Effectiveness of Internal Audit in Supporting Internal Control and Prevention of Fraud

This study aims to analyze the effectiveness of internal audit at PT Bank Sulselbar Makassar in supporting internal control over fraud. This study uses a qualitative approach with the method of documentation, interviews and questionnaires to the internal auditors, anti-fraud department, and management as data collection methods. After the data was collected, data analysis was carried out using descriptive methods and measuring effectiveness. Based on the study results, it can be stated that the role of the Internal Audit Group as an internal audit in improving the internal control system for fraud at Bank Sulselbar has been influential. The internal audit of Bank Sulselbar has the authority to monitor the follow-up to the results of the audit conducted by the auditor. Monitoring activities are carried out to ensure that corrective actions have been carried out adequately and effectively. Thus, the company will implement better internal controls in the future because assessments and corrective actions for weaknesses and errors found are always carried out. There are three elements to prevent and detect fraud, namely a culture of honesty (personal), management responsibility to evaluate fraud risk (through internal control), and supervision by the audit committee (internal audit).


INTRODUCTION
Criminal acts in today's business world are increasingly taking various forms and ways (Rahim et al., 2019). This is because, along with increasing human knowledge and supported by technological developments, criminal acts in business also balance variations in the mode of operation chosen by the perpetrators (Lannai & Muslim, 2021). Thus, not only perpetrators from low social class who commit fraud today, but perpetrators from high social class can also commit fraud or commonly called whitecollar crime. One form of white-collar crime currently rife and disturbing many people is criminal acts in the banking sector or banking crimes.
The Criminal Investigation Agency of the National Police Headquarters noted that nine criminal cases in the banking sector occurred in 2011, from cash burglary cases to bank customer balance withdrawals. The nine banking crime cases involved people who worked at the bank, where the crimes were committed by themselves, fellow insiders, or involving outside parties. Chairman of Perbanas, Sigit Pramono, in a media, indicated that most banking crimes in Indonesia involved people in bank employees (Pramono, 2014). This means that there are corrupt banks that abuse the authority given by the company. In addition, some individuals act alone, but some use outside parties. For example, one of

Sudirman et al., Effectiveness of Internal Audit in Supporting Internal
Control and Prevention of Fraud |9 the nine banking crimes is the burglary of Citibank Landmark priority customer Inong Malinda Dee, withdrawing customer funds without the owner's knowledge through a blank withdrawal slip signed by the customer. The action taken by Malinda is one of the most significant banking fraud events that has ever occurred in Indonesia.
Fraud that occurs in organizations is usually caused by weak control by the management (Arens et al., 2008;Soleman, 2013). Albar & Fitri (2018) explained that the Internal Control System (SPI) is a control tool for various company activities that each organizational unit must obey and carry out. However, many cases of fraud occur, indicating that internal control must be given more attention. An organization with a weak internal control system tends to increase the chances of fraud within the organization (Sholehah, Rahim & Muslim, 2018). This means that the better the internal control system is implemented, the lower the fraud rate will be (Yusuf & Kanji, 2020). Internal controls are designed, implemented, and maintained by management and other employees to deal with identified business and fraud risks that threaten the achievement of entity goals, such as reliable financial reporting (Tuanakotta, 2013;Soleman, 2013). Control is intended to provide a response and even prevent a threat related to the possibility of risk. All threats related to the management of organizational assets can be detected early through internal control.
Internal control will run effectively when the core components of internal control are implemented properly and correctly in the organization to provide certainty to achieving organizational goals (Tuanakotta, 2013;Soleman, 2013). In order to maximize the function of internal control, it is necessary to evaluate whether the control is running well through internal audits (Muslim et al., 2019). Internal audit activities will help organizations implement adequate controls by evaluating effectiveness and efficiency and encourage continuous improvement (Sawyer & Manavi, 2007;Zelmiyanti & Anita, 2015). It is further explained that internal auditors will help prevent fraud by examining and evaluating internal controls that reduce the risk of fraud (Muslim et al., 2020). In addition, an internal audit helps detect fraud by carrying out audit procedures that can reveal fraudulent financial reporting and misappropriation of assets (Arens, 2008;Zelmiyanti & Anita, 2015).
Given the importance of monitoring internal control against fraud, internal audit is the only work unit that is most appropriate to do so. Therefore, the role of Internal Audit, which has always been related to physical control matters, must have shifted from merely appearing as a company provost to being a unit capable of playing a role in preventing and detecting fraud (Aida, 2021). Salameh et al. (2011) found that senior management believes that the effectiveness of internal audits can prevent fraud. If the internal control system components usually operate, it will impact the audit process and audit effectiveness (Maheasy & Riyanto, 2016). A good internal control system will produce complete transaction documents, making it easier for internal auditors to carry out audit procedures (Nusran, 2020). In addition, a good internal control system will provide accurate information to auditors to achieve organizational goals. Therefore, an internal auditor needs to improve his or her effectiveness at work.
The topic of this research has been studied by several researchers, such as Tyasminingsih (2010) which proves that there is a reasonably high influence between internal audit on the effectiveness of internal control, especially production costs, and Zelmiyanti & Anita (2015), which proves that the role of internal auditors has a significant positive effect. Against fraud prevention through the implementation of the internal control system.

