Ethics and Fraud-Related Responsibilities Flashcards

1
Q

Good corporate governance practices:

A. Provide clear lines of accountability and reporting
B. Define the relationships and expectations of the parties involved
C. Ensure that no single party can make all the business decisions without influence, input, or approval of other parties
D. All of the above

A

D. All of the above

See pages 4.301 in the Fraud Examiner’s Manual

An organization’s corporate governance structure provides the lines of accountability and reporting, defines the relationships and expectations of the parties involved, and sets the rules and practices that these parties must follow in executing their responsibilities. The checks-and-balances system of corporate governance ensures that no single party can make all the business decisions without influence, input, or approval of other parties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

During an external audit of an organization’s financial statements, an auditor identifies a significant deficiency in the organization’s internal controls related to financial reporting. Which of the following is the auditor required to do regarding this issue?

A. Communicate the findings in writing to those charged with governance.
B. Report the findings to the appropriate government authorities.
C. Implement procedures to correct the internal control deficiency.
D. Document the findings and withdraw from the engagement.

A

A. Communicate the findings in writing to those charged with governance.

See pages 4.516-4.517 in the Fraud Examiner’s Manual

During a financial statement audit, the external auditor might identify deficiencies in the organization’s internal controls that could result in a misstatement in the financial statements. International Standard on Auditing (ISA) 265, Communicating Deficiencies in Internal Control to Those Charged with Governance and Management, provides guidance regarding the auditor’s responsibility to communicate such control deficiencies appropriately with management and those charged with governance.

According to ISA 265, if the auditor has identified one or more deficiencies in internal control, the auditor is required to:

  • Determine, based on the audit work performed, whether, individually or in combination, they represent significant deficiencies (i.e., a deficiency or combination of deficiencies in internal control that, in the auditor’s professional judgment, is of sufficient importance to merit the attention of those charged with governance).
  • Communicate in writing significant deficiencies in internal control identified during the audit to those charged with governance on a timely basis.
  • Communicate to management at an appropriate level of responsibility on a timely basis, in writing, significant deficiencies in internal control that the auditor has communicated or intends to communicate to those charged with governance, unless it would be inappropriate to communicate directly to management in the circumstances.
  • Communicate to management at an appropriate level of responsibility on a timely basis other deficiencies in internal control identified during the audit that have not been communicated to management by other parties and that, in the auditor’s professional judgment, are of sufficient importance to merit management’s attention.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

To reduce the probability of fraud in financial reports, the National Commission on Fraudulent Financial Reporting (the Treadway Commission) provided recommendations about which of the following parties involved in corporate governance?

A. The audit committee
B. The compensation committee
C. Management
D. Shareholders

A

A. The audit committee

See pages 4.305 in the Fraud Examiner’s Manual

The National Commission on Fraudulent Financial Reporting (the Treadway Commission) offered the following four recommendations for the audit committee that, in combination with other measures, are designed to reduce the probability of fraud in financial reports:

  • Mandatory independent audit committee—The Treadway Commission recommended that each board of directors have an audit committee composed of outside directors.
  • Written audit committee charter—The Treadway Commission also suggested that companies develop a written charter that sets the audit committee’s duties and responsibilities. The board of directors should periodically review, modify, and approve this written charter.
  • Adequate audit committee resources and authority—According to the Treadway Commission, the existence of an audit committee and a written charter is not enough. The committee must also have adequate resources and authority to execute its responsibilities.
  • Informed, vigilant, and effective audit committee members—The audit committee should be composed of members who are informed, vigilant, and effective.

The principles behind these recommendations have been incorporated into the corporate governance requirements for public companies in many jurisdictions, including the United States; however, these recommendations are foundational best practices for all organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

During an external audit of XYZ Corporation, the audit team determines the quantitative materiality threshold (i.e., the amount by which financial statements must be misstated to be considered materially misstated) to be $1 million. If the auditors discover evidence that management has intentionally overstated sales by $900,000, they should deem the misstatement immaterial for purposes of the audit and disregard it.

A. True
B. False

A

B. False

See pages 4.506-4.507 in the Fraud Examiner’s Manual

The concept of materiality in a financial statement audit is an important one, especially as it concerns fraud. International Standards of Auditing (ISAs) 1 and 8 define materiality as follows: “Information is material if omitting, misstating or obscuring it could reasonably be expected to influence the decisions that the primary users of general purpose financial statements make on the basis of those financial statements, which provide financial information about a specific reporting entity.”

Materiality is often considered in quantitative terms within an audit (e.g., by establishing a threshold amount by which the financial statements must be misstated to be considered materially misstated). However, the qualitative aspects of fraud can, and often do, override the general quantitative materiality threshold. For example, an intentional manipulation of an account for an amount just under the determined quantitative materiality threshold might still be deemed material for purposes of the audit, as it indicates management’s intent to “omit, misstate, or obscure” information to influence the decisions of the financial statement users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

According to the G20/OECD Principles of Corporate Governance, governments should have an effective framework to support good corporate governance practices that:

A. Promotes transparent and fair markets
B. Supports effective supervision and enforcement
C. Is consistent with the rule of law
D. All of the above

A

D. All of the above

See pages 4.310-4.311 in the Fraud Examiner’s Manual

Chapter I of the G20/OECD Principles of Corporate Governance (the Principles), a publication by the Organisation for Economic Co-operation and Development (OECD), states that governments should have a sound legal, regulatory, and institutional framework to support good corporate governance practices. This framework typically comprises elements of legislation, regulation, self-regulatory arrangements, voluntary commitments, and business practices that are the result of a country’s specific circumstances, history, and tradition.

Such a framework should promote transparent and fair markets and the efficient allocation of resources. It should be consistent with the rule of law and support effective supervision and enforcement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The G20/OECD Principles of Corporate Governance include which of the following?

A. Recognition of the importance of the role of stakeholders in corporate governance
B. An emphasis on the importance of timely, accurate, and transparent disclosure mechanisms
C. A request that governments have an effective legal, regulatory, and institutional framework to support good corporate governance practices
D. All of the above

A

D. All of the above

See pages 4.309-4.310 in the Fraud Examiner’s Manual

The G20/OECD Principles of Corporate Governance (the Principles), a publication by the Organisation for Economic Co-operation and Development (OECD), cover six main areas, which are divided into chapters. The Principles:

Request that governments have an effective legal, regulatory, and institutional framework to support good corporate governance practices (Chapter I).
Call for a corporate governance framework that protects the exercise of shareholders’ rights and supports the equal treatment of all shareholders, including minority and foreign shareholders (Chapter II).
Address the effect of institutional investors and other intermediaries in stock markets and the resulting corporate governance implications (Chapter III).
Recognize the importance of the role of stakeholders in corporate governance (Chapter IV).
Examine the importance of timely, accurate, and transparent disclosure mechanisms (Chapter V).
Address board structures, responsibilities, and procedures (Chapter VI).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), an internal control system should be designed to provide reasonable assurance regarding the achievement of the organization’s objectives concerning which of the following?

A. The effectiveness and efficiency of the organization’s operations
B. The organization’s adherence to the laws and regulations to which it is subject
C. The reporting of financial and nonfinancial information to internal and external parties
D. All of the above

A

D. All of the above

See pages 4.403 in the Fraud Examiner’s Manual

In its Internal Control—Integrated Framework (the Framework), the Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines internal control as “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.”

As noted in this definition, internal controls should be designed to assist management in meeting the following three categories of objectives:

  1. Operations objectives, which pertain to the effectiveness and efficiency of the organization’s operations
  2. Reporting objectives, which pertain to the reporting of financial and nonfinancial information to internal and external parties
  3. Compliance objectives, which pertain to the organization’s adherence to the laws and regulations to which it is subject
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Leo, a Certified Fraud Examiner (CFE), conducted a fraud examination at Blue Corp. Anna was a prime suspect in the disappearance of money, but Leo could not prove it. Later, Leo discovered Anna had been recently hired by Red Corp., another client of his. Under the ACFE Code of Professional Ethics, Leo must:

A. Inform Red Corp. if the evidence is clear and convincing
B. Inform Red Corp.
C. Not inform Red Corp.
D. None of the above

A

C. Not inform Red Corp.

See pages 4.1017 in the Fraud Examiner’s Manual

Article VI states that “an ACFE Member shall not reveal any confidential information obtained during a professional engagement without proper authorization.” Under this scenario, Leo may not disclose information about Anna’s employment at Blue Corp. or that she was a suspect in the disappearance of money without the authorization of Blue Corp. However, even if that authorization was received, Leo is limited as to what he can disclose. Anna was a suspect, but she did not confess and was not convicted of a crime. If Leo does disclose this information, he could encounter the risk of serious legal problems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, requires auditors to discuss how management could perpetrate and conceal fraudulent financial reporting.

A. True
B. False

A

A. True

See pages 4.507 in the Fraud Examiner’s Manual

International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, requires auditors to hold a discussion regarding the potential for material misstatements due to fraud. This discussion should cover:

  • How and where the entity’s financial statements might be susceptible to fraud
  • How management could perpetrate and conceal fraudulent financial reporting
  • How the entity’s assets could be misappropriated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Good corporate governance is based on a framework that:

A. Remains adaptable
B. Is appropriate for the organization’s legal and regulatory environment
C. Considers the organization’s cultural and ethical environment
D. All of the above

A

D. All of the above

See pages 4.322 in the Fraud Examiner’s Manual

Corporate governance structure and practices vary widely and should be determined based on each organization’s specific needs. In developing a corporate governance framework for an organization, directors and management must consider the legal, regulatory, institutional, cultural, and ethical environments in which the company operates. Additionally, good corporate governance maintains the ability to find a different course when its current direction runs into barriers, such as changes in the corporate landscape, new regulations or legal requirements, or shifts in organizational strategy. However, even while remaining adaptable, sound corporate governance is based on established best practices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is NOT one of the principles involved in the risk assessment process, as laid out by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)?

A. Considering the potential for fraud
B. Assessing changes that could significantly impact the internal control system
C. Conducting ongoing monitoring of the risk management strategy
D. Setting clear organizational objectives

A

C. Conducting ongoing monitoring of the risk management strategy

See pages 4.404-4.405 in the Fraud Examiner’s Manual

According to the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework (the Framework), “Every entity faces a variety of risks from external and internal sources. Risk is defined as the possibility that an event will occur and adversely affect the achievement of objectives.” Risk assessment involves the identification and assessment of the risks the entity faces in achieving its organizational objectives. This process is dynamic and iterative, and it forms the basis for determining how risks will be managed.

According to COSO, the risk assessment involves the following principles:

  • The organization sets sufficiently clear objectives to enable the identification and assessment of risks relating to the objectives.
  • The organization identifies risks to the achievement of its objectives across the entity and analyzes these risks as a basis for determining how the risks should be managed.
  • The organization considers the potential for fraud in assessing risks to the achievement of objectives.
  • The organization identifies and assesses changes that could significantly impact the system of internal control.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In general, the lowest level of reference for making moral decisions is:

A. The law
B. Individual standards
C. Philosophical principles
D. None of the above

A

A. The law

See pages 4.905 in the Fraud Examiner’s Manual

When faced with an ethics-related problem, it is appropriate to begin analyzing the issue by asking: Is it legal? The law, including professional rules and regulations, deals with actions that are permitted and prohibited, but it is the lowest level of reference for moral decisions; a law might permit an action that is prohibited by a profession’s code of ethics. Laws, rules, and regulations function as standards by which to judge whether an action is legal or illegal but not whether the behavior is right. For instance, if you have promised an individual that you will honor a contract, you are ethically bound to do so, regardless of your legal responsibility; under these facts, upholding your promise is the right thing to do, no matter what the law says.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Sound corporate governance practices ensure that all stakeholders are treated equitably and are given just and appropriate consideration.

A. True
B. False

A

A. True

See pages 4.309 in the Fraud Examiner’s Manual

One of the core principles or values of corporate governance is fairness. Sound corporate governance practices ensure that all stakeholders (e.g., shareholders, creditors, employees, management, and others) are treated equitably and are given just and appropriate consideration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

According to the G20/OECD Principles of Corporate Governance, an entity’s corporate governance framework should:

A. Encourage active cooperation between corporations and stakeholders in creating wealth and jobs
B. Ensure the timely and accurate disclosure of all material matters regarding the corporation
C. Ensure the equitable treatment of all shareholders, including minority and foreign shareholders
D. All of the above

A

D. All of the above

See pages 4.310-4.320 in the Fraud Examiner’s Manual

The G20/OECD Principles of Corporate Governance (the Principles), a publication by the Organisation for Economic Co-operation and Development (OECD), is regarded as one of the primary sources of guidance for corporate governance practices for organizations throughout the world. Broadly, the Principles state that an entity’s corporate governance framework should:

  • Promote transparent and fair markets and the efficient allocation of resources.
  • Be consistent with the rule of law.
  • Support effective supervision and enforcement.
  • Protect and facilitate the exercise of shareholders’ rights.
  • Ensure the equitable treatment of all shareholders, including minority and foreign shareholders.
  • Provide all shareholders with the opportunity to obtain effective redress for violation of their rights.
  • Create sound incentives throughout the investment chain.
  • Enable stock markets to function in a way that contributes to good corporate governance.
  • Recognize the rights of stakeholders established by law or through mutual agreements.
  • Encourage active cooperation between corporations and stakeholders in creating wealth, jobs, and the sustainability of financially sound enterprises.
  • Ensure that timely and accurate disclosure is made on all material matters regarding the corporation, including the company’s financial situation, performance, ownership, and governance.
  • Ensure the strategic guidance of the company, the effective monitoring of management by the board, and the board’s accountability to the company and the shareholders.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The structure, responsibilities, and procedures of an organization’s governing board is one of the primary areas covered by the G20/OECD Principles of Corporate Governance.

