Topic 6 Investigating Theft Acts

Question 1

Which of the following is not a category used in the fraud triangle plus inquiry paradigm?
a. Theft investigative techniques.
b. Concealment investigative techniques.
c. Action investigative techniques.
d. Conversion investigative techniques.

Answer 1

Answer c)

Question 2

When beginning an investigation, it is important that fraud examiners use techniques that will:

a. Not arouse suspicion.
b. Identify the perpetrator.
c. Determine the amount of the fraud.
d. Identify when the fraud occurred.

Answer 2

Answer a)

Question 3

When conducting interviews during an investigation, which of the following words should usually be avoided?

a. Audit.
b. Inquiry.
c. Investigation.
d. Record examination.

Answer 3

Answer c)

Question 4

When beginning a fraud investigation, which of the following methods is most useful in identifying possible suspects?
a. Preparing an identification chart.
b. Preparing a vulnerability chart.
c. Preparing a surveillance log.
d. Hiring a private investigator to tail the subject.

Answer 4

Answer b)

Question 5

Invigilation:
a. Is most commonly used when investigating crimes that involve the taking of physical assets.
b. Can create tremendous amounts of documentary evidence.
c. Provides evidence to help determine whether fraud is occurring.
d. All of the above are true.

Answer 5

Answer c)

Question 6

Which of the following is not a theft act investigation method?
a. Invigilation.
b. Honesty testing.
c. Seizing and searching computers.
d. Surveillance and covert operations.

Answer 6

Answer b)

Question 7

When deciding whether or not to investigate, which of the following factors should an organization not consider?
a. Possible cost of the investigation.
b. Perceived strength of the predication.
c. Possible public exposure resulting because of the investigation.
d. All of the above should be considered.

Answer 7

Answer d)

Question 8

Surveillance, when properly performed, is always done:
a. Without the perpetrator’s knowledge.
b. During nonworking hours.
c. Only by law enforcement agents.
d. None of the above.

Answer 8

Answer a)

Question 9

Which of the following is not included in a vulnerability chart?
a. Explanations of the fraud triangle in relation to suspects of fraud.
b. Breakdowns in key internal controls that may have created fraud opportunities.
c. Internal controls that a company plans to institute in the future.
d. Theft act investigation methods.

Answer 9

Answer c)

Question 10

A vulnerability chart:
a. Forces investigators to explicitly consider all aspects of a fraud.
b. Shows the history of fraud in a company.
c. Identifies weaknesses in every aspect of a company’s internal control.
d. Gives a detailed record of all the movements and activities of the suspect.

Answer 10

Answer a)

Question 11

Fixed-point, or stationary, observations can be conducted by:
a. Certified fraud examiners.
b. Company personnel.
c. Private investigators.
d. Anyone, if conducted properly.

Answer 11

Answer d)

Question 12

Surveillance logs should include all of the following except:
a. Time the observation began and ended.
b. Cost of the surveillance equipment used.
c. Movements and activities of the suspect.
d. Distance the observation was from the scene.

Answer 12

Answer b)

Question 13

Wiretapping, a form of electronic surveillance, can usually be legally used by:
a. Internal auditors.
b. Company controllers.
c. CPAs.
d. None of the above.

Answer 13

Answer D

Question 14

Which of the following investigation methods often raise concerns about employees’ privacy at work?
a. Electronic surveillance.
b. Invigilation.
c. Forensic accounting.
d. Interviewing and interrogation.

Answer 14

Answer a)

Question 15

Who should be consulted before any form of surveillance takes place?
a. Public investors and the company’s board of directors.
b. State attorney general.
c. Legal counsel and human resources.
d. All company executives.

Answer 15

Answer c)

Question 16

When seizing computers, a calculation (also called a hash) that ensures you have an exact clone and have not changed data is called
a(n): a. NIST number.
b. ODBC connection.
c. Internet packet calculation.
d. CRC checksum number.