LITERATURE REVIEW
Fraud is defined as a deliberate act by members of the company's management, parties who play a role in corporate governance, employees, or third parties who lie or defraud to obtain unfair or illegal benefits (Helena, 2012). Furthermore, by ACFE, (2010), fraud is defined as taking advantage intentionally by abusing a job/position or stealing assets/resources within the organization. In lay terms, fraud is more emphasized on deviant behavior related to legal consequences, such as embezzlement, theft by deception, fraudulent financial reporting, corruption, collusion, nepotism, bribery, abuse of authority, etc. Kumaat, (2011) expressed his opinion about the factors driving the occurrence of fraud, namely the design of internal control is not appropriate, thus leaving a risk gap; practices that deviate from the overall design or common business sense; inconsistent monitoring (control) of the implementation of business processes; and non-running evaluations of the applicable business processes. Meanwhile, according to Arezky, (2014), four factors drive a person to commit fraud which is usually referred to as the GONE theory, namely Greed, Opportunity, Need, and Exposure.
Fraud prevention can be done by implementing the internal control system (Tunggal, 2010;Zelmiyanti & Anita, 2015). Sunarto, (2003) suggests the notion of internal control is a process that is influenced by the board of commissioners, management, other business unit personnel, which is designed to obtain reasonable assurance about the achievement of objectives in matters of reliability of financial reporting, compliance with applicable laws and regulations. Applicable, as well as the effectiveness and efficiency of operations. Internal control is designed by taking into account the interests of the company's management in carrying out its business operations and must also pay attention to aspects of costs that must be incurred and the expected benefits. Arens et al., (2008) and Soleman, (2013) explain that the internal control system consists of policies and procedures designed to provide management with reasonable assurance that the company has achieved its goals and objectives. This company policy is called control and collectively referred to as internal control. Meanwhile, according to Mayangsari & Wandanarum, (2013) and Soleman, (2013) stated that internal control uses all company resources to improve, direct, control, and supervise various activities to ensure that company goals are achieved. For this reason, in order to achieve the company's goals, procedures and policies must be carried out by the company in a way that every activity carried out within the company must go through a system designed to be able to direct, control, and supervise a series of activities so that company goals can be achieved efficiently and effectively. According to Tuanakotta (2013) and Soleman (2013), internal control will work effectively when the core components of internal control are implemented properly and correctly in the organization to provide certainty to achieving organizational goals. These components are control environment (control environment), risk assessment (risk interpretation), control activities (control activities), information and communication (information and communication), and monitoring (monitoring). The five components are processes needed to achieve the objectives of internal control. According to Zainal et al. (2013), the functions of the internal control system, namely preventive, detective and directive. Preventive is a control to prevent errors in the form of errors or irregularities that often occur in the operation of an activity. Detective is an activity to detect errors, errors, and irregularities that occur. While corrective is a step to correct detected weaknesses, errors, and irregularities. Then the next step is directive or directing so that the implementation is carried out correctly and adequately. Then the last is compensative or neutralizing weaknesses in other aspects of control.
Maheasy & Riyanto (2016) explained that the parties responsible for the internal control system include the board of directors, management, audit committee, internal auditors, and other personnel. Thus, each party has its respective vital roles in internal control, especially internal auditors. Internal auditors are considered important in preventing and detecting fraud and fraud. Rahayu, (2010) stated the understanding of internal auditors as employees who work in the organization to conduct internal audits for the benefit of the management of the company concerned, intending to help organizational management to determine the compliance of the organization's operational implementers to the policies and procedures that have been set. by the company. Internal audit is the most suitable agent to realize Internal Control, Risk Management, and Good Corporate Governance, which will provide added value to resources and the company (Kumaat, 2011). Further explanation regarding internal audit by Agoes (2004) states that internal audit or internal inspection is an examination carried out by the company's internal audit department, both on the company's financial statements and accounting records and adherence to predetermined top management policies and compliance. To government regulations and the provisions of applicable professional ties. Furthermore, according to the IIA (Institute of Internal Auditor), internal audit is an independent activity, objective assurance, and consultation designed to add value and improve the organization's operations. This internal audit helps organizations achieve their goals by taking a systematic and disciplined approach to evaluate and improve risk management, control, and governance processes (Boynton et al., 2006). Therefore it is crucial to increase the effectiveness of the internal audit. The results of research from Maheasy & Riyanto, (2016) found that senior management believes that the effectiveness of internal audits can prevent fraud.
It is essential to understand the factors that affect internal audits' effectiveness because the effectiveness of internal audits can improve four critical processes in the organization. The critical role of internal audit is to teach organizational members how to do their work and motivate organizational

