Vocabulary-Fraud

Question 1

According to The Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing, the internal audit team must evaluate the potential for the occurrence of fraud, as well as the organization’s fraud risk management initiatives. T/F

Answer 1

True
According to The Institute of Internal Auditors’ Standard 2120.A2, the internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk.

Question 2

According to PCAOB Auditing Standard No. 5, an auditor should implement a bottom-up approach when auditing an entity’s internal control over financial reporting. T/F

Answer 2

False
According to PCAOB Auditing Standard No. 5, auditors should implement a top-down approach in performing an audit of internal control over financial reporting. A top-down approach “begins at the financial statement level and with the auditor’s understanding of the overall risks to internal control over financial reporting. The auditor then focuses on entity-level controls and works down to significant accounts and disclosures and their relevant assertions.” (Paragraph 21) This approach focuses auditors on those accounts, disclosures, and assertions that are most likely to result in material misstatement of the company’s financial statements. The standard makes explicit mention, however, that this approach describes the auditor’s thought process when identifying risks and the controls to test, rather than the order in which the auditor should perform the audit procedures.

Question 3

According to The Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing, internal auditors must apply the care and skill of an expert whose primary responsibility is investigating fraud. T/F

Answer 3

False
Internal Auditing Standard 1220 states that internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor. The standard also states, however, that due professional care does not imply infallibility.

Question 4

AU Section 240 delineates two types of frauds that are relevant for audit purposes: those that involve intentional fraudulent omissions or inclusions in the financial statements and those that involve the theft or misuse of company assets. T/F

Answer 4

True
AU Section 240 outlines the two primary types of fraud-related misstatements that are considered relevant for audit purposes: misstatements arising from fraudulent financial reporting and misstatements arising from misappropriation of assets. Fraudulent financial reporting occurs through intentional fraudulent omissions or inclusions in the financial statements. Asset misappropriation involves the theft or misuse of company assets.

Question 5

According to the requirements of the Sarbanes-Oxley Act, which of the following parties is responsible for establishing procedures to handle complaints regarding irregularities in a publicly traded company’s accounting methods, internal controls, or auditing matters?

Answer 5

Audit Committee
The Sarbanes-Oxley Act has several provisions that set out specific requirements for the audit committees of public companies. Specifically, the audit committee has the sole responsibility for hiring, overseeing, and paying the external auditors and for resolving any disputes that arise between the auditors and management regarding financial reporting issues. The audit committee is also required to establish procedures (e.g., a hotline) for receiving, retaining, and dealing with complaints, including confidential or anonymous employee tips, regarding irregularities in the company’s accounting methods, internal controls, or auditing matters. Additionally, the committee is required to pre-approve all services to be performed by the external auditors. While the audit committee may consult with outside advisors, it is not required to approve those advisors hired by management.

Question 6

The Private Securities Litigation Reform Act requires public company audits to include procedures designed to provide reasonable assurance of detecting __________ that would have a direct and material effect on the financial statements.

Answer 6

Illegal Acts (not fraud)
The Private Securities Litigation Reform Act (PSLRA), passed in 1995, sets forth several responsibilities for independent auditors of public companies. One of the requirements is that each audit of the financial statements of a public company includes procedures designed to provide reasonable assurance of detecting illegal acts that would have a direct and material effect on the determination of financial statement amounts.

Question 7

Specific corporate governance practices for publicly traded U.S. corporations are mandated by the Uniform Corporate Governance Act. T/F

Answer 7

False
There is no U.S. law called the Uniform Corporate Governance Act.

In the United States, corporate governance requirements are found in legislative and regulatory requirements imposed upon corporations. Each state has laws governing those corporations that are registered in it. Additionally, public companies are subject to federal legislation, as well as regulation by securities industry oversight bodies. The most significant corporate governance requirements for these companies are found in the Sarbanes-Oxley Act, as well as in the rules laid out by the New York Stock Exchange (NYSE) and NASDAQ for companies listed on those markets.

