Exam 4 Flashcards
Unauthorized activity, theft, or fraud carried out by a 3rd party outside the institution through fraudulent behavior.
External fraud
Threatens any company for one reason: its impossible to conduct business without interacting with outsiders.
External fraud
What are the 3 sources of external fraud?
- customers
- vendors
- unrelated third parties
What do external parties look for in companies to commit fraud?
Data and R&D
Easy to produce, small business does not have time and resources to scrutinize, and may include an individual who is an expert (paperhanger).
Counterfeit checks (Check fraud)
Victim offers something for sale on the internet, typically big ticket item, fraudster contracts victim to buy, sends counterfeit check, changes mind, then asks for refund (check was never real).
E-commerce check scams
True or false.
Most of the world still uses a significant amount of personal checks.
False.
The United States is the only country.
What are 3 ways to prevent and detect check fraud?
- No check policy
- Request ID
- Educate employees
The misuse of a credit card to make purchases without authorization or counterfeiting a credit card. May include stolen card numbers.
Credit card fraud
Cards made using the appropriately sized plastic with embroised account numbers and names.
Counterfeit cards
What are 3 ways to prevent and detect credit card fraud?
- Educate employees
- Check card signatures
- Ask for ID
What are 3 red flags of credit card fraud?
- Card pulled out of pocket
- Expensive items on new card
- Rushed customer
Competitors submit token bids that are too high to be accepted. Helps accomplice’s bid look good.
Complementary bids
Two or more contractors conspire to alternate the business between them on a rotating basis.
Bid rotation (bid-pooling)
Phony bids from shell companies to create the illusion of competition.
Phantom bids
What are two contract performance schemes?
- Product substitution
- Cost mischarging
Contractor charges the procuring entity for costs that are not allowable, unreasonable, or cannot be allocated directly to the contract.
Cost mischarging
What are 3 ways to prevent and detect vendor fraud?
- Vendor audit (right to audit clause)
- Integral contractors
- Look for red flags
When companies choose to interact with customer and vendors, but an unknown chooses to target the companies.
Third party threat
Requires an understanding of the technology used in the crime, lack paper trail, usually requires internet.
Computer fraud
The use of technology to gain unauthorized access to sensitive information on a computer system.
Computer hacking
What are 4 methods used to gain unauthorized access during computer hacking?
- Password cracking
- Social engineering
- Phishing
- Wiretapping
Fraudsters hijack business names to execute attacks which dupe victims to providing sensitive information.
Phishing
Data manipulation and data destruction is a ______.
Crime
What are 3 ways to prevent and detect computer fraud?
- Formal security
- Firewalls
- Encryption
What are 3 reasons corporations commit espionage?
- Information and data
- Intelligence that provides actionable decisions
- Valuable structures/products
What are 4 targets of corporate spies?
- R&D
- Marketing
- Manufacturing
- HR
What are 3 ways to prevent and detect corporate espionage regarding documentation or ideas?
- Use locked filing cabinets
- Shred documents
- Locked waste
The vulnerability an organization has to overcome regarding the interrelated elements that enable someone to commit fraud.
Fraud risk
Risks that are present before management action are described as _____ risk.
Inherent
Risks that are present after management action are described as ______ risk.
Residual
What are the 3 reasons to be concerned about fraud risk?
- No immunity
- Awareness is needed to fix
- Can be internal or external
Right balance of preventive and detective controls, can greatly reduce an organizations vulnerability to fraud. (Factor that influences fraud risk)
Effectiveness of internal controls
It is impossible, to have a company made up of individuals whose ethics and values are fully aligned with those of the organization. (Factor that influences fraud risk)
Ethics and values of company
A process aimed at proactively identifying and addressing an organization vulnerabilities to internal and external fraud.
Fraud risk assessment.
The main proponent of the fraud risk assessment process that helps an organization recognize what makes it most vulnerable to fraud so that it can take proactive measures to reduce its exposure.
The Objective
What are 2 reasons organizations should conduct fraud risk assessments?
- Assess internal controls (Improve)
- Comply with regulations and standards (Compliance)
What are 4 things that makes a good fraud risk assessment?