A. True
B. False

A

A. True

See pages 4.309-4.310 in the Fraud Examiner’s Manual

The G20/OECD Principles of Corporate Governance (the Principles), a publication by the Organisation for Economic Co-operation and Development (OECD), cover six main areas, which are divided into chapters. The Principles:

  • Request that governments have an effective legal, regulatory, and institutional framework to support good corporate governance practices (Chapter I).
  • Call for a corporate governance framework that protects the exercise of shareholders’ rights and supports the equal treatment of all shareholders, including minority and foreign shareholders (Chapter II).
  • Address the effect of institutional investors and other intermediaries in stock markets and the resulting corporate governance implications (Chapter III).
  • Recognize the importance of the role of stakeholders in corporate governance (Chapter IV).
  • Examine the importance of timely, accurate, and transparent disclosure mechanisms (Chapter V).
  • Address board structures, responsibilities, and procedures (Chapter VI).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The purpose of corporate governance is to:

A. Encourage the efficient use of resources and require accountability for the stewardship of those resources.
B. Prevent and detect financial misstatements whether caused by errors or fraud.
C. Provide reasonable assurance regarding the organization’s compliance with applicable laws and regulations.
D. Ensure the accuracy and reliability of the organization’s financial reports.

A

A. Encourage the efficient use of resources and require accountability for the stewardship of those resources.

See pages 4.301 in the Fraud Examiner’s Manual

Sir Adrian Cadbury, chairman of the committee that developed the foundational corporate governance guidance, Financial Aspects of Corporate Governance, which is generally known as The Cadbury Report, stated that the purpose of corporate governance is “to encourage the efficient use of resources and equally to require accountability for the stewardship of those resources. The aim is to align as nearly as possible the interests of individuals, corporations, and society.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Ayumi has just completed a fraud examination report containing confidential information for ABC Inc., a client. She received a call from the local police requesting a copy of the report. Which of the following statements is FALSE?

A. Ayumi can turn over the report if it is demanded by a court order.
B. Ayumi can turn over the report if her client consents.
C. Ayumi can turn over the report without any repercussions because she owns the information contained in the document.
D. Ayumi can turn over the report if the information is requested in a search warrant.

A

C. Ayumi can turn over the report without any repercussions because she owns the information contained in the document.

See pages 4.1017-4.1019 in the Fraud Examiner’s Manual

Confidential information, for all practical purposes, is any and all information a fraud examiner might obtain throughout a work engagement, whether it be from the company or client for whom an investigation is performed or from any other source consulted during the work. However, there is no legal privilege that exists between a fraud examiner and their client. That means that although the fraud examiner is not allowed to reveal confidential information without authorization from the client, if the information is subject to a legal court order or search warrant, then the fraud examiner must provide it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Who is responsible for holding the board of directors accountable for proper governance and oversight?

A. The chairman of the board
B. Executive management
C. The shareholders
D. The external auditors

A

C. The shareholders

See pages 4.307 in the Fraud Examiner’s Manual

Shareholders are the owners of corporations and are primarily concerned with maximizing the return on their investment; therefore, shareholders have a responsibility to be actively involved in the corporate governance process by:

  • Remaining informed on company operations and performance
  • Reading annual reports and other communications from management to the shareholders
  • Attending shareholder meetings
  • Electing capable individuals to serve as board directors
  • Holding the board of directors accountable for proper governance and oversight
  • Appointing or ratifying the audit committee’s appointment of the organization’s independent auditors
  • Voting on other significant issues, such as specific changes relating to business operations, the company’s corporate governance framework, and the rights and responsibilities of the board of directors and executive managers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Effective ownership and reporting structures within an organization are necessary for ensuring which of the following principles of corporate governance?

A. Transparency
B. Fairness
C. Responsibility
D. Accountability

A

D. Accountability

See pages 4.308 in the Fraud Examiner’s Manual

One of the core principles or values of corporate governance is accountability. The ownership and reporting structures within an organization allow for the involved parties’ accountability. In most corporations, the owners (i.e., shareholders) are separate from the decision-makers (i.e., management) and overseers (i.e., board of directors). To ensure that the organization operates effectively and efficiently, there must be mechanisms in place to ensure that management is accountable to the board and that the board is accountable to the shareholders.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

In the context of a fraud examination, a mindset of professional skepticism means:

A. Fraud examiners should always begin their assignments with the belief that something is wrong
B. Fraud examiners should relax their attitude of skepticism only when the evidence shows no signs of fraud
C. The fraud examiner’s professional skepticism can be dispelled only by evidence
D. All of the above

A

D. All of the above

See pages 4.1012 in the Fraud Examiner’s Manual

As part of exercising professional integrity and competence, fraud examiners must always perform their work with a mindset of professional skepticism and begin assignments with the belief that something is wrong or someone is committing a fraud (depending on the nature of the assignment and the preliminary information available). Furthermore, fraud examiners should relax their attitude of skepticism only when the evidence shows no signs of fraudulent activity. At no time is a fraud examiner entitled to assume a fraud problem does not exist. Thus, professional skepticism can be dispelled only by evidence. As a result, opinions or attestations about a fraud-free environment are absolutely prohibited for ACFE members.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

In reporting the results of a fraud examination, a fraud examiner is required to disclose any information that, if not disclosed, would change a user’s perceptions and conclusions.

A. True
B. False

A

A. True

See pages 4.1022-4.1023 in the Fraud Examiner’s Manual

Article VII of the ACFE Code of Professional Ethics states: “An ACFE Member shall reveal all material matters discovered during the course of an examination, which, if omitted, could cause a distortion of the facts.” This rule demands full and fair reporting of the findings made in investigations. Two words—material and distortion—are key to this requirement.

Information is material if having knowledge of such information might reasonably be expected to influence a client’s or employer’s decisions based on a fraud examiner’s report. Accordingly, materiality is a user-oriented concept. Thus, an item of information that would change a user’s perceptions and conclusions if it were omitted from a report is considered material. When determining what information is material, fraud examiners should not consider what they personally think is important and material; instead, they should try to decide what users will consider important and material. Thus, fraud examiners must project a decision-making process onto the users.

This rule also provides that fraud examiners shall disclose all material matters discovered during a fraud examination that, if omitted, could distort the facts. The “distortion of facts” portion of the rule refers to omissions. Distortion is related to materiality and users’ decisions. The distortion of facts in a report could cause users to undertake inappropriate actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Bryan, a Certified Fraud Examiner (CFE), locks the door to the interview room and refuses to allow the fraud suspect to leave despite repeated requests. Later, the suspect sues (successfully), claiming false imprisonment. Which of the following statements is TRUE?

A. This conduct would be a violation of the ACFE Code of Professional Ethics.
B. This conduct would be a violation of the ACFE Code of Professional Ethics only if Bryan knew the conduct was illegal.
C. This conduct would not be a violation of the ACFE Code of Professional Ethics under any circumstances.
D. This conduct would be a violation of the ACFE Code of Professional Ethics only if the suspect was innocent of fraud.

A

A. This conduct would be a violation of the ACFE Code of Professional Ethics.

See pages 4.1006-4.1007 in the Fraud Examiner’s Manual

Some rules for professionals insert the word knowingly in relation to illegal activities, saying that “One should not knowingly be a party to an illegal activity.” The ACFE Code of Professional Ethics does not include this technicality. Fraud examiners are generally not entitled to claim ignorance of the law. They are expected to know a considerable amount of law in connection with investigations, and they are expected to know when to consult a lawyer. In the situation in question, even if Bryan did not know that locking the door would constitute false imprisonment, he has still violated the ACFE Code of Professional Ethics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following is TRUE regarding a corporation’s board of directors?

A. The directors oversee business operations by assessing the strategy and underlying purpose of management’s decisions and actions
B. The directors represent the intermediaries between the shareholders and management
C. The directors are generally elected by the company’s shareholders
D. All of the above

A

D. All of the above

See pages 4.302 in the Fraud Examiner’s Manual

A corporation’s board of directors is made up of individuals who are generally elected by the entity’s voting members (e.g., shareholders in the case of a corporation or members in the case of an association). The directors represent the intermediaries between the corporation’s owners (i.e., shareholders) and those executing its activities (i.e., management), and they act as guardians of the organization’s resources and assets. As such, the board oversees business operations by assessing the strategy and underlying purpose of management’s decisions and actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

As part of their responsibilities under the ACFE Code of Professional Ethics, in collecting evidence, fraud examiners must:

A. Ensure that all necessary evidence is obtained
B. Preserve the integrity of relevant evidence
C. Obtain and document evidence such that the chain of custody is preserved
D. All of the above

A

D. All of the above

See pages 4.1016 in the Fraud Examiner’s Manual

As part of the ACFE Code of Professional Ethics, ACFE members are required to collect and evaluate a sufficient amount of relevant evidence to afford a reasonable and logical basis for decisions. Thus, fraud examiners must collect evidence, whether exculpatory or incriminating, that supports fraud examination results and will be admissible in subsequent proceedings. To do so, the fraud examiner must obtain and document the evidence in a manner that ensures that all necessary evidence is obtained and that the chain of custody is preserved. Additionally, fraud examiners must act prudently to preserve the integrity of relevant evidence and material.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Under the ACFE Code of Professional Ethics, fraud examiners are strictly prohibited from expressing opinions on technical matters.

A. True
B. False

A

B. False

See pages 4.1014, 4.1016-4.1017 in the Fraud Examiner’s Manual

Article V of the ACFE Code of Professional Ethics states: “An ACFE Member, in conducting examinations, will obtain evidence or other documentation to establish a reasonable basis for any opinion rendered. No opinion shall be expressed regarding the guilt or innocence of any person or party.” Opinions, under Article V, may be given if there is a reasonable basis for them. The only opinions strictly not allowed are those regarding the guilt or innocence of any person or party. Additionally, opinions regarding technical matters generally are permitted if the fraud examiner is qualified as an expert in the matter. For example, a permissible opinion might address the relative adequacy of an entity’s internal controls. Likewise, a permissible opinion might regard whether financial transactions conform to generally accepted accounting principles (GAAP).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

An organization’s board of directors does NOT have to be knowledgeable about the implementation of an organization’s compliance and ethics program if the board has delegated that responsibility to a compliance officer.

A. True
B. False

A

B. False

See pages 4.409 in the Fraud Examiner’s Manual

A company’s governing authority must be knowledgeable about the content and operation of the compliance and ethics program and exercise reasonable oversight with respect to the program’s implementation and effectiveness. Governing authority is defined as the board of directors or, if the organization does not have a board of directors, the organization’s highest-level governing body. Although the program’s daily operations can be delegated, the duties outlined above cannot.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

When determining the relevance of certain fraud risk factors within an entity, the auditor should consider:

A. The complexity of the entity
B. The ownership of the entity
C. The size of the entity
D. All of the above

A

D. All of the above

See pages 4.511 in the Fraud Examiner’s Manual

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, the entity’s size, complexity, and ownership characteristics have a significant influence on the consideration of relevant fraud risk factors. For example, in the case of a large entity, there might be factors that generally constrain improper conduct by management, such as:

  • Effective oversight by those charged with governance
  • An effective internal audit function
  • The existence and enforcement of a written code of conduct
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, the auditor’s assessment of the risk of material misstatement due to fraud at the financial statement level should influence which of the following aspect(s) of an audit?

A. Choice of auditing procedures
B. Assignment and supervision of personnel
C. Consideration of accounting policies used
D. All of the above

A

D. All of the above

See pages 4.502, 4.511-4.512 in the Fraud Examiner’s Manual

Although fraud is a broad legal concept, for the purposes of International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, the auditor is concerned with fraud that causes a material misstatement in the financial statements. Under this standard, the auditor shall determine overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level. To do so, the auditor shall:

  • Assign and supervise personnel, taking account of the knowledge, skill, and ability of the individuals to be given significant engagement responsibilities and the auditor’s assessment of the risks of material misstatement due to fraud for the engagement; this might include assigning additional individuals with specialized skill and knowledge, such as forensic and IT specialists, or assigning more experienced individuals to the engagement.
  • Evaluate whether the selection and application of accounting policies by the entity, particularly those related to subjective measurements and complex transactions, might be indicative of fraudulent financial reporting resulting from management’s effort to manage earnings.
  • Incorporate an element of unpredictability in the selection of the nature, timing, and extent of audit procedures.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

According to The Institute of Internal Auditors’ (IIA) International Standards for the Professional Practice of Internal Auditing, internal auditors must apply the care and skill of an expert whose primary responsibility is investigating fraud.

