Fraud Prevention and Deterrence - Part 2

Ethics for Fraud Examiners
1. Luna, a Certified Fraud Examiner (CFE), was hired to investigate a company. After she carefully
examined the company, she issued a report that stated, in part, "... in my opinion, this operation is free of
material fraud." Such an opinion is permitted under the ACFE Code of Professional Ethics.
A. True
B. False
Fraud examiners must always perform their work with an attitude of skepticism and begin with the belief
that something is wrong or someone is committing a fraud (depending on the nature of the assignment
and the preliminary information available). Furthermore, fraud examiners should relax their attitude of
skepticism only when the evidence shows no signs of fraudulent activity. At no time is a fraud examiner
entitled to assume a fraud problem does not exist. Thus, professional skepticism can be dispelled only by
evidence. As a result, opinions or attestations about a fraud-free environment are absolutely prohibited for
ACFE members.
2. Rachel, an independent Certified Fraud Examiner (CFE), was hired by Laura, the chief executive officer (CEO) of
Black and White Inc., to investigate a case of alleged vendor overbilling. During the investigation, Rachel learns that
Laura is involved in an unrelated fraud scheme. Under the ACFE Code of Professional Ethics, Rachel should resign
from the engagement without disclosing the evidence against Laura.
A. True
B. False
Difficult problems arise over fraud examiners’ obligations to blow the whistle about clients’ or employers’
shady or illegal practices; thus, fraud examiners must act with prudent caution in such circumstances. In
this particular case, the company’s board of directors should probably be advised and permitted to
determine the next steps to take.
In general, fraud examiners are not obligated to blow the whistle on clients or employers. However,
circumstances might exist in which the fraud examiner is morally and legally justified in making
disclosures to appropriate outside parties. Examples of such circumstances include when a client or
employer has intentionally involved a fraud examiner in its illegal conduct or when a client or employer
has distributed misleading reports based on the fraud examiner’s work. If Rachel were to resign without
disclosing the evidence, such action would be tantamount to allowing Laura’s scheme to continue without
anyone being aware of the fraud. Fraud examiners would not be able to justify doing nothing.
3. Leo, a Certified Fraud Examiner (CFE), conducted a fraud examination at Blue Corp. Anna was a
prime suspect in the disappearance of money, but Leo could not prove it. Later, Leo discovered Anna had
been recently hired by Red Corp., another client of his. Under the ACFE Code of Professional Ethics, Leo
must:
A. Not inform Red Corp.
B. Inform Red Corp.
This item's classification is Internal. It was created by and is in property of the Home Credit Group. Do not distribute outside of the organization.
C. Inform Red Corp. if the evidence is clear and convincing
D. None of the above
4. Under the ACFE Code of Professional Ethics, fraud examiners are strictly prohibited from accepting
assignments to uncover fraud in a company in which they have a major interest.
A. True
B. False
Article II of the ACFE Code of Professional Ethics states: "An ACFE Member shall not engage in any
illegal or unethical conduct, or any activity which would constitute a conflict of interest that has not been
properly disclosed to the appropriate parties." However, a fraud examiner does not have the same
responsibilities as a chartered accountant (CA) or certified public accountant (CPA). For example, a CA or
CPA generally would not be able to express an audit opinion on a company in which they held a major
financial interest. In the case of the fraud examiner, they would be able to accept such an assignment
under most conditions, since the goal of the fraud examiner is to gather facts regarding a potential fraud,
not to express an opinion. The fraud examiner should, however, make appropriate disclosures regarding
their ownership.
5. Under the ACFE Code of Professional Ethics, evidence and conclusions are considered ___________
if knowledge of them would affect clients’ decisions based on a fraud examiner’s report.
A. Circumstantial
B. Confidential
C. Material
D. Reliable
6. Ayumi has just completed a fraud examination report containing confidential information for ABC Inc., a
client. She received a call from the local police requesting a copy of the report. Which of the following
statements is FALSE?
A. Ayumi can turn over the report if her client consents.
B. Ayumi can turn over the report if the information is requested in a search warrant.
C. Ayumi can turn over the report if it is demanded by a court order.
D. Ayumi can turn over the report without any repercussions because she owns the information contained
in the document.
7. Fraud examiners should consider the nature of the assignment and the preliminary information
available in forming the engagement hypothesis.
A. True
B. False
As part of exercising professional integrity and competence, fraud examiners must always perform their
work with a mindset of professional skepticism and begin assignments with the belief that something is
wrong or someone is committing a fraud (depending on the nature of the assignment and the preliminary
information available). Furthermore, fraud examiners should relax their attitude of skepticism only when
the evidence shows no signs of fraudulent activity. At no time is a fraud examiner entitled to assume a
fraud problem does not exist. Thus, professional skepticism can be dispelled only by evidence. As a
result, opinions or attestations about a fraud-free environment are absolutely prohibited for ACFE
members.
8. During the course of a fraud examination, Omar, an employee of XYZ Inc., approaches Maryam, a
Certified Fraud Examiner (CFE) and fellow employee of XYZ, and tells her that he knows of a major fraud
being committed by company management. However, Omar says he can only provide details if Maryam
promises him absolute confidentiality. In response to Omar’s condition, Maryam should agree to keep the
source of the information confidential, even though she knows she will eventually have to reveal Omar’s
identity.
A. True
B. False
Fraud examiners must remember that the confidentiality relationship is between a fraud examiner and
their client or employer and that this promise of confidentiality is understood to exist without the need for
affirmation. In the case of Omar (the employee/informant), Maryam (the Certified Fraud Examiner [CFE])
does not have an understood or unspoken promise of confidentiality. Maryam should tell Omar that she
will try to keep the information as confidential as possible, but it would be unethical for Maryam to promise
confidentiality to the employee; her first obligation is to the employer.
9. Under the ACFE Code of Professional Ethics, fraud examiners are absolutely prohibited from
expressing opinions regarding the guilt or innocence of any party.
A. True
B. False
The guilt or innocence of any person or party is the sole judgment of the judge or jury, not of the fraud
examiner. Consequently, fraud examiners are absolutely prohibited from expressing opinions regarding
guilt or innocence. Article V of the ACFE Code of Professional Ethics states: "An ACFE Member, in
conducting examinations, will obtain evidence or other documentation to establish a reasonable basis for
any opinion rendered. No opinion shall be expressed regarding the guilt or innocence of any person or
party."
10. Bryan, a Certified Fraud Examiner (CFE), locks the door to the interview room and refuses to allow
the suspect to leave despite repeated requests. Later, the suspect sues (successfully), claiming false
imprisonment. Which of the following statements is true?
A. This conduct would be a violation of the ACFE Code of Professional Ethics ONLY IF the suspect was innocent
of fraud.
B. This conduct would NOT be a violation of the ACFE Code of Professional Ethics under any circumstances.
C. This conduct would be a violation of the ACFE Code of Professional Ethics.
D. This conduct would be a violation of the ACFE Code of Professional Ethics ONLY IF Bryan knew the
conduct was illegal.
11. In the context of fraud examination, integrity requires:
A. Subordination of desires for personal gain to the interests of clients, employers, and the public
B. An ability to analyze situations where no professional rules are specifically applicable and determine
right from wrong
C. Independence of mental attitude and avoidance of conflicts of interest
D. All of the above
Integrity requires honesty, truthfulness, trustworthiness, and confidentiality. It also requires subordination
of desires for personal gain to the interests of clients, employers, and the public. It requires independence
of mental attitude and avoidance of conflicts of interest. Additionally, integrity means that a fraud
examiner should have a well-developed sense of moral philosophy—an ability to analyze situations where
no rules of the ACFE Code of Professional Ethics are specifically applicable and to be able to distinguish
right from wrong. It does not mean, however, that an ACFE member must be perfect in all technical
matters, nor does it mean that fraud examiners and others cannot have honest differences of opinion. In
the course of a fraud examination, inadvertent errors, mistakes of judgment, and other problems might
cause conflict. In such cases, a fraud examiner can preserve integrity either by admitting error or by
convincingly justifying a difference of perception or opinion.
12. The ACFE Code of Professional Ethics prohibits fraud examiners from engaging in undisclosed
conflicts of interest. Which of the following situations should a fraud examiner avoid to ensure compliance
with this rule?
A. Undertaking an engagement to secretly infiltrate the fraud examiner’s employing organization and transmit inside in
B. Undertaking engagements for both sides to a particular controversy or issue
C. Undertaking engagements that create a hardship or loss to the fraud examiner’s full-time employer
D. All of the above
13. Under the ACFE Code of Professional Ethics, information provided to a fraud examiner by a client is
considered privileged information and is therefore protected from being legally demanded by outside
parties.
A. True
B. False
Privileged information is information that cannot be demanded, even by a court. Legal professional
privilege precludes disclosure of confidential communications between professional legal advisors (e.g.,
solicitors, barristers, attorneys) and their clients. Some jurisdictions provide similar professional privileges
for physicians and priests. However, fraud examiners do not have any such privilege in common law or by
statute, and the ACFE Code of Professional Ethics does not assume a privileged status for the fraud
examiner-client/employer relationship.
14. If a fraud examiner makes a mistake in judgment, they should avoid admitting to the error, as it could
compromise the integrity of their case.
A. True
B. False
The ACFE Code of Professional Ethics requires ACFE members to exhibit the highest level of integrity at
all times. This does not mean, however, that an ACFE member must be perfect in all technical matters,
nor does it mean that fraud examiners and others cannot have honest differences of opinion. In the
course of a fraud examination, inadvertent errors, mistakes of judgment, and other problems might cause
conflict. In such cases, a fraud examiner can preserve integrity either by admitting error or by convincingly
justifying a difference of perception or opinion.
15. Which of the following statements is TRUE regarding the disclosure of confidential client information?
A. A fraud examiner can reveal confidential client information when responding to a legal court order.
B. A fraud examiner is always bound by confidentiality, even when refusing to disclose information violates the law.
C. Confidential information provided to a fraud examiner by a client is considered privileged and therefore legally
exempt from disclosure in all circumstances.
D. A fraud examiner is only allowed to respond to a legal court order when their client grants them authorization
to do so.
16. The ACFE Code of Professional Ethics explicitly prohibits which of the following?
A. Unethical conduct
B. Illegal conduct
C. Undisclosed conflicts of interest
D. All of the above
Article II of the ACFE Code of Professional Ethics states: “An ACFE Member shall not engage in any
illegal or unethical conduct, or any activity which would constitute a conflict of interest that has not been
properly disclosed to the appropriate parties.” This rule is a composite of three explicit prohibitions: illegal
conduct, unethical conduct, and undisclosed conflicts of interest.
17. In reporting the results of a fraud examination, a fraud examiner is required to disclose any
information that, if not disclosed, would change a user's perceptions and conclusions.
A. True
B. False
Article VII of the ACFE Code of Professional Ethics states: "An ACFE Member shall reveal all material
matters discovered during the course of an examination, which, if omitted, could cause a distortion of the
facts." This rule demands full and fair reporting of the findings made in investigations. Two words—
material and distortion—are key to this requirement.
Information is material if having knowledge of such information might reasonably be expected to influence
a client's or employer's decisions based on a fraud examiner's report. Accordingly, materiality is a user-
oriented concept. Thus, an item of information that, if omitted from a report, would change a user's
perceptions and conclusions is material. When determining what information is material, fraud examiners
should not consider what they themselves think is important and material; instead, they should try to
decide what users will consider important and material. Thus, fraud examiners must project a decision-
making process onto the users.
This rule also provides that fraud examiners shall disclose all material matters discovered during the
course of a fraud examination that, if omitted, could distort the facts. The "distortion of facts" portion of the
rule refers to omissions. Distortion is related to materiality and users' decisions. The distortion of facts in a
report could cause users to undertake inappropriate actions.