Question 8

What are core principles of sound corporate governance

Answer 8

AFTeR

Most systems of corporate governance are focused on several core principles or values, which include:
• Accountability
• Transparency
• Fairness
• Responsibility

Question 9

The boards of directors of companies that are listed on the NYSE or NASDAQ must be composed of a majority of independent directors. T/F

Answer 9

True
Companies with securities listed on the NYSE are bound by the corporate governance requirements contained in the NYSE Listed Company Manual; similarly, the corporate governance standards issued as part of the NASDAQ Equity Rules apply to all entities with securities listed on the NASDAQ exchange. Both the NYSE and the NASDAQ rules state that a majority of the directors on a listed company’s board must be independent.

Question 10

The purpose of corporate governance is to:

Answer 10

Encourage the efficient use of resources and require accountability for the stewardship of those resources.
Sir Adrian Cadbury, chairman of the committee that developed the foundational corporate governance guidance The Cadbury Report, stated that the purpose of corporate governance is “to encourage the efficient use of resources and equally to require accountability for the stewardship of those resources. The aim is to align as nearly as possible the interests of individuals, corporations, and society.”

Question 11

Are opinions or attestations about a fraud-free environment Certified Fraud Examiners allowable?

Answer 11

No,
Fraud examiners must always perform their work with an attitude of skepticism and begin with the belief that something is wrong or someone is committing a fraud (depending on the nature of the assignment and the preliminary information available). Furthermore, fraud examiners should relax their attitude of skepticism only when the evidence shows no signs of fraudulent activity. At no time is a Certified Fraud Examiner entitled to assume a fraud problem does not exist. Thus, professional skepticism can be dispelled only by evidence. As a result, opinions or attestations about a fraud-free environment are absolutely prohibited for Certified Fraud Examiners.

Question 12

A Certified Fraud Examiner is strictly prohibited from accepting an assignment to uncover fraud in a company in which he has a major interest? T/F

Answer 12

False
Article II of the Certified Fraud Examiner Code of Professional Ethics states: “A CFE shall not engage in any illegal or unethical conduct, or any activity which would constitute a conflict of interest.” However, a Certified Fraud Examiner does not have the same responsibilities as a Certified Public Accountant. For example, a CPA generally would not be able to express an audit opinion on a company in which he held a major financial interest. In the case of the Certified Fraud Examiner, he would be able to accept such an assignment under most conditions, since the goal of the Certified Fraud Examiner is to gather facts regarding a potential fraud, not express an opinion. The fraud examiner should, however, make appropriate disclosures regarding his ownership.

Question 13

Under the Certified Fraud Examiner Code of Professional Ethics, information provided to a CFE by a client is considered privileged information and is therefore protected from being legally demanded by outside parties. T/F

Answer 13

False
Privileged information is information that cannot be demanded, even by a court. Common law privileges exist for husband-wife and attorney-client relationships, and physician-patient and priest-penitent relationships have obtained the privilege through state statutes. In all the recognized privileged relationships, the professional person is obligated to observe the privilege, which can be waived only by the client, patient, or penitent. Likewise, the Certified Fraud Examiner’s client or employer is the holder of the confidence. Certified Fraud Examiners, like CPAs and similar professionals, do not have protected privileges in common law or statute.

Question 14

The CFE Code of Professional Ethics prohibits CFEs from engaging in conflicts of interest. What are examples of conflicts of interest?

Answer 14

The CFE Code of Professional Ethics states that Certified Fraud Examiners shall not engage in conflicts of interest. A conflict of interest exists when a fraud examiner’s ability to objectively evaluate and present an issue for a client is impaired by a current, prior, or potential future relationship with parties to the fraud examination.
Deciding if a conflict or a community of interests exists depends on the facts of each particular situation; however, the following are some general rules concerning conflicts of interest:
A Certified Fraud Examiner employed full time by a company should not engage in other jobs that create a hardship or loss to the employer.
A fraud examiner should not be a “double agent” employed by one company, but retained by another company or person to infiltrate the employer and transmit inside information (unless, of course, the employing company agrees to the arrangement in order to apprehend other parties employed by the company).
A Certified Fraud Examiner should not accept engagements from both sides to a controversy—just like lawyers are prohibited from representing both parties in a transaction, lawsuit, or trial.

