Exploring the effect of internal audit quality on fraud management: the mediating role of ethical behaviour in public sector institutions

Fraud management is increasingly becoming a key governance responsibility given the disruptive nature of fraud in organisational processes (Power, 2013; Lassou, Sorola, Senkl, Lauwo, & Masse, 2024). Processes like procurement and bidding in the Public Sector Institutions (PSIs) are now highly susceptible to fraud, which is significantly undermining service delivery and the livelihoods of citizens (Sargiacomo, Everett, Ianni, & D’Andreamatteo, 2024; Lassou et al., 2024). Accordingly, citizens and civil society organisations like Transparency International have intensified advocacy for effective fraud management in the PSIs to avert the adverse effects of fraud on the populace. Advocacy for fraud management is also imperative, given the heightened exposure of most countries to the different forms of fraud. For instance, Transparency International (2024) and Association of Certified Fraud Examiners (2024) indicate that 64% of countries across the world are presently severely exposed to public sector fraud like corruption, billing, payroll, cash larceny, cheque and payment tampering, expense reimbursements, financial statement fraud, skimming, register disbursements and noncash fraud. More sadly, these frauds are severely affecting emerging economies since out of the estimated annual global public sector fraud of about US $ 3.6tn trillion, 53% is happening in these countries (Association of Certified Fraud Examiners, 2024; United Nations, 2018; World Economic Forum, 2018; World Bank, 2020). Conspicuously, socio-economic development in emerging economies is increasingly being affected by fraud, which has become profoundly institutionalized (Power, 2013; Lassou et al., 2024). Therefore, this study explores the integration of internal and individual-level mechanisms which can be implemented to substantially enhance fraud management in the PSIs by 2030 in line with the United Nations Sustainable Development Goal (SDG) 16.

Available studies frame internal audit as a crucial internal fraud management technique due to the regulatory positioning as an independent control function permanently operating within the organization. The aspects of internal audit which are emphasized by these studies include its status and competence (Kabuye, Nkundabanyanga, Opiso, & Nakabuye, 2017), its roles (Bonrath & Eulerich, 2024; Zeng, Yang, & Shi, 2021), reporting (Gullkvist & Jokipii, 2013) and its quality (Siahaan et al., 2024; Ege, 2015; Prawitt, Smith, & Wood, 2009). Explicitly, it is now known that companies with a high-quality internal audit function exhibit low levels of financial reporting fraud (Prawitt et al., 2009), which makes it central to an institution's fraud management agenda. Nonetheless, the centrality of internal audit quality in the PSIs is yet to be expounded towards influencing an individual's self-forming factors, like ethical behaviour, and over fraud management. Yet, in contemporary settings, the individual's ethical behaviour is increasingly viewed by strategists as the first line of defence against fraud (Suh & Shim, 2020). Therefore, enhancement of ethical behaviour and internal audit quality is likely to provide substantial contributions towards fraud management, which continues to become more sophisticated.

To develop a multifaceted model for explaining fraud management in the PSIs, this study adopts a Foucauldian theoretical framework. Specifically, we draw on the theoretical notion of governmentality (Foucault, 1991) and Foucault's later work on ethics (Foucault, 1984) to explain the influence of internal audit quality and ethical behaviour on fraud management, respectively. From a Governmentality perspective, prior scholars such as Mihret and Grant (2017) suggest that internal audit is not merely a monitoring tool of agents, but a disciplinary mechanism that can shape how individuals govern themselves (conduct of conduct) within contemporary institutional settings. But the direct influence of internal audit quality as a localised technique of governmentality (how to govern) on fraud management (inferred here as good conduct) remains an open empirical and conceptual question. While Mihret and Grant (2017) advocate for recognizing internal audit as a socially embedded tool of exercising power, rather than a neutral technical procedure, the extent to which this localized governmentality ^[1] can influence the individual's behavior in overcoming complex counter-conducts like fraud is empirically debatable. This limits knowledge of an integrated model of localized and individual level mechanisms for effective fraud management in the PSIs. We address this limitation by drawing on Foucault's (1984) theoretical notion of ethics which advocates for the individual's capacity for ethical self-formation ^[2]. In this regard, ethical self-forming practices in terms of normative and juridical ethical behaviors are posited to generate better ethical subjects capable of achieving ethical ends like fraud management. However, we claim that in the contemporary public sector setting where fraud is highly institutionalized, individuals may not completely maintain ethical behaviors by themselves (ethical self-transformation) towards fraud management. Hence, a need to examine the influence of localized governmentality power dynamics like internal audit quality on the ethical behavior of government officers. This forms the basis for the following research question (RQ).

