Fraud Risk Assessment Flashcards
is a process aimed at proactively identifying and addressing an organization’s vulnerabilities to internal and external fraud.
A. A fraud examination
B. An internal control audit
C. A fraud risk assessment
D. A management ethics assessment
C. A fraud risk assessment
Which of the following factors influences the level of fraud risk encountered by an organization?
A. The effectiveness of its anti-fraud controls
B. The ethics of its leadership team
C. The geographic regions in which it operates
D. All of the above
D. All of the above
Designating an area as having a high fraud risk and putting the related activity under increased scrutiny can deter potential fraudsters by increasing their perception of detection.
A. True
B. False
True
Preventive anti-fraud controls include all the following EXCEPT:
A. Hiring policies and procedures
B. Separation of duties
C. Fraud awareness training
D. Continuous audit techniques
D. Continuous audit techniques
What is the objective of a fraud risk assessment?
A. To assess the design and effectiveness of an organization’s internal controls over financial reporting
B. To help an organization identify what makes it most vulnerable to fraud
C. To provide an estimate of an organization’s fraud losses
D. To establish the guilt or innocence of an employee suspected of committing fraud
B. To help an organization identify what makes it most vulnerable to fraud
Detective anti-fraud controls include all the following EXCEPT:
A. A hotline
B. Physical inspections
C. Hiring policies and procedures
D. Proactive data analysis techniques
C. Hiring policies and procedures
In response to a risk identified during a fraud risk assessment, management decides to purchase a bond to help protect the company against the associated risk of loss. This response is known as:
A. Assuming the risk
B. Transferring the risk
C. Avoiding the risk
D. Mitigating the risk
B. Transferring the risk
In response to a risk identified during a fraud risk assessment, management chooses to accept the risk rather than implement any responsive measures. This approach is known as:
A. Avoiding the risk
B. Assuming the risk
C. Transferring the risk
D. Mitigating the risk
B. Assuming the risk
An effective system of anti-fraud controls:
A. Involves balancing preventive controls and detective controls
B. Mitigates the risk of fraud but cannot completely eliminate it
C. Increases the perception that fraud will be detected
D. All of the above
D. All of the above
During a fraud risk assessment, the assessment team should consider:
A. The inherent limitations of anti-fraud controls
B. Opportunities for collusion
C. Internal controls that might have been eliminated due to restructuring efforts
D. All of the above
D. All of the above
Paying bribes to procure business and receiving illegal gratuities are considered risks pertaining to which category of fraud?
A. Asset misappropriation
B. Corruption
C. Fraudulent financial reporting
D. None of the above
B. Corruption
The fraud risk assessment should include input from both management and auditors to ensure a holistic view of the organization’s risks, but it should exclude all others to maintain the independence and objectivity of the assessment process.
A. True
B. False
False
The fraud risk assessment should be formally incorporated into the annual audit planning process.
A. True
B. False
True
The fraud risk assessment team might include:
A. External consultants
B. Accounting and finance personnel
C. The general counsel
D. All of the above
D. All of the above
The risk that an organization might be victimized by an individual who is able to combine the three elements of the Fraud Triangle is called _______________.
A. Fraud risk
B. Insider risk
C. Environmental risk
D. Audit risk
A. Fraud risk
The fraud risk assessment process should be conducted covertly so that assessment team members can get an accurate picture of what occurs in the business.
A. True
B. False
False
In addition to the specific risks related to each of the primary categories of fraud, the fraud risk assessment team should consider:
A. Risks to information technology
B. Incentives for individuals to engage in fraud
C. Reputational risk
D. All of the above
D. All of the above
Which of the following techniques for gathering information during a fraud risk assessment involves obtaining individuals’ responses through a formal electronic or paper questionnaire?
A. Anonymous feedback mechanisms
B. Surveys
C. Focus groups
D. Interviews
B. Surveys
_____________ controls are designed to stop something bad from happening before it occurs, and _____________ controls are designed to identify something bad that has already occurred.
A. Investigative; detective
B. Preventive; detective
C. Investigative; deterrent
D. Detective; investigative
B. Preventive; detective
Following the conclusion of the fraud risk assessment process, management should:
A. Use the assessment findings to monitor the performance of key controls
B. Track and measure progress against agreed-upon action plans
C. Use the results to promote awareness, education, and action planning
D. All of the above
D. All of the above
In response to a risk identified during a fraud risk assessment, management decides to implement appropriate countermeasures, such as prevention and detection controls. This response is known as:
A. Assuming the risk
B. Mitigating the risk
C. Avoiding the risk
D. Transferring the risk
B. Mitigating the risk
The fraud risk assessment team should consider both qualitative and quantitative factors when assessing the organization’s fraud risks.
A. True
B. False
True
A fraud risk assessment report should reflect the assessment team’s subjective perspective and opinions that were formed during the assessment engagement.
