Will the integrated GRC implementation be effective against corruption? Open Access

Corruption is an international phenomenon that impacts society and the economy, so it requires special attention in eradicating it (United Nations, 2004). Corruption is a global issue by the facts from the Corruption Perceptions Index 2020, from 180 CPI countries that the continuation of the democratic crisis is increasingly bleak, where two-thirds of countries score below 50 (Transparency International, 2020).

As a growing phenomenon, the perception of corruption must be understood dynamically and limited in specific contexts. This study explicitly discusses achieving the goals of an organization, which should be able to run systematically and efficiently in the era of the Industrial Revolution 4.0 towards Society 5.0. The existence of innovations marks this through the collaboration of various parties to create a system or design a software menu that has added value and is undoubtedly more efficient and beneficial to society in general. Furthermore, a collaboration aims to detect fraud, even the most complex financial crimes. That is one way to achieve zero corruption through the spirit of zero tolerance corruption in the organization by realizing a culture and applying organizational values, supported by existing resources and various control measures. Certainly can maximally detect corruption (Sampson, 2010).

This study summarizes and analyzes internal factors such as governance, risk management and compliance which play a critical role in anti-corruption. Supported by research conducted by Owusu et al. (2019) identified 39 types of anti-corruption measures from 38 publications, most of which were dominated by elements in governance (Hansen, 2011; WorldBank, 1997), risk management (Hansen, 2011; Michael and Polner, 2008) and also compliance (Previtali and Paola, 2017; International Finance Corporation, 2009). Therefore, we partially examine the three governance, risk management and compliance (GRC) silos as factors in anti-corruption in the literature review, which finally examines the integrated GRC concept towards anti-corruption.

This research can be used as a reference for further research to find empirical evidence on implementing integrated GRC in fighting corruption in organizations. The study was carried out in a literature review, from all the concepts and previous research, systematically, seen in the image display in the research framework in the methodology section, before finally going to the last part of this literature study, namely, the conclusion, limitations and implications.

Corruption is generally defined as a form of abuse of authority, deviating from formal duties for personal and group gain (focusing on privatization), which involves some idea of illegality or violation of existing regulations (Harris, 2003; Klitgaard, 1998; Shleifer and Vishny, 1993; Tanzi, 1998; WorldBank, 1997). Detecting corruption is part of an anti-corruption strategy, a challenge for organizations to combat corruption that continues to evolve with new forms (Klinkhammer, 2013; Scott and Gong, 2015). As fraud management, corruption detection is carried out by the auditor profession and internal organizations (Topaz, 2016). However, fraud detection depends on many corporate governance actors, where no single actor can detect fraud in more than 20% of cases. Therefore, it is necessary to improve organizational governance to help detect fraud, such as whistleblowing intention (Alexander, 2005; Bastin and Townsend, 1996; Dyck et al., 2010; Gibbs, 2020; Lavena, 2016).

Identification of fraud in detecting and preventing fraud can also use the presence of red flags, signal characteristics or danger signs of deviations or differences in situations from the usual (CFI, 2015; Dinapoli, 2008; Nia and Said, 2015; Yucel, 2013). Corruption occurs not only because of the weakness of the supervisory system but also because of bad intentions (mens rea) and evil deeds (actus reus), which are the goals of the perpetrators of fraud, which are used as a basis for controlling corruption (Scanlan, 2004; Simons, 2005). Therefore, corruption detection can also be done through the fraud hexagon analysis approach (Vousinas, 2019), which studies the causes of corruption in terms of stimulus, capability, collusion, opportunity, rationalization and ego. In addition to the role of the internal auditor being very effective in preventing and detecting fraud (Arum and Wahyudi, 2021; Hillison et al., 1999; Mazivanhanga, 2014). By anticipating changes to the compliance program, the management’s commitment implements them and correctly understands any problems and practical solutions to reduce the risk of corruption (Hess, 2009; Kassem and Higson, 2016).

Anti-corruption program transparency refers to reporting and disclosures related to corporate governance, top-level commitments, anti-bribery and corruption policies and procedures, risk assessment, human resources, conflicts of interest, charitable donations and sponsorships, facilitation payments, gifts and hospitality, training, anti-bribery, and corruption programs, monitoring and review, violation reporting, incident management, third party management and private procurement (TI-Uk, 2020). One of the new programs that support the internal strategy in responding to corruption problems is the integrated GRC.