This research question is addressed using a case of Uganda. Uganda's Gross Domestic Product (GDP) is expected to grow by an average of 6.2% annually, more than thirty-nine sub-Saharan African countries (World Bank, 2025), which requires strong fraud management mechanisms in its public sector (key sector) for this growth to be realised. Effective public sector fraud management is also needed in anticipation of an average revenue of US$2.8 billion per year for the next 30 years from its 2.5 billion barrels of oil reserves, which ranks 31st in the world and 7th in Africa ^[3] (Worldometer, 2016). Indeed, if successfully guarded against fraud, revenue from these oil and gas resources can substantially transform Uganda's economy and livelihoods, like in the United Arab Emirates (UAE) and Norway (Aheebwa, 2022). For these reasons, Uganda is presently one of the few African countries which has established an elaborate anti-public sector fraud legal and institutional framework. As of august 2025, the country had at least eight major anti-public sector fraud laws ^[4] and over twenty-three (23) anti-fraud agencies ^[5] which are coordinated by the Directorate of ethics and integrity (Inspectorate of Government, 2024). Also, Uganda is among the leading seven African countries which have made significant strides in adopting and implementing the International Public Sector Accounting Standards (International Public Sector Accounting Standards Board, 2015) as a crucial anti-fraud regulation (Ben Slama & Jandoubi, 2024). Consequently, the country's elaborate anti-fraud regulatory and institutional frameworks provide a strong upstream governance and accountability architecture ideal for fraud management compared to other African countries (Bukenya & Muhumuza, 2017).

Nonetheless, despite its elaborate anti-fraud legal and institutional framework, particularly the Inspectorate of Government, the Directorate of Ethics and Integrity, and the Office of the Internal Auditor General, its fraud management scores have remained low. According to the Inspectorate of Government (2024), Uganda loses nearly US $ 3.1 billion annually to public sector fraud like asset misappropriation and corruption. Moreover, between 2013 to 2025, its corruption perceptions index remained below the score of 29/100 with a high rank of 144/180 compared to other emerging economies like Seychelles, Uruguay, Barbados, Cabo Verde, Botswana, Costa Rica, Rwanda, Mauritius, Namibia, Ghana and Tanzania (Transparency International, 2024). The low levels of public sector fraud management are insofar attributed to sophisticated syndicates within government, inadequate implementation of audit recommendations, insufficient investigations, poor deterrent and punitive frameworks, side stepping of regulations, limited implementation of the national ethical values policy, inadequate performance-based audits and impunity (Directorate for Ethics & Integrity, 2023; Bukenya & Muhumuza, 2017; Inspectorate of Government, 2024; Office of the Auditor General, 2024). Observably, these aspects point to weak localised governance mechanisms like internal audit and the inadequate ethical self-forming among the government officers. Consequently, several research and media organisations continue to report the heightening levels of public sector fraud in Uganda, which continue to impair the country's reputation.

We used partial least squares structural equation modelling (PLS-SEM) to test the study hypotheses using data collected from a sample of 168 PSIs in Uganda. The findings show that ethical behaviour mediates the relationship between internal audit quality and fraud management. This means that institutions which maintain a high-quality internal audit function in terms of independence, competence, compliance with professional standards and perceived usefulness are able to influence fraud management directly and indirectly through ethical behaviour. Directly, a high-quality internal audit function helps in enhancing policies and procedures over fraud management, as well as identifying, investigating, and reporting fraud to the board audit committee and the regulators like the Internal Auditor General and Auditor General. They also help management in effectively responding to fraud through generating and implementing effective action plans against fraud factors in the institutional processes. Indirectly, the results suggest that a high-quality internal audit function influences individuals to behave ethically by adhering to ethical policies and procedures (juridical ethical behaviour) and acting according to moral values like honesty, fairness, and integrity (normative ethical behaviour). Generally, this is an integral model which addresses fraud management by streamlining organisational processes through a quality internal audit function and enhancing the ability of individuals to ethically self-transform towards ethical ends.

This study extends existing knowledge by suggesting that internal audit quality and ethical behaviour are not isolated fraud management factors. We provide an integrated model where enhanced internal audit quality is a great contributor in building strong ethical behaviour among government officers, which in turn increases their fortitude to embrace fraud management through prevention, detection and response mechanisms. Practically, this study suggests that the office of the Internal Auditor General ought to enhance the quality of the internal audit departments through ensuring independence, competence, compliance with professional standards and perceived usefulness towards informed decisions in the institution. Also, the government should allocate more resources to the Directorate of Ethics and Integrity to enhance the implementation of the national ethical values strategy through constant training, creation of awareness, enforcement, and monitoring. Indeed, we confirm that strengthening these mechanisms offers renewed hope for increased fraud management in the public sector.

Theoretically, this study provides an integration of Foucault's theoretical notions of governmentality (Foucault, 1991) and ethics (Foucault, 1984). Specifically, the results suggest that in complex settings like the public sector, where fraud is institutionalised, individuals are unable to fully shape their own conduct towards over fraud management, which necessitates a localised technique of exercising governmentality power (internal audit quality) to enhance their ability to ethically self-transform. This adds to the emerging conversation of the need to recognise the social context of internal auditing (A Foucauldian theoretical underpinning) beyond the traditional structure of a technical neutral function in the agency relations (Mihret & Grant, 2017). Indeed, internal audit quality has been established as a crucial determinant of the ethical behaviours (which entail complex social norms) of auditees, management and the board members towards fraud management in the PSIs. Generally, this proves the theoretical notion that the role of internal audit quality towards fraud management is also significantly achieved through contextual factors, that is, the ability of individuals to ethically self-transform, which is important in contemporary complex settings.

