Ethics and Fraud-Related Responsibilities Flashcards
Good corporate governance practices:
A. Provide clear lines of accountability and reporting
B. Define the relationships and expectations of the parties involved
C. Ensure that no single party can make all the business decisions without influence, input, or approval of other parties
D. All of the above
D. All of the above
See pages 4.301 in the Fraud Examiner’s Manual
An organization’s corporate governance structure provides the lines of accountability and reporting, defines the relationships and expectations of the parties involved, and sets the rules and practices that these parties must follow in executing their responsibilities. The checks-and-balances system of corporate governance ensures that no single party can make all the business decisions without influence, input, or approval of other parties.
During an external audit of an organization’s financial statements, an auditor identifies a significant deficiency in the organization’s internal controls related to financial reporting. Which of the following is the auditor required to do regarding this issue?
A. Communicate the findings in writing to those charged with governance.
B. Report the findings to the appropriate government authorities.
C. Implement procedures to correct the internal control deficiency.
D. Document the findings and withdraw from the engagement.
A. Communicate the findings in writing to those charged with governance.
See pages 4.516-4.517 in the Fraud Examiner’s Manual
During a financial statement audit, the external auditor might identify deficiencies in the organization’s internal controls that could result in a misstatement in the financial statements. International Standard on Auditing (ISA) 265, Communicating Deficiencies in Internal Control to Those Charged with Governance and Management, provides guidance regarding the auditor’s responsibility to communicate such control deficiencies appropriately with management and those charged with governance.
According to ISA 265, if the auditor has identified one or more deficiencies in internal control, the auditor is required to:
- Determine, based on the audit work performed, whether, individually or in combination, they represent significant deficiencies (i.e., a deficiency or combination of deficiencies in internal control that, in the auditor’s professional judgment, is of sufficient importance to merit the attention of those charged with governance).
- Communicate in writing significant deficiencies in internal control identified during the audit to those charged with governance on a timely basis.
- Communicate to management at an appropriate level of responsibility on a timely basis, in writing, significant deficiencies in internal control that the auditor has communicated or intends to communicate to those charged with governance, unless it would be inappropriate to communicate directly to management in the circumstances.
- Communicate to management at an appropriate level of responsibility on a timely basis other deficiencies in internal control identified during the audit that have not been communicated to management by other parties and that, in the auditor’s professional judgment, are of sufficient importance to merit management’s attention.
To reduce the probability of fraud in financial reports, the National Commission on Fraudulent Financial Reporting (the Treadway Commission) provided recommendations about which of the following parties involved in corporate governance?
A. The audit committee
B. The compensation committee
C. Management
D. Shareholders
A. The audit committee
See pages 4.305 in the Fraud Examiner’s Manual
The National Commission on Fraudulent Financial Reporting (the Treadway Commission) offered the following four recommendations for the audit committee that, in combination with other measures, are designed to reduce the probability of fraud in financial reports:
- Mandatory independent audit committee—The Treadway Commission recommended that each board of directors have an audit committee composed of outside directors.
- Written audit committee charter—The Treadway Commission also suggested that companies develop a written charter that sets the audit committee’s duties and responsibilities. The board of directors should periodically review, modify, and approve this written charter.
- Adequate audit committee resources and authority—According to the Treadway Commission, the existence of an audit committee and a written charter is not enough. The committee must also have adequate resources and authority to execute its responsibilities.
- Informed, vigilant, and effective audit committee members—The audit committee should be composed of members who are informed, vigilant, and effective.
The principles behind these recommendations have been incorporated into the corporate governance requirements for public companies in many jurisdictions, including the United States; however, these recommendations are foundational best practices for all organizations.
During an external audit of XYZ Corporation, the audit team determines the quantitative materiality threshold (i.e., the amount by which financial statements must be misstated to be considered materially misstated) to be $1 million. If the auditors discover evidence that management has intentionally overstated sales by $900,000, they should deem the misstatement immaterial for purposes of the audit and disregard it.
A. True
B. False
B. False
See pages 4.506-4.507 in the Fraud Examiner’s Manual
The concept of materiality in a financial statement audit is an important one, especially as it concerns fraud. International Standards of Auditing (ISAs) 1 and 8 define materiality as follows: “Information is material if omitting, misstating or obscuring it could reasonably be expected to influence the decisions that the primary users of general purpose financial statements make on the basis of those financial statements, which provide financial information about a specific reporting entity.”
Materiality is often considered in quantitative terms within an audit (e.g., by establishing a threshold amount by which the financial statements must be misstated to be considered materially misstated). However, the qualitative aspects of fraud can, and often do, override the general quantitative materiality threshold. For example, an intentional manipulation of an account for an amount just under the determined quantitative materiality threshold might still be deemed material for purposes of the audit, as it indicates management’s intent to “omit, misstate, or obscure” information to influence the decisions of the financial statement users.
According to the G20/OECD Principles of Corporate Governance, governments should have an effective framework to support good corporate governance practices that:
A. Promotes transparent and fair markets
B. Supports effective supervision and enforcement
C. Is consistent with the rule of law
D. All of the above
D. All of the above
See pages 4.310-4.311 in the Fraud Examiner’s Manual
Chapter I of the G20/OECD Principles of Corporate Governance (the Principles), a publication by the Organisation for Economic Co-operation and Development (OECD), states that governments should have a sound legal, regulatory, and institutional framework to support good corporate governance practices. This framework typically comprises elements of legislation, regulation, self-regulatory arrangements, voluntary commitments, and business practices that are the result of a country’s specific circumstances, history, and tradition.