Answer 16

Answer d)

Question 17

A snapshot of active memory should be done:
a. Before seizure of the computer.
b. After seizure of the computer but before turning off the computer.
c. After turning off the computer but before calculation of the checksum number.
d. After calculation of the checksum number but before searching.

Answer 17

Answer b)

Question 18

Which of the following is the last step in an investigation?
a. Interview suspect
b. Interview former employees
c. Interview former buyers
d. Perform surveillance

Answer 18

Answer a)

Question 19

When investigating fraud, investigators should usually interview suspects:
a. at the beginning of the investigation process to really put the heat on them.
b. in the middle of the investigation process to make them feel that they are not really a suspect.
c. at the end of the investigation process so that they can gather sufficient evidence against them.
d. any time during the investigation process to avoid creating undue stress and suspicion among other employees.

Answer 19

Answer c)

Question 20

Which of the following is NOT a method for theft investigation?
a. Covert operations (surveillance)
b. Electronic searches
c. Invigilation
d. Physical evidence

Answer 20

Answer b)

Question 21

Which of the following statements regarding invigilation is accurate?
a. It is a method of creating a loosely monitored environment to catch fraudulent activities.
b. It is an inexpensive method of monitoring all employees during the investigation process.
c. It is most commonly used in such high-risk areas such ‘as expensive inventory.
d. It is a method of watching and recording physical facts, acts, and movements

Answer 21

Answer c)

Question 22

Identify the best pattern/order to go about a theft investigation.
a. Search public records, check personal records, interview suspect, interview former employers, and interview
other buyers.
b. Check personnel records, interview former employers, search public records, interview other buyers, and
interview suspect.
c. Interview suspect, interview former employers, search public records, check personal records, and interview
other buyers.
d. Interview other buyers, check personal records, interview former employers, interview suspect, and search
public records.

Answer 22

Answer b)

Question 23

Which of the following is NOT a type of surveillance?
a. Stationary or fixed point
b. Audit
c. Tailing
d. Electronic surveillance

Answer 23

Answer b)

Question 24

Which investigation technique relies on a person’s senses, especially hearing and seeing?
a. Invigilation
b. Surveillance and covert operations
c. Electronic evidence
d. Obtaining physical evidence

Answer 24

Answer b)

Question 25

Surveillance is usually used to investigate:
a. theft acts.
b. concealment possibilities.
c. conversion possibilities.
d. key internal controls

Answer 25

Answer a)

Question 26

What is invigilation?
a. A theft act investigative technique that records the physical evidence, facts, and movements which form part of
a fraud.
b. A theft act investigative technique that involves close supervision of the suspects during the examination period.
c. A theft act investigative technique that is used when large-scale fraud is likely and other methods of
investigation fail.
d. A theft act investigative technique that involves confiscating and searching computers and other electronic
sources of information

Answer 26

Answer b)

Question 27

Undercover operations should be used only when:
a. large-scale fraud is likely and other investigation methods fail.
b. controls are made so strict that opportunities to commit fraud are virtually impossible.
c. the investigation cannot be kept a secret.
d. there is a need to develop theories about what kind of fraud has occurred.

Answer 27

Answer a)

Question 28

Which of the following statements is NOT accurate?
a. Fraud investigations should begin in a manner that does not arouse suspicion.
b. Initially, investigators should avoid using words like “investigation.”
c. The investigation process usually starts by approaching the suspect.
d. Investigators should focus on gathering the strongest types of evidence.

Answer 28

Answer c)

Question 29

Subjects of covert operations are protected against unreasonable breaches of privacy under the ______ of the
Constitution.
a. Fourth Amendment
b. Fifth Amendment
c. Second Amendment
d. Seventh Amendment

Answer 29

Answer a)

Question 30

Which of the following is true about invigilation?
a. The strict controls imposed are temporary in nature.
b. During the period of invigilation, evidence is presented to suspects with the hopes of getting a confession.
c. When invigilation is conducted, it is best to cover all aspects of the business.
d. Invigilation should be accomplished in five to seven days.