GRC as a cross-functional implementation and company expansion capability in creating principled performance, an approach that helps organizations reliably balance goals are achieved, overcome uncertainty and acts with integrity (Mitchell, 2007). The Open Compliance and Ethics Group says the GRC is a system of people, processes and technology that enables organizations to understand and prioritize stakeholder expectations, setting business objectives commensurate with values and risks. Achieving goals while optimizing risk and protecting value, operating within legal, contractual, internal, social and ethical boundaries, providing relevant, reliable and timely information to stakeholders and enabling performance measurement and effectiveness systems (González, 2016; Madlener, 2009; Mitchell, 2007; Racz and Seufert, 2014).

Pricewaterhouse Coopers notes GRC itself is nothing new, as individual issues, governance, risk management and compliance have always been fundamental concerns of businesses and their leaders. What is new is the emerging perception of GRC as an integrated set of concepts which when applied holistically within an organization, can add significant value and provide a competitive advantage. Using an ISO-based integrated GRC will help organizations clarity the working relationship between the governance, risk management and compliance functions. Therefore, it will enable the organization to optimize its GRC practices more effectively and efficiently (Alijoyo, 2021; Mayer et al., 2015). In addition, GRC can be extended with SAP Enterprise Threat Detection, which is the most crucial function of this solution as part of an integrated anti-corruption initiative (Chuprunov, 2018).

In addition to business processes carried out, the world is facing governance and anticorruption challenges. Improvements in governance and control of corruption are critical to development, so if there is the right strategy and political will, countries can improve substantially, even in the short term (WorldBank, 1997). Corporate anti-corruption is not just a business instrument. Still, it is a collection of governance practices that contribute to the knowledge and power that binds state and non-state actors, providing a mechanism for determining who is included and excluded from the network of actors involved in international business and politics (Hansen, 2011).

A relatively new way of understanding corruption, namely, corporate anti-corruption that comes out as risk management, is attached to the notion of corporate social responsibility and business ethics (Hansen, 2011). Furthermore, Michael and Polner (2008) said “The implementation of a system of risk management and a coherent organizational form which can investigate and successfully prosecute corruption remains the bulwarks of effective anti-corruption.”

Compliance with laws and regulations introduced by corporate governance, as an anticorruption tool, effectively exposes bribery and illegal behaviour, thus making corruption within the company unsustainable. Where a company with a high level of performance and perceived value of the compliance system is an effective measure to prevent corruption, it is essential to determine the effectiveness of the circumstances and characteristics of the supervisory board (Previtali and Paola, 2017).

This review aims to collect, evaluate and summarize the scientific literature which empirically identifies the effect on anti-corruption. This systematic review of the literature was compiled based on previous studies, and then we conducted a further analysis which empirically identified anti-corruption in 2007–2021. The variables identified were: governance; risk management; compliance; and GRC. The mapping process goes through two stages where the first stage identifies the influence of the GRC silo partially, namely, governance, risk management and compliance, on anti-corruption, then the second stage looks at the concept of implementing an integrated GRC against anti-corruption. The research stages are in Figure 1.

As for the collection of articles for the second process of the research framework, by screening the journals published in the five reputable journal publishers such as Elsevier, Emerald, Sage, Springer and Taylor Francis. Published articles reflecting the relationship between GRC (Governance, Risk Management, and Compliance), Governance (G), Risk Management (R) and Compliance (C) with Anti-Corruption (AC).

The articles collected are as shown in Table 1, based on the database of the five publishers with a total of 34 articles relevant to the functions of GRC, governance, risk management and compliance, and anti-corruption. After the database-relevant articles have been identified, it can then be seen in Table 2 the number of articles based on the GRC function, governance, risk management and compliance with anti-corruption, as follows:

Tables 1 and 2 are reflected in the following figure: (Figure 2)

Several improvement instruments are found based on previous studies on GRC with integrated anti-corruption. The focus of improving improvements in each internal function is in Table 3, as follows:

The data shown in Table 3 illustrates the strength of each function, governance, risk management and compliance in the company to eradicate corruption by emphasizing one or more instruments for improvement. For example, the governance function identified 13 instruments such as accountability as an instrument that must achieved in eradicating corruption as stated by the author (Buduru and Pal, 2010; Hansen, 2011, 2012; Prabowo, 2020), in addition to corporate reputation instruments (Mohammadi et al., 2020; Reisach, 2016), culture and ethical policy (Calderón et al., 2009; Cheng et al., 2021; Hashim et al., 2020; Reisach, 2016), inflation control (Mohammadi et al., 2020), integrity (Calderón et al., 2009; Prabowo, 2020; Reisach, 2016), internal control (Yang and Lee, 2020), monitoring (Buduru and Pal, 2010; Previtali and Paola, 2017), organizational structures (Dion, 2013; Monteduro et al., 2021; Soederberg, 2016), performance indices (Hansen, 2012), quality assurance (Yang and Lee, 2020), responsibility (Cheng et al., 2021; Hansen, 2011, 2012; Previtali and Paola, 2017; Reisach, 2016), transparent (Hansen, 2011, 2012; Buduru and Pal, 2010) and the last instrument is values and norms behaviour (Dion, 2013). Governance is the company’s critical point in the face of business competition and sustainability. Therefore, governance is possible to build the strength of the integrity and reputation of the company by paying more attention to the instruments proposed by the authors above.