Such a framework should promote transparent and fair markets and the efficient allocation of resources. It should be consistent with the rule of law and support effective supervision and enforcement.
The G20/OECD Principles of Corporate Governance include which of the following?
A. Recognition of the importance of the role of stakeholders in corporate governance
B. An emphasis on the importance of timely, accurate, and transparent disclosure mechanisms
C. A request that governments have an effective legal, regulatory, and institutional framework to support good corporate governance practices
D. All of the above
D. All of the above
See pages 4.309-4.310 in the Fraud Examiner’s Manual
The G20/OECD Principles of Corporate Governance (the Principles), a publication by the Organisation for Economic Co-operation and Development (OECD), cover six main areas, which are divided into chapters. The Principles:
Request that governments have an effective legal, regulatory, and institutional framework to support good corporate governance practices (Chapter I).
Call for a corporate governance framework that protects the exercise of shareholders’ rights and supports the equal treatment of all shareholders, including minority and foreign shareholders (Chapter II).
Address the effect of institutional investors and other intermediaries in stock markets and the resulting corporate governance implications (Chapter III).
Recognize the importance of the role of stakeholders in corporate governance (Chapter IV).
Examine the importance of timely, accurate, and transparent disclosure mechanisms (Chapter V).
Address board structures, responsibilities, and procedures (Chapter VI).
According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), an internal control system should be designed to provide reasonable assurance regarding the achievement of the organization’s objectives concerning which of the following?
A. The effectiveness and efficiency of the organization’s operations
B. The organization’s adherence to the laws and regulations to which it is subject
C. The reporting of financial and nonfinancial information to internal and external parties
D. All of the above
D. All of the above
See pages 4.403 in the Fraud Examiner’s Manual
In its Internal Control—Integrated Framework (the Framework), the Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines internal control as “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.”
As noted in this definition, internal controls should be designed to assist management in meeting the following three categories of objectives:
- Operations objectives, which pertain to the effectiveness and efficiency of the organization’s operations
- Reporting objectives, which pertain to the reporting of financial and nonfinancial information to internal and external parties
- Compliance objectives, which pertain to the organization’s adherence to the laws and regulations to which it is subject
Leo, a Certified Fraud Examiner (CFE), conducted a fraud examination at Blue Corp. Anna was a prime suspect in the disappearance of money, but Leo could not prove it. Later, Leo discovered Anna had been recently hired by Red Corp., another client of his. Under the ACFE Code of Professional Ethics, Leo must:
A. Inform Red Corp. if the evidence is clear and convincing
B. Inform Red Corp.
C. Not inform Red Corp.
D. None of the above
C. Not inform Red Corp.
See pages 4.1017 in the Fraud Examiner’s Manual
Article VI states that “an ACFE Member shall not reveal any confidential information obtained during a professional engagement without proper authorization.” Under this scenario, Leo may not disclose information about Anna’s employment at Blue Corp. or that she was a suspect in the disappearance of money without the authorization of Blue Corp. However, even if that authorization was received, Leo is limited as to what he can disclose. Anna was a suspect, but she did not confess and was not convicted of a crime. If Leo does disclose this information, he could encounter the risk of serious legal problems.
International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, requires auditors to discuss how management could perpetrate and conceal fraudulent financial reporting.
A. True
B. False
A. True
See pages 4.507 in the Fraud Examiner’s Manual
International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, requires auditors to hold a discussion regarding the potential for material misstatements due to fraud. This discussion should cover:
- How and where the entity’s financial statements might be susceptible to fraud
- How management could perpetrate and conceal fraudulent financial reporting
- How the entity’s assets could be misappropriated
Good corporate governance is based on a framework that:
A. Remains adaptable
B. Is appropriate for the organization’s legal and regulatory environment
C. Considers the organization’s cultural and ethical environment
D. All of the above
D. All of the above
See pages 4.322 in the Fraud Examiner’s Manual
Corporate governance structure and practices vary widely and should be determined based on each organization’s specific needs. In developing a corporate governance framework for an organization, directors and management must consider the legal, regulatory, institutional, cultural, and ethical environments in which the company operates. Additionally, good corporate governance maintains the ability to find a different course when its current direction runs into barriers, such as changes in the corporate landscape, new regulations or legal requirements, or shifts in organizational strategy. However, even while remaining adaptable, sound corporate governance is based on established best practices.
Which of the following is NOT one of the principles involved in the risk assessment process, as laid out by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)?
A. Considering the potential for fraud
B. Assessing changes that could significantly impact the internal control system
C. Conducting ongoing monitoring of the risk management strategy
D. Setting clear organizational objectives
C. Conducting ongoing monitoring of the risk management strategy
See pages 4.404-4.405 in the Fraud Examiner’s Manual
According to the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework (the Framework), “Every entity faces a variety of risks from external and internal sources. Risk is defined as the possibility that an event will occur and adversely affect the achievement of objectives.” Risk assessment involves the identification and assessment of the risks the entity faces in achieving its organizational objectives. This process is dynamic and iterative, and it forms the basis for determining how risks will be managed.