18. Under the ACFE Code of Professional Ethics, fraud examiners are strictly prohibited from expressing
opinions on technical matters.
A. True
B. False
Article V of the ACFE Code of Professional Ethics states: "An ACFE Member, in conducting
examinations, will obtain evidence or other documentation to establish a reasonable basis for any opinion
rendered. No opinion shall be expressed regarding the guilt or innocence of any person or party."
Opinions, under Article V, may be given if there is a reasonable basis for them. The only opinions strictly
not allowed are those regarding the guilt or innocence of any person or party. Additionally, opinions
regarding technical matters generally are permitted if the fraud examiner is qualified as an expert in the
matter. For example, a permissible opinion might address the relative adequacy of an entity’s internal
controls. Likewise, a permissible opinion might regard whether financial transactions conform to generally
accepted accounting principles (GAAP).
19. Under the ACFE Code of Professional Ethics, fraud examiners are strictly prohibited from revealing
confidential client information under any circumstances.
A. True
B. False
Two articles of the ACFE Code of Professional Ethics apply in situations regarding release of confidential
client information. Article IV states: "An ACFE Member will comply with the lawful orders of the courts,
and will testify to matters truthfully and without bias or prejudice." Article VI says: "An ACFE Member shall
not reveal any confidential information obtained during a professional engagement without proper
authorization." However, fraud examiners are not bound by confidentiality when doing so would violate
the law. Thus, fraud examiners can reveal client confidences when responding to a legal court order.
20. To be in compliance with the ACFE Code of Professional Ethics, fraud examiners must have an
expert level of skill and knowledge for every circumstance that might be encountered in a fraud
examination.
A. True
B. False
Fraud examiners cannot be expected to have an expert level of skill and knowledge for every
circumstance that might be encountered in a fraud examination. Nevertheless, they must have sufficient
skill and knowledge to recognize when additional training or expert guidance is required. It is the
responsibility of a fraud examiner to ensure that necessary skills, knowledge, ability, and experience are
acquired or available before going forward with a fraud examination.
21. In general, the lowest level of reference for making moral decisions is:
A. Individual standards
B. Philosophical principles
C. The law
When faced with an ethics-related problem, it is appropriate to begin analyzing the issue by asking: Is it
legal? The law, including professional rules and regulations, deals with actions that are permitted and
prohibited, but it is the lowest level of reference for moral decisions; a law might permit an action that is
prohibited by a profession's code of ethics. Laws, rules, and regulations function as standards by which to
judge whether an action is legal or illegal but not whether the behavior is right. For instance, if you have
promised an individual that you will honor a contract, you are ethically bound to do so, regardless of your
legal responsibility; under these facts, upholding your promise is the right thing to do, no matter what the
law says.
22. Which of the following is a fraud examiner permitted to express an opinion regarding?
A. The guilt of a particular individual
B. The effectiveness of an organization’s internal controls
C. The innocence of a particular individual
rendered. No opinion shall be expressed regarding the guilt or innocence of any person or party." The
only opinions strictly not allowed are those regarding the guilt or innocence of any person or party.
However, opinions regarding technical matters generally are permitted if the fraud examiner is qualified
as an expert in the matter. For example, a permissible opinion might address the relative adequacy of an
entity’s internal controls. Likewise, a permissible opinion might regard whether financial transactions
conform to generally accepted accounting principles (GAAP).
23. Fraud examiners generally are not entitled to claim ignorance of the law as a defense for illegal
activity.
A. True
B. False
Some rules for professionals insert the word knowingly in relation to illegal activities, saying: “One should
not knowingly be a party to an illegal activity.” The ACFE Code of Professional Ethics does not include
this way out. Fraud examiners are generally not entitled to claim ignorance of the law. They are expected
to know a considerable amount of law in connection with investigations, and they are expected to know
when to consult a lawyer.
24. Which of the following is an example of a violation of the ACFE Code of Professional Ethics’
requirement for diligent, professional behavior?
A. Delegating a task to a lower-level employee and overseeing their performance
B. Obtaining more evidence than the minimum amount needed to prove a case
C. Skipping vital investigation steps to improve the efficiency of a fraud examination
D. All of the above
Skipping vital investigation steps to improve the efficiency of a fraud examination would not only create
the possibility of missing key pieces of evidence, but it would also be a violation of Article I of the ACFE
Code of Professional Ethics. This article states that "An ACFE Member shall, at all times, demonstrate a
commitment to professionalism and diligence in the performance of their duties." The "diligence in the
performance of their duties" phrase in this rule refers to several activities that collectively define high-
quality fraud examination work, including properly planning assignments and supervising assistants and
colleagues, avoiding conflicts of interest, performing tasks with competence, obtaining sufficient evidence
to establish a basis for opinions, maintaining confidential relations, and avoiding distortion of facts.
25. In the context of a fraud examination, a mindset of professional skepticism means:
A. The fraud examiner's professional skepticism can be dispelled only by evidence
B. Fraud examiners should relax their attitude of skepticism only when the evidence shows no signs of fraud
C. Fraud examiners should always begin their assignments with the belief that something is amiss
D. All of the above
As part of exercising professional integrity and competence, fraud examiners must always perform their
work with a mindset of professional skepticism and begin assignments with the belief that something is
wrong or someone is committing a fraud (depending on the nature of the assignment and the preliminary
information available). Furthermore, fraud examiners should relax their attitude of skepticism only when
the evidence shows no signs of fraudulent activity. At no time is a fraud examiner entitled to assume a
fraud problem does not exist. Thus, professional skepticism can be dispelled only by evidence. As a
result, opinions or attestations about a fraud-free environment are absolutely prohibited for ACFE
members.
26. Professional organizations, such as the ACFE, have codes of ethics because:
A. They provide more direct solutions to professional ethical dilemmas than might exist under general
ethical principles
B. They serve as a reference and benchmark for ethical guidance
C. They facilitate practical enforcement and profession-wide internal discipline
D. All of the above
A code of conduct serves a useful purpose as a reference and benchmark for ethical guidance. A code
makes explicit the conduct that is expected in a particular profession. Thus, codes of professional ethics
can provide some direct solutions that might not be available from general ethics theories. Furthermore,
individuals will have a better understanding of what is expected of them when a code of ethical conduct is
in place. From the viewpoint of an organized profession, a code is a public declaration of principled
conduct and a means of facilitating enforcement of standards of conduct. Practical enforcement and
profession-wide internal discipline would be much more difficult if members were not first put on notice of
the standards.
27. During an admission-seeking interview of a fraud suspect, Gary, a Certified Fraud Examiner (CFE),
accuses the suspect of having committed a fraud. Gary's accusation violates the ACFE Code of
Professional Ethics.
A. True
B. False
rendered. No opinion shall be expressed regarding the guilt or innocence of any person or party."
Although it does not specifically state such, Article V really applies to statements of opinion made to third
parties. If the fraud examiner was interviewing a suspect whose guilt was highly probable, the Code
would not prohibit the fraud examiner from making accusations. The admission-seeking process, used
extensively by fraud examiners, requires that accusations be made of the probable guilty party. As long
as these accusations are not communicated to third parties, the fraud examiner would not be in violation
of the Code.
As part of their responsibilities under the ACFE Code of Professional Ethics, in collecting evidence, fraud
examiners must:
A. Preserve the integrity of relevant evidence
B. Obtain and document evidence such that the chain of custody is preserved
C. Ensure that all necessary evidence is obtained
D. All of the above
As part of the ACFE Code of Professional Ethics, ACFE members are required to collect and evaluate a
sufficient amount of relevant evidence to afford a reasonable and logical basis for decisions. Thus, fraud
examiners must collect evidence, whether exculpatory or incriminating, that supports fraud examination
results and will be admissible in subsequent proceedings. To do so, the fraud examiner must obtain and
document the evidence in a manner that ensures that all necessary evidence is obtained and that the
chain of custody is preserved. Additionally, fraud examiners must act prudently to preserve the integrity of
relevant evidence and material.
30. During a fraud examination, John, a Certified Fraud Examiner (CFE), becomes aware of a situation that might
appear to others as though he has a conflict of interest, even though there is no actual conflict. To address the
situation, John’s best course of action is to:
A. Continue working on the assignment without disclosing the potential conflict but take care to avoid any
areas where an actual conflict might arise
B. Immediately disclose the situation to company management
C. Immediately withdraw from the engagement without disclosing the potential conflict to management
Justine, a Certified Fraud Examiner (CFE), was contacted regarding an engagement to investigate a
complex insurance fraud case involving an organized crime ring. Justine had previously taken a self-study
continuing professional education (CPE) course on insurance fraud schemes, but she had no other
training or experience in such cases. However, she accepted the engagement and chose to conduct the
work herself. Justine’s conduct would likely be a violation of the ACFE Code of Professional Ethics.
A. True
B. False
Based on the facts provided, Justine likely violated Article III of the ACFE Code of Professional Ethics,
which states: "An ACFE Member shall, at all times, exhibit the highest level of integrity in the performance
of all professional assignments, and will accept only assignments for which there is reasonable
expectation that the assignment will be completed with professional competence." Professional
competence refers to how well fraud examiners do their job. Determination of competence always
depends on the specific facts and circumstances of the assignment. In this situation, if Justine only had
received basic training and had no other experience in insurance fraud investigations, she would not be
considered qualified or professionally competent to conduct such an examination for a client. Such
conduct would be a violation of Article III, which requires fraud examiners to accept only those
assignments which can be completed with professional competence.
White-Collar Crime
1. According to the ACFE's research, employees are the most common source of tips that lead to
the detection of fraud.
A. True
B. False
Employees are a valuable source of information for discovering potential fraud. The ACFE 2020 Report to
the Nations shows that half of all tips (50%) that led to the detection of fraud were provided by employees
of the victim organizations. This is more than the amount provided by any other source.
2. The research of Dr. Steve Albrecht found which of the following personal characteristics to be the
top-ranked motivating factor to commit fraud?
A. Dislike of company
B. Living beyond means
C. Criminal personality
D. Dislike of boss
In Dr. Steve Albrecht’s study, the researchers gave internal auditors at companies that had experienced
frauds two sets of 25 motivating factors and asked which factors were present in the frauds they had dealt
with. Participants were asked to rank these factors on a seven-point scale indicating the degree to which
each factor existed in their specific frauds. Based on this study, the top three most highly ranked factors
from the list of personal characteristics were (1) living beyond their means, (2) an overwhelming desire for
personal gain, and (3) high personal debt.
3. Which of the following is an example of the non-shareable financial need leg of the Fraud
Triangle?
A. Credit card debt from excessive shopping
B. Addiction problems
C. Gambling debts
D. All of the above
One leg of the Fraud Triangle represents a perceived non-shareable financial need. As Cressey
explained, “In all cases of trust violation encountered, the violator considered that a financial problem
which confronted him could not be shared with persons who, from a more objective point of view,
probably could have aided in the solution of the problem.” In addition to being non-shareable, the problem
that drives the fraudster is described as “financial” because these are problems that can generally be
solved by the theft of cash or other assets. Examples of such situations include financial needs caused by
gambling debts, addiction problems, or credit card debt from excessive shopping.
4. According to a study conducted by Dr. Steve Albrecht, occupational crime perpetrators who were
interested primarily in "beating the system" committed larger frauds than those who believed their
pay was not adequate.
A. True
B. False