Question 15

In general, the lowest level of reference for making moral decisions is:

Answer 15

the law
When faced with an ethics-related problem, it is tempting and appropriate to begin analyzing the issue by asking: Is it legal? The law, including professional rules and regulations, deals with actions that are permitted and prohibited, but it is the lowest level of reference for moral decisions; a law might permit an action that is prohibited by a profession’s code of ethics. Laws, rules, and regulations function as standards by which to judge whether an action is acceptable or illegal, but not whether the behavior is right. For instance, if you have promised an individual that you will honor a contract, you are ethically bound to do so, regardless of your legal responsibility; under these facts, keeping your word is the right thing to do, no matter what the law says.

Question 16

Under the Certified Fraud Examiner Code of Professional Ethics, evidence and conclusions are considered ___________ if knowledge of them would affect clients’ decisions based on a Certified Fraud Examiner’s report.

Answer 16

Evidence and conclusions are material if knowledge of them would affect clients’ decisions based on a Certified Fraud Examiner’s report. Materiality is a user-oriented concept. If matters omitted from a report were known to the users, and their own perceptions and conclusions would be different in light of this knowledge, the omitted information is material. Article VII requires CFEs to reveal all material matters discovered during the course of an examination which, if omitted, could cause a distortion of the facts.

Question 17

COSO’s Internal Control—Integrated Framework identified five interrelated components of internal control:

Answer 17

AIMER

COSO’s Internal Control—Integrated Framework identified five interrelated components of internal control: control environment, risk assessment, control activities, information and communication, and monitoring. The effectiveness of internal controls can be determined from an assessment of whether 1) each of these five components is in place and functioning effectively and 2) the five components are operating together in an integrated manner.

Question 18

What is risk assessment?

Answer 18

According to the COSO Framework, “Every entity faces a variety of risks from external and internal sources. Risk is defined as the possibility that an event will occur and adversely affect the achievement of objectives.” Risk assessment involves the identification and assessment of the risks the entity faces in achieving its organizational objectives. This process is dynamic and iterative, and it forms the basis for determining how risks will be managed.

According to COSO, the risk assessment involves the following principles:
• The organization sets sufficiently clear objectives to enable the identification and assessment of risks relating to the objectives.
• The organization identifies risks to the achievement of its objectives across the entity and analyzes these risks as a basis for determining how the risks should be managed.
• The organization considers the potential for fraud in assessing risks to the achievement of objectives.
• The organization identifies and assesses changes that could significantly impact the system of internal control.

Question 19

Under Section 404 of the Sarbanes-Oxley Act, public companies must issue an internal control report within their annual report containing:

Answer 19

Internal controls of financial report (ICOFR)
(IFEE)

Under Section 404 of the Sarbanes-Oxley Act, public companies must issue an internal control report within their annual report containing:
• A statement of management’s responsibility for establishing and maintaining adequate ICOFR
• A statement identifying the framework used by management in performing the assessment of the effectiveness of ICOFR
• Management’s assessment of the effectiveness of the company’s ICOFR
• A statement that the independent auditor has issued an attestation report on management’s assessment of the company’s ICOFR

Question 20

Unless specific unacceptable conduct is detailed in a fraud prevention policy, there can be legal problems in discharging a dishonest employee. T/F

Answer 20

True
Many companies have learned that it is best to spell out specific unacceptable conduct in a fraud prevention policy. If the type of conduct that is considered unacceptable is not accurately detailed, there might be legal problems in discharging a dishonest employee. Check with legal counsel regarding any legal considerations with respect to a fraud policy. One of the most important legal considerations is to ensure everyone and every allegation is handled in a uniform manner.