Empirically, the study extends the works of Prawitt et al. (2009) by suggesting that internal audit quality influences fraud management in its entirety and not only financial statement fraud. We also provide support to Roussy and Brivot's (2016) internal audit quality model, which encompasses the input (independence and competence of internal auditors), throughput (compliance with professional standards), and output (perceived usefulness of the internal audit function) components. Specifically, our study indicates that a combination of these internal audit quality components has a dual effect on fraud management, that is, directly and indirectly through ethical behaviour. This confirms that internal audit quality, as framed by Roussy and Brivot (2016), is a crucial localised technique of exercising governmentality power (shaping individuals for good conduct) (Mihret & Grant, 2017) towards fraud management. Additionally, our study adds to extant studies (Krummeck, 2000; Law, 2011; Hess & Cottrell, 2016; Peltier-Rivest, 2018; Makanga et al., 2025) by indicating that ethical behaviour is important for the entire fraud management framework beyond fraud prevention and detection. Moreover, this role is enhanced by Internal audit quality. Hence, we provide an integration of two crucial internal governance factors for fraud management in the contemporary complex settings where fraud is institutionalised and deeply rooted in the misconduct of individuals at all levels of government and institutions.

The subsequent sections of the paper proceed as follows: study context, theoretical foundation and hypothesis development, methods, results, discussion, and summary and conclusion.

This study is anchored in the Foucauldian theoretical notions of governmentality and ethics. The basic assumption under the governmentality (conduct of conduct) theoretical notion is that power can be indirectly exercised through ordered techniques to influence the conduct of individuals (Foucault, 1991). Mihret and Grant (2017) suggest that internal auditing is a crucial technique of exercising governmentality power in contemporary institutions. The cruciality of internal auditing in ensuring the conduct of conduct is rooted in its framing as an ex-post assurance service and ex-ante advisory service. Similarly, as a governmentality technique, internal auditing is conceived beyond being a neutral technical monitoring tool between the Principal and the Agents. It is rather considered a key technique of exercising power that affects and can affect the complex societal setting (Mihret & Grant, 2017). Consequently, we deployed internal audit quality as a technique to exercise power over government officers, thereby shaping their conduct in fraud management. Nonetheless, since governmentality assumes that individuals' conduct is largely shaped through certain techniques, it is unknown whether these techniques can fully enable individuals to self-regulate. To address this conundrum and strengthen the idea of self-regulation of individuals, Foucault's ethics is invoked.

Foucault's Ethics establishes the relationship that an individual ought to have with him/herself (Foucault, 1984). The basic assumption underlying this theory is that individuals can change themselves into ethical subjects through ethical self-forming practices to achieve the established ethical ends, such as being good citizens (Foucault, 1984, 1997; Cooper & Blair, 2002). In this study, Fraud management is construed as an ethical end which can be achieved through an array of both normative and juridical ethical behaviours. Notably, such ethical practices are expected to induce shamefulness among individuals, isolation from unacceptable endeavours, and religious engagement. These are crucial modes of subjection in settings like the public sector, where fraud is currently institutionalised and deeply embedded in the conduct of individuals. Consequently, this study examines the extent to which ethical behaviour directly influences fraud management and if its contribution is enhanced by internal audit quality as a form of localised governmentality.

From the Foucauldian concept of governmentality, internal audit is a crucial localised technique of exercising power which can influence the complex social settings (Mihret & Grant, 2017). In this respect, it is important for the internal audit to maintain high quality. The quality of the Internal audit function resonates with the competence of its employees, the functional structures to allow total independence, the compliance with professional standards, and the perceived usefulness of the function in influencing informed decisions in the institution (Roussy & Brivot, 2016). Empirically, what is so far known is that internal audit quality can significantly reduce financial statements fraud (Prawitt et al., 2009; Johl, Johl, Subramaniam, & Cooper, 2013; Gros, Koch, & Wallek, 2017). Also, its components, like status and competences, are reported to significantly influence fraud management in the financial services sector (Kabuye et al., 2017). Moreover, internal audit quality is strongly associated with the effective identification of strategic and operational deficiencies, thereby reinforcing institutional governance (Abdullah, Ismail, & Smith, 2018) and internal controls (Chang, Chen, Cheng, & Chi, 2019) as core pillars for fraud management. However, when it comes to the implementation of the overall risk management framework, the influence of internal audit quality is inconsequential (Mat Ludin, Mohamed, & Mohd-Saleh, 2017), which ultimately underplays its contribution to fraud management. Another stream of literature highlights that high-quality internal audit departments play a central role in fraud prevention (Novatiani, Kusumah, Yadiati, Abdul Halim Rachmat, & Arifian Rachman, 2024). However, it remains uncertain whether these departments can deliver equivalent value across the prevention, detection, and response dimensions, which together constitute a comprehensive fraud management framework (Crain, Hopwood, Pacini, & Young, 2019). Motivated by these empirical limitations, the need to reduce the internal audit's role ambiguity over fraud prevention and detection (Bonrath & Eulerich, 2024), and the theoretical imperative to extend the influence of internal audit to complex societal settings, this study examines the direct and indirect influence of internal audit quality (through ethical behaviour) on fraud management in the public sector. We claim that its effect extends beyond financial statement fraud to the entire fraud management framework in public sector institutions. Besides, it is time to know the contribution of the combined components of internal audit quality since they are interconnected as input, throughput and output processes (Roussy & Brivot, 2016). Ultimately, these aspects are essential for establishing an agile and proactive internal audit function capable of creating, protecting, and sustaining fraud management efforts, even in critical processes such as budgeting, where fraud is being orchestrated in Ugandan public sector institutions (Kisakye, 2024). Accordingly, we hypothesise that.