According to Dr. Steve Albrecht, perpetrators who were interested primarily in “beating the system”
committed larger frauds. However, perpetrators who believed their pay was not adequate committed
primarily small frauds. Lack of separation of responsibilities, placing undeserved trust in key employees,
imposing unrealistic goals, and operating on a crisis basis were all pressures or weaknesses associated
with large frauds. College graduates were less likely to spend their illegal income on extravagant
vacations, recreational property, extramarital relationships, and expensive automobiles. Finally, those
with lower salaries were more likely to have a prior criminal record.
5. The Fraud Triangle hypothesis can be used to explain every instance of fraudulent conduct.
A. True
B. False
Cressey’s classic Fraud Triangle helps explain the nature of many—but not all—occupational offenders.
For example, although academicians have tested his model, it has still not fully found its way into practice
in terms of developing fraud prevention programs. Common sense dictates that no one model—not even
Cressey's—fits every situation.
6. According to the 2020 Report to the Nations, more occupational frauds are committed by men
than by women.
A. True
B. False
A sizeable majority of the fraudsters in the 2020 Report to the Nations study (72%) were males. Men also
caused much larger median losses ($150,000) than females ($85,000). This remains fairly consistent with
the ACFE's past studies, which have all shown males to be responsible for between 65% and 70% of
frauds along with a significant disparity in fraud loss.
7. An accounting clerk stealing incoming customer payments is an example of:
A. Neither organizational crime nor occupational crime
B. Both organizational crime and occupational crime
C. Organizational crime
D. Occupational crime
Organizational crime is that which is committed by businesses, particularly corporations, and the
government. In contrast, occupational crime involves legal offenses committed by individuals in the
course of their occupation. For example, an accounting clerk stealing incoming customer payments would
be considered an occupational crime. An antitrust offense, such as bid rigging or price fixing, would be an
organizational crime.
Organizational crime occurs in the context of complex relationships and expectations among boards of
directors, executives, and managers on one hand, and among parent corporations, corporate divisions,
and subsidiaries on the other.
8. While organizations can directly calculate financial damages and losses resulting from a fraud
scheme, it is much more difficult to estimate the indirect costs they might face in the future.
A. True
B. False
The direct cost of fraud relates to the amount of financial damages and losses resulting from a fraud
scheme. While organizations are able to calculate fraud losses directly, it is much more difficult to
estimate the indirect costs associated with fraud.
9. Which of the following represents one of the legs of the Fraud Triangle?
A. Perceived non-shareable financial need
B. Perceived opportunity
C. Rationalization
D. All of the above
While working on his Ph.D. in the 1940s, Donald R. Cressey focused his research on embezzlers. His
findings resulted in a hypothesis that, over the years, has become known as the Fraud Triangle. One leg
of the triangle represents a perceived non-shareable financial need. The second leg is for perceived
opportunity, and the final leg is for rationalization. The role of the non-shareable problem is important.
Cressey said, “When the trust violators were asked to explain why they refrained from violation of other
positions of trust they might have held at previous times, or why they had not violated the subject position
at an earlier time, those who had an opinion expressed the equivalent of one or more of the following
quotations: (a) ‘There was no need for it like there was this time.’ (b) ‘The idea never entered my head.’
(c) ‘I thought it was dishonest then, but this time it did not seem dishonest at first.’ ”
10. According to the 2020 Report to the Nations, which of the three major categories of occupational
fraud is the most common?
A. Identity theft
B. Asset misappropriation
C. Financial statement fraud
D. Corruption
All occupational frauds fall into one of three major categories: asset misappropriation, corruption, or
financial statement fraud. Of these categories, asset misappropriation is by far the most common,
occurring in 86% of the cases in the 2020 Report to the Nations study. However, asset misappropriation
is also the least costly, causing a median loss of $100,000. Corruption schemes are the next most
common form of occupational fraud, with 43% of the cases in the study involving some form of corrupt
act. These schemes resulted in a median loss to the victim organizations of $200,000. The least common
and most costly form of occupational fraud is financial statement fraud, which occurred in 10% of the
cases and caused a median loss of $954,000.
11. Which of the following is considered a white-collar crime?
A. An accounting clerk steals incoming payments from customers and makes falsified journal entries to
cover their tracks
B. A stockbroker profits from trades made based on insider knowledge about a company
C. A city official receives kickbacks for tailoring contract requirements to specific vendors
D. All of the above
Although there is no consensus within the scholarly community, one current definition of white-collar
crime is that proposed by Albert J. Reiss, Jr., and Albert Biderman: “White-collar crime violations are
those violations of law to which penalties are attached that involve the use of a violator’s position of
economic power, influence, or trust in the legitimate economic or political institutional order for the
purpose of illegal gain, or to commit an illegal act for personal or organizational gain.”
12. The two primary strategies to control corporate criminal behavior are:
A. Enforcement and compliance
B. Compliance and deterrence
C. Deterrence and enforcement
Enforcement strategies include two main theories: compliance and deterrence. Compliance is designed to
achieve conformity to the law without having to detect, process, or penalize violators. Compliance
systems provide economic incentives for voluntary compliance to the laws and use administrative efforts
to control violations before they occur. In contrast, deterrence is designed to detect law violations,
determine who is responsible, and penalize offenders to deter future violations. Deterrence systems try to
control the immediate behavior of individuals, not the long-term behaviors targeted by compliance
systems.
13. Misbehavior is less likely to be detected and punished in a complex organizational structure than
in a simple organizational structure.
A. True
B. False
Complex companies provide a structure that can foster misbehavior. They provide many settings where
misconduct is possible. They isolate those settings in departments and in locations around a city, a
country, or the world. This isolation, in turn, means that information about what one part of a company is
doing might be unknown in another part. All this reduces the risk that misbehavior will be detected and
punished. The larger a company grows, the more specialized its subunits tend to become, and this
specialization thereby breeds a higher risk of fraud. An internally diversified company might have few
employees who fully understand the detailed workings.
Additionally, specialization tends to hide illegal activities, especially where a firm’s tasks are kept separate
and unrelated. Employees cannot garner knowledge about all the particulars of how a firm works. This
protects a company from the effects of personnel turnover and leaks of information because no employee
knows all the intricacies of the company. The same secrecy, however, raises the chances for misconduct.
14. Dr. Steve Albrecht conducted research that focused on fraud-related red flags in two principal
categories: perpetrator characteristics and organizational environment. Which of the following
was the organizational-environment factor that was most present in the frauds studied?
A. Inadequate attention to details
B. Lack of clear lines of authority
C. Too much trust in key employees
15. The majority of people who commit occupational fraud are repeat offenders with prior criminal
records.
A. True
B. False
The ACFE's research indicates that the vast majority of occupational fraudsters have no prior history of
criminal fraud convictions. Only 4% of the perpetrators in the 2020 Report to the Nations study had
previously been convicted of a fraud-related offense, which is consistent with the findings in every study
dating back to 1996. This suggests that most occupational fraudsters are first-time offenders. Additionally,
86% of the fraudsters had never previously been punished or terminated by an employer for fraud or
abuse.
16. A person’s social status plays no role in their ability to commit white-collar crime.
A. True
B. False
What is loosely called “class” or “social status” does have an effect on crimes. For example, one
defendant used their position as chair of a local bank board to set up loans for their ailing wood chip
company. The loans would never have been approved without the chair’s influence, and the chair never
reported them in the proxy statement to the bank’s shareholders.
17. According to criminologist Charles McCaghy, _____________ is the single most compelling
factor behind deviance by organizations.
A. Employee demands
B. Government regulation
C. Profit pressure
Criminologist Charles McCaghy says profit pressure is “the single most compelling factor behind deviance
by industry, whether it be price fixing, the destruction of competition, or the misrepresentation of a
product,” such as making a poor-quality product that will wear out and need to be replaced. Clinard and
Yeager say certain industries, such as the drug and chemical businesses, have such severe competition
and strong profit drives due to demands for continual development of new products that they might feel
pressured to falsify test data, market new products before their full effects are known, or engage in
unethical sales techniques that can have disastrous effects on humans and the environment.
18. According to the 2020 Report to the Nations, more frauds are uncovered by external audit than by
any other form of detection.
A. True
B. False
One of the principal goals of the ACFE’s research is to identify how past frauds were detected so that
organizations can apply that knowledge to their future anti-fraud efforts. The 2020 Report to the
Nations shows that the leading detection methods are tips, internal audit, and management review. This
finding is not surprising, as these have been the three most common means of detecting occupational
fraud in every edition of the report since 2010. Collectively, these three detection methods were cited in
70% of the cases in the ACFE's most recent study. Tips were by far the most common means of
detection at 43% of cases—more than internal audit (15%) and management review (12%) combined.
19. Systems based on the compliance theory of crime control attempt to achieve conformity to the
law without having to detect, process, or penalize violators.
A. True
B. False
Enforcement strategies include two main theories: compliance and deterrence. Compliance is designed to
achieve conformity to the law without having to detect, process, or penalize violators. Compliance
systems provide economic incentives for voluntary compliance to the laws and use administrative efforts
to control violations before they occur. In contrast, deterrence is designed to detect law violations,
determine who is responsible, and penalize offenders to deter future violations. Deterrence systems try to
control the immediate behavior of individuals, not the long-term behaviors targeted by compliance
systems.
20. Efforts to control corporate crime generally include which of the following approaches?
A. Government intervention
B. Voluntary changes in corporate attitudes
C. Consumer action
D. All of the above
Efforts to control corporate crime follow three approaches: voluntary change in corporate attitudes and
structure; strong intervention by the government to force changes in corporate structure, accompanied by
legal measures to deter or punish; or consumer action. Voluntary changes would involve the development
of stronger business ethics and certain corporate organizational reforms. Government controls might
involve corporate chartering, deconcentration and divestiture, larger and more effective enforcement
staffs, stiffer penalties, wider use of publicity as a sanction, and possibly the nationalization of
corporations. Consumer group pressures might be exerted through lobbying, selective buying, boycotts,
and the establishment of large consumer cooperatives.
21. According to the 2020 Report to the Nations, which of the three major categories of occupational
fraud has the highest median loss?
A. Asset misappropriation
B. Financial statement fraud
C. Identity theft
D. Corruption
All occupational frauds fall into one of three major categories: asset misappropriation, corruption, or
financial statement fraud. Of these categories, asset misappropriation is by far the most common,
occurring in 86% of the cases in the 2020 Report to the Nations study. However, asset misappropriation
is also the least costly, causing a median loss of $100,000. Corruption schemes are the next most
common form of occupational fraud, with 43% of the cases in the study involving some form of corrupt
act. These schemes resulted in a median loss to the victim organizations of $200,000. The least common
and most costly form of occupational fraud is financial statement fraud, which occurred in 10% of the
cases and caused a median loss of $954,000.
22. Which of the following is NOT one of the factors that Diane Vaughan cites as contributing to
organizations being inherently prone to committing crime?
A. Loyalty is encouraged through social interaction, such as company parties and social functions.
B. Organizations tend to recruit and attract similar individuals.
C. Long-term loyalty is encouraged through company retirement and benefits.
D. Rewards are given to employees who challenge the status quo.
Organizations can be criminogenic because they encourage loyalty. According to Diane Vaughan, the
reasons are that:
• The organization tends to recruit and attract similar individuals.