A. True
B. False
False
In response to a risk identified during a fraud risk assessment, management decides to eliminate an asset or discontinue an activity because the control measures required to protect the organization against the identified threat are too expensive. This response is known as:
A. Mitigating the risk
B. Transferring the risk
C. Assuming the risk
D. Avoiding the risk
D. Avoiding the risk
A fraud risk assessment report should contain a detailed, comprehensive list of every assessment finding and all suggested responses so that management can address each issue within the company, no matter how small.
A. True
B. False
False
To ensure the independence of the team members, a consultant or another external party must conduct the fraud risk assessment.
A. True
B. False
False
Which of the following individuals would generally be the BEST choice for a sponsor for a fraud risk assessment?
A. A staff accountant
B. A CFO who commands the use of aggressive earnings-management practices
C. An independent audit committee member
D. A mid-level sales manager
C. An independent audit committee member
The size of the fraud risk assessment team will depend on the size of the organization and the methods used to conduct the assessment.
A. True
B. False
True
When performing a fraud risk assessment, the fraud examiner should only designate an area as high-risk if the assessment has conclusively revealed that fraud is occurring there.
A. True
B. False
False
The individuals conducting the fraud risk assessment should incorporate their existing biases regarding employees and processes into their assessment of overall fraud risk.
A. True
B. False
False
Which of the following is TRUE regarding a fraud risk assessment?
A. The results should be used to develop plans to mitigate fraud risk
B. It can be used to improve fraud awareness among employees
C. It can help management identify individuals who put the organization at the greatest risk of fraud
D. All of the above
D. All of the above
When deciding on techniques to use as part of a fraud risk assessment, the assessment team should consider what methods are already commonly and effectively used throughout the organization.
A. True
B. False
True
Fraudulent customer payments, collusion between contractors, corporate espionage, and hacking schemes are all fraud risks pertaining to which of the following categories?
A. Reputational risk
B. External fraud
C. Asset misappropriation
D. Regulatory and legal misconduct
B. External fraud
During a fraud risk assessment, the assessment team should consider the way employees make decisions, behave, or treat others and assess how those actions affect the company’s vulnerability to fraud.
A. True
B. False
True
Which of the following is an objective of anti-fraud controls?
A. To reduce the inherent fraud risk to a level that is significantly lower than the residual fraud risk
B. To completely eliminate the residual fraud risk
C. To completely eliminate the inherent fraud risk
D. To reduce the residual fraud risk to a level that is significantly lower than the inherent fraud risk
D. To reduce the residual fraud risk to a level that is significantly lower than the inherent fraud risk
When gathering information as part of a fraud risk assessment, both surveys and anonymous feedback mechanisms provide an effective way to conduct candid one-on-one conversations with employees.
A. True
B. False
False
Fraud risks that remain after the effect of internal controls are considered inherent risks.
A. True
B. False
False
Theft of competitor trade secrets, anti-competitive practices, insider trading, and trade and customs regulations in areas of import and export are all fraud risks pertaining to:
A. Asset misappropriation
B. Regulatory and legal misconduct
C. Reputational risk
D. Fraudulent financial reporting
B. Regulatory and legal misconduct
Which of the following is TRUE about the fraud risk assessment process?
A. Conducting an effective fraud risk assessment requires thinking like a fraudster
B. The assessment team must be perceived as independent and objective by others for the assessment to be effective
C. Management and auditors should share ownership of the process and accountability for its success
D. All of the above
D. All of the above
The success of the fraud risk assessment process depends on how effectively the results are reported and what the organization then does with those results.
A. True
B. False
True
The fraud risk assessment team should include:
A. Individuals in a variety of roles, including finance, operations, and legal
B. Individuals with diverse knowledge, skills, and perspectives
C. Individuals with experience in gathering and eliciting information
D. All of the above
D. All of the above
When identifying the inherent fraud risks that could apply to the organization, the fraud risk assessment team should specifically discuss the potential for management to override controls, as well as the risk of regulatory and legal misconduct.
A. True
B. False
True
Which of the following is FALSE regarding the communication of the fraud risk assessment process?
A. The communication should be in the form of a message from the assessment sponsor.
B. The communication should be limited to management and the board.
C. The communication should be visibly disseminated throughout the business.
D. The communication should be personalized to make it more effective in encouraging employees to participate in the process.
B. The communication should be limited to management and the board.
During an audit, auditors should validate that the organization is appropriately managing the moderate-to-high fraud risks identified in the fraud risk assessment. Ways to do so include:
A. Identifying and mapping the existing controls that pertain to the moderate-to-high fraud risks identified in the fraud risk assessment
B. Designing and performing tests to evaluate whether the identified controls are operating effectively and efficiently
C. Identifying within the moderate-to-high fraud risk areas whether there is a moderate-to-high risk of management overriding controls
D. All of the above
D. All the above