Question 21

The content covered by the organization’s anti-fraud programs should focus on ____

Answer 21

The content covered by the organization’s anti-fraud programs should focus on the specific risks faced by the organization to provide employees with practical, implementable knowledge.

However, it should not give employees the information they need to “beat the system” by explaining the details of controls and procedures used to detect fraud. In that regard, the following topics form the basis of an effective program:
• What fraud is, including examples of what behavior is acceptable and what is not
• How fraud hurts the organization
• How fraud hurts employees
• Common characteristics that lead individuals to commit fraud (i.e., pressure, opportunity, and ability to rationalize the act)
• How to identify fraud (i.e., specific examples of financial, transactional, behavioral, and other red flags to watch for)
• How to report fraud
• The punishment for dishonest acts, including examples of past transgressions and how they were handled

Question 22

Managers should be instructed to observe employees’ lifestyles for warning signs of fraud, and employees should know that supervisors are watching for unexplained or suspicious anomalies of this nature. T/F

Answer 22

True
It is common for employees who steal to use the proceeds for lifestyle improvements. Some examples include more expensive cars, extravagant vacations, expensive clothing, new or remodeled homes, expensive recreational property, and outside investments. Managers should be educated to be observant of these signs. To further increase the deterrent effect, employees should know that supervisors are watching for unexplained or suspicious anomalies of this nature.

Question 23

Management must assign a quantitative measure to its risk appetite so that it can accurately measure the fraud risk management program’s effectiveness. T/F

Answer 23

False
Management can choose whether to use a quantitative measure or a qualitative one to express risk appetite. An important component in defining the objective of the fraud risk management program is determining management’s risk appetite. Risk appetite should be expressed in a manner that is appropriate for the organization’s culture and operations, whether qualitatively—low, medium, or high, for example—or quantitatively, using a numeric scale. For example, a company’s management might decide that it prefers to reduce the residual risk of fraud down to a “low” level, implying a desire for strong controls and monitoring of such controls over a particular area of the business. Another company might decide that any risk rated three or higher (on a risk scale of one to five) is unacceptable. Risk appetite can also be broken down into specific types or sources of fraud, which allows for prioritization of fraud risk management strategies based on the assessed components.

Question 24

A fraud risk assessment report should reflect the assessment team’s subjective perspective and opinions that were formed during the assessment engagement. T/F

Answer 24

False
Much instinct and judgment goes into performing the fraud risk assessment. When reporting the results of the assessment, however, the team must stick to the facts and keep all opinions and biases out of the report. A report that is peppered with the assessment team’s subjective perspective will dilute and potentially undermine the results of the work.

Question 25

An entity’s corporate culture is most effectively assessed using a checklist of initiatives to make sure all the elements of a strong tone at the top are in place. T/F

Answer 25

False
A strong corporate culture can most often be observed by its outcome, rather than by any individual component. Fostering a culture of ethics and compliance runs deeper than simply implementing a checklist of initiatives; similarly, a culture of corruption can exist even in companies with seemingly sound policies in place.

Question 26

For analytical procedures performed during an audit to be most effective in uncovering fraud, the scheme must materially impact the financial statements. T/F

Answer 26

True
Some internal fraud is discovered as a result of analytical procedures performed during a financial statement audit. To uncover fraud using such techniques, however, the scheme must materially impact the financial statements. Auditors should be especially mindful of the following trends:
• Increasing expenses
• Increasing cost of sales
• Increasing receivables/decreasing cash
• Increasing inventories
• Increasing sales/decreasing cash
• Increasing returns and allowances
• Increasing sales discounts

Question 27

To show appreciation for an employee’s hard work, a manager exempts the individual from several undesirable administrative tasks. This is an example of positive reinforcement. T/F

Answer 27

False
Reinforcement and punishment of behavior are distinguished by the way that positive and negative forces are applied. A positive reinforcement presents a positive stimulus in exchange for the desired response. For example, a parent might say to a child, “You’ve cleaned your room. Good. Here’s the key to the car.” The behavior (cleaning) is reinforced by the awarding of the positive stimulus (the car key). In contrast, a negative reinforcement withdraws a negative stimulus in exchange for the desired response. Continuing the example, the parent might say, “I’ll stop hassling you if you clean this room.” The negative stimulus (hassling) is withdrawn when the appropriate behavior is performed.