Answer 30

Answer a)

Question 31

An investigator locates the scene that should be observed, anticipates the action that is most likely to occur at the
scene, and keeps detailed notes on all activities involving the suspect. Which type of surveillance is being used here?
a. Static surveillance
b. Electronic surveillance
c. Stationary surveillance
d. Moving surveillance

Answer 31

Answer c)

Question 32

In most investigations of a fraud suspect, investigators should begin by:
a. confronting the suspect.
b. checking personal and company records.
c. interviewing co-workers.
d. performing invigilation

Answer 32

Answer b)

Question 33

Undercover operations are costly and time-consuming and should be used with extreme care. In which of the
following situations would it be ineffective to conduct an undercover operation?
a. When law enforcement authorities are informed
b. When the investigation can be closely monitored
c. When other investigation methods are available
d. When the investigation can remain secretive

Answer 33

Answer c)

Question 34

A ____ is a tool for explicitly considering all aspects of the fraud and for establishing fraud theories.
a. vulnerability chart
b. perceptual map
c. surveillance log
d. Pareto chart

Answer 34

Answer a)

Question 35

Experts recommend that invigilation must continue:
a. for at least 7 days.
b. for at least 14 days.
c. for at least 21 days.
d. for an indefinite period determined by the individual investigator.

Answer 35

Answer b)

Question 36

______ means that there are symptoms or red flags that a fraud may be occurring.
a. Predication
b. Vulnerability
c. Audit
d. Presumption

Answer 36

Answer a)

Question 37

Several factors are considered in deciding whether or not to investigate fraud. Which of the following is NOT one of
them?
a. Perceived cost of the investigation
b. Exposure or amount that could have been taken
c. Perceived strength of the predication
d. Preparation of a surveillance log

Answer 37

Answer d)

Question 38

Which of the following is a form of surveillance that is usually only available to law enforcement officers?
a. Surveillance using video cameras
b. Wiretapping
c. Stationary surveillance
d. Tailing

Answer 38

Answer b)

Question 39

Which of the following are theft act investigation methods that usually involve observing or listening to potential
perpetrators?
a. Audits
b. Online resources
c. Document examination
d. Surveillance and covert operations

Answer 39

Answer d)

Question 40

For fraud to occur, usually three elements are necessary: pressure, opportunity, and:
a. excitement.
b. guidance.
c. rationalization.
d. money.

Answer 40

Answer c)

Question 41

What is the term for a calculation (using encryption technologies) based on the contents of a disk or file that are
engineered so that even small changes in the source data will produce significantly different checksum results?
a. cyclic random check number
b. cyclic redundancy check number
c. cyclic repetition check number
d. random variable check number

Answer 41

Answer b)

Question 42

What is used in court cases to prove that data has not been adversely affected during analysis?
a. Arithmetic mean
b. Deviation measure
c. Random sampling
d. Checksums

Answer 42

Answer d)

Question 43

The two primary checksum methods used today are:
a. E-TTL I and E-TTL II.
b. SSFDC and SDHC.
c. MD5 and SHA-1.
d. SSFDC and RS-232

Answer 43

Answer C)

Question 44

Which investigative method is most useful after you have gathered other types of evidence and know who to
interview and what questions to ask?
a. Inquiry
b. Theft
c. Concealment
d. Conversion

Answer 44

Answer a)

Question 45

Which investigation technique usually does not work well in kickback situations?
a. Concealment
b. Theft
c. Inquiry
d. Conversion

Answer 45

Answer a)

Question 46

.A divisional manager is suspected of adding ghost employees to the payroll. Which investigative method can most
easily uncover this type of fraud?
a. Undercover operations
b. Theft
c. Concealment
d. Conversion

Answer 46

Answer c)

Question 47

Electronic surveillance may have only limited value in the investigation of employee frauds and many other white-collar crimes. Why?
a. Lack of adequate technology
b. Concerns regarding employees’ privacy
c. Prohibitively high cost of installation and maintenance
d. Relative ease of tampering with evidence

