Together, Reducing Fraud Worldwide
CFE Coach Fraud IQ Tests
Cressey’s fraud triangle teaches us that there are three interrelated elements that enable someone to commit fraud: the motive that drives a person to want to commit the fraud, the opportunity that enables him to commit the fraud, and the ability to rationalize the fraudulent behavior. The vulnerability that an organization has to those capable of overcoming all three elements of the fraud triangle is fraud risk. Fraud risk can come from sources both internal and external to the organization.
Correct Answer: (C)
Fraud risk assessment is a process aimed at proactively identifying and addressing an organization’s vulnerabilities to internal and external fraud. A fraud risk assessment starts with an identification and prioritization of fraud risks that exist in the business. The process evolves as the results of that identification and prioritization begin to drive education, communication, organizational alignment, and action around effectively managing fraud risk and identifying new fraud risks as they emerge.
Correct Answer: (C)
The actions of certain individuals can significantly increase the company's vulnerability to fraud. The risk can be driven from the way in which someone makes decisions, behaves, or treats others within and outside the organization. A fraud risk assessment can help home in on those people and their activities that might increase the company's overall fraud risk.
Correct Answer: (A)
Assuming the subject does not confess to the misconduct when faced with direct accusations, the interviewer should seek to convince the respondent that a confession is in his best interest. To do this, the interviewer must offer a morally acceptable reason that allows the accused to square the misdeed with his conscience. In cases involving employee theft, an effective rationalization technique is to depersonalize the victim. The accused is better able to cope with the moral dilemma of his actions if the victim is a faceless corporation or agency. Examples include: "It isn't like you took something from a friend or neighbor. I can see how you could say, 'Well, this would be okay to do as long as it was against the company, and not my coworkers.' Isn't that right?" "It's not like what you've done has really hurt one person. Maybe you thought of it this way: 'At most, I've cost each shareholder a few cents.' Isn't that the way it was?"
Correct Answer: (D)
Fraud risk assessment is a process aimed at proactively identifying and addressing an organization's vulnerabilities to internal and external fraud. A fraud risk assessment starts with an identification and prioritization of fraud risks that exist in the business. The process evolves as the results of that identification and prioritization begin to drive education, communication, organizational alignment, and action around effectively managing fraud risk and identifying new fraud risks as they emerge.
Correct Answer: (B)
Regulatory and legal misconduct includes a wide range of risks, such as conflicts of interest, insider trading, theft of competitor trade secrets, anti-competitive practices, environmental violations, and trade and customs regulations in areas of import and export. Depending on the particular organization and the nature of its business, some or all of these risks might be applicable and should be considered in the fraud risk assessment process
Correct Answer: (B)
COSO's Enterprise Risk Management—Integrated Framework builds upon the five components first identified as part of COSO's Internal Controls—Integrated Framework, and includes an additional three components. The eight components of the ERM Framework are:
Correct Answer: (D)
People do not easily relate to or embrace things they don't understand. Every organization has its own vocabulary and preferred methods of communication. The announcement and execution of the fraud risk assessment, including the reporting of the results, will only be effective if completed in the language of the business. For example, in a creative organization where decisions are made based on qualitative assessments and instinct, and where the majority of communication is visual, a quantitative approach to assessing fraud risk—one that is driven by numbers and calculations—would most likely be rejected. Likewise, in an organization where the business is built and run on quantitative decision-making models, a qualitative approach with no quantitative components would most likely be rejected. For this reason, the ACFE does not have a standardized risk assessment report, nor does it advocate the use of such a template
Since the late 1980s, foreign crime rings have been the cause of the majority of check fraud in the United States. Most major financial institutions attribute more than 50 percent of all check fraud to organized crime rings. The perpetrators are often based in Nigeria, Russia, Vietnam, and Mexico. Most of the Vietnamese and Mexican rings operate in California, notably San Francisco, Orange County, and Sacramento. The Russian and Nigerian rings, centered in the Northeast, spread their criminal activities over a wide area and can be found passing through any part of the United States at any time. While most of these gangs are involved in drug trafficking and violent crimes, check and credit card fraud are considered “safe” crimes. Many individuals involved in these rings know their chances of being arrested and prosecuted are relatively low and the penalties imposed for such crimes are not very harsh.
There are traditionally two methods of percentage analysis of financial statements. Vertical analysis is a technique for analyzing the relationships between the items on an income statement, balance sheet, or statement of cash flows by expressing components as percentages. Horizontal analysis, on the other hand, is a technique for analyzing the percentage change in individual financial statement items from one year to the next. The first period in the analysis is considered the base, and the changes to subsequent periods are computed as a percentage of the base period.
Entities should employ consistent accounting procedures from period to period. Variations or changes in accounting policies and procedures must be justifiable. Standards used to value inventory, depreciate assets, or accrue expenses should be consistent from one accounting period to the next. The desire to project an artificially strong performance is not a justifiable reason for a change in accounting principle. Since Chapman has always used LIFO, and since LIFO is the industry norm, a change to LIFO is not justifiable.
Increasing the perception of detection might well be the most effective fraud prevention method. Controls, for example, do little good in forestalling theft and fraud if those at risk do not know of the presence of possible detection. This means letting employees, managers, and executives know that auditors are actively seeking out information concerning internal theft.
The Sarbanes-Oxley Act has several provisions that set out specific requirements for the audit committees of public companies. Specifically, the audit committee has the sole responsibility for hiring, overseeing, and paying the external auditors and for resolving any disputes that arise between the auditors and management regarding financial reporting issues. The audit committee is also required to establish procedures (e.g., a hotline) for receiving, retaining, and dealing with complaints, including confidential or anonymous employee tips, regarding irregularities in the company's accounting methods, internal controls, or auditing matters. Additionally, the committee is required to pre-approve all services to be performed by the external auditors. While the audit committee may consult with outside advisors, it is not required to approve those advisors hired by management
The Corporate Sentencing Guidelines require that, whenever possible, the organization must pay full restitution to the victims of the crime. Restitution is not, however, viewed as a form of punishment in the Guidelines, but rather as a means of remedying the harm caused by the offense.
According to Managing the Business Risk of Fraud: A Practical Guide, “personnel at all levels of the organization—including every level of management, staff, and internal auditors, as well as the organization's external auditors—have responsibility for dealing with fraud risk.”
Regulatory and legal misconduct includes a wide range of risks, such as conflicts of interest, insider trading, theft of competitor trade secrets, anti-competitive practices, environmental violations, and trade and customs regulations in areas of import and export. Depending on the particular organization and the nature of its business, some or all of these risks might be applicable and should be considered in the fraud risk assessment process.
What works in one organization most likely will not easily work in another. Recognizing the nuances and differences of each business and tailoring the approach and execution to the specific organization can help make the fraud risk assessment successful. While a generic framework or tool set can be a valuable starting point for the development of the fraud risk assessment, it must be adapted to fit the business model, culture, and language of the organization.
Become a CFE
How to Become a CFE
Details of the Exam
Apply for the Exam
CFE Exam Application
Prepare for the Exam
About the CFE Exam Prep Course
Take the Exam
Submit the Exam
Money-Back Pass Guarantee
CFE Certification Framing Service
© 2014 Association of Certified Fraud Examiners, Inc. All rights reserved.