Question 28

What is the theory of differential association

Answer 28

The theory of differential association was developed by criminologist Edwin Sutherland. It states that: (1) criminal behavior is learned; (2) it is learned from other people in a process of communication; (3) criminal behavior is acquired through participation with intimate personal groups; (4) the learning process includes the shaping of motives, drives, rationalizations, and attitudes; (5) motives are learned from definitions of legal codes as being favorable or unfavorable; (6) a person becomes a criminal because of an excess of definitions favorable to violation of the law over definitions unfavorable to violation of the law; (7) differential association may vary in frequency, duration, priority, and intensity; (8) learning criminal behavior involves all the mechanisms of other learning; (9) learning differs from pure imitation; and (10) while criminal behavior is an expression of general needs and values, it is not explained by these needs and values.

Question 29

A behaviorist view of the workplace advocate

Answer 29

Emotions, according to behavioral pioneer B. F. Skinner, are a predisposition for people’s actions. And since the emotional associations of any event are important factors in conditioning behavior, the associations can be manipulated in conditioning the behavior. The behaviorist view proposes that, when managers are faced with disgruntled employees, they can modify these emotional circumstances with adequate compensation and recognition of workers’ accomplishments. Incentive programs and task-related bonuses follow this principle, assuming that employees who feel challenged and rewarded by their jobs will produce more work at a higher quality and are less likely to violate the law.

Question 30

Fines imposed under the Corporate Sentencing Guidelines are based on what factors:

Answer 30

Fines imposed under the Corporate Sentencing Guidelines are based on two factors: the seriousness of the offense and the level of culpability by the organization. The seriousness of the offense determines the base fine to be imposed. This figure can be quite high. The organization’s culpability is a measure of the actions taken by the organization that either mitigated or aggravated the situation. Depending on the culpability of the organization, the base fine can be increased by as much as 400 percent or reduced by as much as 95 percent.

Question 31

According to the 2014 Report to the Nations, which of the three major categories of occupational fraud is the most common?

Answer 31

All occupational frauds fall into one of three major categories: asset misappropriation, corruption, or financial statement fraud. In the 2014 Report to the Nations, asset misappropriation schemes were both the most commonly reported—occurring in more than 85 percent of cases—and the least costly of the three major categories of occupational fraud. Financial statement fraud, on the other hand, was the least commonly reported type of occupational fraud, occurring in just 9 percent of cases reported, but these schemes caused considerably more damage than frauds in the other two categories. Corruption schemes fell in the middle of the spectrum in terms of frequency and cost.

Question 32

The term white-collar crime was first coined by which of the following scholars?

Answer 32

The term white-collar crime was coined by Edwin H. Sutherland in December 1939 during his presidential address in Philadelphia to the American Sociological Society. Since the term first was used, there have been constant disputes regarding what is (or should be) its formal definition.

Question 33

The two primary strategies to control corporate criminal behavior are:

Answer 33

Compliance and deterrence

Question 34

The criminologist responsible for the well-known hypothesis of the “fraud triangle” is:

Answer 34

Donald R. Cressey

Question 35

Fraud triange

Answer 35

Pressure, Opportunity, Rationalization

Question 36

What are the theories for Enforcement strategies?

Answer 36

Enforcement strategies include two main theories: compliance and deterrence. Compliance hopes to achieve conformity to the law without having to detect, process, or penalize violators. Compliance systems provide economic incentives for voluntary compliance to the laws and use administrative efforts to control violations before they occur. In contrast, deterrence is designed to detect law violations, determine who is responsible, and penalize offenders in order to deter future violations. Deterrence systems try to control the immediate behavior of individuals, not the long-term behaviors targeted by compliance systems.