Answer 47

Answer b)

Question 48

Which of the following is a basic objective of surveillance, whether manual or electronic?
a. Identify victims of the fraud
b. Analyze how the money comes back in the form of assets
c. Understand the cover-up or concealment of fraud
d. Catch fraud at the theft act stage

Answer 48

Answer d)

Question 49

Which general term refers to the gathering of electronic evidence?
a. Checksum
b. Online verification
c. Electronic audit
d. Computer forensics

Answer 49

Answer d)

Question 50

Concealment investigative techniques do not work well in kickback situations. Why?
a. The parties in the transaction will be hard to trace.
b. Results of concealment investigative techniques are not admissible as evidence in courts.
c. There is usually no direct documentary evidence.
d. The risk involved in such investigations is unusually high.

Answer 50

Answer c)

Question 51

Which of the following observations concerning physical evidence is true?
a. Physical evidence is not useful in fighting fraud cases.
b. Physical evidence is more associated with non-fraud types of crimes.
c. Physical evidence is useful in fraud cases because fraud has physical symptoms.
d. Physical evidence does not involve electronic sources of information

Answer 51

Answer b)

Question 52

Identify the first step in any electronic evidence collection process.
a. Seizure of the device
b. Automated search of the device
c. Clone the device
d. Do a manual reconnaissance

Answer 52

Answer a)

Question 53

Which step in the electronic evidence collection process is important to ensure that the original disk is kept in its seized
state?
a. Evidence mapping
b. Search
c. Seizure
d. Cloning

Answer 53

Answer d)

Question 54

Which checksum method is considered more advanced and secure than the method it replaced?
a. MD5
b. CRC-1
c. SHA-1
d. CRC-2

Answer 54

Answer c)

Question 55

What usually dictates which of the four common ways frauds are investigated is utilized?
a. The method in which the selected investigator possesses the strongest expertise
b. The method preferred by the investigator (the one he or she is most familiar with)
c. The level of authority of the suspected perpetrator within the company
d. The specific type of fraud committed

Answer 55

Answer d)

Question 56

Which of the following is important regarding invigilation?
a. Invigilation should include all areas of the business.
b. The time period for the invigilation should be at least one month.
c. Past records should be analyzed in order to establish an operating profile for the invigilation.
d. The investigator should make the decision regarding the temporary controls to be put in place for the
invigilation.

Answer 56

Answer c)

Question 57

Which of the following is NOT a component of a vulnerability chart?
a. Listing assets that are missing
b. Concealment possibilities
c. Internal controls that had to be compromised
d. Identification of the suspected perpetrator

Answer 57

Answer d)

Question 58

Which of the following indicates an observed symptom (red flag) of fraud?
a. An employee is unhappy with her pay.
b. An employee is undergoing a messy divorce.
c. An employee has bought a luxury car and some expensive jewelry.
d. An employee was seen shredding documents after hours

Answer 58

Answer c)

Question 59

Which of the following is a benefit of creating a vulnerability chart?
a. It forces the investigators to explicitly consider all aspects of a fraud act.
b. It conveys a warning to all employees that fraud will not be tolerated.
c. It lists/coordinates the steps the investigator must take to uncover the perpetrator.
d. It shows management where controls are weak

Answer 59

Answer a)

Question 60

Which of the following is an increasingly popular form of gathering physical evidence of fraud?
a. Reviewing spending habits of all those possibly involved
b. Confiscating and searching computers
c. Tracking missing inventory through bar codes
d. Creating and viewing surveillance tapes

Answer 60

Answer b)

Question 61

What is the term for gathering and analyzing electronic evidence?
a. Confiscating computers
b. Computer forensics
c. Electronic surveillance
d. Electronic investigation

Answer 61

Answer b)

Question 62

Web-based e-mail within a user’s browser:
a. is especially difficult to search.
b. is especially easy to search, requiring no search warrant.
c. can only be searched from the suspect’s laptop.
d. cannot be searched.

Answer 62

Answer b)