It is possible to infer internal audit quality as a significant factor for fraud management, as already claimed. However, since fraud is now institutionalised (Lassou et al., 2024; Power, 2013) and multifaceted (Xu, Gupta, Xue, Mortal, & Chen, 2025), fraud management actors are increasingly advocating for sophisticated fraud management frameworks (Sargiacomo et al., 2024; Abdallah, Maarof, & Zainal, 2016) in contemporary institutions. Consequently, scholars ought not to rely on only a single factor for fraud management but rather on multipronged factors. To address this empirical and practical concern, we extend the direct influence of internal audit quality on fraud management in H1 by examining its indirect influence on fraud management through ethical behaviour. This account is primarily based on the suggestion that internal audit substantially improves ethical conduct in contemporary institutions (Sahla & Ardianto, 2023). More directly, ethical behaviours are known to influence the individual aspects of fraud management like prevention and detection (Krummeck, 2000; Hess & Cottrell, 2016; Law, 2011; Peltier-Rivest, 2018; Sahla & Ardianto, 2023; Said, Alam, Ramli, & Rafidi, 2017; Suh, Shim, & Button, 2018; Suh & Shim, 2020; Zuberi & Mzenzi, 2019). Nonetheless, evidence from Malaysian banks indicates that Islamic professional ethics alone does not effectively deter financial reporting fraud (Awang, 2019). This limitation highlights a persistent challenge in fraud management, prompting current literature to demand for mechanisms that specifically address such ethical collapses within institutional systems (Hermanson, Hermanson, Hermanson, & Parlier, 2025). One potential mechanism is the internal audit function, which is increasingly recognized as a strategic partner and trusted advisor; however, little is known about how the quality of this function influences employees' ethical behaviour. Examining this relationship is therefore critical, as a high-quality internal audit function is expected to promote ethical behaviour and, in turn, strengthen fraud management. This perspective aligns with Foucault's (1991) theoretical notion of ethics as a central policy force in governance systems. However, because not all individuals can self-transform into ethical subjects (Foucault, 1984), internal audit quality may serve as an essential mechanism that influences ethical self-transformation in the context of fraud management. In Uganda, the Directorate of Ethics and Integrity (DEI) is mandated to promote national ethical values and to coordinate public sector anti-fraud initiatives. Given their perceived anti-fraud role, high quality internal audit departments are therefore uniquely positioned to complement DEI's mandate by reinforcing ethical behaviour within public sector institutions. Accordingly, the following hypotheses are advanced.

To mitigate omitted variable bias and endogeneity concerns (Hair, Hult, Ringle, & Sarstedt, 2022), this study controlled for institution size, age, category, and the gender of accounting officers. First, Wijayanti, Senjani, and Farah (2024) demonstrate that institution size influences financial statement fraud among Indonesian listed firms. Accordingly, larger public sector institutions (PSIs) in Uganda are expected to possess greater resources that can be leveraged for more effective fraud management. Second, evidence from Chinese listed firms indicates that firm age does not necessarily reduce the likelihood of corporate fraud, even in mature markets (Xu, Xie, Jiang, & Yang, 2024). This finding challenges the conventional assumption that older institutions are more likely to have developed robust structures and accumulated experience in fraud management; hence, the effect of institution age on fraud management is empirically examined. Third, the International Monetary Fund (2014) classifies PSIs as either general government entities or public corporations. These categories differ in governance structures, regulatory frameworks, and resource allocations, which may have differential implications for fraud management. Finally, prior research shows that Chinese listed firms with gender-diverse boards or female chief financial officers experience lower levels of accounting fraud than firms with male-only boards (Liao, Smith, & Liu, 2019). Consequently, the gender of accounting officers was controlled for to account for its potential influence on fraud management.

This study employed a quantitative research design to collect and analyse data from the Ugandan context. It aimed to assess how internal audit quality and ethical behaviour, informed by Foucauldian theory, contribute to fraud management. Given that fraud management is a global challenge, this statistical approach was adopted to enhance the generalisability of the study's findings to other contexts (Saunders, Lewis, & Thornhill, 2023). The study population comprised 334 Public Sector Institutions (PSIs) in Uganda, including general government institutions and public corporations (Ministry of Finance, Planning and Economic Development, 2024; Table 1). Using the Taro Yamane formula (Yamane, 1973) in conjunction with stratified random sampling, a sample of 182 PSIs was selected. Data were collected from 445 respondents across 168 institutions, yielding a 92.3% response rate. Respondents included senior-level accountants, internal auditors, and members of local government public accounts or audit committees—key actors in public accountability and fraud management. Since the analysis was conducted at the firm level, individual responses were aggregated accordingly.