Sudirman et al., Effectiveness of Internal Audit in Supporting Internal
Control and Prevention of Fraud |11 members to improve performance by correcting existing weaknesses and preventing misuse of organizational assets. This is certainly done so that members of the organization can get things done correctly (Maheasy & Riyanto, 2016). Hery (2010) argues that internal audit professional standards are divided into four types: independence, professional ability, the scope of work, and inspection activities.
Several researchers have reviewed related research, such as Tyasminingsih, (2010), which proves that there is a fairly high influence between internal audit on the effectiveness of internal control, especially production costs. In addition, research conducted by Zelmiyanti & Anita, (2015) proves that the role of internal auditors has a significant positive effect on fraud prevention through the implementation of the internal control system. Based on this, Tunggal (2012) suggests that there are three elements to prevent and detect fraud, namely a culture of honesty (personal), management's responsibility to evaluate fraud risk (through internal control) and supervision by the audit committee (internal audit).

METHOD
This research was conducted at PT Bank Pembangunan Daerah Sulselbar Makassar Branch. This research is quantitative research with a data collection method using a questionnaire distributed to internal auditors, anti-fraud department, and management. After the data was collected, data analysis was carried out using descriptive methods and measuring effectiveness. For the measurement of effectiveness, the data will be calculated using the following formula (Dean, 1990)

