Likelihood Rating of Fraud Risk in Government Procurement

Indonesian government procurement regulations have undergone some changes towards improvements in procurement governance from 2003 to 2018. However, the facts of 177 corruption cases in procurement [1] showed an increasing trend from 2004 to 2017. This study aimed to prove the likelihood level of risk of fraud government procurement and exemplify a list of government procurement fraud risk ratings. Qualitative research method is used with survey technique via google form to 52 respondents consisting of procurement group, auditor and procurement trainer or risk management trainer. Prospectively, respondents rated likelihood on 66 risk of procurement fraud. The findings of the research proposed that 66 score level of likelihood rating of 66 fraud risk in Government Procurement. The results showed that there are 5 risks have a "frequent" likelihood, there are 54 risks have "occasionally" likelihood, and 7 risks have "almost never" likehood. These results have implications for government agencies to develop proper response or management of procurement fraud risk in accordance with their likelihood. This study has limited research in the form of demographic data of survey respondents not disclosed.


INTRODUCTION
Procurement fraud is a second largest among 7 fraud case prosecuted by Indonesia's Corruption Eradication Commission (Komisi Pemberantasan Korupsi, abbreviated as KPK) from 2004 to 2017 (KPK, 2018). There are 171 Procurement fraud or 25% of 688 fraud case in that period. It portrayed an increasing trend from number of procurement corruption are two event in 2004 to fifteen event in 2017.
The data reveal the fact that, to date, Procurement of Government Good, abbreviated as PBJP, actors have not been optimally managing the risk of PBJP fraud. Probably, they may not know or capable to manage or control the fraud risk in an accountable manner. On the other hand, there are mandatory from Government Regulation number 60 of 2008 about Government Internal Control System. There are, at a minimum, two obligations relating to the management and or control of risks, namely, risk assessment and control activities. There are also procurement contract control mandat from Presidential Regulation number 16 of 2018 about Procurement of Government Goods. The above conditions reflect a gap between reality within the mandatory expectation.
Some research object on likelihood fraud assessment using private organization. Jaffar et al (2011) proved that there is no personality factor that moderates the influence of the relationship between the ability of the external auditor to detect fraud and the likelihood of fraud. While Aghghaleh et al (2014) proves that the increase in sales and accounts receivable accounts positively associated with fraud likelihood. Meanwhile, Donelson et al (2017) proved the weakness of entity-level control has a high influence on the possibility of financial statements fraud incident.
This study will assess the likelihood of procurement fraud risk in the public sector. One way to identify risk is by prospective method (Nurhayati, 2010). So there are research question is; how to conduct prospective fraud risk assessment on government procurement?. Therefore this study aims to give an example; list of the likelihood of government procurement fraud risk.

