Fraud Risk Management Flashcards

1
Q

Which of the following types of customer due diligence (CDD) procedures should an organization engage in when determining whether to conduct business with a higher-risk customer who wants to pay on credit?

A. Standard CDD
B. International CDD
C. Simplified CDD
D. Enhanced CDD

A

D. Enhanced CDD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An organization’s fraud risk management program should include which of the following components?

A. Whistleblower protection policies
B. A way to disclose conflicts of interest
C. Quality assurance activities
D. All of the above

A

D. All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A fraud risk management program must include systems specifically designed to monitor, identify, and address breaches in compliance.

A. True
B. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

As part of its vendor due diligence procedures, an organization should avoid revealing that it is seeking information about potential vendors prior to starting a relationship with them.

A. True
B. False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), _________ is the culture, capabilities, and practices, integrated with strategy-setting and its performance, that organizations rely on to manage risk in creating, preserving, and realizing value.

A. Fraud prevention
B. Internal control
C. Corporate governance
D. Enterprise risk management

A

D. Enterprise risk management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When a customer presents a higher risk for engaging in illegal activity, which of the following customer due diligence (CDD) activities would be MOST APPROPRIATE for an organization to engage in?

A. Scrutinizing the customer’s method of payment
B. Analyzing the customer’s overall net worth
C. Quantifying the customer’s expected purchasing pattern
D. All of the above

A

D. All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Fraud risk management programs should focus on activities that:

A. Prevent fraud by proactively identifying, assessing, and addressing fraud risks
B. Respond to identified fraud by investigating the incident and taking remedial action
C. Detect fraud by identifying occurrences as soon as possible after they begin
D. All of the above

A

D. All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

According to the Fraud Risk Management Guide, a joint publication by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the ACFE, who has responsibility for managing fraud risk?

A. Executive management
B. Personnel at all levels of the organization
C. The board of directors
D. Internal audit

A

B. Personnel at all levels of the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

potential customer has little opportunity to commit fraud and therefore presents a minimal risk of engaging in illegal activity?

A. Identifying the customer
B. Analyzing the customer’s net worth
C. Verifying the customer’s identity
D. Contacting the customer’s bank

A

A. Identifying the customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is one of the eight principles for risk management provided by International Organization for Standardization (ISO) 31000:2018?

A. The risk management program is structured and comprehensive
B. The risk management program facilitates continuous improvement
C. The risk management program is integrated into all organizational activities
D. All of the above

A

D. All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In defining the objectives of the fraud risk management program, management should express risk appetite in a manner that is appropriate for the organization’s culture and operations.

A. True
B. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

As part of an organization’s fraud risk management program, employees at all levels should:

A. Understand how noncompliance might create an opportunity for fraud to occur
B. Cooperate in investigations into suspected or alleged fraud incidents
C. Provide input into the design and implementation of fraud control activities when requested by management
D. All of the above

A

D. All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is NOT one of the components of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Enterprise Risk Management—Integrating with Strategy and Performance?

A. Information, communication, and reporting
B. Risk tolerance
C. Strategy and objective-setting
D. Review and revision

A

B. Risk tolerance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Before agreeing to do business with a new vendor, it is recommended that an organization’s management inquire about the vendor’s internal audit department and the types of audits the vendor is subject to.

A. True
B. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Management must assign both a quantitative and qualitative measure to its risk appetite so that it can accurately measure the fraud risk management program’s effectiveness.

A. True
B. False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Risk management includes which of the following activities involving the risks that threaten an organization?

A. Identification
B. Treatment
C. Monitoring
D. All of the above

A

D. All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following is NOT one of the eight principles for risk management provided by International Organization for Standardization (ISO) 31000:2018?

A. The risk management program is dynamic and responsive to change.
B. The risk management program takes human and cultural factors into account.
C. The risk management program is based on effective leadership and commitment.
D. The risk management program is customized and proportionate to the organization’s operations and objectives

A

C. The risk management program is based on effective leadership and commitment.

18
Q

The performance component of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Enterprise Risk Management—Integrating with Strategy and Performance can BEST be described as:

A. The formal process of setting strategy and defining business objectives
B. The review of how well the enterprise risk management capabilities and practices have increased value over time and how they will continue to drive value for the organization
C. A continual, iterative process of obtaining information and sharing it throughout the entity
D. The identification and assessment of risks that might affect the organization’s ability to meet its strategic and business objectives and the prioritization and response to those risks

A

D. The identification and assessment of risks that might affect the organization’s ability to meet its strategic and business objectives and the prioritization and response to those risks

19
Q

Which of the following statements regarding recommended vendor due diligence procedures is LEAST ACCURATE?

A. An organization should alert the vendor that they will be liable for any unethical conduct that occurs during the business arrangement before agreeing to do business with them.
B. An organization should include a clause in the contract requiring the vendor to report any instances of misconduct before entering into an agreement with them.
C. An organization should request that new vendors complete a questionnaire about their background immediately after signing a contract with them.
D. An organization should ensure that vendors have their own ethics and compliance program before engaging in any transactions with them.

A

C. An organization should request that new vendors complete a questionnaire about their background immediately after signing a contract with them.

20
Q

The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Enterprise Risk Management—Integrating with Strategy and Performance is composed of a set of principles organized into five interrelated components. Which of the following is NOT one of the principles pertaining to the review and revision component?

A. The organization assesses substantial changes that might affect its strategy and objectives.
B. The organization pursues improvement in enterprise risk management.
C. The organization identifies risk that impacts its performance and ability to meet objectives.
D. The organization reviews its risk and performance.

A

C. The organization identifies risk that impacts its performance and ability to meet objectives.

21
Q

The governance and culture component of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Enterprise Risk Management—Integrating with Strategy and Performance involves the formal process of setting strategy and defining business objectives.