Result
Based on the calculation of the independence of internal auditors at PT Bank Sulselbar Makassar obtained a percentage of 90.19%, professional skills of 90.59%, the scope of the audit is 92.16%, the internal audit program is 100%, the audit report is 97, 06%, so it can be stated that PT Bank Sulselbar Makassar has been effective. The calculation of the answers to the questionnaire obtained a percentage of 89.22%. This means it has met the criteria between 76-100%. So it can be stated that the internal control over fraud is adequate.
As for the results of interviews and documentation to the Internal Auditor that the Internal Auditor of Bank Sulselbar is called the Internal Audit Group or abbreviated as the Internal Audit Group, which is a team that carries out the internal audit function in conducting inspections or audits, both general audits and special audits, GAI Bank Sulselbar always refers to the standard implementation of the bank's internal audit function which is also a guide in conducting internal audits that the Internal Audit Group owns. The number of auditors in the Internal Audit Group is 9 (nine) people, of which 1 (one) person is a contract employee who previously worked at Bank Sulselbar with the position of middle auditor. GAI has the authority to access records, employees, resources and funds, and other bank assets related to the conduct of the audit. In addition, Gai is responsible for maintaining its independence, reviewing and assessing the effectiveness of internal control, assisting management to assess risk, coordinating GAI activities with other activities, preparing internal audit guidelines, being responsible for daily control activities, and reporting audit results to the President Director and The Chairman of the Board of Commissioners/Supervisor and a copy thereof shall be submitted to the Compliance Director. Based on this description, Bank Sulselbar has implemented the Internal Audit function.
The Internal Audit Group of Bank Sulselbar is part of the company's internal control structure. It is all forms of activities related to audits and reporting of audit results regarding implementing a coordinated control structure at every level of management of Bank Sulselbar to achieve the goals and objectives that have been set. The primary purpose of GAI as a form of internal control of Bank Sulselbar is to ensure that public funds are safe, the targets and objectives of operational activities that have been set are achieved, assess the extent to which Bank Sulselbar's resources have been used economically and efficiently, assess the truth and integrity of financial information, assess the system determined whether it is following policy and law, as well as securing the assets of Bank Sulselbar. This shows that the Internal Audit Group has an essential role in internal control. The internal audit reporting structure in handling fraud at Bank Sulselbar coordinates with the Anti-Fraud Unit (UAF). UAF is the person in charge of implementing policies and whistleblowing mechanisms, which has the duty as a recipient, manager, assessor, and selector of reports of alleged fraud to be processed further by the Internal Audit Group and submit reports to the President Director and the Board of Commissioners. The procedure for handling fraud at Bank Sulselbar with the imposition of sanctions and demands for compensation must be implemented in a transparent, consistent, and firm manner according to the severity of the error of each party. The imposition of sanctions and compensation for losses is intended for fraud perpetrators and parties who cooperate or are involved either directly or indirectly in the fraud.
Furthermore, the forms of internal control carried out by Bank Sulselbar in preventing fraud, namely first, Anti-Fraud Awareness, an effort to raise awareness about the importance of preventing fraud by all related parties, including the Board of Directors, Board of Commissioners, Sharia Supervisory Board and including employees of Bank Sulselbar. Second, identifying vulnerabilities by mapping the risk profile in each product and service operational activity and each work unit as a system to identify risks inherent in each Bank Sulselbar operational activity (identification of vulnerabilities and types of high-risk activities) identify weaknesses in internal control. Third, implementing the

Sudirman et al., Effectiveness of Internal Audit in Supporting Internal
Control and Prevention of Fraud |13 functions and roles of internal and external audits in preventing fraud, reports on the results of internal and or external audits on the implementation of business activities and operations at all levels of the organization are essential and valuable information in making improvements to existing weaknesses. Fourth, improve the function of supervision and inspection to prevent fraud by establishing resident audits (internal control) placed in several main branch offices that supervise several branch offices that are geographically close to the main branch office. Fifth, the signing of a work agreement and a statement of commitment is one form of fraud prevention. It gives every employee (prospective employee) a warning that when committing fraud that causes losses, they must compensate for the loss.