According to COSO, the risk assessment involves the following principles:
- The organization sets sufficiently clear objectives to enable the identification and assessment of risks relating to the objectives.
- The organization identifies risks to the achievement of its objectives across the entity and analyzes these risks as a basis for determining how the risks should be managed.
- The organization considers the potential for fraud in assessing risks to the achievement of objectives.
- The organization identifies and assesses changes that could significantly impact the system of internal control.
In general, the lowest level of reference for making moral decisions is:
A. The law
B. Individual standards
C. Philosophical principles
D. None of the above
A. The law
See pages 4.905 in the Fraud Examiner’s Manual
When faced with an ethics-related problem, it is appropriate to begin analyzing the issue by asking: Is it legal? The law, including professional rules and regulations, deals with actions that are permitted and prohibited, but it is the lowest level of reference for moral decisions; a law might permit an action that is prohibited by a profession’s code of ethics. Laws, rules, and regulations function as standards by which to judge whether an action is legal or illegal but not whether the behavior is right. For instance, if you have promised an individual that you will honor a contract, you are ethically bound to do so, regardless of your legal responsibility; under these facts, upholding your promise is the right thing to do, no matter what the law says.
Sound corporate governance practices ensure that all stakeholders are treated equitably and are given just and appropriate consideration.
A. True
B. False
A. True
See pages 4.309 in the Fraud Examiner’s Manual
One of the core principles or values of corporate governance is fairness. Sound corporate governance practices ensure that all stakeholders (e.g., shareholders, creditors, employees, management, and others) are treated equitably and are given just and appropriate consideration.
According to the G20/OECD Principles of Corporate Governance, an entity’s corporate governance framework should:
A. Encourage active cooperation between corporations and stakeholders in creating wealth and jobs
B. Ensure the timely and accurate disclosure of all material matters regarding the corporation
C. Ensure the equitable treatment of all shareholders, including minority and foreign shareholders
D. All of the above
D. All of the above
See pages 4.310-4.320 in the Fraud Examiner’s Manual
The G20/OECD Principles of Corporate Governance (the Principles), a publication by the Organisation for Economic Co-operation and Development (OECD), is regarded as one of the primary sources of guidance for corporate governance practices for organizations throughout the world. Broadly, the Principles state that an entity’s corporate governance framework should:
- Promote transparent and fair markets and the efficient allocation of resources.
- Be consistent with the rule of law.
- Support effective supervision and enforcement.
- Protect and facilitate the exercise of shareholders’ rights.
- Ensure the equitable treatment of all shareholders, including minority and foreign shareholders.
- Provide all shareholders with the opportunity to obtain effective redress for violation of their rights.
- Create sound incentives throughout the investment chain.
- Enable stock markets to function in a way that contributes to good corporate governance.
- Recognize the rights of stakeholders established by law or through mutual agreements.
- Encourage active cooperation between corporations and stakeholders in creating wealth, jobs, and the sustainability of financially sound enterprises.
- Ensure that timely and accurate disclosure is made on all material matters regarding the corporation, including the company’s financial situation, performance, ownership, and governance.
- Ensure the strategic guidance of the company, the effective monitoring of management by the board, and the board’s accountability to the company and the shareholders.
The structure, responsibilities, and procedures of an organization’s governing board is one of the primary areas covered by the G20/OECD Principles of Corporate Governance.
A. True
B. False
A. True
See pages 4.309-4.310 in the Fraud Examiner’s Manual
The G20/OECD Principles of Corporate Governance (the Principles), a publication by the Organisation for Economic Co-operation and Development (OECD), cover six main areas, which are divided into chapters. The Principles:
- Request that governments have an effective legal, regulatory, and institutional framework to support good corporate governance practices (Chapter I).
- Call for a corporate governance framework that protects the exercise of shareholders’ rights and supports the equal treatment of all shareholders, including minority and foreign shareholders (Chapter II).
- Address the effect of institutional investors and other intermediaries in stock markets and the resulting corporate governance implications (Chapter III).
- Recognize the importance of the role of stakeholders in corporate governance (Chapter IV).
- Examine the importance of timely, accurate, and transparent disclosure mechanisms (Chapter V).
- Address board structures, responsibilities, and procedures (Chapter VI).
The purpose of corporate governance is to:
A. Encourage the efficient use of resources and require accountability for the stewardship of those resources.
B. Prevent and detect financial misstatements whether caused by errors or fraud.
C. Provide reasonable assurance regarding the organization’s compliance with applicable laws and regulations.
D. Ensure the accuracy and reliability of the organization’s financial reports.
A. Encourage the efficient use of resources and require accountability for the stewardship of those resources.
See pages 4.301 in the Fraud Examiner’s Manual
Sir Adrian Cadbury, chairman of the committee that developed the foundational corporate governance guidance, Financial Aspects of Corporate Governance, which is generally known as The Cadbury Report, stated that the purpose of corporate governance is “to encourage the efficient use of resources and equally to require accountability for the stewardship of those resources. The aim is to align as nearly as possible the interests of individuals, corporations, and society.”
Ayumi has just completed a fraud examination report containing confidential information for ABC Inc., a client. She received a call from the local police requesting a copy of the report. Which of the following statements is FALSE?
