Fraud Risk Assessment Flashcards
When performing a fraud risk assessment, the fraud examiner should only designate an area as high risk if the assessment has conclusively revealed that fraud is occurring there. T/F
False
Assessing an area as having a high level of fraud risk does not conclusively mean that fraud is occurring there. However, the fraud risk assessment is useful in identifying areas to proactively investigate to determine whether fraud has in fact occurred. In addition, putting activity in high-risk areas under increased scrutiny can deter potential fraudsters by increasing their perception of detection
Which of the following is TRUE regarding fraud risks?
A. The objective of anti-fraud controls is to completely eliminate residual fraud risks.
B. The objective of anti-fraud controls is to make the inherent fraud risk significantly smaller than the residual fraud risk.
C. Risks that are present before management action are described as residual risks.
D. The objective of anti-fraud controls is to make the residual fraud risk significantly smaller than the inherent fraud risk.
D. The objective of anti-fraud controls is to make the residual fraud risk significantly smaller than the inherent fraud risk.
When considering the fraud risks faced by an organization, it is helpful to analyze how significant a risk is before and after risk response. Risks that are present before management action are described as inherent risks. The risks that remain after management action are described as residual risks.
For example, there is an inherent risk that the employee in charge of receiving customer payments at a small company might embezzle incoming cash. Controls, such as segregation of duties and oversight from the company owner, can be implemented to help mitigate this risk; however, even with such controls in place, some residual risk will likely remain that the bookkeeper might still manage to embezzle funds. The objective of the controls is to make the residual risk significantly smaller than the inherent risk.
A fraud risk assessment report should reflect the assessment team’s subjective perspective and opinions that were formed during the assessment engagement. T/F
False
Much instinct and judgment goes into performing the fraud risk assessment. When reporting the results of the assessment, however, the team must stick to the facts and keep all opinions and biases out of the report. A report that is peppered with the assessment team’s subjective perspective will dilute and potentially undermine the results of the work.
What is the objective of a fraud risk assessment?
A. To assess the design and effectiveness of an organization’s internal controls over financial reporting
B. To establish the guilt or innocence of an employee suspected of committing fraud
C. To provide an estimate of an organization’s fraud losses
D. To help an organization identify what makes it most vulnerable to fraud
D
Fraud risk assessment frameworks are valuable because they have been developed to be applied as-is within any organization. T/F
F
What works in one organization most likely will not easily work in another. Recognizing the nuances and differences of each business and tailoring the approach and execution to the specific organization can help make the fraud risk assessment successful. While a generic framework or tool set can be a valuable starting point for the development of the fraud risk assessment, it must be adapted to fit the business model, culture, and language of the organization.
The risk that an organization might be victimized by an individual who is able to combine the three elements of the fraud triangle is called \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_. A. Insider risk B. Environmental risk C. Fraud risk D. Audit risk
C
Fraud risks that remain after management action are considered inherent risks. T/F
F
When considering the fraud risks faced by an organization, it is helpful to analyze how significant a risk is before and after risk response. Risks that are present before management action are described as inherent risks. The risks that remain after management action are described as residual risks.
For example, there is an inherent risk that the employee in charge of receiving customer payments at a small company might embezzle incoming cash. Controls, such as segregation of duties and oversight from the company owner, can be implemented to help mitigate this risk; however, even with such controls in place, some residual risk will likely remain that the bookkeeper might still manage to embezzle funds. The objective of the controls is to make the residual risk significantly smaller than the inherent risk.
The fraud risk assessment process should be conducted covertly so that assessment team members can get an accurate picture of what actually occurs in the business T/F
F
The fraud risk assessment process should be visible and communicated throughout the business. Employees will be more inclined to participate in the process if they understand why it is being done and what the expected outcomes will be. To that end, sponsors should be strongly encouraged to openly promote the process. The more personalized the communication from the sponsor, the more effective it will be in encouraging employees to participate in the process. Whether it is a video, a town hall meeting, or a company-wide email, the communication should be aimed at eliminating any reluctance employees have about participating in the fraud risk assessment process.
Which of the following techniques for gathering information during a fraud risk assessment enables the fraud risk assessor to observe the interactions among several employees as they collectively discuss a question or issue? A. Focus groups B. Surveys C. Interviews D. Anonymous feedback mechanisms
A