• Rewards are given out to those who display characteristics of the “company man.”
• Long-term loyalty is encouraged through company retirement and benefits.
• Loyalty is encouraged through social interaction, such as company parties and social functions.
• Frequent transfers and long working hours encourage isolation from other groups.
• Specialized job skills can discourage personnel from seeking employment elsewhere.
23. Which of the following is TRUE regarding organizational structure?
A. Misbehavior is more likely to be detected in a complex organizational structure than in a simple

organizational structure
B. Companies with departments that are isolated geographically have a reduced risk of fraud
C. The existence of many specialized departments within a company generally increases the overall
risk of fraud within the organization
D. All of the above
Complex companies provide a structure that can foster misbehavior. They provide many settings where
misconduct is possible. They isolate those settings in departments and in locations around a city, a
country, or the world. This isolation, in turn, means that information about what one part of a company is
doing might be unknown in another part. All this reduces the risk that misbehavior will be detected and
punished. The larger a company grows, the more specialized its subunits tend to become, and this
specialization thereby breeds a higher risk of fraud. An internally diversified company might have few
employees who fully understand the detailed workings.
Additionally, specialization tends to hide illegal activities, especially where a firm’s tasks are kept separate
and unrelated. Employees cannot garner knowledge about all the particulars of how a firm works. This
protects a company from the effects of personnel turnover and leaks of information because no employee
knows all the intricacies of the company. The same secrecy, however, raises the chances for misconduct.
24. Cressey found that embezzlers' offenses are motivated by situations that either threaten their
current status or threaten to prevent them from achieving a higher status.
A. True
B. False
Through his research, Cressey found that the non-shareable problems encountered by the people he
interviewed arose from situations that could be divided into six basic categories: violation of ascribed
obligations, problems resulting from personal failure, business reversals, physical isolation, status
gaining, and employer-employee relations. All of these situations in some way dealt with status-seeking
or status-maintaining activities by the subjects. In other words, the non-shareable problems threatened
the status of the subjects, or threatened to prevent them from achieving a higher status than the one they
occupied at the time of their violation.
25. According to Dr. Steve Albrecht's Fraud Scale model, the variables that drive the occurrence of
occupational fraud include:
A. Situational pressure
B. Perceived opportunity
C. Personal integrity
D. All of the above
Dr. Steve Albrecht developed the Fraud Scale, which included the components of situational pressures,
perceived opportunities, and personal integrity. The Fraud Scale shows that when situational pressures
and perceived opportunities are high and personal integrity is low, occupational fraud is much more likely
to occur than when the opposite is true.
26. Which of the following is one of the ways Silk and Vogel found that businesses rationalize illegal
or noncompliant conduct?
A. Violations aim to protect the job security of employees
B. The damage done by violations is diffused among a large number of parties
C. Compliance with government regulations is too costly
D. All of the above
In their research, Silk and Vogel found several beliefs used by businesses to rationalize illegal conduct:
• Government regulations are unjustified because the additional costs of regulations and
bureaucratic procedures cut heavily into profits.
• Regulation is unnecessary because the matters being regulated are unimportant.
• Although some corporate violations involve large sums of money, the damage is so diffused
among a large number of consumers that, individually, there is little loss.
• Violations are caused by economic necessity; they aim to protect the value of stock, to ensure an
adequate return for stockholders, and to protect the job security of employees by ensuring the
financial stability of the corporation.
27. Criminal activities involving corporations stem primarily from the organization's subcultures and
values, rather than from the attitudes and characteristics of the individuals carrying out the
crimes.
A. True
B. False
Criminal activities involving corporations often originate from organizational subcultures and values and
are developed over time. While individuals carry out the criminal enterprise, their attitudes and
characteristics are of little importance, as an organization will replace those employees unwilling to
participate in a criminal activity.
28. As a strategy to control crime, _________ is designed to achieve conformity to the law by
providing economic incentives for voluntary adherence to the law and using administrative efforts
to control violations before they occur.
A. Prevention
B. Compliance
C. Deterrence
29. When ordered by their superiors to commit fraud, many employees will do so even if it conflicts
with their personal values, morals, and ethics.
A. True
B. False
Organizations display criminogenic tendencies due to their reinforcement of obedience to authority