- Collaboration
- Good knowledge
- Access to all levels (Organization)
- Right sponsor (hears good, bad, and ugly)
What are 3 considerations for developing an effective fraud risk assessment?
- Packaging it right
- One size does not fit all
- Keeping it simple
What are 3 inquiry techniques to use for risk assessment?
- Interviews
- Surveys
- Focus groups
What are 4 things a sponsor would agree to be worked on in a risk assessment?
- Participants
- Output
- Methods
- Scope
What are 4 inherent fraud risks?
- Position
- Incentives
- Management override
- Performance pressures
Identifying and mapping existing _____ and _____ controls to the relevant fraud is a portion of executing fraud risk assessment.
- Preventive
- Detective
Addressing the identified fraud risks involves 3 things…
- Set acceptable risk level
- Rank and prioritize risk
- Respond to residual risks
What are the 5 responses to residual fraud risks?
- Transfer (insurance)
- Avoid (eliminate)
- Mitigate (controls)
- Assume (low occurrence)
- Combination approach (transfer part and controls)
What are 4 important parts to reporting the results?
- Simple
- Objective, not subjective
- Focus on importance
- Actions are clear and measurable
What are the 4 parts to making an impact?
- Dialog
- Look-out
- Responsibility
- Assessment alive and well
Auditors should validate that the organization is managing the moderate-to-high fraud risks by….. 4 things.
- Evaluate controls
- Identify
- Develop reports
- Deliver reports
The strategic reasonings used in conducting a fraud risk assessment requires a _____ _______ and involves _______ _______.
- Skeptical mindset
- Asking questions
Why should organizations conduct fraud risk assessment? (4 things)
- Improve communication
- Identify vulnerability
- Find greatest risk (employee)
- Develop plans and techniques
What are 4 reasons to conduct an investigation?
- Identify
- Mitigate liability
- Avoid discrimination
- Comply (laws)
What are two things involved with planning the investigation?
- Who is involved
- What is the strategy
Includes those who assist in the investigation, have genuine interest in the investigation outcome, and has a primary goal to resolve fraud allegations.
The investigation team
What are 4 groups of people that are involved with the investigative team?
- CFEs
- Legal counsel
- internal auditors
- HR
Anything perceivable by the five senses. Any proof that is legally presented at trial to prove a contention and induce a belief in the minds of a jury.
Evidence
What are 3 ways to obtain evidence?
- Surveillance
- Informants
- Search warrants or subpoenas
When an investigator assumes a fictitious identity, which requires a high degree of planning and skills. Legal if there is sufficient probable cause that a crime has been committed.
Covert operations
Obtaining information through falsehood or deception. Not always legal. It is illegal to obtain information through falsehood.
Pretexting
Secretive and continuous observance of a suspects activities.
Surveillance
Sifting through suspect’s trash to obtain evidence.
Dumpster diving
If evidence is held by other parties or is in uncontrolled locations, specific legal action is required before attempting to obtain it.
Subpoenas
If there is probable cause to believe that certain records are being used or have been used in the commission of a crime, the law enforcement officer will prepare an affidavit for a ______ __________.
Search warrant
Often the simplest means to obtain documentation. Can be given via oral or written means, allowing an investigator to obtain information or items by the innocent or perpetrator person.
Voluntary consent
What is the primary goal for investigative teams?
To resolve fraud allegations as thoroughly and efficiently as possible
To be admissible in court, evidence must be preserved and handled correctly. Same state at which you found it.
Handling evidence
Record of when item is received or when it leaves the care, custody, or control of the fraud examiner.
Chain of custody
Documents should be marked for later identification; however, never mark on original documents other than unobtrusive initials or tick marks made for identification.
Preserving evidence
Segregate documents either by witness or by transaction. Make key document file.
Organizing evidence.
When fraud examiners may need to search for specific information to help the investigation.
Sources of information
Investigators can learn a great deal from internal documents and information at the suspect’s organization.
In-house sources
Records that a governmental unit is required by law to keep or those which are necessary for a governmental unit to keep in order to discharge its duties imposed by law.
Public Information
Commercial online services provide convenient access to a wide range of data in a single place.
Online searches
What are the 5 steps of interviewing questions?