A. Ayumi can turn over the report if it is demanded by a court order.
B. Ayumi can turn over the report if her client consents.
C. Ayumi can turn over the report without any repercussions because she owns the information contained in the document.
D. Ayumi can turn over the report if the information is requested in a search warrant.
C. Ayumi can turn over the report without any repercussions because she owns the information contained in the document.
See pages 4.1017-4.1019 in the Fraud Examiner’s Manual
Confidential information, for all practical purposes, is any and all information a fraud examiner might obtain throughout a work engagement, whether it be from the company or client for whom an investigation is performed or from any other source consulted during the work. However, there is no legal privilege that exists between a fraud examiner and their client. That means that although the fraud examiner is not allowed to reveal confidential information without authorization from the client, if the information is subject to a legal court order or search warrant, then the fraud examiner must provide it.
Who is responsible for holding the board of directors accountable for proper governance and oversight?
A. The chairman of the board
B. Executive management
C. The shareholders
D. The external auditors
C. The shareholders
See pages 4.307 in the Fraud Examiner’s Manual
Shareholders are the owners of corporations and are primarily concerned with maximizing the return on their investment; therefore, shareholders have a responsibility to be actively involved in the corporate governance process by:
- Remaining informed on company operations and performance
- Reading annual reports and other communications from management to the shareholders
- Attending shareholder meetings
- Electing capable individuals to serve as board directors
- Holding the board of directors accountable for proper governance and oversight
- Appointing or ratifying the audit committee’s appointment of the organization’s independent auditors
- Voting on other significant issues, such as specific changes relating to business operations, the company’s corporate governance framework, and the rights and responsibilities of the board of directors and executive managers
Effective ownership and reporting structures within an organization are necessary for ensuring which of the following principles of corporate governance?
A. Transparency
B. Fairness
C. Responsibility
D. Accountability
D. Accountability
See pages 4.308 in the Fraud Examiner’s Manual
One of the core principles or values of corporate governance is accountability. The ownership and reporting structures within an organization allow for the involved parties’ accountability. In most corporations, the owners (i.e., shareholders) are separate from the decision-makers (i.e., management) and overseers (i.e., board of directors). To ensure that the organization operates effectively and efficiently, there must be mechanisms in place to ensure that management is accountable to the board and that the board is accountable to the shareholders.
In the context of a fraud examination, a mindset of professional skepticism means:
A. Fraud examiners should always begin their assignments with the belief that something is wrong
B. Fraud examiners should relax their attitude of skepticism only when the evidence shows no signs of fraud
C. The fraud examiner’s professional skepticism can be dispelled only by evidence
D. All of the above
D. All of the above
See pages 4.1012 in the Fraud Examiner’s Manual
As part of exercising professional integrity and competence, fraud examiners must always perform their work with a mindset of professional skepticism and begin assignments with the belief that something is wrong or someone is committing a fraud (depending on the nature of the assignment and the preliminary information available). Furthermore, fraud examiners should relax their attitude of skepticism only when the evidence shows no signs of fraudulent activity. At no time is a fraud examiner entitled to assume a fraud problem does not exist. Thus, professional skepticism can be dispelled only by evidence. As a result, opinions or attestations about a fraud-free environment are absolutely prohibited for ACFE members.
In reporting the results of a fraud examination, a fraud examiner is required to disclose any information that, if not disclosed, would change a user’s perceptions and conclusions.
A. True
B. False
A. True
See pages 4.1022-4.1023 in the Fraud Examiner’s Manual
Article VII of the ACFE Code of Professional Ethics states: “An ACFE Member shall reveal all material matters discovered during the course of an examination, which, if omitted, could cause a distortion of the facts.” This rule demands full and fair reporting of the findings made in investigations. Two words—material and distortion—are key to this requirement.
Information is material if having knowledge of such information might reasonably be expected to influence a client’s or employer’s decisions based on a fraud examiner’s report. Accordingly, materiality is a user-oriented concept. Thus, an item of information that would change a user’s perceptions and conclusions if it were omitted from a report is considered material. When determining what information is material, fraud examiners should not consider what they personally think is important and material; instead, they should try to decide what users will consider important and material. Thus, fraud examiners must project a decision-making process onto the users.
This rule also provides that fraud examiners shall disclose all material matters discovered during a fraud examination that, if omitted, could distort the facts. The “distortion of facts” portion of the rule refers to omissions. Distortion is related to materiality and users’ decisions. The distortion of facts in a report could cause users to undertake inappropriate actions.
Bryan, a Certified Fraud Examiner (CFE), locks the door to the interview room and refuses to allow the fraud suspect to leave despite repeated requests. Later, the suspect sues (successfully), claiming false imprisonment. Which of the following statements is TRUE?
A. This conduct would be a violation of the ACFE Code of Professional Ethics.
B. This conduct would be a violation of the ACFE Code of Professional Ethics only if Bryan knew the conduct was illegal.
C. This conduct would not be a violation of the ACFE Code of Professional Ethics under any circumstances.
D. This conduct would be a violation of the ACFE Code of Professional Ethics only if the suspect was innocent of fraud.
A. This conduct would be a violation of the ACFE Code of Professional Ethics.
See pages 4.1006-4.1007 in the Fraud Examiner’s Manual
Some rules for professionals insert the word knowingly in relation to illegal activities, saying that “One should not knowingly be a party to an illegal activity.” The ACFE Code of Professional Ethics does not include this technicality. Fraud examiners are generally not entitled to claim ignorance of the law. They are expected to know a considerable amount of law in connection with investigations, and they are expected to know when to consult a lawyer. In the situation in question, even if Bryan did not know that locking the door would constitute false imprisonment, he has still violated the ACFE Code of Professional Ethics.