Furthermore, the second function is risk management. This second most researched article on its relevance to anti-corruption, covering five instruments such as corporate risk by the author (Yang and Lee, 2020; Cheng et al., 2021; Monteduro et al., 2021; Reisach, 2016), in addition to operational risk instruments (Calderón et al., 2009; Mohammadi et al., 2020; Prabowo, 2020), reputation risk (Hansen, 2012; Mohammadi et al., 2020), risk assessment (Buduru and Pal, 2010; Hashim et al., 2020; Previtali and Paola, 2017; Soederberg, 2016) and the last instrument of thinking and action by the author (Hansen, 2011). These instruments are also of concern to researchers because the risks faced by the organization are significant to be managed and anticipated immediately. After all, otherwise, it will result in the risk of irregularities such as corruption. In addition, of course, this will impact the company’s going concern and sustainability.

The compliance as the third function studied influences anti-corruption, was identified compliance monitoring instruments (Hansen, 2012; Hashim et al., 2020), program/system (Hansen, 2012; Hashim et al., 2020; Previtali and Paola, 2017) and regulatory/laws (Cheng et al., 2021; Hashim et al., 2020; Mohammadi et al., 2020; Monteduro et al., 2021; Previtali and Paola, 2017; Reisach, 2016). However, compliance with this regulation is not found too often because it is usually considered corporate governance.

The partial result, three silos of the integrated GRC, has been proven and has been widely applied in organizations for many years. However, looking into the future of integrated GRC is a new corporate management system in today’s corporate world. Many organizations have started implementing integrated GRC to address business risks and healthy and sustainable business goals, of course, based on the concept that it will overcome some of the organization’s corruption problems. The integrated GRC’s concept is defined from three articles that state the GRC as a way for organizations to comply with anti-financial crime regulations. GRC can manage the risk of non-compliance by maximizing many factors such as leadership, risk assessment, standards and controls, training and communication and monitoring, auditing and ethics to create a culture of integrity, as well as corporate behaviour (Latimer, 2017; Mitchell, 2007; Sun et al., 2015). The illustrates for prospects that GRC is an approach to the organization’s three main silos: governance, risk management and compliance. Activities in these three areas are interrelated. They need to be integrated and harmonized to prevent conflicts, avoid overlaps and cover the gaps between the three, support decision-making and effective organizational management (Dittmar, 2007; Mitchell, 2007; Racz and Seufert, 2014).

The traditional GRC with silo-based, where the three components focus on each other’s imperatives, limited to a reactionary approach such as just carrying out regulatory requirements and compliance demands, thus limiting themselves to the integrated GRC leads to an increase in synergy, quality and availability. Information reduce redundancy, reduce compliance costs and generate maximum value for management by providing holistic oversight with the increased assurance of GRC activities, which ultimately creates accountability and transparency in effective reporting and monitoring. This move is very beneficial for the organization (Assocchamindia, 2017).

Further research will examine the actual implementation of integrated GRC in organizations. Therefore, this systematic literature review can help researchers conduct empirical research related to the success of integrated GRC in companies implementing in many organizations committed to fighting the risk of corruption in their organizations.

Overall, this review shows that the various concepts on the integrated GRC implementation in the organization are very effective in supporting the prevention and detection of corruption. Although there is no empirical research in the literature review, partially, these three GRC silos: governance, risk management and compliance, have been proven to be very supportive of anti-corruption. In other words, the successful implementation of the integrated GRC increases the ability of anti-corruption to be achieved in every organization.

This paper will help researchers build empirical research related to implementing an integrated anti-corruption GRC. Organizations can use this review to understand the importance of internal functions in combating the risk of corruption with a more consistent and committed commitment to implementing an integrated GRC.

The study only discusses one internal function in the organization, of the many internal functions that we know can be used to detect and prevent acts of corruption.