A. True
B. False

A

B. False

See pages 4.526 in the Fraud Examiner’s Manual

The Institute of Internal Auditors’ (IIA) Standard 1220 states that internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor. Standard 1220 also states, however, that due professional care does not imply infallibility.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

In a public company, the chief executive officer (CEO) should be charged with having primary responsibility for the oversight of the company’s compliance program.

A. True
B. False

A

B. False

See pages 4.409-4.410 in the Fraud Examiner’s Manual

If a board of directors exists, such as in a public company, the board must be knowledgeable about the content and operation of the compliance program and oversee its implementation. Accordingly, it is preferable for the board of directors or one of the board’s committees to control the organization’s compliance program. For instance, many companies place their compliance programs under the control of audit committees. There are four principal benefits to this practice:

  1. The involvement of the board of directors provides a sense of authority to the compliance program. It clearly identifies the program as a matter of company policy.
  2. The involvement of a board committee provides oversight to the operation of the program by personnel who are not involved in the program’s daily operation.
  3. Efforts to implement an effective compliance program can be documented in the committee’s meeting minutes. This documentation can prove useful if the company ever must defend its actions and seek mitigation of a criminal fine.
  4. The involvement of those board members who are on the audit committee will help ensure that the board is knowledgeable about the content and operation of the compliance program.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which of the following principles of corporate governance relates to the duty of internal parties to act in the best interest of the organization?

A. Transparency
B. Responsibility
C. Accountability
D. Fairness

A

B. Responsibility

See pages 4.309 in the Fraud Examiner’s Manual

Responsibility, as it relates to corporate governance, applies both to the duty of internal parties (e.g., employees, managers, directors, and owners) to act in the best interest of the organization and to the duty of the organization to act in society’s best interest. The considerations include acting within legal, regulatory, and ethical bounds. Responsible corporate governance is demonstrated in the concepts of corporate ethics and corporate citizenship.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following factors should an organization consider when designing the components of its compliance and ethics program?

A. Industry size and standards
B. Recurrence of similar conduct
C. Organization size
D. All of the above

A

D. All of the above

See pages 4.406-4.407 in the Fraud Examiner’s Manual

The U.S. Sentencing Guidelines (USSG) for organizations (the Organizational Guidelines) provide a benchmark and foundational guidance for organizations in all countries for developing an effective compliance program. These Organizational Guidelines state that organizations should consider the following factors when designing their compliance and ethics programs:

  • Applicable industry size and practice—An organization’s failure to incorporate and follow industry practice or the standards called for by any applicable government regulation adversely affects a finding that the program is effective.
  • Size of the organization—Large organizations are expected to devote more formal operations and greater resources to meeting the requirements than are small organizations. For example, smaller organizations may use available personnel rather than employ separate staff to carry out ethics and compliance.
  • Recurrence of similar misconduct—The recurrence of a similar event creates doubt as to whether the organization took reasonable steps to meet the requirements.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

The internal audit function should wait until issues related to fraud occur before communicating with senior management or the board of directors about the topic.

A. True
B. False

A

B. False

See pages 4.533 in the Fraud Examiner’s Manual

The chief audit executive (CAE)—the head of an organization’s internal audit function—must communicate to senior management and the board any significant fraud risk, control, and governance issues. The board and CAE should determine the level of materiality and protocols for escalation, as well as discuss the pressures and opportunities for fraud that exist given the organization’s culture and controls. In addition, the CAE is responsible for assuring the board that the level of risk that management accepts is consistent with the board’s fraud risk appetite, as well as updating the board on the status of any suspected fraud that has been previously reported and any continuing investigations.

Specifically, the CAE should include the following matters in its reports to senior management and the board:

  • Is fraud risk management comprehensive, continuous, and aligned with the organization’s strategic objectives?
  • Is the fraud risk management program documented and supported by an organization-wide level of awareness?
  • Are arrangements for governance of fraud risk management adequate and effective, including an anti-fraud culture led by senior management and the board?
  • Does management possess the necessary skills, resources, and inclination to provide effective fraud risk management?
  • Did management cooperate with the assessment of the organization’s fraud risk governance and management, or was there any resistance?
  • Are there any significant residual fraud risks?
  • Has management accepted a level of fraud that is consistent with the board’s risk appetite and the objectives of the organization? If not and the CAE has been unable to resolve the matter, has this been communicated to the board?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which of the following is NOT one of the core principles of sound corporate governance?

A. Fairness
B. Responsibility
C. Transparency
D. Independence

A

D. Independence

See pages 4.308 in the Fraud Examiner’s Manual

Most systems of corporate governance are focused on several core principles or values, which include:

  • Accountability
  • Transparency
  • Fairness
  • Responsibility
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which of the following is a principle concerning the information and communication component of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework (the Framework)?

A. The organization obtains or generates and uses relevant, quality information to support the functioning of internal control
B. The organization internally communicates information—including objectives and responsibilities for internal control—necessary to support the functioning of internal control
C. The organization communicates with external parties regarding matters affecting the functioning of internal control
D. All of the above

A

D. All of the above

See pages 4.405 in the Fraud Examiner’s Manual

The information and communication component of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework (the Framework) relates to the exchange of information in a way that allows employees to carry out their internal control responsibilities and achieve the organization’s objectives. According to COSO, the following principles concern this component:

  • The organization obtains or generates and uses relevant, quality information to support the functioning of internal control.
  • The organization internally communicates information—including objectives and responsibilities for internal control—necessary to support the functioning of internal control.
  • The organization communicates with external parties regarding matters affecting the functioning of internal control.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

The G20/OECD Principles of Corporate Governance support establishing stronger protection for foreign shareholders than for minority shareholders as a means to encourage increased international investment.

A. True
B. False

A

B. False

See pages 4.309-4.310, 4.312, 4.315 in the Fraud Examiner’s Manual

The G20/OECD Principles of Corporate Governance (the Principles), a publication by the Organisation for Economic Co-operation and Development (OECD), cover six main areas, which are divided into chapters. The Principles:

  • Request that governments have an effective legal, regulatory, and institutional framework to support good corporate governance practices (Chapter I).
  • Call for a corporate governance framework that protects the exercise of shareholders’ rights and supports the equal treatment of all shareholders, including minority and foreign shareholders (Chapter II).
  • Address the effect of institutional investors and other intermediaries in stock markets and the resulting corporate governance implications (Chapter III).
  • Recognize the importance of the role of stakeholders in corporate governance (Chapter IV).
  • Examine the importance of timely, accurate, and transparent disclosure mechanisms (Chapter V).
  • Address board structures, responsibilities, and procedures (Chapter VI).

Chapter II of the Principles states: “The corporate governance framework should protect and facilitate the exercise of shareholders’ rights and ensure the equitable treatment of all shareholders, including minority and foreign shareholders.” As such, the Principles support the equal treatment of foreign and domestic shareholders in corporate governance. They do not address government policies to regulate foreign direct investment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

The National Commission on Fraudulent Financial Reporting (the Treadway Commission) made which of the following recommendations to reduce the probability of fraud in financial reports?

A. Have adequate audit committee resources and authority.
B. Develop a written charter for the audit committee.
C. Have a mandatory independent audit committee.
D. All of the above are recommendations made by the Treadway Commission.

A

D. All of the above are recommendations made by the Treadway Commission.

See pages 4.305 in the Fraud Examiner’s Manual

The National Commission on Fraudulent Financial Reporting (the Treadway Commission) offered the following four recommendations for the audit committee that, in combination with other measures, are designed to reduce the probability of fraud in financial reports:

  • Mandatory independent audit committee—The Treadway Commission recommended that each board of directors have an audit committee composed of outside directors.
  • Written audit committee charter—The Treadway Commission also suggested that companies develop a written charter that sets the audit committee’s duties and responsibilities. The board of directors should periodically review, modify, and approve this written charter.
  • Adequate audit committee resources and authority—According to the Treadway Commission, the existence of an audit committee and a written charter is not enough. The committee must also have adequate resources and authority to execute its responsibilities.
  • Informed, vigilant, and effective audit committee members—The audit committee should be composed of members who are informed, vigilant, and effective.

The principles behind these recommendations have been incorporated into the corporate governance requirements for public companies in many jurisdictions, including the United States; however, these recommendations are foundational best practices for all organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

During a fraud examination, John, a Certified Fraud Examiner (CFE), becomes aware of a situation that might appear as though he has a conflict of interest even though there is no actual conflict. To address the situation, John’s BEST course of action is to:

A. Immediately withdraw from the engagement without disclosing the potential conflict to management
B. Immediately disclose the situation to company management
C. Continue working on the assignment without disclosing the potential conflict but take care to avoid any areas where an actual conflict might arise
D. None of the above

A

B. Immediately disclose the situation to company management

See pages 4.1008-4.1009 in the Fraud Examiner’s Manual

ACFE members are responsible for maintaining independence in attitude and appearance and for approaching and conducting fraud examinations in an objective and unbiased manner.

Independence of attitude requires impartiality and fairness in conducting fraud examinations and in reaching resulting conclusions and judgments. Fraud examiners must also be sensitive to the appearance of independence so that conclusions and judgments will be accepted as impartial by knowledgeable third parties. Fraud examiners who become aware of a situation or relationship that could be perceived to impair independence, even if no actual impairments exist, should inform management immediately and take steps to eliminate the perceived impairment, including withdrawing from the examination if necessary.

Objectivity refers to the ability to conduct fraud examinations without being influenced by one’s own personal feelings or the feelings and motives of others. To ensure objectivity in performing examinations, fraud examiners must maintain an independent mental attitude, reach judgments on examination matters without undue influence from others, and avoid being placed in positions where they would be unable to work in an objective professional manner. All possible conflicts of interest should be disclosed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

If an external auditor identifies an immaterial misstatement in the financial statements that they believe is the result of fraud, they should:

A. Reevaluate the assessment of risks of material misstatement due to fraud
B. Reconsider the reliability of evidence previously obtained
C. Assess the need to adjust the nature, timing, and extent of remaining audit procedures
D. All of the above

A

D. All of the above

See pages 4.513-4.514 in the Fraud Examiner’s Manual

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, if the auditor identifies a misstatement, whether material or not, and has reason to believe that it is or may be the result of fraud and that management (in particular, senior management) is involved, then the auditor shall reevaluate the assessment of the risks of material misstatement due to fraud and its resulting impact on the nature, timing, and extent of audit procedures to respond to the assessed risks. The auditor shall also consider whether circumstances or conditions indicate possible collusion involving employees, management, or third parties when reconsidering the reliability of evidence previously obtained.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, if an external auditor discovers evidence of a potential fraud involving senior management, to which of the following parties should they immediately report their findings?

A. Securities regulators
B. The audit committee
C. Local law enforcement
D. All of the above

A

B. The audit committee

See pages 4.515 in the Fraud Examiner’s Manual

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, if the auditor has identified or suspects fraud involving management, the auditor shall communicate these matters to those charged with governance, such as the audit committee of the board of directors, on a timely basis. The related discussion should cover the nature, timing, and extent of audit procedures necessary to complete the audit, as well as any other matters related to fraud that are, in the auditor’s judgment, relevant to their responsibilities.

In certain circumstances, it might also be necessary or appropriate to report the findings to outside parties, such as securities regulators. Consequently, if the auditor has identified or suspects a fraud, the auditor shall also determine whether there is a responsibility to report the occurrence or suspicion to a party outside the entity. Although the auditor’s professional duty to maintain the confidentiality of client information may prevent such reporting, the auditor’s legal responsibilities may override the duty of confidentiality in some circumstances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), internal control is a process “designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.”

A. True
B. False

A

A. True

See pages 4.403 in the Fraud Examiner’s Manual

In its Internal Control—Integrated Framework (the Framework), the Committee of Sponsoring Organizations of the Treadway Commission (COSO) defines internal control as “a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.”

As noted in this definition, internal controls should be designed to assist management in meeting the following three categories of objectives:

  1. Operations objectives, which pertain to the effectiveness and efficiency of the organization’s operations
  2. Reporting objectives, which pertain to the reporting of financial and nonfinancial information to internal and external parties
  3. Compliance objectives, which pertain to the organization’s adherence to the laws and regulations to which it is subject
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Under the ACFE Code of Professional Ethics, fraud examiners are strictly prohibited from revealing confidential client information under any circumstances.

A. True
B. False

A

B. False

See pages 4.1012, 4.1017, 4.1019 in the Fraud Examiner’s Manual

Two articles of the ACFE Code of Professional Ethics apply in situations regarding the release of confidential client information. Article IV states: “An ACFE Member will comply with the lawful orders of the courts, and will testify to matters truthfully and without bias or prejudice.” Article VI states: “An ACFE Member shall not reveal any confidential information obtained during a professional engagement without proper authorization.” However, fraud examiners are not bound by confidentiality when doing so would violate the law. Thus, fraud examiners can reveal client confidences when responding to a legal court order.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Which of the following factors should auditors include in their discussion on the financial statements’ susceptibility to fraud, as required by International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements?