Discussion
Our study found that the Internal Audit Group of Bank Sulselbar has met the Internal Audit Professional Standards. Among them, namely first, auditor independence. The Internal Audit Group carries out the implementation of the internal audit at Bank Sulselbar. The Internal Audit Group reports directly to the President Director and the Board of Commissioners and is a separate part of the company's operational functions. In carrying out its duties, the Internal Audit Group acts objectively under the evidence obtained during the audit. This shows that GAI can be independent or independent and impartial on the object it is examining. As an internal audit, the Internal Audit Group must have good qualifications regarding technical skills and morality. The Internal Audit Group is required to have extensive knowledge and follow the development of applicable banking operations. While carrying out his duties, an internal auditor should always maintain personal and official relationships with the audit object and be able to avoid being arbitrary. Before carrying out its duties, the Internal Audit Group reviews the previous audit work papers and verifies and evaluates its accounting records and documents. The position of the Internal Audit Group is directly responsible to the President Director and the Board of Commissioners so that the scope of the GAI audit on all business activity units of Bank Sulselbar can be carried out. In carrying out its duties, the Internal Audit Group is always based on the internal audit guidelines that have been made previously. The objectives of the audit results can be achieved effectively and efficiently. After analyzing the findings and discussing them, the Internal Audit Group then prepares an audit report containing the audit activity report, findings obtained from the audit results, conclusions, and opinions or suggestions for improvement regarding the audited activities. The audit results presented by GAI are made concise, clear, and complete according to the rules that Bank Sulselbar has standardized. Finally, follow up on the report on the results of the internal audit. Bank Sulselbar makes every effort to immediately follow up on the recommendations given by the internal auditors, and GAI also conducts monitoring in connection with the recommendations given.
The results of research on audit performance assessment in improving the internal control system for fraud are assessed based on the components in internal control, namely the control environment, risk interpretation, control activities, information and communication, and monitoring. Judging from the control environment indicators, it can be seen that Bank Sulselbar has implemented ethical values and honesty adequately. The internal audit party has also carried out audits on the company's control environment under the given authority and responsibility. The participation of the Board of Commissioners is constructive for internal audit in assessing various company activities and supervising the company's operations. Furthermore, the assessment of risk interpretation indicators is indicated by the efforts of the Bank Sulselbar internal audit to prevent the possibility of misstatements in the financial statements from internal and external events. Meanwhile, the assessment of control activity indicators is indicated by the company policies and procedures carried out by the internal audit of Bank Sulselbar to assess whether they have been carried out properly by company employees. Meanwhile, it is marked by the use of an adequate Accounting Information System by the Internal Audit Group for the completeness of recording transactions for information and communication indicators. Suppose during its assessment activities, the Internal Audit Group finds an error in recording transactions. In that case, the findings are then recorded in an internal audit report forwarded to the President Director and the Board of Commissioners. Lastly, the assessment of monitoring indicators is indicated by the follow-up monitoring of the Board of Directors/Management on the results of the examination conducted by the Board of Commissioners assisted by the Audit Committee. The audit is in charge of monitoring and evaluating the planning and implementation of the audit and monitoring the follow-up to the audit results to assess the adequacy of internal control, including the adequacy of the financial reporting process. The Internal Audit Group's tasks are evaluating the internal control system of Bank Sulselbar Vol. 4 Issue. 1 April 2021 to improve the performance of the Internal Audit Group itself in conducting audits. Every follow-up carried out by the auditee is reported to the President Director and GAI. If the follow-up of the auditee is not correct, then GAI asks for repairs again, which is a form of monitoring of the Internal Audit Group.

| Bongaya Journal for Research in Accounting
Internal control in company management is essential. In order to obtain a reasonable control at Bank Sulsebar, it is necessary to implement an internal audit function within the organization which has the task of conducting inspections, assessments and ensuring that the internal controls established have been running well. The Internal Audit Group is the official representative of Bank Sulselbar, which has an independent position in terms of conducting audits and assessments of the performance of the management control system to assist in conducting an assessment of fraud control and the implementation of operations or business activities of Bank Sulselbar and accompanied by the provision of recommendations or suggestions for improvement. This is done to ensure whether the implementation of the company's operational activities is under the established policies, plans, and procedures.
The internal audit function carried out by the Internal Audit Group at Bank Sulselbar is under the internal audit function described in the theoretical description. One of the main internal audit tasks at Bank Sulselbar is to conduct independent assessments, evaluations, and consultations with management on the company's internal control system. As stated in the theoretical description, internal control over fraud assessed by the Internal Audit Group will result in company operations under company goals. Bank Sulselbar's internal audit encourages its employees to work more carefully by avoiding fraud or irregularities. The internal audit of Bank Sulselbar is in a position directly responsible to the Board of Commissioners; this makes the implementation of its roles and functions more optimal because it can audit all parts of the company under the company's leadership.
Bank Sulselbar's internal audit is responsible for informing the nature and impact of internal control weaknesses found in the company's business operations and providing practical solutions to correct these weaknesses. Because the roles and responsibilities of the Internal Audit Group are so crucial for the achievement of company goals, the quantity and quality of the internal audits owned must be under the broad scope of audits that must be carried out.

CONCLUSIONS AND SUGGESTIONS
Based on the study results, it can be stated that the role of the Internal Audit Group as an internal audit in improving the internal control system for fraud at Bank Sulselbar has been influential. The internal audit of Bank Sulselbar has the authority to monitor the follow-up to the results of the audit conducted by the auditor. Monitoring activities are carried out to ensure that corrective actions have been carried out adequately and effectively. Thus, the company will implement better internal controls in the future because assessments and corrective actions for weaknesses and errors found are always carried out. There are three elements to prevent and detect fraud, namely a culture of honesty (personal), management responsibility to evaluate fraud risk (through internal control), and supervision by the audit committee (internal audit). Individual honest ethics and culture variables that are not used in this study can reference research development for further researchers who want to research related to fraud detection.