A structured survey questionnaire was used to collect data from July to November 2024. For measurement of constructs, fraud management entailed indicators of fraud prevention, detection and response (Crain et al., 2019; Kabuye et al., 2017). Internal audit quality was operationalised by indicators of the internal audit function's independence, competence, compliance with professional standards and usefulness of the internal audit function (Roussy & Brivot, 2016; Kaawaase, Nairuba, Akankunda, & Bananuka, 2021; Nalukenge, Kaawaase, Bananuka, & Ogwal, 2022). Lastly, Ethical behaviour was measured by examining an individual's Normative and Juridical ethical behaviour (Al Halbusi, Williams, Ramayah, Aldieri, & Vinci, 2021; Lu & Lin, 2014). These continuous variables were anchored on a 4-point scale (ranging from 1 = strongly disagree to 4 = strongly agree), to allow respondents to be more thoughtful and precise and reduce answer bias (Saunders et al., 2023).

Control variables were measured and coded as follows. Institution Size was measured by the actual annual audited expenditure of the institution (Office of the Auditor General Uganda, 2023). The code for institution size was 1 for institutions with expenditures above Shs 100 billion (Large) and zero otherwise. Uganda Shillings 100 billion is a 1% materiality level of the average Shs 10 trillion amount lost to fraud annually in Uganda. Institution age was coded as “0” for institutions established by 2008; otherwise, it was “1”. The selection of 2008 was because of the establishment of the National Audit Act in 2008 and the 2007–2008 global financial crisis, which resulted in the promulgation of several anti-fraud policies. For the institution category, code “1” was for institutions with politically elected leaders and zero otherwise (Ministry of Finance Planning and Economic Development, 2023). Gender of Accounting Officers entailed Institutions with Male Accounting officers as “1” and “0” otherwise.

A pilot test was conducted to validate the questionnaire items adapted from existing literature. Initially, content validity was assessed using the Content Validity Index (CVI), which was evaluated by nine practitioners, policymakers, and academics. The CVI values for all study variables exceeded the recommended threshold of 0.70 (Field, 2018): fraud management = 0.900, internal audit quality = 0.932, and ethical behaviour = 0.816. Subsequently, a pilot study involving 199 respondents (comprising senior-level accountants, internal auditors, and members of the audit committee/public accounts committee) from 70 public sector institutions was undertaken. The results indicated that most questionnaire items were both reliable and valid. Exploratory Factor Analysis ^[7] (EFA) revealed that 69% (n = 24), 56% (n = 22), and 73% (n = 16) of the items measuring fraud management, internal audit quality, and ethical behaviour, respectively, were retained. All retained items loaded onto their respective components ^[8] with factor loadings of 0.50 and above, confirming that the items measured their intended constructs (convergent validity). Moreover, the total variance explained for each global variable exceeded the acceptable 50% threshold (fraud management = 54.361%, internal audit quality = 61.497%, and ethical behaviour = 52.797%). In addition, the correlations among the constructs were below 0.80, indicating that the study variables were empirically distinct and thus demonstrating discriminant validity (Bloomberg, Cooper, & Schindler, 2014). Besides, all retained items had a Cronbach's alpha coefficient of more than 0.70, indicating acceptable reliability (Nunnally, 1978; Field, 2018).

Given that 65% (n = 62) of the total items in the instrument were retained during pilot testing, the refined questionnaire was used to collect data for the analyses in this study.

Data were collected using both an online questionnaire and hard-copy questionnaires, which were later entered into the online form. The online questionnaire, designed using Google Forms, was primarily used to mitigate item non-response bias arising from incomplete responses, as respondents were required to answer all questions before submission. Additionally, to address unit non-response bias, respondents were assured of the utmost confidentiality of their responses through an introductory letter attached to the questionnaire. The letter bore the logo of Makerere University Business School and was stamped and signed by the Dean of the Faculty of Graduate Studies, thereby enhancing the credibility of the study. Furthermore, the questionnaire items were kept concise, practical, and engaging to sustain respondents' interest. For initially hesitant respondents, up to three follow-up reminders were issued via email, telephone calls, and WhatsApp messages.

Nonetheless, for data collected using hard-copy questionnaires, four questionnaires with more than 15% missing values were discarded in accordance with Hair et al. (2022), resulting in a dataset with no missing values or spurious outliers. Non-spurious outliers, defined as observations with z-scores outside the ±1.96 range, were replaced with the nearest non-outlier values following Field (2018). In addition, sixteen questionnaires exhibiting standard deviations below 0.25 were removed due to suspected straight-line or diagonal response patterns (Hair et al., 2022). Skewness and kurtosis values within the ±1 range confirmed the normal distribution of the data (Table 6). Furthermore, common method bias (CMB) was mitigated through the use of clearly worded, literature-based measurement items and explicit instructions to respondents. The results of the exploratory factor analysis (EFA) indicated that thirty-nine factors emerged from the study variables, with the first factor accounting for only 25.739% of the total variance, thereby confirming the absence of CMB (Kock, 2017). Tables 3–5 show that the variance inflation factors (VIFs) for all items were below 3.3, indicating the absence of collinearity and confirming satisfactory data quality (Kock, 2017).