A. How a company’s assets could be misappropriated
B. How and where the financial statements might be susceptible to fraud
C. Factors that indicate a culture that enables individuals to rationalize committing fraud
D. All of the above

A

D. All of the above

See pages 4.507-4.508 in the Fraud Examiner’s Manual

International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, requires auditors to hold a discussion regarding the potential for material misstatements due to fraud. This discussion should cover:

  • How and where the entity’s financial statements might be susceptible to fraud
  • How management could perpetrate and conceal fraudulent financial reporting
  • How the entity’s assets could be misappropriated

This discussion should also include a consideration of known external and internal factors affecting the entity that might:

  • Create incentives or pressures for management and others to commit fraud.
  • Provide the opportunity for fraud to be perpetrated.
  • Indicate a culture or environment that enables management and others to rationalize committing fraud.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

The ACFE Code of Professional Ethics prohibits fraud examiners from engaging in undisclosed conflicts of interest. To ensure compliance with this rule, which of the following situations should a fraud examiner avoid?

A. A fraud examiner should avoid undertaking engagements for both sides to a particular controversy or issue
B. A fraud examiner should avoid undertaking an engagement to infiltrate their employer and transmit inside information to another party
C. A fraud examiner should avoid undertaking engagements that create a hardship or loss to their primary employer
D. All of the above

A

D. All of the above

See pages 4.1007-4.1008 in the Fraud Examiner’s Manual

The ACFE Code of Professional Ethics states that ACFE members shall not engage in undisclosed conflicts of interest. A conflict of interest exists when a fraud examiner’s ability to objectively evaluate and present an issue for a client is impaired by a current, prior, or potential future relationship with parties to the fraud examination.

Deciding if a conflict or a community of interests exists depends on the facts of each situation; however, the following are some general rules concerning conflicts of interest:

  • A fraud examiner employed full time by a company should not engage in other jobs that create a hardship or loss to the employer.
    A fraud examiner should not be a spy who is employed by one company but retained by another company or person to infiltrate the employer and transmit inside information (unless the employing company agrees to the arrangement to apprehend other parties employed by the company).
  • A fraud examiner should not accept engagements from both sides to a controversy—just like lawyers are prohibited from representing both parties in a transaction, lawsuit, or trial.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Professional organizations, such as the ACFE, have codes of ethics because:

A. They serve as a reference and benchmark for ethical guidance
B. They facilitate practical enforcement and internal discipline throughout a profession
C. They provide more direct solutions to professional ethical dilemmas than might exist under general ethical principles
D. All of the above

A

D. All of the above

See pages 4.901-4.902 in the Fraud Examiner’s Manual

A code of conduct serves a useful purpose as a reference and benchmark for ethical guidance. A code makes explicit the conduct that is expected in a particular profession. Thus, codes of professional ethics can provide some direct solutions that might not be available from general ethics theories. Furthermore, individuals will have a better understanding of what is expected of them when a code of ethical conduct is in place. From the viewpoint of an organized profession, a code is a public declaration of principled conduct and a means of facilitating enforcement of standards of conduct. Practical enforcement and internal discipline throughout a profession would be much more difficult if members were not first put on notice of the standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, defines two types of frauds that are relevant for audit purposes: those that involve intentional fraudulent financial reporting and those that involve the misappropriation of company assets.

A. True
B. False

A

A. True

See pages 4.502 in the Fraud Examiner’s Manual

Although fraud is a broad legal concept, for the purposes of International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, the auditor is concerned with fraud that causes a material misstatement in the financial statements. Two types of intentional misstatements are relevant to the auditor: misstatements resulting from fraudulent financial reporting and misstatements resulting from the misappropriation of assets. Although the auditor might suspect or, in rare cases, identify the occurrence of fraud, the auditor does not make legal determinations of whether fraud has occurred.

47
Q

For its compliance program to be effective, an organization must communicate the program to all its employees through training programs.

A. True
B. False

A

A. True

See pages 4.411 in the Fraud Examiner’s Manual

The U.S. Sentencing Guidelines (USSG) for organizations (the Organizational Guidelines) provide a benchmark and foundational guidance for organizations in all countries for developing an effective compliance program. Under the Organizational Guidelines, organizations must conduct “effective training programs.” Organizations are also required to communicate the program’s compliance requirements and procedures to all employees affected by the program, including upper-level personnel, periodically and appropriately. These programs should be designed to inform employees about the company’s stance on corporate compliance. They should also inform employees about what kinds of acts and omissions are prohibited by the law and by the organization.

48
Q

During an audit of a public-sector organization’s financial statements, a government auditor uncovers evidence of a potential fraud. The auditor’s requirements for reporting these findings are substantially the same as those for external auditors in the private sector.

A. True
B. False

A

B. False

See pages 4.546, 4.549 in the Fraud Examiner’s Manual

International Standard of Supreme Audit Institutions (ISSAI) 1240 provides supplementary guidance regarding the applicability of International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, to public-sector financial statement audits. This practice note states that ISA 240 is applicable to auditors of public-sector entities in their role as auditors of financial statements; however, the guidance also specifically notes that public-sector audits can involve additional requirements for communications about fraud-related matters. For example, public-sector auditors may be required or may decide to communicate matters with other parties, such as the legislature, in addition to those charged with governance. Furthermore, the requirements for reporting of fraud in the public sector may be subject to specific provisions of the audit mandate or related legislation or regulation (e.g., regulatory and enforcement authorities). In some environments, there may be a duty to refer indications of fraud to investigative bodies and even cooperate with such bodies to determine if fraud or abuse has occurred. In other environments, public-sector auditors may be obliged to report circumstances that may indicate the possibility of fraud or abuse to the competent jurisdictional body or to the appropriate part of the government or legislature, such as prosecutors, the police, and (if relevant to legislation) affected third parties.

49
Q

Government auditors have several considerations regarding fraud during a public-sector financial statement audit that their counterparts in the private sector do not. Which of the following is NOT one of these considerations?

A. Narrower overall audit objectives
B. An inability to withdraw from the audit engagement
C. A need to consider the concept of abuse
D. Additional communications about fraud-related matters

A

A. Narrower overall audit objectives

See pages 4.546-4.549 in the Fraud Examiner’s Manual

International Standard of Supreme Audit Institutions (ISSAI) 1240 provides supplementary guidance regarding the applicability of International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, to public-sector financial statement audits. This practice note states that ISA 240 is applicable to auditors of public-sector entities in their role as auditors of financial statements and includes the following application considerations specifically for public-sector audits:

  • Broader audit objectives—The objectives of a financial audit in the public sector are often broader than expressing an opinion as to whether the financial statements have been prepared, in all material respects, in accordance with the applicable financial reporting framework (i.e., the scope of the financial statement audits under the ISAs). The audit mandate arising from legislation, regulation, ministerial directives, government policy requirements, or resolutions of the legislature may result in additional objectives. These additional objectives may include audit and reporting responsibilities, for example, relating to reporting whether the public-sector auditors found any instances of noncompliance with authorities, including budgets and accountability frameworks and/or reporting on the effectiveness of internal control. However, even where there are no such additional objectives, there may be general public expectations for public-sector auditors to report any noncompliance with authorities detected during the audit or to report on the effectiveness of internal control. These additional responsibilities and the related fraud risks need to be considered by the public-sector auditor when planning and performing the audit.
  • Consideration of the concept of abuse—In addition to fraud, public-sector auditors must remain alert throughout the audit for occurrences of abuse. In this context, abuse involves behavior that is deficient or improper when compared with behavior that a prudent person would consider reasonable and necessary business practice given the facts and circumstances. Abuse also includes misuse of authority or position for personal financial interests or those of an immediate or close family member or business associate. Abuse does not necessarily involve fraud, violation of laws, regulations, or provisions of a contract or grant agreement.
  • Inability to withdraw from the engagement—Public-sector auditors do not normally have the option to withdraw from an audit engagement. Therefore, public-sector auditors must consider the impact on the audit opinion and any requirements for other forms of reporting, including whether it may be appropriate to report separately to the legislature or to issue classified or restricted reports.
  • Additional communications about fraud-related matters—Public-sector auditors may be required or may decide to communicate matters with other parties, such as the legislature, in addition to those charged with governance. Furthermore, the requirements for reporting of fraud in the public sector may be subject to specific provisions of the audit mandate or related legislation or regulation (e.g., regulatory and enforcement authorities). In some environments, there may be a duty to refer indications of fraud to investigative bodies and even cooperate with such bodies to determine if fraud or abuse has occurred. In other environments, public-sector auditors may be obliged to report circumstances that may indicate the possibility of fraud or abuse to the competent jurisdictional body or to the appropriate part of the government or legislature, such as prosecutors, the police, and (if relevant to legislation) affected third parties.
50
Q

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, if an external auditor suspects or identifies fraud involving management, it is the auditor’s responsibility to report these findings to those charged with governance of the organization.

A. True
B. False

A

A. True

See pages 4.515 in the Fraud Examiner’s Manual

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, if the auditor has identified or suspects fraud involving management, the auditor shall communicate these matters to those charged with governance, such as the audit committee of the board of directors, on a timely basis. The related discussion should cover the nature, timing, and extent of audit procedures necessary to complete the audit, as well as any other matters related to fraud that are, in the auditor’s judgment, relevant to their responsibilities.

51
Q

To be in compliance with the ACFE Code of Professional Ethics, fraud examiners must have an expert level of skill and knowledge for every circumstance that might be encountered in a fraud examination.

A. True
B. False

A

B. False

See pages 4.1011 in the Fraud Examiner’s Manual

Fraud examiners cannot be expected to have an expert level of skill and knowledge for every circumstance that might be encountered in a fraud examination. Nevertheless, they must have sufficient skill and knowledge to recognize when additional training or expert guidance is required. It is the responsibility of a fraud examiner to ensure that necessary skills, knowledge, ability, and experience are acquired or available before proceeding with a fraud examination.

52
Q

According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the effectiveness of an overall system of internal controls can be determined by assessing whether several specific components are in place, functioning effectively, and operating together in an integrated manner.

A. True
B. False

A

A. True

See pages 4.403-4.404 in the Fraud Examiner’s Manual

The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework (the Framework) identified five interrelated components of internal control: control environment, risk assessment, control activities, information and communication, and monitoring. The effectiveness of internal controls can be determined from an assessment of whether (1) each of these five components is in place and functioning effectively and (2) the five components are operating together in an integrated manner.

53
Q

An external auditor discovers a significant deficiency in an organization’s internal controls that could result in a material misstatement of the organization’s financial statements. Which of the following is FALSE regarding the auditor’s communication about these findings?

A. The communication should include a description of the deficiencies and an explanation of their potential effects.
B. The communication should note that the purpose of the audit was to express an opinion on the effectiveness of the organization’s internal controls.
C. The communication should be provided to management and those charged with governance.
D. The communication should be made in writing.

A

B. The communication should note that the purpose of the audit was to express an opinion on the effectiveness of the organization’s internal controls.

See pages 4.516-4.518 in the Fraud Examiner’s Manual

During a financial statement audit, the external auditor might identify deficiencies in the organization’s internal controls that could result in a misstatement in the financial statements. International Standard on Auditing (ISA) 265, Communicating Deficiencies in Internal Control to Those Charged with Governance and Management, provides guidance regarding the auditor’s responsibility to communicate such control deficiencies appropriately with management and those charged with governance.

According to ISA 265, the auditor is required to communicate in writing significant deficiencies in internal control identified during the audit to those charged with governance on a timely basis. In the written communications regarding significant deficiencies in internal controls, the auditor must include:

  • A description of the deficiencies and an explanation of their potential effects
  • Sufficient information to enable those charged with governance and management to understand the context of the communication, including explanations that the purpose of the audit was for the auditor to express an opinion on the financial statements and that the audit included consideration of internal control relevant to the preparation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of internal control.
54
Q

The G20/OECD Principles of Corporate Governance are binding and are required to be implemented by all corporations in jurisdictions that have officially adopted them.

A. True
B. False

A

B. False

See pages 4.309-4.310 in the Fraud Examiner’s Manual

The G20/OECD Principles of Corporate Governance (the Principles), a publication by the Organisation for Economic Co-operation and Development (OECD), is regarded as one of the primary sources of guidance for corporate governance practices for organizations throughout the world. The Principles are nonbinding, as their implementation must be adapted to different legal, economic, and cultural circumstances. This is a key strength of the Principles that makes them a useful tool worldwide, both in developed economies and in emerging markets.

55
Q

Internal auditing standards require the internal audit function, through the chief audit executive (CAE), to report periodically to senior management and the board of directors about the organization’s fraud risks.

A. True
B. False

A

A. True

See pages 4.526 in the Fraud Examiner’s Manual

The Institute of Internal Auditors’ (IIA) Standard 2060, Reporting to Senior Management and the Board, notes that the head of an organization’s internal audit function—the chief audit executive (CAE)—must report periodically to senior management and the board of directors on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan and on its conformance with The IIA’s Code of Ethics and its International Standards for the Professional Practice of Internal Auditing. Reporting must also include significant risk and control issues, including fraud risks, governance issues, and other matters that require the attention of senior management and/or the board of directors.