figures. Human beings have an innate instinct to do as they are told. Although individuals generally have
an internal balance that gives equal weight to obeying authority and adhering to one’s own personal
conscience and understanding of right and wrong, certain situations might arise in the workplace that
cause obedience to be perceived as the more favorable action. For example, employees might receive a
command from someone who they view as an authority figure that might cause them to take a potentially
bad or harmful course of action in order to comply with the command. Thus, individuals who are
otherwise ethical might commit wrongdoing as a way to please management or another figure of authority
because they feel they have no other choice.
In hierarchal organizations that encourage obedience and engage in fraudulent behavior at the highest
levels, lower-level staff members’ resistance to disobey authority figures can result in them feeling like
they must take part in the fraudulent behavior, even when such behavior is inconsistent with their
personal moral code. In an experiment conducted by Dr. Stanley Milgram, a social psychologist, over
60% of the participants were willing to shock another person when pushed to do so by an authority figure;
thus, it is reasonable to expect that a similar percentage of people will commit fraud when ordered to do
so by their superiors in the workplace.
30. According to the ACFE’s 2020 Report to the Nations, which of the following is the MOST
COMMON internal response an organization will take when management discovers that one of its
employees has committed fraud?
A. Suspension
B. Probation
C. Termination
D. Permitted resignation
31. According to the ACFE’s 2020 Report to the Nations, most white-collar crime cases are referred
to law enforcement for prosecution.
A. True
B. False
According to the 2020 Report to the Nations, the ACFE’s global study on occupational fraud and abuse,
59% of occupational fraud cases were referred to law enforcement for prosecution. Of those that were
prosecuted, the majority (56%) pleaded guilty or no contest, and another 23% were convicted at trial. As
the data show, most fraud cases brought to a court of law generally result in an unfavorable outcome for
the offender.
32. According to Diane Vaughan, an employee who is truly loyal to a company would never commit
fraud on the company's behalf.
A. True
B. False
Diane Vaughan, the author of Controlling Unlawful Organizational Behavior: Social Structure and
Corporate Misconduct, believes that organizations can be criminogenic because they encourage loyalty.
This, in turn, causes company personnel to sometimes perceive that the organization might be worth
committing crime for to maintain and further its goals. The use of formal and informal rewards and
punishments, plus social activities and pressures to participate, link an employee’s needs and goals to
the company's success. When a company achieves its goals, its employees prosper. This is to mean that
the interests of an organization and its employees coincide, which might cause unlawful conduct to be
committed by individuals on the organization’s behalf.
33. Edward Gross and other criminologists have asserted that organizations are inherently:
A. Criminogenic
B. Averse to misconduct
C. Exploitative
Sociologist Edward Gross has asserted that all organizations are inherently "criminogenic" (i.e., prone to
committing crime), but they are not necessarily criminal. Without necessarily meaning to, organizations
can invite fraud as a means of obtaining goals. Gross makes this assertion because of the reliance on
"the bottom line."
34. The managements from several IT consulting firms conspire to take turns submitting the lowest
bids for all contracts in their area; this is considered an organizational crime.
A. True
B. False
Organizational crime is that which is committed by businesses, particularly corporations, and the
government. In contrast, occupational crime involves legal offenses committed by individuals in the
course of their occupation. An antitrust offense, such as bid rigging or price fixing, would be an
organizational crime; accepting or offering bribes is an occupational offense.
Organizational crime occurs in the context of complex relationships and expectations among boards of
directors, executives, and managers on one hand, and among parent corporations, corporate divisions,
and subsidiaries on the other.
35. According to the authors of Crimes of the Middle Classes, which of the following factors has
contributed to the rising problem of economic crime?
A. The economy's increased reliance on credit
B. The continued pressures of a culture that rewards affluence and success
C. The increased opportunity for wrongdoing as a result of advancing information technologies
D. All of the above
The authors of Crimes of the Middle Classes propose several factors that have contributed to the rising
problem of economic crime:
• The economy increasingly runs on credit, which often means rising personal debt. The offenders
in the sample often showed serious discrepancies “between their resources and their
commitments.”
• New information technologies mean that the opportunity for wrongdoing is growing, and many of
the techniques are not widely comprehended by businesses or individuals.
• Government programs distributing large amounts of money make an enticing target for
embezzlement.
• The importance of credentials in a professionalized society might influence individuals “to inflate
the credentials, or to make them up when they do not exist.” This tendency involves everything
from cheating on school entrance exams to falsifying credit applications.
• Most broadly, the authors observe an overarching culture based on affluence and ever-higher
levels of success. Television, and advertising in general, promises that no one has to settle for
second best, prompting those who find themselves running behind to make an attempt to conceal
the difference, crossing ethical and sometimes legal lines.
36. Research has shown that many executives justify illegal behavior as simply common practice in
the business world.
A. True
B. False
In his research, Dr. Gilbert Geis found that individuals are often trained in illegal behavior as part of their
occupational roles. Similarly, Schrager and Short say criminal behavior stems more from the roles an
employee is expected to fulfill than from individual pathology. Many executives know their behavior is
illegal but tend to justify their behavior as simply common practice in the business world. Clinard and
Yeager believed that in rationalizing their behavior, corporations follow a general tendency to obey laws
selectively (i.e., obeying according to situational needs and determined by factors like social class and
occupation).
37. According to the ACFE’s 2020 Report to the Nations, most perpetrators of fraud receive some
form of internal punishment from their organization.
A. True
B. False
According to the ACFE’s 2020 Report to the Nations, 80% of fraud cases in the study resulted in some
form of internal punishment for the perpetrator in response to the fraud. Of those that were disciplined
internally, 66% were terminated, 10% were permitted or required to resign, and 9% were either placed on
probation or suspended.
38. According to Diane Vaughan, encouraging employee loyalty through social interactions, such as
company parties and social functions, can contribute to the organization being more inherently
inclined to commit crime.
A. True
B. False
Organizations can be criminogenic because they encourage loyalty. According to Diane Vaughan, the
reasons are that:
• The organization tends to recruit and attract similar individuals.

• Rewards are given out to those who display characteristics of the “company man.”
• Long-term loyalty is encouraged through company retirement and benefits.
• Loyalty is encouraged through social interaction, such as company parties and social functions.
• Frequent transfers and long working hours encourage isolation from other groups.
• Specialized job skills can discourage personnel from seeking employment elsewhere.
In addition, organizations are more inherently prone to committing crime when management links
employees’ needs and goals to the company's success through the use of formal and informal rewards
and punishments, plus social activities and pressures to participate. When a company achieves its goals,
its employees prosper. This is to mean that the interests of an organization and its employees coincide,
which might cause unlawful conduct to be committed by individuals on the organization’s behalf.
39. Human beings’ innate instinct to do as they are told and obey authority figures can result in
otherwise ethical employees committing a crime on their organization’s behalf.
A. True
B. False
Organizations display criminogenic tendencies due to their reinforcement of obedience to authority

figures. Human beings have an innate instinct to do as they are told. Although individuals generally have
an internal balance that gives equal weight to obeying authority and adhering to one’s own personal
conscience and understanding of right and wrong, certain situations might arise in the workplace that
cause obedience to be perceived as the more favorable action. For example, employees might receive a
command from someone who they view as an authority figure that might cause them to take a potentially
bad or harmful course of action in order to comply with the command. Thus, individuals who are
otherwise ethical might commit wrongdoing as a way to please management or another figure of authority
because they feel they have no other choice.
In hierarchal organizations that encourage obedience and engage in fraudulent behavior at the highest
levels, lower-level staff members’ resistance to disobey authority figures can result in them feeling like
they must take part in the fraudulent behavior, even when such behavior is inconsistent with their
personal moral code. In an experiment conducted by Dr. Stanley Milgram, a social psychologist, over
60% of the participants were willing to shock another person when pushed to do so by an authority figure;
thus, it is reasonable to expect that a similar percentage of people will commit fraud when ordered to do
so by their superiors in the workplace.
40. According to the ACFE’s 2020 Report to the Nations, what is the primary reason why
organizations decline to prosecute white-collar crime cases?
A. They believe their internal discipline is sufficient.
B. They feel that there is a lack of evidence.
C. They plan to recover losses civilly.
D. They determine that prosecution would be too costly.
Once a fraud has been discovered, there are various reasons why organizations choose to handle cases
internally versus referring them to law enforcement for prosecution. According to the ACFE’s 2020 Report
to the Nations, 46% of companies declined to refer cases to law enforcement because they believed their
organization’s internal discipline mechanisms were sufficient. Another common reason organizations
prefer to handle fraud incidents internally is a fear of negative publicity; 32% of respondents cited this as
their primary reason for not referring the case for potential prosecution. A fraud allegation, even if
ultimately found to be untrue, could damage an organization’s ability to retain customers and generate
revenue in the future. According to the study, 17% of respondents said that prosecution would be too
costly, 10% stated that there was a lack of evidence, and 6% preferred to pursue a civil suit.
41. In the area of criminological theory, ____________ is the theory that tries to prevent crime by
using the threat of criminal sanctions.
A. Adherence
B. Deterrence
C. Punishment
As a strategy to control crime, deterrence is designed to detect law violations, determine who is
responsible, and penalize offenders to deter future violations. Deterrence systems try to control the
immediate behavior of individuals, not the long-term behaviors targeted by compliance systems.
Deterrence theory assumes that humans are rational in their behavioral patterns. Humans seek profit and
pleasure while they try to avoid pain. Deterrence assumes that an individual’s propensity toward
lawbreaking is in inverse proportion to the perceived probability of negative consequences.
42. Which of the following most exemplifies the rationalization leg of the Fraud Triangle?
A. “I’m confident I won’t get caught.”
B. “I’m in so much debt; I don’t have any other way to pay my bills.”
C. “I need the money to repay my drug dealer so that no one will find out about my habit.”
D. “Management is dishonest, so why shouldn’t I be?”
One leg of the Fraud Triangle represents rationalization. Cressey pointed out that rationalization is not an
ex post facto means of justifying a theft that has already occurred. Significantly, rationalization is a
necessary component of the crime before it takes place; in fact, it is a part of the motivation for the crime.
Because embezzlers do not view themselves as criminals, they must justify their misdeeds before they
ever commit them. Examples of rationalizations include “The company owes me,” “No one will really get
hurt by such a small amount of missing money,” and “Management is dishonest, so why shouldn't I be?”
43. Dr. Steve Albrecht’s research indicates that the personal characteristics most common among
fraud perpetrators are a tendency to live beyond their means, an overwhelming desire for
personal gain, and high personal debt.
A. True
B. False
In Dr. Steve Albrecht’s study, the researchers gave internal auditors at companies that had experienced
frauds two sets of 25 motivating factors and asked which factors were present in the frauds they had dealt
with. Participants were asked to rank these factors on a seven-point scale indicating the degree to which
each factor existed in their specific frauds. Based on this study, the top three most highly ranked factors
from the list of personal characteristics were (1) living beyond their means, (2) an overwhelming desire for
personal gain, and (3) high personal debt.
44. According to the 2020 Report to the Nations, the majority of occupational frauds are committed by
____________; median losses are highest in frauds committed by ___________.
A. Employees; owners/executives
B. Owners/executives; managers
C. Employees; employees
D. Owners/executives; employees
According to the 2020 Report to the Nations, staff-level employees commit the most fraud schemes;
ACFE's study indicates that 41% of the cases were perpetrated by nonmanagement-level employees.
The research also shows that there is a strong correlation between the fraud perpetrator’s level of
authority and the size of the fraud. While owners/executives only committed 20% of the frauds in the
study, the schemes committed by these individuals resulted in a median loss of $600,000, which was four
times larger than the median loss caused by managers and ten times larger than the median loss caused
by low-level employees. A significant correlation between authority and fraud loss has been found in
every edition of the report dating back to 1996. This correlation likely reflects the fact that high-level
fraudsters tend to have greater access to an organization’s assets than low-level personnel. They might
also have greater technical ability to commit and conceal fraud, and they may be able to use their
authority to override or conceal their crimes in ways that low-level employees cannot.
45. According to the 2020 Report to the Nations, what was the most common behavioral red flag
displayed by perpetrators prior to the discovery of their frauds?
A. Divorce or family problems
B. Living beyond their means
C. Complaining about lack of authority
D. Addiction problems
As part of the study underlying the 2020 Report to the Nations, survey respondents were presented with a
list of common warning signs and asked which, if any, were displayed by the perpetrator prior to the
discovery of the fraud. The most frequently cited behavioral red flag in the reported cases involved
fraudsters living beyond their financial means. This warning sign was noted in 42% of all cases in the
study.
46. Research shows that a criminal’s social status or class is the determinant aspect of white-collar
crime.
A. True
B. False
Of all factors, organizational opportunity remains the determinant aspect of white-collar crime. Research
shows that a criminal’s position in an organization and their ability to organize the scheme have far more
bearing on the crime than social status or class alone.
47. According to the 2020 Report to the Nations, having codes of conduct in place can help reduce
the financial impact of fraud on an organization.
A. True
B. False
As part of the study for the 2020 Report to the Nations, the ACFE compared the losses experienced by
the victim organizations that had specific controls in place against the losses experienced by those that
had not implemented each control. Interestingly, the presence of every control analyzed was correlated
with lower fraud losses. For example, organizations that had codes of conduct in place experienced a
51% reduction in fraud losses. Codes of conduct were also associated with one of the most significant
reductions in fraud duration, indicating that this control is among the most useful tools in the fight against
fraud.
48. White-collar defendants are less likely to insist on a trial than other offenders.
A. True
B. False
White-collar defendants are more likely to insist on a trial than other offenders. In at least 90% of criminal
cases, defendants will plead guilty, avoiding the expense and effort of a trial. But in one notable
study, more than 18% of white-collar defendants (as opposed to the usual 10%) pleaded “not guilty.” In
cases like bank embezzlement, usually “simple cases with clear evidence,” plea bargains are easily
negotiated and “prosecutors may actively seek guilty pleas.”
49. Sociologist Edward Gross has asserted that organizations' reliance on profit makes them
inherently prone to committing fraud.
A. True
B. False
Sociologist Edward Gross has asserted that all organizations are inherently "criminogenic" (i.e., prone to
committing crime), but they are not necessarily criminal. Gross makes this assertion because of the
reliance on “the bottom line.” Without necessarily meaning to, organizations can invite fraud as a means
of obtaining goals. Economist Oliver Williamson noted that because of a department’s concern with
reaching its goals, managers might tend to maximize their department’s own interests to the detriment of
the organization.
50. According to Diane Vaughan, linking employees’ needs and goals to the company's success can
encourage unlawful conduct by individuals on the organization’s behalf.
A. True
B. False
Diane Vaughan, the author of Controlling Unlawful Organizational Behavior: Social Structure and
Corporate Misconduct, believes that organizations can be criminogenic because they encourage loyalty.
This, in turn, causes company personnel to sometimes perceive that the organization might be worth
committing crime for to maintain and further its goals. The use of formal and informal rewards and
punishments, plus social activities and pressures to participate, link an employee’s needs and goals to
the company's success. When a company achieves its goals, its employees prosper. This is to mean that
the interests of an organization and its employees coincide, which might cause unlawful conduct to be
committed by individuals on the organization’s behalf.
51. According to the authors of Crimes of the Middle Classes, advertising influences economic crimes
by promising that no one has to settle for second best.
A. True
B. False
The authors of Crimes of the Middles Classes observe an overarching culture based on affluence and
ever-higher levels of success. Television, and advertising in general, promises that no one has to settle
for second best, prompting those who find themselves running behind to make an attempt to conceal the
difference, crossing ethical and sometimes legal lines.
52. The term occupational crime covers which of the following types of white-collar offenses?
A. Crimes by individuals
B. Crimes by professionals
C. Crimes by officials
D. All of the above
Gary Green, in honing the white-collar crime concept, uses the term occupational crime, which he defines
as "any act punishable by law which is committed through opportunity created in the course of an
occupation which is legal." Green further delineates occupational crime into four categories:
• Crimes for the benefit of an employing organization (organizational occupational crime)