The study's respondents were profiled as follows (Table 2). First, the males constituted the highest number of respondents (64.9%). With this, males dominate people in positions of managing fraud from the huge domination of Uganda's population by females (Uganda Bureau of Statistics, 2023). Second, most respondents were above 28 years (88.8%). These individuals have lived for a reasonable period and have experienced different aspects of the study variables. Third, in terms of education and professional qualification, 95.5% of the respondents held at least a Bachelor's degree, and 60.4% held an accountancy-related professional certification. Hence, the respondents had the requisite knowledge to answer the questions. Fourth, 49.7% of the respondents had accumulated over 10 years in the public service. These individuals had a reasonable comprehension of the affairs of government. Fifth, 59.8% of the respondents were either senior-level internal auditors or members of the local government public accounts committee (LGPAC)/Audit Committee (AC), and the rest were senior-level Accountants.

The content validity of the indicators was established using the content validity index (CVI). A panel of 9 subject experts from practice and academia were contacted to rank the relevance of each item in the draft questionnaire. Each expert ranked the items using a scale of 1 to 2, with 2 being “valid” and 1 being “not valid.” The CVI was computed by dividing the proportion of valid items by the total number of items for each construct. The resulting CVI for each construct was above 0.7, which showed the soundness of the indicators (Field, 2018), as reported in Section 3.3.

Construct validity and reliability were established through measurement model assessment in SmartPLS. Construct validity entailed both convergent and discriminant validity. Tables 3–5 shows that the item loadings of the constructs were within the acceptable range of 0.6 to 0.708. Additionally, each construct's Average Variance Explained (AVE) was above 0.5. Hence, the different items connected to measure the respective construct (Hair et al., 2022). For discriminant validity, Tables 3–5 shows that the HTMT values are less than 0.85. This indicated the absence of overlapping indicators between constructs (Henseler et al., 2014). Thus, the study constructs were distinct, and the believability of further analyses was tenable.

For construct reliability, the composite and Cronbach alpha results for the study constructs were above 0.7 (Tables 3–5). Hence, the measures had the ability to produce similar results under the similar conditions (Field, 2018).

The VIFs in Tables 3–5 (for the outer models) were below 5. Meaning that the indicators were not highly correlated. Therefore, the individual influence of indicators towards the constructs was tenable. Likewise, the standard errors were minimised, and higher model interpretability was achieved (Hair et al., 2022).

From the theoretical and conceptual analyses, the following model was examined.

Where: Β₁ represents the effect of Internal Audit Quality (IAQ); Β₂ represents the effect of Ethical behaviour (EB); Β₃ represents the effect of institution size; Β₄ represents the effect of institution age; Β₅ represents the effect of the institution category; Β₆ represents the effect of the gender of Accounting Officer; and ϵ is the error term.

The characteristics of the study constructs are presented in Table 6. On average, the mean of 2.861 suggests a moderate implementation of fraud management activities in the PSIs. However, fraud detection is slightly higher than prevention and response. This is an improvement from the preceding studies, which largely examined fraud detection (Sargiacomo et al., 2024; Siahaan, Suharman, Fitrijanti, & Umar, 2024). Equally, respondents agreed on the presence of constructs for internal audit quality and ethical behaviour. Noticeably, the means of all constructs were around 3 (agree) but not close to the maximum value of 4 (strongly agree). This means that although the PSIs are doing some things right, there are areas that need improvement to further strengthen fraud management, internal audit quality, and ethical behaviour.

For the control variables, an average of 18.5% of the PSIs are large, with budgets of Shs 100 billion and above. This means that most PSIs operate with meagre budgets, which may not allow the implementation of modern anti-fraud technologies. On average, 21.4% of the PSIs were established after 2008. Meaning that most of the PSIs in Uganda have been in existence for more than 16 years. Such institutions ought to have built significant anti-fraud capabilities. On average, 61.3% of the PSIs have politically elected leaders. These are mostly local government districts, municipal councils, city councils and ministries. Political headships are expected to play a crucial role in influencing fraud management efforts to serve the interests of the electorate. Conversely, PSIs with technical leadership are expected to operate professionally to achieve better fraud management. Furthermore, an average of 80.4% of PSIs have male accounting officers. This implies that a limited number of females are directly holding positions responsible for managing fraud.

The results of the structural model assessment which were generated using SmartPLS-SEM bootstrapping are shown in Table 7. Table 7 shows that internal audit quality significantly and positively influences fraud management. A unit change in internal audit quality significantly changes fraud management by 0.200 ceteris paribus. Thus, H1 was supported. The results further reveal that ethical behaviour and fraud management are significantly and positively related. Implying that a unit variation in ethical behaviour influences fraud management by 0.469. So, H2 was upheld. It was also found that internal audit quality positively and significantly relates to ethical behaviour. A unit change in internal audit quality influenced ethical behaviour by 0.277. Hence, H3 is supported. More still, the results returned a significant and positive indirect effect, which confirmed the existence of the mediation. Hence, H4 was upheld. Since the direct path was significant (H1), the mediation was partial. Further analysis of the direction of the product of the direct and indirect path showed a positive result. Henceforth, this was a complementary partial mediation. This mediation result indicates a dual predictive role of internal audit quality. First, internal audit quality enhances ethical behaviour, which in turn influences fraud management. Second, even in the presence of ethical behaviour, internal audit quality remains a significant predictor of fraud management. Overall, the model explained 37.7% of the variance in fraud management (R² = 0.377), showed predictive relevance (Q² = 0.164), and achieved good fit (SRMR = 0.058 < 0.08) (Hair et al., 2022).