56
Q

The risk of an auditor not detecting a material misstatement resulting from fraud is higher than the risk of an auditor not detecting a material misstatement resulting from error.

A. True
B. False

A

A. True

See pages 4.505 in the Fraud Examiner’s Manual

The risk of an auditor not detecting a material misstatement resulting from fraud is higher than the risk of an auditor not detecting one resulting from error. This is because fraud might involve sophisticated and carefully organized schemes designed to conceal it, such as forgery, deliberate failure to record transactions, or intentional misrepresentations made to the auditor.

57
Q

Which of the following elements is required for a corporate compliance program to be effective?

A. Appropriate incentives for compliance with the program
B. Due diligence in the hiring process
C. Consistent punishment for employees who violate the program
D. All of the above

A

D. All of the above

See pages 4.407-4.408 in the Fraud Examiner’s Manual

The U.S. Sentencing Guidelines (USSG) for organizations (the Organizational Guidelines) provide a benchmark and foundational guidance for organizations in all countries for developing an effective compliance program. The Organizational Guidelines set forth the following seven factors that are minimally required for a corporate compliance program to be considered effective:

  1. Established standards and procedures to prevent and detect criminal conduct
  2. Proper assignment of responsibility and oversight for the compliance program
  3. Due diligence in the hiring process to ensure the ethics of individuals who exercise a substantial measure of discretion in acting on behalf of an organization
  4. Periodic and practical communication of the compliance policy through effective training programs and other means
  5. Steps to ensure program compliance through monitoring, auditing, periodically evaluating the program’s effectiveness, and having a publicized reporting system
  6. Promotion and consistent enforcement of the program through appropriate incentives for compliance and appropriate disciplinary measures for violations
  7. Reasonable response to any discovered criminal conduct in order to prevent further similar criminal conduct, including making any necessary modifications to the organization’s compliance and ethics program
58
Q

Effective corporate governance practices are MOST IMPORTANT for which of the following organizations?

A. A financial services company whose stock shares are traded on a public securities exchange
B. An advertising firm with 75 employees and four partners, all of whom actively participate in the business
C. A small souvenir shop in a tourist town that employs four retail clerks, in addition to the store’s owners
D. A sole-practitioner dentist’s office

A

A. A financial services company whose stock shares are traded on a public securities exchange

See pages 4.301 in the Fraud Examiner’s Manual

Solid corporate governance practices are most necessary in an organization in which the owners are not also the individuals responsible for setting its strategy and executing its business activities (e.g., in publicly traded companies).

59
Q

Luna, a Certified Fraud Examiner (CFE), was hired to investigate a company. After she carefully examined the company, she issued a report that stated, in part, “In my opinion, this operation is free of material fraud.” Such an opinion is permitted under the ACFE Code of Professional Ethics.

A. True
B. False

A

B. False

See pages 4.1012 in the Fraud Examiner’s Manual

Fraud examiners must always perform their work with an attitude of skepticism and begin with the belief that something is wrong or someone is committing a fraud (depending on the nature of the assignment and the preliminary information available). Furthermore, fraud examiners should relax their attitude of skepticism only when the evidence shows no signs of fraudulent activity. At no time is a fraud examiner entitled to assume a fraud problem does not exist. Thus, professional skepticism can be dispelled only by evidence. As a result, opinions or attestations about a fraud-free environment are absolutely prohibited for ACFE members.

60
Q

During an admission-seeking interview of a fraud suspect, Gary, a Certified Fraud Examiner (CFE), accuses the suspect of having committed a fraud. Gary’s accusation violates the ACFE Code of Professional Ethics.

A. True
B. False

A

B. False

See pages 4.1014, 4.1016 in the Fraud Examiner’s Manual

Article V of the ACFE Code of Professional Ethics states: “An ACFE Member, in conducting examinations, will obtain evidence or other documentation to establish a reasonable basis for any opinion rendered. No opinion shall be expressed regarding the guilt or innocence of any person or party.” Although it does not specifically state such, Article V really applies to statements of opinion made to third parties. If the fraud examiner was interviewing a suspect whose guilt was highly probable, the Code would not prohibit the fraud examiner from making accusations. The admission-seeking process, used extensively by fraud examiners, requires that accusations be made of the probable guilty party. As long as these accusations are not communicated to third parties, the fraud examiner would not be in violation of the Code.

61
Q

Rachel, an independent Certified Fraud Examiner (CFE), was hired by Laura, the chief executive officer (CEO) of Black and White Inc., to investigate a case of alleged vendor overbilling. During the investigation, Rachel learns that Laura is involved in an unrelated fraud scheme. Under the ACFE Code of Professional Ethics, Rachel should resign from the engagement without disclosing the evidence against Laura.

A. True
B. False

A

B. False

See pages 4.1021-4.1022 in the Fraud Examiner’s Manual

Difficult problems arise over fraud examiners’ obligations to expose clients’ or employers’ suspicious or illegal practices; thus, fraud examiners must act with prudent caution in such circumstances. In this case, the company’s board of directors should be advised and permitted to determine the next steps to take.

In general, fraud examiners are not obligated to report clients or employers. However, circumstances might exist in which the fraud examiner is morally and legally justified in making disclosures to appropriate outside parties. Examples of such circumstances include when a client or employer has intentionally involved a fraud examiner in its illegal conduct or when a client or employer has distributed misleading reports based on the fraud examiner’s work. If Rachel were to resign without disclosing the evidence, such action would be equal to allowing Laura’s scheme to continue without anyone being aware of the fraud. Fraud examiners would not be able to justify doing nothing.

62
Q

According to The Institute of Internal Auditors’ (IIA) International Standards for the Professional Practice of Internal Auditing, the internal audit activity must evaluate risk exposures relating to the organization’s governance, operations, and information systems regarding all the following EXCEPT:

A. Compliance with laws, regulations, and contracts
B. Sale of tangible and intangible assets
C. Reliability and integrity of financial and operational information
D. Effectiveness and efficiency of operations

A

B. Sale of tangible and intangible assets

See pages 4.527 in the Fraud Examiner’s Manual

According to The Institute of Internal Auditors’ (IIA) Standard 2120.A1, the internal audit activity must evaluate risk exposures relating to the organization’s governance, operations, and information systems regarding the:

  • Achievement of the organization’s strategic objectives
  • Reliability and integrity of financial and operational information
  • Effectiveness and efficiency of operations
  • Safeguarding of assets
  • Compliance with laws, regulations, and contracts
63
Q

Which of the following is NOT an effective response for addressing the risk of material misstatement due to fraud during a financial statement audit?

A. Implementing auditing procedures on an unannounced basis
B. Engaging in consistent auditing procedures each year
C. Using differing sampling methods when collecting data for audit testing
D. Assigning personnel with specialized knowledge to assist with a technical issue

A

B. Engaging in consistent auditing procedures each year

See pages 4.502, 4.511-4.512 in the Fraud Examiner’s Manual

Although fraud is a broad legal concept, for the purposes of International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, the auditor is concerned with fraud that causes a material misstatement in the financial statements. Under this standard, the auditor shall determine overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level. To do so, the auditor shall:

  • Assign and supervise personnel, taking account of the knowledge, skill, and ability of the individuals to be given significant engagement responsibilities and the auditor’s assessment of the risks of material misstatement due to fraud for the engagement; this might include assigning additional individuals with specialized skill and knowledge, such as forensic and IT specialists, or assigning more experienced individuals to the engagement.
  • Evaluate whether the selection and application of accounting policies by the entity, particularly those related to subjective measurements and complex transactions, might be indicative of fraudulent financial reporting resulting from management’s effort to manage earnings.
  • Incorporate an element of unpredictability in the selection of the nature, timing, and extent of audit procedures.
64
Q

Under the ACFE Code of Professional Ethics, evidence and conclusions are considered ___________ if knowledge of them would affect clients’ decisions based on a fraud examiner’s report.

A. Confidential
B. Material
C. Reliable
D. Circumstantial

A

B. Material

See pages 4.1022-4.1023 in the Fraud Examiner’s Manual

Evidence and conclusions are material if knowledge of them would affect clients’ decisions based on a fraud examiner’s report. Materiality is a user-oriented concept. If matters omitted from a report were known to the users, and their own perceptions and conclusions would be different due to this knowledge, then the omitted information is material. Article VII requires fraud examiners to reveal all material matters discovered during an examination, which, if omitted, could cause a distortion of the facts.

65
Q

Which of the following is a responsibility that the internal auditor should execute in conducting audit engagements?

A. Perform an assessment of the organization’s fraud risks
B. Contribute to the organizational fraud risk awareness and training at the request of senior management
C. Evaluate the design and operationalization of the fraud risk management program
D. All of the above

A

D. All of the above

See pages 4.529-4.530 in the Fraud Examiner’s Manual

To help auditors comply with their responsibilities concerning fraud, The Institute of Internal Auditors (IIA) released IPPF—Practice Guide: Internal Audit and Fraud (the Practice Guide). Although not mandatory, the guidance included in the Practice Guide is strongly recommended. Specifically, the Practice Guide states that to provide assurance on organization-wide fraud risk governance and management, the internal audit activity is required to:

  • Evaluate the organization’s structures and process for fraud risk governance.
  • Perform an assessment of the organization’s fraud risks.
  • Evaluate the design and operationalization of the fraud risk management program.
  • Communicate results and assurance to senior management and the board.

In addition, as part of its role as the third line in the Three Lines Model, the Practice Guide notes that the internal audit function should perform the following:

  • Report to senior management and the board on the adequacy and effectiveness of the fraud risk governance and management at an engagement and organization-wide level.
  • Conduct periodic and ad hoc assessments of the fraud risk management program using a suitable framework as appropriate to inform its approach.
  • Provide insight and advice to senior management and the board on opportunities to improve the organization’s fraud risk management.
  • Contribute to the organizational fraud risk awareness and training at the request of senior management.
66
Q

According to the International Organization of Supreme Audit Institutions’ (INTOSAI) standards for public-sector audits, the requirements for private-sector external auditors found in International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, also apply to government auditors during audits of public-sector financial statements.

A. True
B. False

A

A. True

See pages 4.539, 4.546-4.547 in the Fraud Examiner’s Manual

The International Organization of Supreme Audit Institutions (INTOSAI) operates as an umbrella organization for the external government audit community and provides an institutionalized framework for supreme audit institutions (SAIs) to foster the exchange of ideas, knowledge, and experiences; the organization acts as a recognized voice of SAIs within the international community. INTOSAI provides high-quality auditing standards in the form of International Standards of Supreme Audit Institutions (ISSAI) for the public sector to promote good governance.

ISSAI 1240 provides supplementary guidance regarding the applicability of International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, to public-sector financial statement audits. This practice note states that ISA 240 is applicable to auditors of public-sector entities in their role as auditors of financial statements and includes several specific considerations in applying ISA 240 to public-sector audits.

67
Q

Which of the following is one of the five interrelated components of a company’s internal control system, as laid out by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)?

A. Independent oversight
B. Risk assessment
C. Assurance function
D. Ethical culture

A

B. Risk assessment

See pages 4.403-4.404 in the Fraud Examiner’s Manual

The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework (the Framework) identified five interrelated components of internal control: control environment, risk assessment, control activities, information and communication, and monitoring. The effectiveness of internal controls can be determined from an assessment of whether (1) each of these five components is in place and functioning effectively and (2) the five components are operating together in an integrated manner.

68
Q

According to the G20/OECD Principles of Corporate Governance, a corporate governance framework should recognize the rights of which of the following parties?

A. Creditors
B. Shareholders
C. Employees
D. All of the above

A

D. All of the above

See pages 4.317 in the Fraud Examiner’s Manual

Chapter IV of the G20/OECD Principles of Corporate Governance (the Principles), a publication by the Organisation for Economic Co-operation and Development (OECD), states that “the corporate governance framework should recognize the rights of stakeholders established by law or through mutual agreements and encourage active cooperation between corporations and stakeholders in creating wealth, jobs, and the sustainability of financially sound enterprises.” Beyond just shareholders, this section of the Principles recognizes the need for organizations to consider employees, creditors, and other stakeholders in their corporate governance initiatives.

A key aspect of corporate governance is concerned with ensuring the flow of external capital to companies both in the form of equity and credit. Corporate governance is also concerned with finding ways to encourage the various stakeholders in the firm to undertake economically optimal levels of investment in firm-specific human and physical capital. The competitiveness and ultimate success of a corporation is the result of teamwork that embodies contributions from a range of different resource providers, including investors, employees, creditors, customers, suppliers, and other stakeholders. Corporations should recognize that the contributions of stakeholders constitute a valuable resource for building competitive and profitable companies.

69
Q

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, ________ involve(s) intentional misstatements in financial statements to deceive financial statement users.