• Crimes by officials through exercise of their government-based authority (government authority
occupational crime)
• Crimes by professionals in their capacity as professionals (professional occupational crime)
• Crimes by individuals as individuals
53. White-collar criminals are more likely to be fined than to face prison terms as punishment.
A. True
B. False
More often than prison, the punishment of choice for white-collar criminals is the imposition of fines.
Whereas 6% of the “common criminals” in one notable survey received fines, all of the antitrust violators
received fines.
54. The indirect costs often experienced by organizations following a fraud include reduced employee
productivity, reputational damage, and a loss of competitive advantage.
A. True
B. False
While organizations are able to calculate fraud losses directly, it is much more difficult to estimate the
indirect costs associated with fraud. One of the biggest indirect consequences an organization might
experience after a fraud occurs is damage to its reputation. With the ability of information to spread
quickly over the internet and social media sites, all it takes is a rumor of misconduct within an
organization for reputational harm to occur. Businesses that enjoyed a competitive advantage in a certain
industry might lose their leverage over other competitors in the market. In addition, employees might lose
confidence in the security of their jobs in the aftermath of a fraud, leading to a loss of productivity within
an organization. Since it is impossible to monetize these indirect costs or determine how long the
ramifications will linger, indirect costs can be a large detriment to victim organizations’ future success.
Fraud Risk Assessment

1. The individuals conducting the fraud risk assessment should incorporate their existing
biases regarding employees and processes into their assessment of overall fraud risk.
A. True
B. False
The people leading and conducting the fraud risk assessment should be mindful about any personal
biases they might have regarding the organization and the people within it, and they should take steps to
reduce or eliminate all biases that might affect the fraud risk assessment process. For example, if an
employee on the fraud risk assessment team had a bad experience with someone in the accounts
payable department, they might allow that experience to affect their evaluation of the fraud risks related to
that area of the business. To preclude this possibility, someone else should perform the fraud risk
assessment work related to the accounts payable department’s activities.
2. The fraud risk assessment process should be conducted covertly so that assessment
team members can get an accurate picture of what actually occurs in the business.
A. True
B. False
The fraud risk assessment process should be visible and communicated throughout the business.
Employees will be more inclined to participate in the process if they understand why it is being done and
what the expected outcomes will be. To that end, sponsors should be strongly encouraged to openly
promote the process. The more personalized the communication from the sponsor, the more effective it
will be in encouraging employees to participate in the process. Whether it is a video, town hall meeting, or
company-wide email, the communication should be aimed at eliminating any reluctance employees have
about participating in the fraud risk assessment process.
3. Which of the following individuals would generally be the best choice for a sponsor for a
fraud risk assessment?
A. An independent audit committee member
B. A staff accountant
C. A CFO who has been known to command the use of extremely aggressive earnings-management practices
D. A mid-level sales manager
Having the right sponsor for a fraud risk assessment is extremely important in ensuring its success and
effectiveness. The sponsor must be senior enough in the organization and command the employees'
respect to elicit full cooperation in the process. The sponsor has to be someone who is committed to
learning the truth about where the company’s fraud vulnerabilities really are. The sponsor cannot be
someone who is prone to rationalization or denial; they must be a truth seeker. In the ideal situation, the
sponsor would be an independent board director or audit committee member. However, a good chief
executive officer (CEO) or other internal senior leader can be equally as effective.
4. The fraud risk assessment team should include:
A. Individuals with diverse knowledge, skills, and perspectives
B. Individuals who are credible
C. Individuals with experience gathering and eliciting information
D. All of the above
Before conducting the fraud risk assessment, the organization should build a fraud risk assessment team
consisting of individuals with diverse knowledge, skills, and perspectives that will lead and conduct the
fraud risk assessment. The size of the team will depend on the size of the organization and the methods
used to conduct the assessment. The team should have individuals who are credible and have
experience in gathering and eliciting information. The team members might include internal and external
sources, such as accounting and finance personnel, operations personnel, members of the legal
department, internal auditors, internal security or investigative personnel, external consultants with fraud
and risk expertise, and any business leader with direct accountability for the effectiveness of the
organization’s fraud risk management efforts.
5. Which of the following techniques for gathering information during a fraud risk
assessment involves obtaining individuals’ responses through a formal electronic or
paper questionnaire?
A. Interviews
B. Anonymous feedback mechanisms
C. Surveys
D. Focus groups
6. _____________ controls are designed to stop something bad from happening before it
occurs, while _____________ controls are designed to identify something bad that has
already occurred.
A. Preventive; detective
B. Investigative; deterrent
C. Detective; investigative
D. Investigative; detective
7. In response to a risk identified during a fraud risk assessment, management decides to
implement appropriate countermeasures, such as prevention and detection controls. This
response is known as:
A. Assuming the risk
B. Mitigating the risk
C. Transferring the risk
D. Avoiding the risk
8. During an audit, auditors should validate that the organization is appropriately managing
the moderate-to-high fraud risks identified in the fraud risk assessment. Ways to do so
include:
A. Identifying within the moderate-to-high fraud risk areas whether there is a moderate-to-high risk of
management override of controls
B. Identifying and mapping the existing controls that pertain to the moderate-to-high fraud risks identified in
the fraud risk assessment
C. Designing and performing tests to evaluate whether the identified controls are operating effectively and efficiently
D. All of the above
9. Fraudulent customer payments, corporate espionage, and hacking schemes are all fraud
risks pertaining to which of the following categories?
A. Reputation risk
B. External fraud
C. Asset misappropriation
D. Regulatory and legal misconduct
External fraud risks include:
• Fraud committed by customers (e.g., fraudulent customer payments)