Robustness tests were performed before and after model estimation to establish the statistical rigour and validity of the results generated using PLS-SEM, a nonparametric technique. Specifically, nonnormality, endogeneity, unobserved heterogeneity, nonlinearity, and heteroskedasticity tests were performed (Vaithilingam, Ong, Moisescu, & Nair, 2024). First, the findings in Table 6 show no concerns of nonnormality for all the constructs due to the closeness of the skewness and kurtosis values to zero. Also, the standard errors are close to the skewness and kurtosis values (Hair et al., 2022). Second, endogeneity was initially addressed by including control variables in the model. These variables explained a given portion of the variance in fraud management (Table 7). Subsequently, the results in Table 8 returned insignificant Gaussian copula results for all the possible relationships (p-value> 0.05), which further validated the absence of endogeneity in the estimated model. Hence, the robustness of the estimated model was substantiated (Hult et al., 2018). Third, Table 9 shows insignificant quadratic effects (QE) for all possible relationships. Therefore, the assumption of linear relationships was not violated (Hair et al., 2022).

Fourth, to account for unobserved heterogeneity (that is, the potential influence of omitted variables beyond those explicitly controlled for) the Finite Mixture Partial Least Squares (FIMIX-PLS) approach was employed. A G*Power sample size of forty-three emerged from the 168 PSIs which responded to the questionnaire. From this, the minimum number of anticipated segments was 4, derived by dividing the study's sample by the G*Power sample size (168/43). FIMIX-PLS models were run for the 4 segments, each at a time. Table 10 indicates that the fit indices do not indicate a specific segmentation solution. First, AIC3 and CAIC point to dissimilar segments. Second, MDL5 points to the same number of segments as AIC4, BIC and CAIC. Thus, it was presumed that unobserved heterogeneity was not at a critical level. This fact was further substantiated by the small values of EN and the model fit measures, which improved the models insignificantly. Hence, it was prudent to analyse the hypotheses using the entire data set other than the individual segments (Sarstedt, Hair, Nitzl, Ringle, & Howard, 2020).

Lastly, for heteroskedasticity, Table 11 revealed insignificant Levene's scores (P > 0.05) for the constructs against the different categorisations of the institutions. This meant that there were no huge variations in the magnitude of observations from the different sample groups. That is, the variances of the sample groups were constant across all levels of the constructs. Therefore, the assumption of homogeneity of variance was not violated (Field, 2018).

Fraud management is substantially shaped by both internal audit quality and ethical behaviour. Although each exerts a significant direct influence, the effect of internal audit quality on fraud management also operates significantly through ethical behaviour, indicating a mediating mechanism rather than a simple integration of effects. Accordingly, public sector institutions can achieve enhanced fraud management (across prevention, detection, and response) by maintaining a high-quality internal audit function that fosters ethical behaviour, which in turn strengthens fraud management outcomes. This evidence supports Sahla and Ardianto's (2023) proposition that a modern internal audit function should actively shape ethical conduct, including honesty, fairness, integrity, and respect for others, all of which are critical for effective fraud management. Consistent with this view, prior studies demonstrate that ethical individuals are more likely to exercise greater caution in fraud prevention and detection than their non-ethical counterparts (Krummeck, 2000; Hess & Cottrell, 2016; Law, 2011; Peltier-Rivest, 2018; Sahla & Ardianto, 2023; Said et al., 2017; Suh et al., 2018; Suh & Shim, 2020; Zuberi & Mzenzi, 2019). These findings therefore underscore the need to embed robust mechanisms for upholding ethical behaviour within public sector fraud management agendas. Our results suggest that this is significantly achieved by a quality internal audit function. Most importantly, when the Internal audit function is independent, professionally competent, complies with professional standards, and is perceived as useful by management and the board, it is better positioned to deter, identify and remediate ethical lapses which creates an ethical environment within the institution. More specifically, an internal audit function that can resist undue pressure, analyse complex information, adhere to quality assurance processes, and comply with ethical codes is more likely to foster ethical conduct among staff. This, in turn is likely to improve fraud management by strengthening fraud prevention, detection, and response mechanisms.

Further evidence of this study suggests that a high-quality internal audit function enhances both normative ethical behaviour (derived from moral principles, personal conscience, and societal norms) and juridical ethical behaviour (derived from laws, statutes, and regulations). That is, through quality internal audits, individuals are more likely to use public resources strictly for official purposes, demonstrate ethical leadership, influence peers toward ethical conduct, adhere to institutional values, and refrain from exchanging favours for preferential treatment. Similarly, a high-quality internal audit function can promote resistance to undue influence, disclosure of conflicts of interest, refusal of gifts offered for preferential treatment, honest performance reporting, and consistent demonstration of ethical conduct. Collectively, these ethical behaviours are essential for effective fraud prevention, detection, and response.