A. Financial report item adjustments
B. Fraudulent financial reporting
C. Financial reporting errors
D. Auditor misrepresentations

A

B. Fraudulent financial reporting

See pages 4.503 in the Fraud Examiner’s Manual

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, fraudulent financial reporting involves intentional misstatements, including omissions of amounts or disclosures, in financial statements to deceive financial statement users. It can be caused by the efforts of management to manage earnings to deceive financial statement users by influencing their perceptions as to the entity’s performance and profitability.

70
Q

Fraud examiners should consider the nature of the assignment and the preliminary information that is available when forming the engagement hypothesis.

A. True
B. False

A

A. True

See pages 4.1012 in the Fraud Examiner’s Manual

As part of exercising professional integrity and competence, fraud examiners must always perform their work with a mindset of professional skepticism and begin assignments with the belief that something is wrong or someone is committing a fraud (depending on the nature of the assignment and the preliminary information available). Furthermore, fraud examiners should relax their attitude of skepticism only when the evidence shows no signs of fraudulent activity. At no time is a fraud examiner entitled to assume a fraud problem does not exist. Thus, professional skepticism can be dispelled only by evidence. As a result, opinions or attestations about a fraud-free environment are absolutely prohibited for ACFE members.

71
Q

The primary purpose of International Standard on Auditing (ISA) 240 is to:

A. Establish standards and provide guidance on the auditor’s responsibility to consider fraud in an audit of financial statements
B. Establish auditors as being primarily responsible for the prevention and detection of fraud within an organization
C. Establish requirements for auditors related to designing and implementing fraud-related internal controls
D. All of the above

A

A. Establish standards and provide guidance on the auditor’s responsibility to consider fraud in an audit of financial statements

See pages 4.502 in the Fraud Examiner’s Manual

The purpose of International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, is to establish standards and provide guidance on the auditor’s responsibility to consider fraud in an audit of financial statements. ISA 240 also expands on how the standards and guidance in ISA 315 (Revised), Identifying and Assessing the Risks of Material Misstatement, and ISA 330, The Auditor’s Responses to Assessed Risks, are to be applied in relation to the risks of material misstatement due to fraud. The standards and guidance in ISA 240 are intended to be integrated into the overall audit process.

72
Q

Ownership of an equity share in a publicly traded company provides an investor with a right to certain information about the corporation and a right to influence the corporation through participation in general shareholder meetings and by voting.

A. True
B. False

A

A. True

See pages 4.313-4.314 in the Fraud Examiner’s Manual

Equity investors have certain property rights. For example, an equity share in a publicly traded company can be bought, sold, or transferred. An equity share also entitles the investor to participate in the profits of the corporation, with liability limited to the amount of the investment. In addition, ownership of an equity share provides a right to information about the corporation and a right to influence the corporation, primarily by participation in general shareholder meetings and by voting.

73
Q

For a corporate compliance program to be effective, the company must proactively monitor, audit, and evaluate the program’s components.

A. True
B. False

A

A. True

See pages 4.407-4.408 in the Fraud Examiner’s Manual

The U.S. Sentencing Guidelines (USSG) for organizations (the Organizational Guidelines) provide a benchmark and foundational guidance for organizations in all countries for developing an effective compliance program. The Organizational Guidelines set forth the following seven factors that are minimally required for a corporate compliance program to be considered effective:

  1. Established standards and procedures to prevent and detect criminal conduct
  2. Proper assignment of responsibility and oversight for the compliance program
  3. Due diligence in the hiring process to ensure the ethics of individuals who exercise a substantial measure of discretion in acting on behalf of an organization
  4. Periodic and practical communication of the compliance policy through effective training programs and other means
  5. Steps to ensure program compliance through monitoring, auditing, periodically evaluating the program’s effectiveness, and having a publicized reporting system
  6. Promotion and consistent enforcement of the program through appropriate incentives for compliance and appropriate disciplinary measures for violations
  7. Reasonable response to any discovered criminal conduct in order to prevent further similar criminal conduct, including making any necessary modifications to the organization’s compliance and ethics program
74
Q

Which of the following is a fraud examiner permitted to express an opinion regarding?

A. The innocence of a particular individual
B. The guilt of a particular individual
C. The effectiveness of an organization’s internal controls
D. None of the above

A

C. The effectiveness of an organization’s internal controls

See pages 4.1014, 4.1016-4.1017 in the Fraud Examiner’s Manual

Article V of the ACFE Code of Professional Ethics states: “An ACFE Member, in conducting examinations, will obtain evidence or other documentation to establish a reasonable basis for any opinion rendered. No opinion shall be expressed regarding the guilt or innocence of any person or party.” The only opinions strictly not allowed are those regarding the guilt or innocence of any person or party. However, opinions regarding technical matters generally are permitted if the fraud examiner is qualified as an expert in the matter. For example, a permissible opinion might address the relative adequacy of an entity’s internal controls. Likewise, a permissible opinion might regard whether financial transactions conform to generally accepted accounting principles (GAAP).

75
Q

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) recommends that corporations implement control activities through formal policies that establish what is expected and procedures that put policies into action.

A. True
B. False

A

A. True

See pages 4.405 in the Fraud Examiner’s Manual

According to the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework (the Framework), control activities are the policies and procedures that enforce management’s directives intended to mitigate risk. These actions are performed at all levels of the organization, at all stages of business processes, and through both manual and automated procedures. They can be designed to prevent the occurrence of risks, detect the occurrence of risks, or both.

The following principles concern an organization’s control activities:

  • The organization selects and develops control activities that mitigate risks to the achievement of objectives to acceptable levels.
  • The organization selects and develops general control activities over technology to support the achievement of objectives.
  • The organization deploys control activities through policies that establish what is expected and procedures that put policies into action.
76
Q

Under the ACFE Code of Professional Ethics, fraud examiners are absolutely prohibited from expressing opinions regarding the guilt or innocence of any party.

A. True
B. False

A

A. True

See pages 4.1014, 4.1016 in the Fraud Examiner’s Manual

The guilt or innocence of any person or party is the sole judgment of the judge or jury, not of the fraud examiner. Consequently, fraud examiners are absolutely prohibited from expressing opinions regarding guilt or innocence. Article V of the ACFE Code of Professional Ethics states: “An ACFE Member, in conducting examinations, will obtain evidence or other documentation to establish a reasonable basis for any opinion rendered. No opinion shall be expressed regarding the guilt or innocence of any person or party.”

77
Q

According to The Institute of Internal Auditors’ (IIA) International Standards for the Professional Practice of Internal Auditing, due professional care implies infallibility.

A. True
B. False

A

B. False

See pages 4.526 in the Fraud Examiner’s Manual

The Institute of Internal Auditors’ (IIA) Standard 1220 states that internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor. Standard 1220 also states, however, that due professional care does not imply infallibility.

78
Q

Which of the following is an example of a violation of the ACFE Code of Professional Ethics’ requirement for diligent, professional behavior?

A. Ignoring vital investigation steps to improve the efficiency of a fraud examination
B. Delegating a task to a lower-level employee and supervising their performance
C. Obtaining more evidence than the minimum amount needed to prove a case
D. All of the above

A

A. Ignoring vital investigation steps to improve the efficiency of a fraud examination

See pages 4.1002, 4.1005 in the Fraud Examiner’s Manual

Ignoring vital investigation steps to improve the efficiency of a fraud examination would not only create the possibility of missing key pieces of evidence, but it would also be a violation of Article I of the ACFE Code of Professional Ethics. This article states that “an ACFE Member shall, at all times, demonstrate a commitment to professionalism and diligence in the performance of their duties.” The “diligence in the performance of their duties” phrase in this rule refers to several activities that collectively define high-quality fraud examination work, including properly planning assignments and supervising assistants and colleagues, avoiding conflicts of interest, performing tasks with competence, obtaining sufficient evidence to establish a basis for opinions, maintaining confidential relations, and avoiding distortion of facts.

79
Q

Under the ACFE Code of Professional Ethics, information provided to a fraud examiner by a client is considered privileged information and is therefore protected from being legally demanded by outside parties.

A. True
B. False

A

B. False

See pages 4.1018-4.1019 in the Fraud Examiner’s Manual

Privileged information is information that cannot be demanded, even by a court. Legal professional privilege prevents disclosure of confidential communications between professional legal advisors (e.g., solicitors, barristers, attorneys) and their clients. Some jurisdictions provide similar professional privileges for physicians and priests. However, fraud examiners do not have any such privilege in common law or by statute, and the ACFE Code of Professional Ethics does not assume a privileged status for the fraud examiner-client/employer relationship.

80
Q

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) identified five interrelated components of _________________.

A. Professional development
B. Internal control
C. Fraud
D. Ethical theories

A

B. Internal control

See pages 4.403-4.404 in the Fraud Examiner’s Manual

The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework (the Framework) identified five interrelated components of internal control: control environment, risk assessment, control activities, information and communication, and monitoring. The effectiveness of internal controls can be determined from an assessment of whether (1) each of these five components is in place and functioning effectively and (2) the five components are operating together in an integrated manner.

81
Q

Which of the following should the internal audit function include in its communications with senior management and the board of directors about fraud?

A. Management’s level of cooperation with the assessment of the organization’s fraud risk governance and management
B. Whether management possesses the necessary skills, resources, and inclination to provide effective fraud risk management
C. Any significant residual fraud risks
D. All of the above

A

D. All of the above

See pages 4.533 in the Fraud Examiner’s Manual

The chief audit executive (CAE)—the head of an organization’s internal audit function—must communicate to senior management and the board any significant fraud risk, control, and governance issues. The board and CAE should determine the level of materiality and protocols for escalation, as well as discuss the pressures and opportunities for fraud that exist given the organization’s culture and controls. In addition, the CAE is responsible for assuring the board that the level of risk that management accepts is consistent with the board’s fraud risk appetite, as well as updating the board on the status of any suspected fraud that has been previously reported and any continuing investigations.

Specifically, the CAE should include the following matters in its reports to senior management and the board:

  • Is fraud risk management comprehensive, continuous, and aligned with the organization’s strategic objectives?
  • Is the fraud risk management program documented and supported by an organization-wide level of awareness?
  • Are arrangements for governance of fraud risk management adequate and effective, including an anti-fraud culture led by senior management and the board?
  • Does management possess the necessary skills, resources, and inclination to provide effective fraud risk management?
  • Did management cooperate with the assessment of the organization’s fraud risk governance and management, or was there any resistance?
  • Are there any significant residual fraud risks?
  • Has management accepted a level of fraud that is consistent with the board’s risk appetite and the objectives of the organization? If not and the CAE has been unable to resolve the matter, has this been communicated to the board?
82
Q

The term _______ refers to the oversight responsibilities of different parties for an organization’s direction, operations, and performance.

A. Risk management
B. Corporate governance
C. Fraud risk assessment
D. Corporate compliance

A

B. Corporate governance

See pages 4.301 in the Fraud Examiner’s Manual

The term corporate governance refers to a corporation’s government; the term is broadly used to describe the oversight responsibilities of different parties for an organization’s direction, operations, and performance. More specifically, the Organisation for Economic Co-operation and Development’s (OECD) “Glossary of Statistical Terms” defines corporate governance as “[The] procedures and processes according to which an organisation is directed and controlled. The corporate governance structure specifies the distribution of rights and responsibilities among the different participants in the organisation—such as the board, managers, shareholders and other stakeholders—and lays down the rules and procedures for decision-making.”

83
Q

The _______________ provides guidance for policymakers in evaluating and improving the legal, regulatory, and institutional framework for corporate governance.

A. IOSCO Principles for Auditor Oversight
B. INTOSAI Code of Ethics
C. IIA Standards for the Professional Practice of Internal Auditing
D. G20/OECD Principles of Corporate Governance

A

D. G20/OECD Principles of Corporate Governance

See pages 4.309-4.310 in the Fraud Examiner’s Manual

The G20/OECD Principles of Corporate Governance (the Principles), a publication by the Organisation for Economic Co-operation and Development (OECD), is regarded as one of the primary sources of guidance for corporate governance practices for organizations throughout the world. According to the OECD, the Principles “are intended to help policymakers evaluate and improve the legal, regulatory, and institutional framework for corporate governance with a view to support economic efficiency, sustainable growth, and financial stability.” Policymakers in many countries have used these Principles as a basis for legislative and regulatory corporate governance initiatives.

84
Q

The risk of the auditor not detecting a material misstatement resulting from employee fraud is greater than the risk of the auditor not detecting a material misstatement resulting from management fraud.

A. True
B. False

A

B. False

See pages 4.506 in the Fraud Examiner’s Manual

The risk of the auditor not detecting a material misstatement resulting from management fraud is greater than for employee fraud because management is frequently able to manipulate accounting records directly or indirectly, present fraudulent financial information, or override control procedures designed to prevent similar frauds by other employees.

85
Q

The external auditor should perform which of the following procedures to obtain information to use in identifying the risks of material misstatement due to fraud?

