Domain 6

Domain 6 – Fraud Risks
Question 1
Which of the following is used to identify healthcare providers who bill for more
services in a single day than the number of services that most of similar providers that
bill in a single day?
a) Rules-based
techniques
b) Anomaly-based
techniques
c) Network-based
techniques
d) Predictive-based
techniques
Anomaly-based techniques are a process of comparing definitions of what activity is
considered normal against observed activity to identify significant deviations. Simply
stated, anomaly-based techniques compare normal activity against abnormal activity
and against peers.
Question 2
Which of the following shows future events and outcomes?
a) Traditional data
analytics
b) Streaming data
analytics
c) Embedded data
analytics
d) Social media data
analytics
Embedded data analytics show future events and outcomes.
Question 3
Which of the following uses web-call-center notes and web-chat notes to detect fraud?
a) Text-based data
analytics
b) Open source data
analytics
c) Visual data analytics
d) Streaming data
analytics
. Since web-call-center notes and web-chat notes are written in words, text-based data
analytics are useful to identify fraud. This analytic is based on matching keywords.
Question 4
When data dashboards are built into business-oriented application systems, it is called:
a) Fraud data
analytics.
b) Streaming data
analytics.
c) Web-based data
analytics.
d) Embedded data
analytics.
. This choice defines the question correctly.
Question 5
The metric “click to conversion time” can be measured with which of the following?
a) Behavioral
analytics
b) Location
analytics
c) Advanced
analytics
d) Content
analytics
Behavioral analytics show how people behave in doing certain things. For example,
these analytics can show how many different clicks and navigation paths have taken
place before a customer purchases a product or service from a retailer's website. This
can be measured as click to conversion time.
Question 6
Regarding big data, data ownership and data usage policies are addressed in which of
the following?
a) Data reliability
standards
b) Data governance
standards
c) Data quality standards
d) Information quality
standards
. Data governance standards deal with oversight-related data issues such as data
ownership, data stewardship, data custodian, data usage policies, and data access
rules.
Question 7
Airline companies use which of the following most to determine airline ticket prices
for passengers?
a) Customer
analytics
b) Prescriptive
analytics
c) Behavioral
analytics
d) Statistical
analytics
Airline companies use prescriptive analytics most to determine airline ticket prices
because they help decide what should happen in the future. Airline companies may
use a combination of prescriptive analytics, customer analytics, behavioral analytics,
statistical analytics, and other analytics.
Question 8
When big data is turned into new insights, this process refers to which of the
following characteristic of big data?
a) Volume
b) Variety
c) Value
d) Velocity
Value means organizations can benefit from the use of big data. The benefits are
derived from the insights provided by big data.
Question 9
Which of the following characteristics of big data is the main technical driver of
investment in big data?
a) Volume
b) Velocity
c) Veracity
d) Variety
. Variety is the main technical driver of investment in big data because more variety
means more insights, more decisions, and more opportunities. The variety of data
comes from all types of data formats, both internally and externally.
Question 10
Which of the following characteristics of big data are the main business drivers of
investment in big data?
a) Volume and
variety
b) Value and
velocity
c) Velocity and
veracity
d) Variety and
variability
. Value and velocity are the main business drivers of investment in big data because
they provide better insights at greater speeds.
Question 11
Which of the following is an example of unstructured data?
a) Data in disconnected computer
systems
b) Data in data warehouses
c) Data in databases
d) Web pages on the Internet
. Data in disconnected computer systems is unstructured due to multiple and dissimilar
systems collecting data with different data formats and structures.
Question 12
Which of the following thrives on big data?

a) Prescriptive analytics
b) Descriptive analytics
c) Predictive analytics
d) Advanced predictive
analytics
. Prescriptive analytics thrive on big data because prescriptive analytics indicate or

help decide what should happen in the future.
Question 13
Credit bureaus use which of the following to develop credit scores for individuals?
a) Behavioral
analytics
b) Customer
analytics
c) Big-data
analytics
d) Predictive
analytics
Credit bureaus use predictive analytics to develop credit scores for individuals. They
collect several data items, such as income, credit history, outstanding loan balances,
payment history, and account activity, to predict whether the individual has the
financial ability to pay current and future debts.