Which of the following is TRUE regarding a corporation’s board of directors?
A. The directors oversee business operations by assessing the strategy and underlying purpose of management’s decisions and actions
B. The directors represent the intermediaries between the shareholders and management
C. The directors are generally elected by the company’s shareholders
D. All of the above
D. All of the above
See pages 4.302 in the Fraud Examiner’s Manual
A corporation’s board of directors is made up of individuals who are generally elected by the entity’s voting members (e.g., shareholders in the case of a corporation or members in the case of an association). The directors represent the intermediaries between the corporation’s owners (i.e., shareholders) and those executing its activities (i.e., management), and they act as guardians of the organization’s resources and assets. As such, the board oversees business operations by assessing the strategy and underlying purpose of management’s decisions and actions.
As part of their responsibilities under the ACFE Code of Professional Ethics, in collecting evidence, fraud examiners must:
A. Ensure that all necessary evidence is obtained
B. Preserve the integrity of relevant evidence
C. Obtain and document evidence such that the chain of custody is preserved
D. All of the above
D. All of the above
See pages 4.1016 in the Fraud Examiner’s Manual
As part of the ACFE Code of Professional Ethics, ACFE members are required to collect and evaluate a sufficient amount of relevant evidence to afford a reasonable and logical basis for decisions. Thus, fraud examiners must collect evidence, whether exculpatory or incriminating, that supports fraud examination results and will be admissible in subsequent proceedings. To do so, the fraud examiner must obtain and document the evidence in a manner that ensures that all necessary evidence is obtained and that the chain of custody is preserved. Additionally, fraud examiners must act prudently to preserve the integrity of relevant evidence and material.
Under the ACFE Code of Professional Ethics, fraud examiners are strictly prohibited from expressing opinions on technical matters.
A. True
B. False
B. False
See pages 4.1014, 4.1016-4.1017 in the Fraud Examiner’s Manual
Article V of the ACFE Code of Professional Ethics states: “An ACFE Member, in conducting examinations, will obtain evidence or other documentation to establish a reasonable basis for any opinion rendered. No opinion shall be expressed regarding the guilt or innocence of any person or party.” Opinions, under Article V, may be given if there is a reasonable basis for them. The only opinions strictly not allowed are those regarding the guilt or innocence of any person or party. Additionally, opinions regarding technical matters generally are permitted if the fraud examiner is qualified as an expert in the matter. For example, a permissible opinion might address the relative adequacy of an entity’s internal controls. Likewise, a permissible opinion might regard whether financial transactions conform to generally accepted accounting principles (GAAP).
An organization’s board of directors does NOT have to be knowledgeable about the implementation of an organization’s compliance and ethics program if the board has delegated that responsibility to a compliance officer.
A. True
B. False
B. False
See pages 4.409 in the Fraud Examiner’s Manual
A company’s governing authority must be knowledgeable about the content and operation of the compliance and ethics program and exercise reasonable oversight with respect to the program’s implementation and effectiveness. Governing authority is defined as the board of directors or, if the organization does not have a board of directors, the organization’s highest-level governing body. Although the program’s daily operations can be delegated, the duties outlined above cannot.
When determining the relevance of certain fraud risk factors within an entity, the auditor should consider:
A. The complexity of the entity
B. The ownership of the entity
C. The size of the entity
D. All of the above
D. All of the above
See pages 4.511 in the Fraud Examiner’s Manual
According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, the entity’s size, complexity, and ownership characteristics have a significant influence on the consideration of relevant fraud risk factors. For example, in the case of a large entity, there might be factors that generally constrain improper conduct by management, such as:
- Effective oversight by those charged with governance
- An effective internal audit function
- The existence and enforcement of a written code of conduct
According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, the auditor’s assessment of the risk of material misstatement due to fraud at the financial statement level should influence which of the following aspect(s) of an audit?
A. Choice of auditing procedures
B. Assignment and supervision of personnel
C. Consideration of accounting policies used
D. All of the above
D. All of the above
See pages 4.502, 4.511-4.512 in the Fraud Examiner’s Manual
Although fraud is a broad legal concept, for the purposes of International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, the auditor is concerned with fraud that causes a material misstatement in the financial statements. Under this standard, the auditor shall determine overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level. To do so, the auditor shall:
- Assign and supervise personnel, taking account of the knowledge, skill, and ability of the individuals to be given significant engagement responsibilities and the auditor’s assessment of the risks of material misstatement due to fraud for the engagement; this might include assigning additional individuals with specialized skill and knowledge, such as forensic and IT specialists, or assigning more experienced individuals to the engagement.
- Evaluate whether the selection and application of accounting policies by the entity, particularly those related to subjective measurements and complex transactions, might be indicative of fraudulent financial reporting resulting from management’s effort to manage earnings.
- Incorporate an element of unpredictability in the selection of the nature, timing, and extent of audit procedures.
According to The Institute of Internal Auditors’ (IIA) International Standards for the Professional Practice of Internal Auditing, internal auditors must apply the care and skill of an expert whose primary responsibility is investigating fraud.