• Fraud committed by vendors (e.g., overbilling by a vendor or collusion between bidding
contractors to inflate contract price)
• Fraud committed by competitors (e.g., corporate espionage)
• Fraud committed by unrelated third parties (e.g., hacking)
10. During a fraud risk assessment, the assessment team should consider:
A. The inherent limitations of anti-fraud controls
B. Opportunities for collusion
C. Internal controls that might have been eliminated due to restructuring efforts
D. All of the above
Many organizations rely heavily on their internal control system to prevent and detect fraud. Although an
effective internal control system, including targeted anti-fraud controls, is critical in fraud prevention and
detection, it is a dynamic system that requires constant reevaluation of its weaknesses. Performing a
fraud risk assessment provides management with the opportunity to review the company’s anti-fraud
controls for effectiveness, taking into account the following considerations:
• Controls that might have been eliminated due to restructuring efforts (e.g., elimination of
separation of duties due to downsizing)
• Controls that might have eroded over time due to reengineering of business processes
• New opportunities for collusion
• Lack of anti-fraud controls in a vulnerable area
• Nonperformance of control procedures (e.g., control procedures compromised for the sake of
expediency)
• Inherent limitations of anti-fraud controls, including opportunities for those responsible for a
control to commit and conceal fraud (e.g., through management and system overrides)
11. A fraud risk assessment report should contain a detailed, comprehensive list of every
assessment finding and all suggested responses so that management can address each
issue within the company, no matter how small.
A. True
B. False
Less is often more when it comes to reporting the results of the fraud risk assessment. The team should
take care not to turn the report into a tedious list of things that management will have to sort through and
prioritize. Instead, the report should be presented in a way that focuses on what really matters, clearly
highlighting those things that are most important and that will make the most impact on the organization’s
fraud risk management efforts.
12. An effective system of anti-fraud controls:
A. Involves balancing preventive controls and detective controls
B. Mitigates the risk of fraud but cannot completely eliminate it
C. Increases the perception that fraud will be detected
D. All of the above
No system of anti-fraud controls can fully eliminate the risk of fraud, but well-designed and effective anti-
fraud controls can deter the average fraudster by reducing the opportunity to commit the fraud and
increasing the perception of detection. With the right balance of preventive and detective controls, a good
system of anti-fraud controls can greatly reduce an organization’s vulnerability to fraud.
13. During a fraud risk assessment, the assessment team should consider the way
employees make decisions, behave, or treat others and assess how those actions affect
the company’s vulnerability to fraud.
A. True
B. False
The actions of certain individuals can significantly increase the company’s vulnerability to fraud. The risk
can emerge from the way in which someone makes decisions, behaves, or treats others within and
outside the organization. A fraud risk assessment can help identify those people and their activities that
might increase the company’s overall fraud risk.
eliminate an asset or discontinue an activity because the control measures required to
protect the organization against the identified threat are too expensive. This response is
known as:
A. Avoiding the risk
B. Assuming the risk
D. Mitigating the risk
purchase a bond to help protect the company against the associated risk of loss. This
response is known as:
A. Avoiding the risk
B. Mitigating the risk
D. Assuming the risk
16. Following the conclusion of the fraud risk assessment process, management should:
A. Track and measure progress against agreed-upon action plans
B. Use the assessment findings to monitor the performance of key controls
C. Use the results to promote awareness, education, and action planning
D. All of the above
To make the most of the fraud risk assessment process, management should use the results to:
• Begin a dialogue across the company that promotes awareness, education, and action planning
to reduce fraud risk.
• Look for fraud in high-risk areas.
• Hold action owners accountable for progress against agreed-upon plans.
• Keep the assessment process active and relevant.
• Modify or create the code of conduct or ethics policy.
• Monitor key controls.
17. Designating an area as having a high fraud risk and putting the related activity under
increased scrutiny can deter potential fraudsters by increasing their perception of
detection.
A. True
B. False
Assessing an area as having a high level of fraud risk does not conclusively mean that fraud is occurring
there. However, the fraud risk assessment is useful in identifying areas to proactively investigate to
determine whether fraud has in fact occurred. In addition, putting activity in high-risk areas under
increased scrutiny can deter potential fraudsters by increasing their perception of detection.
18. In response to a risk identified during a fraud risk assessment, management chooses to
accept the risk, rather than to implement any responsive measures. This approach is
known as:
A. Transferring the risk
B. Assuming the risk
C. Mitigating the risk
D. Avoiding the risk
19. Detective anti-fraud controls include all of the following EXCEPT:
A. Proactive data analysis techniques
B. Physical inspections
C. Hotline
D. Hiring policies and procedures
Detective controls, which are intended to detect fraud if it does occur, include:
• Establishing and marketing the presence of a confidential reporting system, such as a

whistleblower hotline
• Implementing proactive controls for the fraud detection process, such as independent
reconciliations, reviews, physical inspections and counts, analysis, and audits
• Implementing proactive fraud detection procedures, such as data analysis and continuous
auditing techniques
• Performing surprise audits
Hiring policies and procedures fall under the category of preventive controls, which are intended to
prevent fraud before it occurs.
20. The size of the fraud risk assessment team will depend on the size of the organization
and the methods used to conduct the assessment.
A. True
B. False
Before conducting the fraud risk assessment, the organization should build a fraud risk assessment team
consisting of individuals with diverse knowledge, skills, and perspectives that will lead and conduct the
fraud risk assessment. The size of the team will depend on the size of the organization and the methods
used to conduct the assessment. The team should have individuals who are credible and have
experience in gathering and eliciting information. The team members might include internal and external
sources, such as accounting and finance personnel, operations personnel, members of the legal
department, internal auditors, internal security or investigative personnel, external consultants with fraud
and risk expertise, and any business leader with direct accountability for the effectiveness of the
organization’s fraud risk management efforts.
21. In identifying the inherent fraud risks that could apply to the organization, the fraud risk
assessment team should specifically discuss the potential for management override of
controls.
A. True
B. False
The fraud risk assessment team should brainstorm to identify the inherent fraud risks that could apply to
the organization. Brainstorming should include discussions regarding incentives, pressures, and
opportunities to commit fraud, including the incentive programs and how those might affect employee
behavior; the potential for management’s override of controls; and the universe of fraud risks and the
subset of risks, including reputation risk, pertaining to specific categories of fraud that apply to a particular
organization.
22. Which of the following is TRUE regarding a fraud risk assessment?
A. It can be used to improve employee fraud awareness
B. It can help management identify individuals who put the organization at the greatest risk of fraud
C. The results should be used to develop plans to mitigate fraud risk
D. All of the above
Every organization should conduct a fraud risk assessment and should create processes to keep the
assessment current and relevant. Not only is doing so a sound corporate governance strategy, but it also
makes good business sense. The benefits of conducting a fraud risk assessment include enabling the
organization to:
• Improve communication and awareness about fraud.

• Identify where it is most vulnerable to fraud and what activities put the company at the greatest
risk.
• Know who puts the organization at the greatest risk.
• Develop plans to mitigate risk.
• Develop techniques to investigate and determine if fraud has occurred in areas of high risk.
• Assess anti-fraud controls.
• Comply with regulations and professional standards.
23. In addition to the specific risks related to each of the primary categories of fraud, the
fraud risk assessment team should consider:
A. Reputation risk
B. Incentives for individuals to engage in fraud
C. Risk to information technology
D. All of the above
The fraud risk assessment team should brainstorm to identify the inherent fraud risks that could apply to
the organization. In addition to each of the major areas of fraud risks—fraudulent financial reporting, asset
misappropriation, corruption, and fraud from external sources—certain other types of risks must be
considered, including the risk of regulatory and legal misconduct, reputation risk, and risk to IT.
Brainstorming should also include discussions regarding incentives, pressures, and opportunities to
commit fraud, including the incentive programs and how those might affect employee behavior, as well as
the potential for management’s override of controls.
24. Which of the following is FALSE regarding the communication of the fraud risk
assessment process?
A. The communication should be limited to management and the board.
B. The communication should be personalized to make it more effective in encouraging employees to

participate in the process.
C. The communication should be in the form of a message from the assessment sponsor.
D. The communication should be visibly disseminated throughout the business.
The fraud risk assessment process should be visible and communicated throughout the business.
Employees will be more inclined to participate in the process if they understand why it is being done and
what the expected outcomes will be. To that end, sponsors should be strongly encouraged to openly
promote the process. The more personalized the communication from the sponsor, the more effective it
will be in encouraging employees to participate in the process. Whether it is a video, town hall meeting, or
company-wide email, the communication should be aimed at eliminating any reluctance employees have
about participating in the fraud risk assessment process.
25. To ensure the independence of the team members, a fraud risk assessment must be
conducted by a consultant or other external party.
A. True
B. False
A good fraud risk assessment can be effectively conducted either by people inside the organization or
with external sources. However, the people leading and conducting the fraud risk assessment need to be
independent and objective throughout the assessment process. Additionally, they must also be perceived
as independent and objective by others.
26. A fraud risk assessment report should reflect the assessment team’s subjective
perspective and opinions that were formed during the assessment engagement.
A. True
B. False
Much instinct and judgment go into performing the fraud risk assessment. When reporting the results of
the assessment, however, the team must report only the facts and keep all opinions and biases out of the
report. A report that is interspersed with the assessment team’s subjective perspective will dilute and
potentially undermine the results of the work.
27. The fraud risk assessment should include input from both management and auditors to
ensure a holistic view of the organization's risks, but it should exclude all others to
maintain the independence and objectivity of the assessment process.
A. True
B. False
Risk assessments created or performed by management and auditors without the input of the staff
performing the operational tasks will be ineffective. It is crucial to include members of all levels of the
organization in the risk assessment process to ensure that all relevant risks are addressed and reviewed
from many different perspectives. Additionally, asking employees at lower levels of the organization
specific questions about the company culture or eliciting ideas to strengthen anti-fraud controls can
provide incredibly valuable information that might not be obtainable from any other source.
28. Theft of competitor trade secrets, anti-competitive practices, environmental violations,

and trade and customs regulations in areas of import and export are all fraud risks
pertaining to:
A. Reputation risk
B. Fraudulent financial reporting
C. Asset misappropriation
D. Regulatory and legal misconduct
29. What is the objective of a fraud risk assessment?
A. To establish the guilt or innocence of an employee suspected of committing fraud
B. To provide an estimate of an organization’s fraud losses
C. To help an organization identify what makes it most vulnerable to fraud
D. To assess the design and effectiveness of an organization’s internal controls over financial reporting
In the simplest terms, the objective of a fraud risk assessment is to help an organization identify what
makes it most vulnerable to fraud. Through a fraud risk assessment, the organization is able to identify
where fraud is most likely to occur, enabling proactive measures to be considered and implemented to
reduce the chance that it could happen.
30. The fraud risk assessment team should consider both qualitative and quantitative factors
when assessing the organization's fraud risks.
A. True
B. False
The fraud risk assessment team should consider qualitative and quantitative factors when assessing the
organization's fraud risks. For example, a particular fraud risk that might only pose an immaterial direct
financial risk to the organization, but that could greatly affect its reputation, would likely be deemed a
significant risk to the organization.
31. Which of the following is TRUE about the fraud risk assessment process?
A. Conducting an effective fraud risk assessment requires thinking like a fraudster
B. The assessment team must be perceived as independent and objective by others for the assessment to be
effective
C. Management and auditors should share ownership of the process and accountability for its success
D. All of the above
Both management and auditors have a responsibility for fraud risk management. However, each of these
parties has unique knowledge and perspective of the fraud risks faced by the organization. Consequently,
the fraud risk assessment is most effective when management and auditors share ownership of the
process and accountability for its success.
Additionally, a good fraud risk assessment can be effectively conducted either by people inside the
organization or with external sources. Either way, it is critical that the people leading and conducting the
fraud risk assessment remain independent and objective throughout the assessment process.
Additionally, they must be perceived as independent and objective by others.
Furthermore, most honest people are not naturally inclined to think like a criminal. In fact, many large-
scale frauds that have occurred would have been deemed unthinkable by people closest to the events.
But a necessary part of conducting an effective fraud risk assessment involves thinking like a fraudster.
Thoughts of “it couldn’t happen here” should not be allowed to moderate the evaluation of fraud risk.
32. ______________ is a process aimed at proactively identifying and addressing an
organization’s vulnerabilities to internal and external fraud.
A. A fraud examination
B. An internal control audit
C. A fraud risk assessment
D. A management ethics assessment
Fraud risk assessment is a process aimed at proactively identifying and addressing an organization’s vulnerabilities to
internal and external fraud. A fraud risk assessment starts with an identification and prioritization of fraud risks that exist
in the business. The process evolves as the results of that identification and prioritization begin to drive education,
communication, organizational alignment, and action around effectively managing fraud risk and identifying
new fraud risks as they emerge.
33. The success of the fraud risk assessment process depends on how effectively the results are reported
and what the organization then does with those results.
A. True
B. False
The success of the fraud risk assessment process depends on how effectively the results are reported
and what the organization then does with those results. A poorly communicated report can undermine the
entire process and stall the established momentum. The report should be delivered in a style most suited
to the language of the business. If management prefers succinct PowerPoint presentations, the fraud risk
assessment team should not deliver a fifty-page Word document.
34. The payment of bribes to procure business is considered a fraud risk pertaining to which
category of fraud?
A. Asset misappropriation
B. Corruption
C. Fraudulent financial reporting
Potential corruption risks include:
• Payment of bribes or illegal gratuities to companies, private individuals, or public officials