Question 14
The ultimate goal of big data is which of the following?
a) Data collection and
validation
b) Data insights
c) Data-driven decision
making
d) Data-driven models
Data-driven decision making is the ultimate goal of big data. All the efforts put into
developing data models and collecting, and validating data are to obtain new insights,
which, in turn, are turned into decisions and actions.
Question 15
During big-data collection efforts, which of the following requires extra attention?
a) Timing of
data
b) Sourcing of
data
c) Quality of
data
d) Scope of
data
. Sourcing of data is a critical consideration because real and fake sources exist and
because there are so many data sources, thus making it difficult to know what is good
or bad information. Hence, data sources require extra attention.
Question 16
An organization's information value that is at risk can be best determined by:
a) Use of
information
b) Storage of
information
c) Retention of
information
d) Loss of
information
. Information value is at risk primarily when the information is lost due to various
undesirable incidents, such as data breaches, data stealing, data damaging, data
modifying, data destruction, data sharing, data transfer, or data selling (e.g., credit
card numbers and Social Security numbers).
Question 17
An organization has listed four steps in its management of aggregated data. Which of
the following represents the correct sequence of such events?
I. Establish security controls.

II. Develop data profiles.
III. Determine information value.
IV. Identify information assets.
a) IV, III,
II, and
I
b) I, II,
III, and
IV
c) II, III,
IV, and
I
d) Iv, III,
I, and
II
. This choice represents the correct sequence of events. First, information assets are
identified, their value is determined, and data profiles are developed. Finally, security
controls are established. Aggregated data is clean and normalized data summarized in
several ways from several sources, and it can be big data. This aggregated data is
input to data mining applications and is stored in data warehouses and data marts.
Question 18
The difference between errors and fraud is:
a) Collusion.
b) Intent.
c) Corruption.
d) Bribery.
. Errors are unintentional acts, such as mistakes and memory lapses. Fraud consists of
intentional acts, such as collusion, corruption, and bribery.
Question 19
A fraud risk assessment exercise must be done as a (n):
a) Blended
exercise.
b) Integrated
exercise.
c) Stand-alone
exercise.
d) Ad hoc
exercise.
. A fraud risk assessment exercise must be done as a separate and stand-alone exercise
from an internal control risk assessment exercise in order to place more focus on
fraud.
Question 20
An auditor's judgment plays a major role in which of the following items?
a) Projected
misstatements
b) Likely
misstatements
c) Known
misstatements
d) Tolerable
misstatements
A misstatement can be material or immaterial in amount. and it can be done either
intentionally or accidentally (unintentionally).
Tolerable misstatement (formerly test materiality) is the materiality the auditor uses to
test a specific line item, account, or class of transactions. Tolerable misstatement is
defined as the maximum error in a population of transactions or account balance that
an auditor is willing to accept or live with it. Based on the auditor's judgment, the
auditor may set the tolerable misstatement equal to or less than design materiality and
may set different amounts of tolerable misstatement for different line items or
accounts or assertions. The tolerable misstatement amount is certain and reasonable,
and the auditor has accepted it.
The auditor's judgment plays a major role here.
Question 21
In a fraud situation, an innocent individual is labeled as a fraudster when she is not a
fraudster and when she was reported as a fraudster. This situation is known as:
a) False
negatives.
b) False
narratives.
c) False
positives.
d) True
narratives.
. A false positive improperly identifies an innocent individual who was not engaged in
fraud as a fraudster, which is a major concern and should be avoided or reduced. For
individuals, false positives are more damaging than false negatives.
Question 22
Fraud detection is possible through the use of which of the following?
a) Predictive
models
b) Descriptive
models
c) Prescriptive
models
d) Advanced
models
. Predictive models use historical data to identify patterns associated with fraud. In
general, these models look for subtle data patterns that fit a business need, such as
finding more about a suspected fraud.
Question 23
For internal auditors, Benford's law is primarily a:
a) Fraud recovery
tool.
b) Fraud detection
tool.
c) Fraud
prevention tool.
d) Fraud
correction tool.
. Benford's law is a fraud detection tool.
Question 24
During fraud investigations, internal auditors can apply Benford's law and focus on
which of the following numbers in tabulated data?
a) First digit
b) Second
digit
c) Third digit
d) Fourth
digit
. The first digit or the leading digit is a powerful indicator of fraud.