A. Evaluate whether the information obtained from the risk assessment procedures indicates that fraud risk factors are present
B. Evaluate any unusual or unexpected relationships that have been identified in performing analytical procedures
C. Make inquiries of management and others within the entity to determine whether they have knowledge of any actual, suspected, or alleged fraud affecting the entity
D. All of the above

A

D. All of the above

See pages 4.508-4.509 in the Fraud Examiner’s Manual

When performing risk assessment procedures and related activities to obtain an understanding of the entity and its environment, including the entity’s internal control, the auditor should perform the following procedures to obtain information for use in identifying the risks of material misstatement due to fraud:

  • Make inquiries of management and others within the entity to determine whether they have knowledge of any actual, suspected, or alleged fraud affecting the entity.
  • Evaluate any unusual or unexpected relationships that have been identified in performing analytical procedures.
  • Evaluate whether the information obtained from the risk assessment procedures and related activities indicates that one or more fraud risk factors are present.
  • Consider whether any other information obtained by the auditor indicates risks of material misstatement due to fraud.
86
Q

Generally, fraud examiners are NOT entitled to claim ignorance of the law as a defense for illegal activity.

A. True
B. False

A

A. True

See pages 4.1006-4.1007 in the Fraud Examiner’s Manual

Some rules for professionals insert the word knowingly in relation to illegal activities, saying that “One should not knowingly be a party to an illegal activity.” The ACFE Code of Professional Ethics does not include this technicality. Fraud examiners are generally not entitled to claim ignorance of the law. They are expected to know a considerable amount of law in connection with investigations, and they are expected to know when to consult a lawyer.

87
Q

Which of the following statements is TRUE regarding the disclosure of confidential client information?

A. Confidential information provided to a fraud examiner by a client is considered privileged and therefore legally exempt from disclosure in all circumstances.
B. A fraud examiner can reveal confidential client information when responding to a legal court order.
C. A fraud examiner is only allowed to respond to a legal court order when their client grants them authorization to do so.
D. A fraud examiner is always bound by confidentiality, even when refusing to disclose information violates the law.

A

B. A fraud examiner can reveal confidential client information when responding to a legal court order.

See pages 4.1012, 4.1017, 4.1019 in the Fraud Examiner’s Manual

Two articles of the ACFE Code of Professional Ethics apply in situations regarding release of confidential client information. Article IV states: “An ACFE Member will comply with the lawful orders of the courts, and will testify to matters truthfully and without bias or prejudice.” Article VI states: “An ACFE Member shall not reveal any confidential information obtained during a professional engagement without proper authorization.” However, fraud examiners are not bound by confidentiality when doing so would violate the law. Thus, fraud examiners can reveal client confidences when responding to a legal court order.

88
Q

Justine, a Certified Fraud Examiner (CFE), was contacted regarding an engagement to investigate a complex insurance fraud case involving an organized crime ring. Justine had previously taken a self-study continuing professional education (CPE) course on insurance fraud schemes, but she had no other training or experience. However, she accepted the engagement and chose to conduct the work herself. Justine’s conduct would likely be a violation of the ACFE Code of Professional Ethics.

A. True
B. False

A

A. True

See pages 4.1009-4.1010 in the Fraud Examiner’s Manual

Based on the facts provided, Justine likely violated Article III of the ACFE Code of Professional Ethics, which states: “An ACFE Member shall, at all times, exhibit the highest level of integrity in the performance of all professional assignments, and will accept only assignments for which there is reasonable expectation that the assignment will be completed with professional competence.” Professional competence refers to how well fraud examiners do their job. Determination of competence always depends on the specific facts and circumstances of the assignment. In this situation, if Justine had only received basic training and had no other experience in insurance fraud investigations, then she would not be considered qualified or professionally competent to conduct such an examination for a client. Such conduct would be a violation of Article III, which requires fraud examiners to accept only those assignments that can be completed with professional competence.

89
Q

According to the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) internal control model, an organization should perform both ongoing evaluations and periodic, separate evaluations to ascertain whether the components of internal control are present and functioning.

A. True
B. False

A

A. True

See pages 4.406 in the Fraud Examiner’s Manual

Monitoring is the process that assesses the effectiveness of a control system over time. This component of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework (the Framework) should include both ongoing evaluations and periodic, separate evaluations, the findings of which should be evaluated against predefined criteria. The following are the Framework principles supporting this component:

  • The organization selects, develops, and performs ongoing and separate evaluations to ascertain whether the components of internal control are present and functioning.
  • The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.
90
Q

The ACFE Code of Professional Ethics explicitly prohibits which of the following?

A. Undisclosed conflicts of interest
B. Illegal conduct
C. Unethical conduct
D. All of the above

A

D. All of the above

See pages 4.1005 in the Fraud Examiner’s Manual

Article II of the ACFE Code of Professional Ethics states: “An ACFE Member shall not engage in any illegal or unethical conduct, or any activity which would constitute a conflict of interest that has not been properly disclosed to the appropriate parties.” This rule is a composite of three explicit prohibitions: illegal conduct, unethical conduct, and undisclosed conflicts of interest.

91
Q

________ in the context of corporate governance generally refers to the clarity, accuracy, completeness, and timeliness of the financial statements and other information provided by management to shareholders.

A. Accountability
B. Fairness
C. Responsibility
D. Transparency

A

D. Transparency

See pages 4.309 in the Fraud Examiner’s Manual

Transparency in the context of corporate governance generally refers to the clarity, accuracy, completeness, and timeliness of the financial statements and other information provided by management to shareholders. The organization’s governance processes must include policies and procedures designed to ensure transparent disclosure of all material matters that the shareholders need to be able to make timely and informed decisions regarding their investment in the company. An independent audit of the financial statements is one such mechanism that helps meet this objective.

92
Q

According to the G20/OECD Principles of Corporate Governance, companies should disclose all financial information to investors, regardless of the cost burden of the disclosure or the disclosure’s possible negative effects on the company’s competitive position.

A. True
B. False

A

B. False

See pages 4.318-4.319 in the Fraud Examiner’s Manual

According to Chapter V of the G20/OECD Principles of Corporate Governance (the Principles), a publication by the Organisation for Economic Co-operation and Development (OECD), “The corporate governance framework should ensure that timely and accurate disclosure is made on all material matters regarding the corporation, including the financial situation, performance, ownership, and governance of the company.” However, such disclosure requirements are not expected to place unreasonable administrative or cost burdens on enterprises. Nor are companies expected to disclose information that may endanger their competitive position unless disclosure is necessary to fully inform the investment decision and to avoid misleading the investor. To determine what information should be disclosed at a minimum, many countries apply the concept of materiality. Material information can be defined as information whose omission or misstatement could influence the economic decisions taken by users of that information.

93
Q

Government auditors’ requirements for reporting fraud may be subject to specific provisions of the audit mandate and can vary depending on the jurisdiction.

A. True
B. False

A

A. True

See pages 4.549 in the Fraud Examiner’s Manual

In addition to the communications with management and those charged with governance required under International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, public-sector auditors may be required or may decide to communicate matters with other parties, such as the legislature. Furthermore, the requirements for reporting of fraud in the public sector may be subject to specific provisions of the audit mandate or related legislation or regulation (e.g., regulatory and enforcement authorities). In some environments, there may be a duty to refer indications of fraud to investigative bodies and even cooperate with such bodies to determine if fraud or abuse has occurred. In other environments, public-sector auditors may be obliged to report circumstances that may indicate the possibility of fraud or abuse to the competent jurisdictional body or to the appropriate part of the government or legislature, such as prosecutors, the police, and (if relevant to legislation) affected third parties. Consequently, public-sector auditors need to be familiar with applicable laws and regulations regarding reporting, communication, and documentation of indications or suspicions of fraud. They should also take care to avoid interfering with potential investigations or legal proceedings and should consider the need to obtain legal advice in issues regarding indications of fraud.

94
Q

During an audit of a public-sector organization, a government auditor discovers evidence of potential fraud. To which of the following parties might the auditor be required to report this information?

A. The relevant legislative body
B. Affected third parties
C. Those charged with governance
D. All of the above

A

D. All of the above

See pages 4.549 in the Fraud Examiner’s Manual

In addition to the communications with management and those charged with governance required under International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, public-sector auditors may be required or may decide to communicate matters with other parties, such as the legislature. Furthermore, the requirements for reporting of fraud in the public sector may be subject to specific provisions of the audit mandate or related legislation or regulation (e.g., regulatory and enforcement authorities). In some environments, there may be a duty to refer indications of fraud to investigative bodies and even cooperate with such bodies to determine if fraud or abuse has occurred. In other environments, public-sector auditors may be obliged to report circumstances that may indicate the possibility of fraud or abuse to the competent jurisdictional body or to the appropriate part of the government or legislature, such as prosecutors, the police, and (if relevant to legislation) affected third parties. Consequently, public-sector auditors need to be familiar with applicable laws and regulations regarding reporting, communication, and documentation of indications or suspicions of fraud. They should also take care to avoid interfering with potential investigations or legal proceedings and should consider the need to obtain legal advice in issues regarding indications of fraud.

95
Q

Failing to properly supervise all assistants and others who are delegated work on a fraud examination engagement is a violation of the ACFE Code of Professional Ethics.

A. True
B. False

A

A. True

See pages 4.1002, 4.1005 in the Fraud Examiner’s Manual

Failing to properly supervise all assistants and others who are delegated work on a fraud examination engagement would be in violation of Article I of the ACFE Code of Professional Ethics. This article states that “an ACFE Member shall, at all times, demonstrate a commitment to professionalism and diligence in the performance of their duties.” The “diligence in the performance of their duties” phrase in this rule refers to several activities that collectively define high-quality fraud examination work, including properly planning assignments and supervising assistants and colleagues, avoiding conflicts of interest, performing tasks with competence, obtaining sufficient evidence to establish a basis for opinions, maintaining confidential relations, and avoiding distortion of facts.

96
Q

Effective corporate governance is the foundation of fraud risk management.

A. True
B. False

A

A. True

See pages 4.307 in the Fraud Examiner’s Manual

The importance of active and committed board participation in the fraud risk management process cannot be overstated. As stated in the Fraud Risk Management Guide, a joint publication by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the ACFE, fraud risk governance is one of the principles of effective fraud risk management, and “the board of directors and senior management provide a solid foundation of fraud risk management.” Managing the Business Risk of Fraud: A Practical Guide, the predecessor to the Fraud Risk Management Guide, expands this point, noting, “Effective governance processes are the foundation of fraud risk management. Lack of effective corporate governance seriously undermines any fraud risk management program.”

97
Q

Specific corporate governance requirements for publicly traded corporations in all jurisdictions are:

A. Mandated by the G20/OECD Principles of Corporate Governance
B. Considered optional and left to the discretion of the corporation’s board of directors
C. Contained in the various laws and regulations imposed upon corporations in the jurisdictions in which they operate
D. Found in the Universal Corporate Governance Act

A

C. Contained in the various laws and regulations imposed upon corporations in the jurisdictions in which they operate

See pages 4.322-4.325 in the Fraud Examiner’s Manual

Although there is not a universal law or set of rules for corporate governance, legislators, regulators, and other bodies around the world have issued guidance that provides best practices and requirements that organizations should enact as appropriate. For example, the G20/OECD Principles of Corporate Governance (the Principles) provide a nonbinding foundational corporate governance framework for organizations throughout the world.

Additionally, in many jurisdictions, organizations—particularly those that are publicly traded—are subject to specific corporate governance requirements. These requirements might take the form of legislation (e.g., the U.S. Sarbanes-Oxley Act of 2002 [SOX] and similar legislation in Japan, Canada, Turkey, and other countries) or as conditions set for companies listed on stock exchanges (e.g., the NYSE [New York Stock Exchange] Listed Company Manual, the UK Corporate Governance Code, and the King Code in South Africa). Therefore, companies should be familiar with the existing guidance specific to all the regions in which they operate, and those charged with governance should ensure compliance with the laws and regulations governing their organization.

98
Q

Which of the following parties is responsible for overseeing business operations by assessing the strategy and underlying purpose of management’s decisions and actions?

A. Industry regulators
B. External auditors
C. The board of directors
D. Shareholders

A

C. The board of directors

See pages 4.302 in the Fraud Examiner’s Manual

A corporation’s board of directors is made up of individuals who are generally elected by the entity’s voting members (e.g., shareholders in the case of a corporation or members in the case of an association). The directors represent the intermediaries between the corporation’s owners (i.e., shareholders) and those executing its activities (i.e., management), and they act as guardians of the organization’s resources and assets. As such, the board oversees business operations by assessing the strategy and underlying purpose of management’s decisions and actions.

99
Q

Under the ACFE Code of Professional Ethics, fraud examiners are strictly prohibited from accepting assignments to uncover fraud in a company in which they have a major interest.

A. True
B. False

A

B. False

See pages 4.1005, 4.1007 in the Fraud Examiner’s Manual

Article II of the ACFE Code of Professional Ethics states: “An ACFE Member shall not engage in any illegal or unethical conduct, or any activity which would constitute a conflict of interest that has not been properly disclosed to the appropriate parties.” However, a fraud examiner does not have the same responsibilities as, for example, a chartered accountant (CA) or certified public accountant (CPA). Generally, a CA or CPA would not be able to express an audit opinion on a company in which they held a major financial interest. In the case of the fraud examiner, they would be able to accept such an assignment under most conditions, since the goal of the fraud examiner is to gather facts regarding a potential fraud, not to express an opinion. The fraud examiner should, however, make appropriate disclosures regarding any major financial interests they have.