- Introductory
- Informational
- Assessment
- Cloning
- Admission-seeking
Provides an introduction and establishes rapport.
Introductory
What are 3 general rules for introductory?
- Interview 1 at a time
- Interview in privacy
- Ask non-sensitive questions
Sets a legitimate basis for the questioning and explains to the subject how he fits into the inquiry.
Make a transitional statement
You should attempt to phrase questions so that they can be answered “yes”. it is easier for people to reply in the affirmative than the negative.
Seek continuous agreement
You do not have the right to limit the use of the information or to decide how the information will be used in the investigation.
Do not promise confidentiality
You should tell the subject that any information he provides will be conveyed to the appropriate individual.
Negotiations
It is not your role to provide information.
Not discussing the source of allegations
When you frame the next question as a logical continuation of the facts.
Question sequences
Begin by asking questions that are not likely to cause the respondent to become defensive or hostile. Also, ask one question at a time, be straightforward, and no interruptions.
Informational question techniques
What 4 things to do in the methodology information phase?
- Background questions
- Observe
- Non-leading questions
- Be careful for sensitive questions
An interview that has the potential to bring about strong emotional reactions in the respondent.
Volatile interviews
Go over key facts to make certain that they have been understood.
Reconfirming facts
Simply ask the subject whether there is anything else he would like to say.
Gathering additional facts
Ask respondents whether they believe they have been treated fairly.
Concluding the interview
Establishes the credibility of the respondent.
Assessment Questions
Process of observing behavior before critical questions are asked.
Norming or calibrating
People lie for one of two reasons….
- Receive rewards
- Avoid punishment
When you want to distinguish the innocent from the culpable, obtain a valid confession and written statement to confirm.
Admission-seeking questions
The accuser has reasonable suspicion or predication to believe the accused has committed an offence, and the accusation is made under conditions of privacy but ends up being wrong.
Accusing an innocent person
What are the 4 steps in the admission-seeking interview?
- Accuse
- Observe
- Repeat
- Interrupt denials
Fraud examinations conclude with a report of the investigation results. Usually in a formal writing.
Report writing
What are the 6 format parts of a fraud examination report?
- Author/date
- Summary
- Introduction
- Body
- Results
- Follow up/recommendations
Investigation reports should only ____ the _____.
- State
- Facts
If a rule makes no sense to employees, they will ____ ___ ___.
Make their own
In a Hollinger and Clark study, ___ out of 10 employees admitted to committing abusive conduct at some level.
9
What are 3 things involved in the human factor of occupational fraud and abuse?
- Greed
- Wages in kind
- Unreasonable expectations
What removes the root cause of the problem in terms of controls?
Prevention
What modifies the behavior through perception of negative sanctions.
Deterrence
Employees who perceive that they will be caught engaging in occupational fraud and abuse are less likely to commit it.
Perception of Detection
What are 3 things that lead to high perceptions of detection?
- Education
- Surprise audit
- Proactive policies
What are 3 things that lead to adequate reporting programs?
- Exact method to report
- No penalties for good-faith info
- Understanding fraud/abuse is everywhere
What are 3 things involved with corporate sentencing guidelines?
- Uniform punishment
- Severe punishment
- Effective compliance program
Corporations can be held criminally responsible for the acts of their employees.
Vicarious or imputed liability
True or false.
The corporation will be held criminally responsible only when management had knowledge or participation in the underlying criminal events.
False.
The corporation will be held criminally responsible even if management had no knowledge or participation.
What are the 3 requirements for corporate sentencing guidelines?
- Defined S&P
- High-level’s ensure compliance
- Due care
The branch of philosophy which is the systematic study of reflective choice, of the standard of right and wrong by which a person is to be guided, and of the goods toward which it may ultimately be directed.
The Ethical Connection
Concrete ethical principles that cannot be violated.
Imperative principle
Each situation must be evaluated on its own.
Situational ethics
Theft that is justified by the person as “Retribution inadequate pay”…
Wages in kind
Regarding the essence of people, humans are…. 3 things.
- Good
- Evil
- Calculating
When creating ethics policy, provide 3 things…
- Define bad conduct
- State punishment
- Provide reporting