Question 25
Which of the following deals with internal control design effectiveness and
operational efficiency issues?
a) Detection risk
b) Fraud risk
c) Control risk
d) Materiality
risk
. Control risk is a function of the effectiveness of the design and operational efficiency
of internal control in achieving an organization's objectives.
Question 26
Fraud risk is similar to which of the following in terms of its composition?
a) Materiality
risk
b) Control risk
c) Detection risk
d) Inherent risk
. Fraud risk is inherent risk plus control risk. Materiality risk is inherent risk plus
control risk. Therefore, fraud risk is similar to materiality risk in terms of its
composition.
Question 27
Which of the following need to be considered when planning for substantive audit
procedures?
a) Inherent risk and
systematic risk
b) Control risk and detection
risk
c) Fraud risk and sampling
risk
d) Materiality risk and
detection risk
. When planning for substantive audit procedures, auditors consider materiality risk
(consisting of fraud risk) and detection risk. Materiality risk focuses on material
misstatements, and detection risk relates to the auditor's response to the risk of
material misstatement.
Question 28
Which of the following can help in reducing false positives during fraud audits and
investigations?
I. Data mapping tools

II. Data matching tools
III. Data mining tools
IV. Text mining tools
a) I and II
b) III only
c) I, II,
and III
d) I, II,
III, and
IV
. Use of multiple analytical tools, such as data mapping, data matching, data mining,
text mining, web scraping, and statistical analyses, can help in reducing the
occurrence of false positives during fraud audits and investigations. These tools can
increase fraud detection rates.
Question 29
Which of the following items are examples of incentives for management to
participate in fraudulent financial reporting practices?
I. High performance-dependent rewards

II. Upper and lower cut-offs on bonus plans
III. Ineffective internal controls
IV. Insignificant penalties for improper behavior
a) I and
II
b) I and
III
c) II and
III
d) III
and
IV
. Items I and II are examples of incentives; items III and IV are examples of
temptations. Incentives encourage employees to conduct fraudulent or questionable
financial reporting practices; temptations encourage employees to engage in improper
acts.
Question 30
Which of the following items is not an example of temptations for management to
involve in questionable financial reporting practices?
a) A highly decentralized organizational
structure
b) Great pressure to produce short-term
results
c) A weak internal audit function
d) An ineffective board of directors
. This item is an incentive, not a temptation. All the other items are examples of
temptations for management to conduct questionable financial reporting practices.
Incentives encourage employees to conduct fraudulent or questionable financial
reporting practices; temptations encourage employees to engage in improper acts.
Question 31
When protecting customer information from identity theft, which of the following is
highly secure when customers are using their charge cards?
a) Card and signature
b) Card and PIN
c) Card with chip and
PIN
d) Card with chip and
no PIN
. This is highly secure due to using the chip and PIN, representing a two-factor
authentication process. Here, the card with a chip is one factor and the PIN is the
second factor.
Question 32
Which of the following are the most popular methods of identity theft using charge
cards?
I. Card skimming
II. Card tampering
III. Card jamming
IV. Card cloning
a) I and
II
b) II
and
III
c) I and
IV
d) II
and
IV
. Card skimming, and card cloning are the two most popular methods of identity theft.
Card skimming involves placing skimming devices to steal credit card numbers and
personal identification information (e.g., placing devices on gas pumps at gas
stations). Card cloning involves the purchase of stolen credit card numbers belonging
to victims, which are duplicated as the cloned credit cards.
Question 33
When protecting a bank's customer information from identity theft, a bank's disclosure
policy would not respond to which of the following type of request?
a) An email
b) A pretext
telephone call
c) A text message
d) A personal letter
. A bank's policy would not respond to a fraudster's pretext telephone call. Pretext
callers use pieces of a customer's personal information to impersonate an account
holder to gain access to that individual's account information. Banks can take actions
to reduce the incidence of pretext calling, such as limiting the circumstances under
which customer information may be disclosed by telephone. A bank's policy could be
that customer information is disclosed only through email, text message, a letter, or an
in-person meeting.
Question 34
When conducting identify theft activities, fraudsters use which of the following to
perpetrate identity fraud?
a) Mobile
texting
b) SMS texting
c) Pretexting
d) MMS texting
Pretexting is the tool that fraudsters use to perpetrate identity theft with a prepared
and known text based on stolen information. It is a specifically targeted example of a
social engineering scheme. The fraudster calls a bank to find out additional
information on a bank customer's account that was stolen.