A. True
B. False
B. False
See pages 4.526 in the Fraud Examiner’s Manual
The Institute of Internal Auditors’ (IIA) Standard 1220 states that internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor. Standard 1220 also states, however, that due professional care does not imply infallibility.
In a public company, the chief executive officer (CEO) should be charged with having primary responsibility for the oversight of the company’s compliance program.
A. True
B. False
B. False
See pages 4.409-4.410 in the Fraud Examiner’s Manual
If a board of directors exists, such as in a public company, the board must be knowledgeable about the content and operation of the compliance program and oversee its implementation. Accordingly, it is preferable for the board of directors or one of the board’s committees to control the organization’s compliance program. For instance, many companies place their compliance programs under the control of audit committees. There are four principal benefits to this practice:
- The involvement of the board of directors provides a sense of authority to the compliance program. It clearly identifies the program as a matter of company policy.
- The involvement of a board committee provides oversight to the operation of the program by personnel who are not involved in the program’s daily operation.
- Efforts to implement an effective compliance program can be documented in the committee’s meeting minutes. This documentation can prove useful if the company ever must defend its actions and seek mitigation of a criminal fine.
- The involvement of those board members who are on the audit committee will help ensure that the board is knowledgeable about the content and operation of the compliance program.
Which of the following principles of corporate governance relates to the duty of internal parties to act in the best interest of the organization?
A. Transparency
B. Responsibility
C. Accountability
D. Fairness
B. Responsibility
See pages 4.309 in the Fraud Examiner’s Manual
Responsibility, as it relates to corporate governance, applies both to the duty of internal parties (e.g., employees, managers, directors, and owners) to act in the best interest of the organization and to the duty of the organization to act in society’s best interest. The considerations include acting within legal, regulatory, and ethical bounds. Responsible corporate governance is demonstrated in the concepts of corporate ethics and corporate citizenship.
Which of the following factors should an organization consider when designing the components of its compliance and ethics program?
A. Industry size and standards
B. Recurrence of similar conduct
C. Organization size
D. All of the above
D. All of the above
See pages 4.406-4.407 in the Fraud Examiner’s Manual
The U.S. Sentencing Guidelines (USSG) for organizations (the Organizational Guidelines) provide a benchmark and foundational guidance for organizations in all countries for developing an effective compliance program. These Organizational Guidelines state that organizations should consider the following factors when designing their compliance and ethics programs:
- Applicable industry size and practice—An organization’s failure to incorporate and follow industry practice or the standards called for by any applicable government regulation adversely affects a finding that the program is effective.
- Size of the organization—Large organizations are expected to devote more formal operations and greater resources to meeting the requirements than are small organizations. For example, smaller organizations may use available personnel rather than employ separate staff to carry out ethics and compliance.
- Recurrence of similar misconduct—The recurrence of a similar event creates doubt as to whether the organization took reasonable steps to meet the requirements.
The internal audit function should wait until issues related to fraud occur before communicating with senior management or the board of directors about the topic.
A. True
B. False
B. False
See pages 4.533 in the Fraud Examiner’s Manual
The chief audit executive (CAE)—the head of an organization’s internal audit function—must communicate to senior management and the board any significant fraud risk, control, and governance issues. The board and CAE should determine the level of materiality and protocols for escalation, as well as discuss the pressures and opportunities for fraud that exist given the organization’s culture and controls. In addition, the CAE is responsible for assuring the board that the level of risk that management accepts is consistent with the board’s fraud risk appetite, as well as updating the board on the status of any suspected fraud that has been previously reported and any continuing investigations.
Specifically, the CAE should include the following matters in its reports to senior management and the board:
- Is fraud risk management comprehensive, continuous, and aligned with the organization’s strategic objectives?
- Is the fraud risk management program documented and supported by an organization-wide level of awareness?
- Are arrangements for governance of fraud risk management adequate and effective, including an anti-fraud culture led by senior management and the board?
- Does management possess the necessary skills, resources, and inclination to provide effective fraud risk management?
- Did management cooperate with the assessment of the organization’s fraud risk governance and management, or was there any resistance?
- Are there any significant residual fraud risks?
- Has management accepted a level of fraud that is consistent with the board’s risk appetite and the objectives of the organization? If not and the CAE has been unable to resolve the matter, has this been communicated to the board?
Which of the following is NOT one of the core principles of sound corporate governance?
A. Fairness
B. Responsibility
C. Transparency
D. Independence
D. Independence
See pages 4.308 in the Fraud Examiner’s Manual
Most systems of corporate governance are focused on several core principles or values, which include:
- Accountability
- Transparency
- Fairness
- Responsibility
Which of the following is a principle concerning the information and communication component of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework (the Framework)?
A. The organization obtains or generates and uses relevant, quality information to support the functioning of internal control
B. The organization internally communicates information—including objectives and responsibilities for internal control—necessary to support the functioning of internal control
C. The organization communicates with external parties regarding matters affecting the functioning of internal control
D. All of the above
D. All of the above
See pages 4.405 in the Fraud Examiner’s Manual
The information and communication component of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework (the Framework) relates to the exchange of information in a way that allows employees to carry out their internal control responsibilities and achieve the organization’s objectives. According to COSO, the following principles concern this component:
- The organization obtains or generates and uses relevant, quality information to support the functioning of internal control.
- The organization internally communicates information—including objectives and responsibilities for internal control—necessary to support the functioning of internal control.
- The organization communicates with external parties regarding matters affecting the functioning of internal control.
