices of SDG adopted by the organisation in the course of sustainable development or in fair compliance with the COSO framework. However, this study did not find significant relationship between the connection of internal control functions (ICF) and the SDG aimed at curbing frauds inasmuch as their effectiveness is tied to policies, management tone, connection of management procedures to accountability, and enforcement and obedience of rules. The analysis also suggests that the vast majority, within the dimensions of the control environment, found fraud manifest mainly as a lack of commitment to integrity and values, as well as ineffectiveness of monitoring activities.
In this regard, this article further suggests the emphasis on the monitoring activities that will be important to address the aims of internal control environment towards the UN 2030 agenda. This thought aligns with the fundamentals of COSO framework that nurtures a structure for a sustainable environment. Perhaps, one of the greatest fortlines of control structure in relation to curbing fraud is its enhancement towards sustainability in all manners with emphasis on strong institutions. This certainly is one of the issues that will occupy the pulpit to uphold SDG in view of UN 2030.
In a nutshell, this work advised that organizations really adopt COSO guidelines for internal control functions, as well as greater monitoring through internal auditing as the ultimate line of defense, in order to improve the fight against fraud. If there are audit findings, they must be resolved according to the recommendations forwarded to the top management in the control environment by remediating flaws. If there are concrete findings of cases of fraud, exemplary response should be given, according to the policies, as well as bearing the wellbeing of the employees so that they are always in line with the company’s ethical values.
The study also concludes that despite the growing concern of organizations with sustainable development, it is not yet possible to find its relationship with fraud. However, it is noteworthy that if the institutions such as the executives, legal and judiciary, finance and central banks or educational research to mention just a few are strong, not threatened and independent, they would be incorruptible and could challenge failures in the monitoring functions which is mainly due to managerial responsibility. One will expect that the institutions wax stronger to ensure effectiveness of monitoring functions.
Therefore, this study contributes to the analysis of internal controls, considering the recent period with a focus on sustainable development, and evidence that can be a motivator for organizations to continue adopting good practices and investing in technologies for better monitoring, aiming at higher trust, with a view to greater transparency and credibility with the society at large.
Since this study is a qualitative research that brings to limelight the lived experencies of the respondents, it has its limitations of non generalization. Among other limitations of this study were during the analyzes it was not possible to verify a significant relationship between the ICF and the sustainable development goals designed to contain fraud; this may have been influenced by not considering those who are in the strategic functions of sustainable development. In addition, only employees who are at the assurance edge were interviewed, so corporate governance practices and what is being planned by top management must have been baised.
Overall, as a suggestion for future research, one would consider drawing on other COSO dimensions including the different levels not analyzed in this work, this can build for an indept analysis. It is also worth restricting to a specific economic sector and examining how the result varies when specifying.
The study contributes by signalling an implication to policy makers, practitioners, and academia with the understanding of how internal control environments connect to sustainable development to curb fraud. In other words, control environments enabling institutions with emphasis on monitoring procedures in combating frauds toward 2030 UN goal. Therefore, it does give us some food for thought, fetching for solutions to aching problems such as fraud in the current society.
Finally, the control environment that this study investigates can complement the literature by exploring the connection to SDG as it affects the war against fraud.