100
Q

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, the auditor is primarily concerned with fraud that is determined to meet the legal definition of fraud.

A. True
B. False

A

B. False

See pages 4.502 in the Fraud Examiner’s Manual

Although fraud is a broad legal concept, for the purposes of International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, the auditor is concerned with fraud that causes a material misstatement in the financial statements. Two types of intentional misstatements are relevant to the auditor: misstatements resulting from fraudulent financial reporting and misstatements resulting from the misappropriation of assets. Although the auditor might suspect or, in rare cases, identify the occurrence of fraud, the auditor does not make legal determinations of whether fraud has occurred.

101
Q

The evaluation and communication of internal control deficiencies in a timely manner to those parties responsible for taking corrective action is a principle related to which component of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework (the Framework)?

A. Information and communication
B. Risk assessment
C. Control activities
D. Monitoring

A

D. Monitoring

See pages 4.406 in the Fraud Examiner’s Manual

Monitoring is the process that assesses the effectiveness of a control system over time. This component of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework (the Framework) should include both ongoing evaluations and periodic, separate evaluations, the findings of which should be evaluated against predefined criteria. The following are the Framework principles supporting this component:

  • The organization selects, develops, and performs ongoing and separate evaluations to ascertain whether the components of internal control are present and functioning.
  • The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.
102
Q

Specific corporate governance practices for publicly traded corporations are often mandated by the listing standards for the stock markets on which they are listed.

A. True
B. False

A

A. True

See pages 4.324-4.325 in the Fraud Examiner’s Manual

In many jurisdictions, organizations—particularly those that are publicly traded—are subject to specific corporate governance requirements. These requirements might take the form of legislation (e.g., the U.S. Sarbanes-Oxley Act of 2002 [SOX] and similar legislation in Japan, Canada, Turkey, and other countries) or as conditions set for companies listed on stock exchanges (e.g., the NYSE [New York Stock Exchange] Listed Company Manual, the UK Corporate Governance Code, and the King Code in South Africa). Therefore, companies should be familiar with the existing guidance specific to all the regions in which they operate, and those charged with governance should ensure compliance with the laws and regulations governing their organization.

103
Q

Which of the following parties is responsible for directing employees to execute business activities and managing their performance of those tasks?

A. External auditors
B. The board of directors
C. Management
D. Shareholders

A

C. Management

See pages 4.306 in the Fraud Examiner’s Manual

An organization’s management team leads the organization and its employees. Management is responsible for making the daily decisions that affect company performance and, ultimately, shareholder wealth. Management’s roles relating to corporate governance include:

  • Establishing strategic goals and operating objectives under the board’s oversight
  • Directing employees to execute business activities and managing their performance of those tasks
  • Determining the use and allocation of company resources and assets
  • Evaluating the organization’s successes or failures and recalibrating the strategic approach accordingly
  • Holding responsibility for the design and operation of the organization’s internal controls
  • Setting the organization’s true ethical tone
104
Q

According to The Institute of Internal Auditors’ (IIA) International Standards for the Professional Practice of Internal Auditing, the internal audit team must evaluate the potential for the occurrence of fraud and the organization’s fraud risk management initiatives.

A. True
B. False

A

A. True

See pages 4.527 in the Fraud Examiner’s Manual

According to The Institute of Internal Auditors’ (IIA) Standard 2120.A2, the internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk.

105
Q

In the context of a fraud examination, the preservation of integrity requires that the fraud examiner avoid all differences of opinion regarding all material matters with the other parties to the engagement.

A. True
B. False

A

B. False

See pages 4.1009-4.1010 in the Fraud Examiner’s Manual

Integrity requires honesty, truthfulness, trustworthiness, and confidentiality. It also requires prioritizing the interests of clients, employers, and the public over desires for personal gain. It requires independence of mental attitude and avoidance of conflicts of interest. Additionally, integrity means that a fraud examiner should have a well-developed sense of moral philosophy—an ability to analyze situations where no rules of the ACFE Code of Professional Ethics are specifically applicable and to be able to distinguish right from wrong. It does not mean, however, that an ACFE member must be perfect in all technical matters, nor does it mean that fraud examiners and others cannot have honest differences of opinion. Throughout a fraud examination, inadvertent errors, mistakes of judgment, and other problems might cause conflict. In such cases, a fraud examiner can preserve integrity either by admitting error or by convincingly justifying a difference of perception or opinion.

106
Q

Which of the following is part of management’s responsibilities for the anti-fraud program?

A. Responding appropriately to instances of fraud
B. Ensuring the effectiveness of the program
C. Setting the organization’s ethical tone
D. All of the above

A

D. All of the above

See pages 4.401 in the Fraud Examiner’s Manual

While many parties—including the board of directors, internal auditors, and external auditors—have an important role in combatting fraud, management is ultimately responsible for the prevention and detection of fraud within an organization. This means that it is management who holds the primary responsibility for:

Designing, implementing, overseeing, and ensuring the effectiveness of the anti-fraud program
Setting the organization’s ethical tone and reinforcing an anti-fraud culture
Demonstrating that fraud will not be tolerated at any level
Responding appropriately to instances of fraud

107
Q

In the context of a fraud examination, integrity requires:

A. A well-developed moral philosophy and the ability to determine right from wrong
B. Independence of mental attitude and avoidance of conflicts of interest
C. Prioritizing the interests of clients, employers, and the public over desires for personal gain
D. All of the above

A

D. All of the above

See pages 4.1009-4.1010 in the Fraud Examiner’s Manual

Integrity requires honesty, truthfulness, trustworthiness, and confidentiality. It also requires prioritizing the interests of clients, employers, and the public over desires for personal gain. It requires independence of mental attitude and avoidance of conflicts of interest. Additionally, integrity means that a fraud examiner should have a well-developed sense of moral philosophy—an ability to analyze situations where no rules of the ACFE Code of Professional Ethics are specifically applicable and to be able to distinguish right from wrong. It does not mean, however, that an ACFE member must be perfect in all technical matters, nor does it mean that fraud examiners and others cannot have honest differences of opinion. Throughout a fraud examination, inadvertent errors, mistakes of judgment, and other problems might cause conflict. In such cases, a fraud examiner can preserve integrity either by admitting error or by convincingly justifying a difference of perception or opinion.

108
Q

According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the control environment of an organization:

A. Sets the moral and ethical tone of the organization
B. Provides the foundation for the overall internal control system
C. Is established by directors and senior management
D. All of the above

A

D. All of the above

See pages 4.404 in the Fraud Examiner’s Manual

The control environment provides the foundation for the internal control system throughout the entire organization. Established by the directors and senior management, it sets the moral and ethical tone of an organization, which reinforces the importance of internal controls and expected standards of conduct.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) provides five principles supporting the design and implementation of an effective control environment:

  1. Personnel at all levels demonstrate a commitment to integrity and ethical values.
  2. The board of directors is independent from management and oversees the development and performance of internal control.
  3. With board oversight, management establishes the structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of organizational objectives.
  4. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.
  5. The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.
109
Q

Which of the following is NOT one of the responsibilities of the internal auditor with regard to fraud?

A. Contribute to the organizational fraud risk awareness and training at the request of senior management.
B. Report all findings of fraud to the appropriate regulators within ten working days.
C. Evaluate the organization’s structures and process for fraud risk governance.
D. Provide insight and advice to senior management and the board on opportunities to improve the organization’s fraud risk management.

A

B. Report all findings of fraud to the appropriate regulators within ten working days.

See pages 4.529-4.530 in the Fraud Examiner’s Manual

To help auditors comply with their responsibilities concerning fraud, The Institute of Internal Auditors (IIA) released IPPF—Practice Guide: Internal Audit and Fraud (the Practice Guide). Although not mandatory, the guidance included in the Practice Guide is strongly recommended. Specifically, the Practice Guide states that to provide assurance on organization-wide fraud risk governance and management, the internal audit activity is required to:

  • Evaluate the organization’s structures and process for fraud risk governance.
  • Perform an assessment of the organization’s fraud risks.
  • Evaluate the design and operationalization of the fraud risk management program.
  • Communicate results and assurance to senior management and the board.

In addition, as part of its role as the third line in the Three Lines Model, the Practice Guide notes that the internal audit function should perform the following:

  • Report to senior management and the board on the adequacy and effectiveness of the fraud risk governance and management at an engagement and organization-wide level.
  • Conduct periodic and ad hoc assessments of the fraud risk management program using a suitable framework as appropriate to inform its approach.
  • Provide insight and advice to senior management and the board on opportunities to improve the organization’s fraud risk management.
  • Contribute to the organizational fraud risk awareness and training at the request of senior management.
110
Q

During a fraud examination, Omar, an employee of XYZ Inc., approaches Maryam, a Certified Fraud Examiner (CFE) and fellow employee of XYZ, and tells her that he knows of a major fraud being committed by company management. However, Omar says he can only provide details if Maryam promises him absolute confidentiality. In response to Omar’s condition, Maryam should agree to keep the source of the information confidential even though she knows she will eventually have to reveal Omar’s identity.

A. True
B. False

A

B. False

See pages 4.1020 in the Fraud Examiner’s Manual

Fraud examiners must remember that the confidentiality relationship is between a fraud examiner and their client or employer and that this promise of confidentiality is understood to exist without the need for affirmation. In the case of Omar (the employee/informant), Maryam (the Certified Fraud Examiner [CFE]) does not have an understood or unspoken promise of confidentiality. Maryam should tell Omar that she will try to keep the information as confidential as possible, but it would be unethical for Maryam to promise confidentiality to the employee; her first obligation is to the employer.

111
Q

Which of the following parties is ultimately responsible for the prevention and detection of fraud within an organization?

A. Internal auditors
B. Board of directors
C. Management
D. External auditors

A

C. Management

See pages 4.401 in the Fraud Examiner’s Manual

While many parties—including the board of directors, internal auditors, and external auditors—have an important role in combatting fraud, management is ultimately responsible for the prevention and detection of fraud within an organization. This means that it is management who holds the primary responsibility for:

Designing, implementing, overseeing, and ensuring the effectiveness of the anti-fraud program
Setting the organization’s ethical tone and reinforcing an anti-fraud culture
Demonstrating that fraud will not be tolerated at any level
Responding appropriately to instances of fraud

112
Q

If an external auditor discovers evidence of potential fraud, they are prevented from disclosing these findings to anyone in order to protect client confidentiality.

A. True
B. False

A

B. False

See pages 4.515 in the Fraud Examiner’s Manual

According to International Standard on Auditing (ISA) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, if the external auditor has identified a fraud or has obtained information that indicates that a fraud may exist, the auditor shall communicate these matters on a timely basis to the appropriate level of management to inform those with primary responsibility for the prevention and detection of fraud of matters relevant to their responsibilities. Unless all of those charged with governance are involved in managing the entity, if the auditor has identified or suspects fraud involving management, employees who have significant roles in internal control, or others where the fraud results in a material misstatement in the financial statements, the auditor shall communicate these matters to those charged with governance on a timely basis. If the auditor suspects fraud involving management, the auditor shall communicate these suspicions to those charged with governance and discuss with them the nature, timing, and extent of audit procedures necessary to complete the audit. The auditor shall communicate with those charged with governance any other matters related to fraud that are, in the auditor’s judgment, relevant to their responsibilities.

If the auditor has identified or suspects a fraud, the auditor shall determine whether there is a responsibility to report the occurrence or suspicion to a party outside the entity. Although the auditor’s professional duty to maintain the confidentiality of client information may prevent such reporting, the auditor’s legal responsibilities may override the duty of confidentiality in some circumstances.

113
Q

An entity’s corporate governance structure specifies the distribution of rights and responsibilities among the different participants in the organization and lays down the rules and procedures for organizational decision-making.

A. True
B. False

A

A. True

See pages 4.301 in the Fraud Examiner’s Manual

The term corporate governance refers to a corporation’s government; the term is broadly used to describe the oversight responsibilities of different parties for an organization’s direction, operations, and performance. More specifically, the Organisation for Economic Co-operation and Development’s (OECD) “Glossary of Statistical Terms” states that “the corporate governance structure specifies the distribution of rights and responsibilities among the different participants in the organisation—such as the board, managers, shareholders and other stakeholders—and lays down the rules and procedures for decision-making.”

114
Q

If a fraud examiner makes a mistake in judgment, they should avoid admitting to the error, as it could compromise the integrity of their case.

A. True
B. False

A

B. False

See pages 4.1009-4.1010 in the Fraud Examiner’s Manual

The ACFE Code of Professional Ethics requires ACFE members to exhibit the highest level of integrity at all times. This does not mean, however, that an ACFE member must be perfect in all technical matters, nor does it mean that fraud examiners and others cannot have honest differences of opinion. Throughout a fraud examination, inadvertent errors, mistakes of judgment, and other problems might cause conflict. In such cases, a fraud examiner can preserve integrity either by admitting error or by convincingly justifying a difference of perception or opinion.