Risk Management
In general, risk can be defined as a situation faced by a person or organization where there is an adverse possibility or consequence of deviation from the outcome to be achieved (LKPP, 2016). The risk may also be an occurrence that may occur and if it occurs will have a negative impact on the achievement of the objectives of government agencies (Government Regulation number 60 of 2008). Therefore risk must be well managed.
Risk management is part of the organization's key business processes in both the private and public sectors worldwide (AS/NZS, 2004). Risk management is a coordinated effort of the organization to direct and control risk. Risk Management Process (figure 1); is the systematic implementation of management policies, management procedures and practices in the execution of tasks for communication and consultation, establishing the context, identifying, analyzing, evaluating, treating, monitoring and assessing risks (LKPP, 2016). The context establishment process is the context in which the risk management process is applied. This includes organizational goals, strategies, scope, organizational activity parameters, or other areas where risk management is applied. The determination of the context is carried out by the organization's management to determine internal or external limits or parameters to be considered in risk management, determining the scope of work, and risk criteria for subsequent processes. The defined context must include all relevant internal and external parameters for the organization (Fachrudin and Erdhianty, 2015). The context of risk management in this research is an activity of Government Procurement.
The organization shall establish the risk criteria to be used for the risk assessment stage, particularly to evaluate the hazard level of a risk. Risk criteria can be a reflection of organizational values, organizational goals, and impacts on the resources the organization has. Criteria to consider include: a) Impact criteria, ie what impacts should be used as criteria for assessments resulting from risks, such as financial impact, impact on health and life, legal impact, etc.; b) How to measure the possibility of likelihood '? Whether by using statistics (probability), the frequency of occurrence per unit time, or with expert judgment ?; and c) How to develop risk level criteria? At what risk rank does a risk require further treatment and which rank can we take for granted? This is necessary to prioritize risk handling (Fachrudin and Erdhianty, 2015).
An important part of risk management is the identification of risks. Risk identification methods can include qualitative and quantitative ranking activities, discussions at the leadership level, forecasts and strategic planning, as well as consideration of audit findings and evaluation of government internal control apparatus (Government Regulation number 60 of 2008). Organizations can also develop risk identification processes using a combination of internal surveys, interviews with various employees and the assistance of consultants (Nurharyanto, 2016). Organizations can also use two ways to identify risks by prospective and retrospective ways.
The prospective risk is the identification of risks that have not occurred yet but may occur sometime to come (Nurharyanto, 2010). This method requires imaginative thinking and proper experience (AS/NZS, 2004). The risk identification process can be compiled with the following scheme: Identified risks need to be analyzed to determine the level of incidence and its impact on achieving organizational goals. The possibility of fraud risk incidence can be measured using the likert scale. The immediate impact of risks is the delay in the target achievement of the activity, which is indicated by the increased cost or unfulfilled schedule of completion of an activity in a timely manner (Nurharyanto, 2016).
At the risk identification stage, in addition to identifying what the risks are, it should also be clearly identified who the risk owner is, who will be responsible for managing the remaining risk, or even the risks that require special handling. These risk owners determine how far the remaining risk is acceptable and determine whether additional risk treatment is required. The risk owner is also responsible for carrying out risk management and maintaining risk control and reporting information on risk (Fachrudin and Erdhianty, 2015 The risk analysis process begins by determining the level of likelihood and impact of identified risks. There are several ways of measuring the likelihood of risks. What method to be chosen depends on the availability of risk incident data. Where data is available, we can use probability method, ie a number between 0 and 1. Number 0 indicates that the intended event is unlikely to occur. Conversely, the number 1 states that it must happen. However, to be able to determine what is the exact number of probabilities is not simple. This requires statistical process and mathematical model to know the distribution pattern. If there is no or very little data is available one may use the following ways: 1) Subjective Probability, ie the number of possibilities given by an expert in the relevant case and based on the various information and experience he/she has on the condition. The term "expert" here can also be the risk-owner himself. How to obtain it can be done through expert interview techniques and the results are often referred to as expert judgment; 2) Uniform distribution probability, which assumes all possibilities have equal opportunity to occur; or 3) Probability matrix is a table that provides a description of the possibility in the form of qualitative or quantitative, complete with the title (Fachrudin and Erdhianty, 2015).

Fraud Risk
The fraud risk is the degree of vulnerability faced by the organization/entity associated with the fulfillment of one of the elements in the fraud triangle, that is the motive/intent, opportunity, and rationalization of committing fraud, which if it becomes an incident would impact on the financial loss, performance and reputation of the organization/ either directly or indirectly (Nurharyanto, 2016).
Various studies related to the likelihood of fraud risk showed interesting results. The results of experimental studies conducted by Jaffar et al (2011) showed that there is no personality moderating factors influence the relationship between the external auditor's ability to detect fraud and likelihood of fraud. Research Aghghaleh et al (2014) by using a sample of some companies that never encountered fraud and corporate with fraud incident, proved that increase leverage and credit sales account has a positive effect with the likelihood of fraud. The size of the audit committee and the size of the board of directors decreases the fraudulent level of financial statements. Meanwhile, Donelson et al (2017) examined the relationship between internal control and the risk of financial reporting fraud by top managers. They believe in the theory that the weaknesses of internal control give managers greater opportunities to fraud, or give an indication of management characteristics that do not concern to the quality and integrity of reporting. Their research proves that the weakness of the entity's internal control (strategic level), not process level, has a higher impact on the risk of financial reporting fraud.
The emergence of fraud in Indonesia is largely due to the interference of administrative (bureaucratic) and political issues. Stages of fraud in the construction process can be found at the stage of project selection, feasibility studies, engineering design, procurement/procurement, contracts, supervision, construction and maintenance (Pandarangga et al 2013).
The risk of fraud needs to be managed and detected. The detection of fraud is influenced by the effectiveness of ongoing monitoring activity and whistleblowing, the effectiveness of fraud detection by internal and external auditors, the effectiveness of corruption cases investigation and prosecution by law enforcement officers, the effectiveness of corruption cases court, and effectiveness of corruptors sanctions (Kastowo, 2016).