A. True
B. False

A

False

22
Q

The board of directors holds the primary responsibility for designing, implementing, monitoring, and improving the fraud risk management program, as well as punishing perpetrators of fraud appropriately.

A. True
B. False

A

False

23
Q

The fraud risk management program should include the formal procedures that management takes in response to a fraud, such as punishing the perpetrator, remediating the control weaknesses that allowed the fraud to occur, and rebuilding stakeholders’ confidence in the organization.

A. True
B. False

A

True

24
Q

Which of the following is one of the five fraud risk management principles described in the Fraud Risk Management Guide, a joint publication by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the ACFE?

A. Fraud investigation and corrective action
B. Fraud risk management monitoring activities
C. Fraud risk assessment
D. All of the above

A

D. All of the above

25
Q

To communicate their dedication to the fraud risk management program, the board of directors and senior management should provide a formal statement of commitment that:

A. Is in writing
B. Is provided to all employees, vendors, and customers
C. Acknowledges the organization’s vulnerability to fraud
D. All of the above

A

D. All of the above

26
Q

If an organization determines that one of its potential customers presents a risk of engaging in illegal activity, but it concludes that the risk is unlikely to manifest, then the only recommended customer due diligence (CDD) procedure would be to identify the customer.

A. True
B. False

A

False

27
Q

Of the following parties, who is responsible for the oversight of the organization’s financial, accounting, and audit matters?

A. The external auditors
B. The chief financial officer
C. The internal auditors
D. The audit committee

A

D. The audit committee

28
Q

Which of the following is a factor that might prompt an organization to undertake enhanced due diligence procedures for a new customer?

A. The customer makes a very large purchase.
B. The customer has business dealings in a country known for corruption.
C. The customer is a high-profile client.
D. All of the above are factors that might prompt enhanced procedures.

A

D. All of the above are factors that might prompt enhanced procedures.

29
Q

Which of the following is among the board of directors’ responsibilities pertaining to fraud risk management?

A. Raising awareness of the risks of fraud throughout the organization
B. Overseeing the organization’s fraud risk management activities
C. Setting realistic expectations of management to enforce an anti-fraud culture
D. All of the above

A

D. All of the above

30
Q

Risk management involves balancing an organization’s strategic, operational, reporting, and compliance objectives with how much risk management is willing to accept.

A. True
B. False

A

True

31
Q

Which of the following is TRUE regarding the process of defining the objective of the fraud risk management program?

A. Management should incorporate the needs and goals of the organization into the fraud risk management program’s objectives
B. Management must balance the investment in anti-fraud controls with the benefit of those controls and the amount of risk it is willing to accept
C. Management should examine previous fraud occurrences to determine how the ideal fraud risk management program would have prevented them
D. All of the above

A

D. All of the above

32
Q

Which of the following statements is TRUE regarding an organization’s fraud risk management program?

A. Formal sanctions for intentional noncompliance must be well-publicized and carried out in a consistent and firm manner
B. A specific team or individual should be assigned responsibility for monitoring compliance and managing suspected instances of noncompliance
C. There should be measures in place to address failures in the design or operation of anti-fraud controls, as well as fraud occurrences
D. All of the above

A

D. All of the above

33
Q

As part of its fraud-related responsibilities, the audit committee of an organization’s board of directors should meet regularly with key internal parties, such as the chief audit executive (CAE), to discuss identified fraud risks and the steps being taken to prevent and detect fraud.

A. True
B. False

A

True

34
Q

To protect against third-party fraud risks, organizations should perform the same level of due diligence on each potential customer before entering into a transaction with them.

A. True
B. False

A

False

35
Q

Of the following parties, who is responsible for developing a strategy to assess and manage fraud risks that aligns with the organization’s risk appetite and strategic plans?

A. The audit committee
B. The board of directors
C. The legal department
D. The shareholders

A

B. The board of directors

36
Q

Under the fraud control activities principle described in the Fraud Risk Management Guide, a joint publication by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the ACFE, organizations should select, develop, and deploy preventive and detective fraud control activities.

A. True
B. False

A

True

37
Q

Which of the following is among the audit committee’s responsibilities for fraud risk management?

A. Performing and regularly updating the fraud risk assessment
B. Monitoring and proactively improving the fraud risk management program
C. Receiving regular reports on the status of reported or alleged fraud
D. All of the above

A

C. Receiving regular reports on the status of reported or alleged fraud

38
Q

Which of the following statements is TRUE regarding the five fraud risk management principles described in the Fraud Risk Management Guide, a joint publication by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the ACFE?

A. Under the fraud risk governance principle, an organization should communicate the expectations of those overseeing the fraud risk management program
B. Under the fraud risk assessment principle, an organization should perform comprehensive fraud risk assessments to identify specific fraud schemes
C. Under the fraud risk management monitoring activities principle, an organization should develop ongoing evaluations for each fraud risk management principle
D. All of the above

A

D. All of the above

39
Q

According to Managing the Business Risk of Fraud: A Practical Guide, an organization’s anti-fraud policy should include consequences for individuals who condone fraudulent activity.

A. True
B. False

A

True

40
Q

The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Enterprise Risk Management—Integrating with Strategy and Performance is composed of a set of principles organized into five interrelated components. Communication, as part of the information, communication, and reporting component, is defined as an organization’s:

A. Formal process of setting strategy and defining business objectives
B. Continual, iterative process of obtaining information and sharing it throughout the entity
C. Ability to assess substantial changes that might affect its strategy and objectives
D. Tone that reinforces the importance of risk management and establishes the oversight responsibilities for managing risks

A

B continual, iterative process of obtaining information and sharing it throughout the entity