The G20/OECD Principles of Corporate Governance support establishing stronger protection for foreign shareholders than for minority shareholders as a means to encourage increased international investment.
A. True
B. False
B. False
See pages 4.309-4.310, 4.312, 4.315 in the Fraud Examiner’s Manual
The G20/OECD Principles of Corporate Governance (the Principles), a publication by the Organisation for Economic Co-operation and Development (OECD), cover six main areas, which are divided into chapters. The Principles:
- Request that governments have an effective legal, regulatory, and institutional framework to support good corporate governance practices (Chapter I).
- Call for a corporate governance framework that protects the exercise of shareholders’ rights and supports the equal treatment of all shareholders, including minority and foreign shareholders (Chapter II).
- Address the effect of institutional investors and other intermediaries in stock markets and the resulting corporate governance implications (Chapter III).
- Recognize the importance of the role of stakeholders in corporate governance (Chapter IV).
- Examine the importance of timely, accurate, and transparent disclosure mechanisms (Chapter V).
- Address board structures, responsibilities, and procedures (Chapter VI).
Chapter II of the Principles states: “The corporate governance framework should protect and facilitate the exercise of shareholders’ rights and ensure the equitable treatment of all shareholders, including minority and foreign shareholders.” As such, the Principles support the equal treatment of foreign and domestic shareholders in corporate governance. They do not address government policies to regulate foreign direct investment.
The National Commission on Fraudulent Financial Reporting (the Treadway Commission) made which of the following recommendations to reduce the probability of fraud in financial reports?
A. Have adequate audit committee resources and authority.
B. Develop a written charter for the audit committee.
C. Have a mandatory independent audit committee.
D. All of the above are recommendations made by the Treadway Commission.
D. All of the above are recommendations made by the Treadway Commission.
See pages 4.305 in the Fraud Examiner’s Manual
The National Commission on Fraudulent Financial Reporting (the Treadway Commission) offered the following four recommendations for the audit committee that, in combination with other measures, are designed to reduce the probability of fraud in financial reports:
- Mandatory independent audit committee—The Treadway Commission recommended that each board of directors have an audit committee composed of outside directors.
- Written audit committee charter—The Treadway Commission also suggested that companies develop a written charter that sets the audit committee’s duties and responsibilities. The board of directors should periodically review, modify, and approve this written charter.
- Adequate audit committee resources and authority—According to the Treadway Commission, the existence of an audit committee and a written charter is not enough. The committee must also have adequate resources and authority to execute its responsibilities.
- Informed, vigilant, and effective audit committee members—The audit committee should be composed of members who are informed, vigilant, and effective.
The principles behind these recommendations have been incorporated into the corporate governance requirements for public companies in many jurisdictions, including the United States; however, these recommendations are foundational best practices for all organizations.
During a fraud examination, John, a Certified Fraud Examiner (CFE), becomes aware of a situation that might appear as though he has a conflict of interest even though there is no actual conflict. To address the situation, John’s BEST course of action is to:
A. Immediately withdraw from the engagement without disclosing the potential conflict to management
B. Immediately disclose the situation to company management
C. Continue working on the assignment without disclosing the potential conflict but take care to avoid any areas where an actual conflict might arise
D. None of the above
B. Immediately disclose the situation to company management
See pages 4.1008-4.1009 in the Fraud Examiner’s Manual
ACFE members are responsible for maintaining independence in attitude and appearance and for approaching and conducting fraud examinations in an objective and unbiased manner.
Independence of attitude requires impartiality and fairness in conducting fraud examinations and in reaching resulting conclusions and judgments. Fraud examiners must also be sensitive to the appearance of independence so that conclusions and judgments will be accepted as impartial by knowledgeable third parties. Fraud examiners who become aware of a situation or relationship that could be perceived to impair independence, even if no actual impairments exist, should inform management immediately and take steps to eliminate the perceived impairment, including withdrawing from the examination if necessary.
Objectivity refers to the ability to conduct fraud examinations without being influenced by one’s own personal feelings or the feelings and motives of others. To ensure objectivity in performing examinations, fraud examiners must maintain an independent mental attitude, reach judgments on examination matters without undue influence from others, and avoid being placed in positions where they would be unable to work in an objective professional manner. All possible conflicts of interest should be disclosed.
If an external auditor identifies an immaterial misstatement in the financial statements that they believe is the result of fraud, they should:
A. Reevaluate the assessment of risks of material misstatement due to fraud
B. Reconsider the reliability of evidence previously obtained
C. Assess the need to adjust the nature, timing, and extent of remaining audit procedures
D. All of the above
D. All of the above
See pages 4.513-4.514 in the Fraud Examiner’s Manual
According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, if the auditor identifies a misstatement, whether material or not, and has reason to believe that it is or may be the result of fraud and that management (in particular, senior management) is involved, then the auditor shall reevaluate the assessment of the risks of material misstatement due to fraud and its resulting impact on the nature, timing, and extent of audit procedures to respond to the assessed risks. The auditor shall also consider whether circumstances or conditions indicate possible collusion involving employees, management, or third parties when reconsidering the reliability of evidence previously obtained.
According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, if an external auditor discovers evidence of a potential fraud involving senior management, to which of the following parties should they immediately report their findings?