• Receipt of bribes, kickbacks, or illegal gratuities by employees or agents of the company
• Aiding and abetting of fraud by outside parties, such as customers or vendors
35. Fraud risks that remain after the effect of internal controls are considered inherent
risks.
A. True
B. False
When considering the fraud risks faced by an organization, it is helpful to analyze how significant a risk is
before and after risk response. Risks that are present before the effect of internal controls (including
targeted anti-fraud controls) are described as inherent risks. The risks that remain after the effect of these
controls are described as residual risks.
For example, there is an inherent risk that the employee in charge of receiving customer payments at a
small company might embezzle incoming cash. Anti-fraud controls, such as separation of duties and
oversight from the company owner, can be implemented to help mitigate this risk; however, even with
such controls in place, some residual risk will likely remain in that the bookkeeper might still manage to
embezzle funds. The objective of the controls is to make the residual risk significantly smaller than the
inherent risk.
36. The fraud risk assessment team might include:
A. Accounting and finance personnel
B. External consultants
C. The general counsel
D. All of the above
The fraud risk assessment team members might include internal and external sources, such as:
• Accounting and finance personnel who are familiar with the financial reporting processes and
anti-fraud controls
• Nonfinancial business unit and operations personnel who have knowledge of day-to-day
operations, customer and vendor interactions, and issues within the industry
• Risk management personnel who can ensure that the fraud risk assessment process integrates
with the organization’s enterprise risk management program
• The general counsel or other members of the legal department
• Members of any ethics or compliance functions within the organization
• Internal auditors
• Internal security or investigative personnel who are familiar with investigations of past fraud
incidents
• External consultants with fraud and risk expertise
• Any business leader with direct accountability for the effectiveness of the organization’s fraud risk
management efforts
37. The fraud risk assessment should be formally incorporated into the annual audit planning
process.
A. True
B. False
The fraud risk assessment should play a significant role in informing and influencing the audit process. In
addition to being used in the annual audit planning process, the fraud risk assessment should motivate
thinking and awareness in the development of audit programs for areas that have been identified as
having a moderate-to-high risk of fraud. Although auditors should always be vigilant of things that might
be indicators of fraud risk, the results of the fraud risk assessment can help them design audit procedures
in a way that enables them to look for fraud in known areas of high risk.
38. Which of the following influences the level of fraud risk faced by an organization?
A. The effectiveness of its anti-fraud controls
B. The ethics of its leadership team
C. The geographic regions in which it operates
D. All of the above
39. The risk that an organization might be victimized by an individual who is able to combine
the three elements of the Fraud Triangle is called _______________.
A. Audit risk
B. Insider risk
C. Environmental risk
D. Fraud risk
Cressey’s Fraud Triangle teaches that there are three interrelated elements that enable someone to
commit fraud: the motive or pressure that drives a person to want to commit the fraud,
the opportunity that enables them to commit the fraud, and the ability to rationalize the fraudulent
behavior. The vulnerability that an organization faces from individuals capable of combining all three
elements of the Fraud Triangle is fraud risk. Fraud risk can come from sources both internal and external
to the organization, and it is one of the many types of risks managed by an organization.
40. When performing a fraud risk assessment, the fraud examiner should only designate an area as
high risk if the assessment has conclusively revealed that fraud is occurring there.
A. True
B. False
Assessing an area as having a high level of fraud risk does not conclusively mean that fraud is occurring
there. However, the fraud risk assessment is useful in identifying areas to proactively investigate to
determine whether fraud has in fact occurred. In addition, putting activity in high-risk areas under
increased scrutiny can deter potential fraudsters by increasing their perception of detection.
41. Preventive anti-fraud controls include all of the following EXCEPT:
A. Hiring policies and procedures
B. Fraud awareness training
C. Continuous audit techniques
D. Separation of duties
Preventive controls, which are intended to prevent fraud before it occurs, include:
• Bringing awareness of the fraud risk management program to personnel throughout the
organization
• Performing background checks on employees (where permitted by law)
• Hiring competent personnel and providing them with anti-fraud training
• Conducting exit interviews
• Implementing policies and procedures
• Separating of duties
• Implementing physical security measures
• Implementing security measures to restrict electronic access to data
• Ensuring proper alignment between an individual’s authority and level of responsibility
• Reviewing third-party and related-party transactions
Continuous audit procedures are an example of detective controls, which are intended to detect fraud if it
does occur.
42. When gathering information as part of a fraud risk assessment, surveys and anonymous
feedback mechanisms both provide an effective way to conduct candid one-on-one
conversations with employees.
A. True
B. False
Several techniques can be successfully used to gather information as part of a fraud risk assessment.
These include:
• Interviews, which can be an effective way to conduct candid one-on-one conversations with
employees
• Focus groups, which can enable the assessor to observe the interactions among a group of
employees as they collectively discuss a question or issue
• Surveys, which are electronic or paper questionnaires that can be either anonymous or directly
attributable to the individual participants
• Anonymous feedback mechanisms, which can include means for anonymous employee
suggestions or responses to questions posed
43. Which of the following is TRUE regarding fraud risks?
A. The objective of anti-fraud controls is to make the inherent fraud risk significantly smaller than the residual
fraud risk.
B. The objective of anti-fraud controls is to completely eliminate residual fraud risks.
C. Risks that are present before the effect of internal controls are described as residual risks.
D. The objective of anti-fraud controls is to make the residual fraud risk significantly smaller than the inherent
fraud risk.
When considering the fraud risks faced by an organization, it is helpful to analyze how significant a risk is
before and after risk response. Risks that are present before the effect of internal controls (including
targeted anti-fraud controls) are described as inherent risks. The risks that remain after the effect of these
controls are described as residual risks.
For example, there is an inherent risk that the employee in charge of receiving customer payments at a
small company might embezzle incoming cash. Anti-fraud controls, such as separation of duties and
oversight from the company owner, can be implemented to help mitigate this risk; however, even with
such controls in place, some residual risk will likely remain in that the bookkeeper might still manage to
embezzle funds. The objective of the controls is to make the residual risk significantly smaller than the
inherent risk.
44. When deciding on techniques to use as part of a fraud risk assessment, the assessment
team should consider what methods are already commonly and effectively used
throughout the organization.
A. True
B. False
There are many ways to go about conducting the fraud risk assessment. Picking a method or combination
of methods that is culturally right for the organization will help to ensure its success. The assessment
team should also consider the best ways to gather candid, truthful information from people throughout all
levels of the organization, starting by understanding what techniques are commonly and effectively used
throughout the organization.

Fraud Prevention and Deterrence - Part 2

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Fraud Prevention and Deterrence - Part 2

Uploaded by

Copyright:

Available Formats

Ethics for Fraud Examiners

A. Not inform Red Corp.

B. Inform Red Corp.

D. None of the above

A. Ayumi can turn over the report if her client consents.

C. Ayumi can turn over the report if it is demanded by a court order.

C. This conduct would be a violation of the ACFE Code of Professional Ethics.

C. Independence of mental attitude and avoidance of conflicts of interest

D. All of the above

B. Undertaking engagements for both sides to a particular controversy or issue

D. All of the above

C. Undisclosed conflicts of interest

D. All of the above

D. None of the above

A. The guilt of a particular individual

B. The effectiveness of an organization’s internal controls

C. The innocence of a particular individual

D. None of the above

A. Delegating a task to a lower-level employee and overseeing their performance

C. Skipping vital investigation steps to improve the efficiency of a fraud examination

D. All of the above

25. In the context of a fraud examination, a mindset of professional skepticism means:

A. The fraud examiner's professional skepticism can be dispelled only by evidence

D. All of the above

B. They serve as a reference and benchmark for ethical guidance

C. They facilitate practical enforcement and profession-wide internal discipline

D. All of the above

A. Preserve the integrity of relevant evidence

C. Ensure that all necessary evidence is obtained

D. All of the above

B. Immediately disclose the situation to company management

D. None of the above

B. Living beyond means

A. Credit card debt from excessive shopping

D. All of the above

7. An accounting clerk stealing incoming customer payments is an example of:

A. Neither organizational crime nor occupational crime

B. Both organizational crime and occupational crime

A. Perceived non-shareable financial need

D. All of the above

C. Financial statement fraud

11. Which of the following is considered a white-collar crime?

D. All of the above

A. Enforcement and compliance

B. Compliance and deterrence

C. Deterrence and enforcement

D. None of the above

A. Inadequate attention to details

B. Lack of clear lines of authority

C. Too much trust in key employees

D. None of the above

D. None of the above

B. Voluntary changes in corporate attitudes

D. All of the above

B. Financial statement fraud

B. Organizations tend to recruit and attract similar individuals.

C. Long-term loyalty is encouraged through company retirement and benefits.

D. Rewards are given to employees who challenge the status quo.

• The organization tends to recruit and attract similar individuals.

A. Misbehavior is more likely to be detected in a complex organizational structure than in a simple

D. All of the above

D. All of the above