METHOD
This research used qualitative research method that is the type of research whose findings are not obtained through statistical procedures or other counts (Gunawan , 2015). The study use a prospective case study (figure 3) to find the tendency and trend drift of a case. Corrective action should not be done by researchers, but by others who are competent. Researchers only provide input from the research (Rahardjo, 2017). The purpose of this study which is to determine the likelihood level of the risks mentioned above, so it is necessary to measure the likelihood of PBJP risks. Since we have very little data available regarding PBJP fraud risk incident, we use the combination of following ways: 1) Subjective Probability, ie the number of possibilities given by an expert in the relevant case and based on the various information and experience he/she has on the condition. The term "expert" here can also be the risk-owner himself. In this research, we sent a questionnaire to 52 stakeholders consisting of PBJP actors, PBJP trainers, and internal government auditors through a survey via Google form) on Maret 2018; and 2) Probability matrix is a table that provides a description of the possibility in the form of qualitative or quantitative, complete with the title (Fachrudin and Erdhianty, 2015). Level of likelihood is assessed as follows; a value of 1 if almost never occurs, a value of 2 if occasionally, a value of 3 if it occurs frequently, a value of 4 if very frequent and a value of 5 if almost certainly occur. Last part of these research is risk owner identification of PBJP fraud risk, as a part of the risk register.
There are 52 respondent participated in the google survey from 13 rd -18 th of March, 2018 as shown in table 1.

RESULTS AND DISCUSSION
The fraud risk assessment can use the perceived management support and its effect on the organisation culture (Rubasundram, 2015). Meanwhile, there is also a significant interaction between brainstorming and auditors' expertise on the government auditors on fraud risk assessment (Daniel et al, 2016). Whereas Husaini and Bakar (2017) revealed that a proactive method for managing fraud risk is essential in minimizing exposure to fraudulent activities. This study uses the perceptions of auditors, PBJP trainers, and PBJP actors. Perception data quality of 52 respondents tested its validity and reliability. The results of the validity test using the Pearson product moment indicate that all 66 risk statements are valid, correlation showed significant at 0,01 level (2-tailed). The reliability test results show alpha Cronbach score of 0.99 exceeding the 0.9 limit so that it can be concluded that all risk statements are perfectly reliable.
All of 52 respondents assessed the level of likelihood of 66 procurement fraud risks. The results show the assessment of the level of 66 fraud risk PBJP is divided into 3 categories of likelihood level. The results show that there are 5 risks have a "frequent" likelihood, there are 54 risks have "occasionally" likelihood, and 7 risks have "almost never" likehood. Tabel 2 exhibits the likelihood level according to its risk owner. According to the respondents, there are 5 procurement fraud risks at highest likelihood. They assessed these risks at level 3 (frequent) as shown in table 3.  Table 3 revealed that 3 fraud risks are the responsibility of Budget User/Proxy of Budget User, which is in the top management area. Then, if reviewed the description of the risk, it can be concluded that the three fraud risks are within the scope of internal control aspects of organizational planning. That is, there is a weakness of internal control at the top management level. This result is consistent with the research by Donelson et al (2017) which proved that the weakness of the entity's internal control (strategic level) has a higher impact on fraud risk.
To mitigate the above top management level risk, Government agencies need to develop a response or risk management of procurement fraud in accordance with the level of responsible management, especially at the top level management. It is consistent with what other scholar conclude by their research. Khorana et al (2015) study conclude that the need for a comprehensive approach to implementing an e-procurement framework that addresses insurance governance and assurance issues while ensuring transparency, accountability, competition and equity. Hoekman (2018) in his research suggest that policy should put emphasis on learning about good procurement practices, enhancing transparency and accountability, and promote a pro-competitive environment. Juwita and Ratna (2018) research regarding fraud risk in National Health Insurance (JKN) program conclude that without a strong, comprehensive and clear legal basis concerning the anti-fraud system, there will be risks of ambiguous tasks and duties of the authoritative organs and it will hamper the progress of protecting the JKN fund from fraudulent activities.

CONCLUSION
This study aims at giving an example of likelihood risk assessment of prospective government procurement fraud by 52 respondents. The study resulted 66 fraud risks. There are 5 risks with level "often occurring" likelihood, 54 risks at "occasionally" level, and 7 risks at "almost never" likelihood. Based on the list of risk ratings of government procurement fraud, it can be concluded that the three fraud risks are within the scope of internal control aspects of organizational planning. That is, there is a weakness of internal control at the top management level.
The results of this study have implications for government agencies to design an accountable risk assessment strategy. Government agencies need to develop a response or risk management of procurement fraud in accordance with the level of responsible management, especially at the top level management. This study has limited research in the form of demographic data of survey respondents not disclosed.