A. Securities regulators
B. The audit committee
C. Local law enforcement
D. All of the above
B. The audit committee
See pages 4.515 in the Fraud Examiner’s Manual
According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, if the auditor has identified or suspects fraud involving management, the auditor shall communicate these matters to those charged with governance, such as the audit committee of the board of directors, on a timely basis. The related discussion should cover the nature, timing, and extent of audit procedures necessary to complete the audit, as well as any other matters related to fraud that are, in the auditor’s judgment, relevant to their responsibilities.
In certain circumstances, it might also be necessary or appropriate to report the findings to outside parties, such as securities regulators. Consequently, if the auditor has identified or suspects a fraud, the auditor shall also determine whether there is a responsibility to report the occurrence or suspicion to a party outside the entity. Although the auditor’s professional duty to maintain the confidentiality of client information may prevent such reporting, the auditor’s legal responsibilities may override the duty of confidentiality in some circumstances.
According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), internal control is a process “designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.”
A. True
B. False
A. True
See pages 4.403 in the Fraud Examiner’s Manual
In its Internal Control—Integrated Framework (the Framework), the Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines internal control as “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.”
As noted in this definition, internal controls should be designed to assist management in meeting the following three categories of objectives:
- Operations objectives, which pertain to the effectiveness and efficiency of the organization’s operations
- Reporting objectives, which pertain to the reporting of financial and nonfinancial information to internal and external parties
- Compliance objectives, which pertain to the organization’s adherence to the laws and regulations to which it is subject
Under the ACFE Code of Professional Ethics, fraud examiners are strictly prohibited from revealing confidential client information under any circumstances.
A. True
B. False
B. False
See pages 4.1012, 4.1017, 4.1019 in the Fraud Examiner’s Manual
Two articles of the ACFE Code of Professional Ethics apply in situations regarding the release of confidential client information. Article IV states: “An ACFE Member will comply with the lawful orders of the courts, and will testify to matters truthfully and without bias or prejudice.” Article VI states: “An ACFE Member shall not reveal any confidential information obtained during a professional engagement without proper authorization.” However, fraud examiners are not bound by confidentiality when doing so would violate the law. Thus, fraud examiners can reveal client confidences when responding to a legal court order.
Which of the following factors should auditors include in their discussion on the financial statements’ susceptibility to fraud, as required by International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements?
A. How a company’s assets could be misappropriated
B. How and where the financial statements might be susceptible to fraud
C. Factors that indicate a culture that enables individuals to rationalize committing fraud
D. All of the above
D. All of the above
See pages 4.507-4.508 in the Fraud Examiner’s Manual
International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, requires auditors to hold a discussion regarding the potential for material misstatements due to fraud. This discussion should cover:
- How and where the entity’s financial statements might be susceptible to fraud
- How management could perpetrate and conceal fraudulent financial reporting
- How the entity’s assets could be misappropriated
This discussion should also include a consideration of known external and internal factors affecting the entity that might:
- Create incentives or pressures for management and others to commit fraud.
- Provide the opportunity for fraud to be perpetrated.
- Indicate a culture or environment that enables management and others to rationalize committing fraud.
The ACFE Code of Professional Ethics prohibits fraud examiners from engaging in undisclosed conflicts of interest. To ensure compliance with this rule, which of the following situations should a fraud examiner avoid?
A. A fraud examiner should avoid undertaking engagements for both sides to a particular controversy or issue
B. A fraud examiner should avoid undertaking an engagement to infiltrate their employer and transmit inside information to another party
C. A fraud examiner should avoid undertaking engagements that create a hardship or loss to their primary employer
D. All of the above
D. All of the above
See pages 4.1007-4.1008 in the Fraud Examiner’s Manual
The ACFE Code of Professional Ethics states that ACFE members shall not engage in undisclosed conflicts of interest. A conflict of interest exists when a fraud examiner’s ability to objectively evaluate and present an issue for a client is impaired by a current, prior, or potential future relationship with parties to the fraud examination.
Deciding if a conflict or a community of interests exists depends on the facts of each situation; however, the following are some general rules concerning conflicts of interest:
- A fraud examiner employed full time by a company should not engage in other jobs that create a hardship or loss to the employer.
A fraud examiner should not be a spy who is employed by one company but retained by another company or person to infiltrate the employer and transmit inside information (unless the employing company agrees to the arrangement to apprehend other parties employed by the company). - A fraud examiner should not accept engagements from both sides to a controversy—just like lawyers are prohibited from representing both parties in a transaction, lawsuit, or trial.
Professional organizations, such as the ACFE, have codes of ethics because:
A. They serve as a reference and benchmark for ethical guidance
B. They facilitate practical enforcement and internal discipline throughout a profession
C. They provide more direct solutions to professional ethical dilemmas than might exist under general ethical principles
D. All of the above
D. All of the above
See pages 4.901-4.902 in the Fraud Examiner’s Manual
A code of conduct serves a useful purpose as a reference and benchmark for ethical guidance. A code makes explicit the conduct that is expected in a particular profession. Thus, codes of professional ethics can provide some direct solutions that might not be available from general ethics theories. Furthermore, individuals will have a better understanding of what is expected of them when a code of ethical conduct is in place. From the viewpoint of an organized profession, a code is a public declaration of principled conduct and a means of facilitating enforcement of standards of conduct. Practical enforcement and internal discipline throughout a profession would be much more difficult if members were not first put on notice of the standards.