Taken together, the results indicate that although the internal audit function is not formally designated as an ethics enforcement or anti-fraud function, its quality plays a critical role in shaping ethical behaviour, which subsequently translates into improved fraud management. However, to sustain internal audit quality in the public sector, several legal, regulatory, policy and institutional measures are necessary. For instance, in the Ugandan context, the Public Accounts Committees/Audit Committees of PSIs should prioritise approving adequate resourcing of internal audit functions, including continuous professional development with a strong focus on ethical competence, as well as the adoption of advanced, technology-enabled audit tools capable of detecting patterns of ethical breakdown among the public servants. More importantly, the Government of Uganda, through Parliament, should amend the Public Finance Management Act (2015) and the Local Government Act (1997) to explicitly recognise ethical reviews as a core mandate of the internal audit function. Also, heads of internal audit should be legally mandated to hold quarterly private meetings with the chairperson of the Public Accounts Committee or Audit Committee, without the presence of management, to facilitate open and candid deliberation on sensitive matters such as ethics and fraud. The appointment, rotation and deployment of internal auditors should also be centralised under the Internal Auditor General in collaboration with the LGPAC/audit committees to safeguard functional independence, with such provisions embedded in law. Universities and professional bodies, including the Association of Chartered Certified Accountants (ACCA), the Institute of Certified Public Accountants of Uganda (ICPAU), and the Institute of Internal Auditors (IIA), should institutionalise public sector ethics as a standalone component of internal audit education and professional training. This will enable internal auditors to acquire adequate and context-specific ethics training tailored to the public sector. Accordingly, all heads of internal audit in public sector institutions should be Certified Internal Auditors, and their appointment should be subject to approval by the Internal Auditor General to ensure the recruitment of credible and professionally competent individuals.

The significance of internal audit quality also underscores the pressing need for the Internal Auditor General of Government to strengthen policy frameworks mandating that all government internal auditors possess professional competence in performance auditing. This would enhance the internal auditors' capacity to provide informed guidance on addressing gaps in the economical, efficient, effective, and equitable use of government resources. Inefficiencies in these value-for-money (performance) parameters often create opportunities for fraud and signal ethical lapses. Equipping internal auditors with such competencies will therefore enable them to effectively advise on closing avenues through which fraud is planned and perpetrated within government programmes. Furthermore, the central role of ethical behaviour in transmitting the effect of internal audit quality to fraud management highlights the strategic necessity of establishing a policy framework that fosters collaboration between the Directorate of Ethics and Integrity (DEI) and the Office of the Internal Auditor General (OIAG). Such collaboration would enable DEI to promote and enforce adherence to national ethical values ^[6] among public servants through internal auditors.

Theoretically, the findings of this study confirm that a high-quality internal audit function constitutes a critical technique for exercising governmentality power (that is, a mechanism through which individuals are influenced to govern themselves). In this sense, internal audit quality can be understood as both a disciplinary mechanism and a localised governmentality technique (Mihret & Grant, 2017) that supports fraud management in contemporary public sector institutions. By shaping conduct and reinforcing ethical behaviour, a high-quality internal audit function helps mitigate ethical collapses, including susceptibility to pressure to engage in fraudulent behaviour. Moreover, the prominent role of ethical behaviour in transmitting the effect of internal audit quality to fraud management vindicates Foucauldian assertions that ethics functions as a vital policy instrument within governance systems and that individuals are capable of ethically self-transforming into ethical subjects (Foucault, 1984). However, in the specific context of fraud management, the findings further indicate that ethical subjects are not formed solely through self-transformation but are also actively constituted through high-quality internal audit practices. Consequently, this study integrates Foucauldian notions of governmentality and ethics by demonstrating that enhanced fraud management can be achieved through the exercise of governmentality power that cultivates ethical subjects capable of effectively preventing, detecting, and responding to fraud. In doing so, the study extends prior research that has largely emphasised the direct role of internal audit quality in fraud prevention and related quasi-fraud outcomes, such as earnings management (Prawitt et al., 2009; Johl et al., 2013; Gros et al., 2017).

In conclusion, the findings of this study offer optimism for strengthening fraud management in Uganda's public sector institutions (PSIs) by clearly identifying where strategic emphasis should be placed. Specifically, the results show that internal audit quality and ethical behaviour each explain significant variation in fraud management. More importantly, their influence is maximised when a high-quality internal audit function actively fosters ethical behaviour among public servants. Accordingly, PSIs require both robust internal audit quality and appropriate ethical behaviour to enhance all dimensions of fraud management (prevention, detection, and response). Despite these contributions, the study is limited to Uganda's public sector and relies on survey data. Although the sample size supports generalisation within this context, future research could adopt comparative cross-country designs, utilise secondary data, and incorporate qualitative approaches to deepen understanding of the mechanisms linking internal audit quality, ethical behaviour, and fraud management.