Question 35
Internal auditing is responsible for assisting in the prevention of fraud by:
a) Informing the appropriate authorities within the organization and
recommending whatever investigation is considered necessary in the
circumstances when wrongdoing is suspected.
b) Establishing the systems designed to ensure compliance with the
organization's policies, plans, and procedures as well as applicable
laws and regulations.
c) Examining and evaluating the adequacy and the effectiveness of
control, commensurate with the extent of the potential exposure/risk
in the various segments of the organization's operations.
d) Determining whether operating standards have been established for
measuring economy and efficiency, and whether these standards are
understood and are being met.
The principal means of preventing fraud is internal control; the internal auditor's role
is related to evaluating the control (IIA Standard 1220 – Due Professional Care; IIA
Standard 2120 – Risk Management).
Question 36
Management of a non-profit organization has been monitoring spending and is
concerned because payments to some vendors appear to be unusually high. Most
purchases are made through the purchasing function, which is organized around three
buyers, each with defined purchasing areas. The purchasing agents place the purchase
orders and receive copies of receiving reports to ensure goods are received. They
review the reports and compare them with the purchase orders before sending the
items to accounts payable with their approval for payment. All vendor invoices are
sent directly to accounts payable even though receiving reports first go through the
purchasing agents. The organization has a policy of requiring three bids on all
purchases that exceed $10,000.
Management has requested that the auditor investigate the possibility of kickbacks
going to a purchasing agent. Which of the following procedures would
be least effective in addressing management's concern?
a) Confirm all contract terms with vendors.
b) Analyze, by purchasing agent, all increases in cost of procured goods
from specific vendors.
c) Take a statistical sample of goods purchased and compare purchase
prices for goods with those of other sources of similar goods, such as
other companies or catalogues.
d) Observe any changes in the lifestyles or individual consumption
habits of the purchasing agents involved.
. This would be the least useful procedure because the contract terms are already
known. The confirmation would have to be expanded to inquire as to whether the
purchasing agent brought pressure to bear to generate kickbacks—and that approach
would be successful only if the kickbacks were initiated by the purchasing agent
rather than the vendor.
Question 37
An auditor is investigating the performance of a division with an unusually large
increase in sales, gross margin, and profit. Which of the following indicators
is least likely to indicate the possibility of sales-related fraud in the division?
a) A significant portion of divisional management compensation is
based on reported divisional profits.
b) An unusually large amount of sales returns are recorded after year-
end.
c) The auditor has taken a random sample of sales invoices but cannot
locate a shipping document for a number of the sales transactions
selected for November and December.
d) One of the division's major competitors went out of business during
the year.
. A decrease in the number of competitors during the year could be a potential
explanation for the increase in sales and profits.
Question 38
increase in sales, gross margin, and profit. If the auditor continued to suspect
fraudulent recording of transactions to increase reported profits, which of the
following audit procedures would be least effective?
a) Take a physical inventory.
b) Develop a schedule of inventory by month and investigate unusual
fluctuations by reference to the perpetual inventory records.
c) Prepare a schedule of sales fluctuations and gross margin by month.
Investigate unusually high months of sales and gross margin by
examining support for sales.
d) Perform year-end sales and purchase cut-off tests.
. This would be the least effective procedure. The auditor would have more
information by conducting a year-end physical inventory.
Question 39
increase in sales, gross margin, and profit. Assume that the analysis shows unusually
high sales and gross margin during the months of November and December and the
auditor wishes to investigate further. Which of the following audit procedures would
be most effective in analyzing whether fraudulent sales may have been recorded?
a) Take a sample of shipping documents and trace to related sales
invoice, noting that all items were properly billed.
b) Confirm accounts receivable with large customers.
c) Perform an analytical review comparing sales and gross margin with
the previous 10 months and the first month of the following year.
d) Use regression analysis techniques for the first ten months to estimate
the sales and cost of goods sold for the last two months.
. If fictitious sales were recorded, the most likely corresponding debit would be to
accounts receivable. Thus, confirming accounts receivable would be an effective
procedure, assuming that customers are willing to respond to confirmation request.
The alternative best procedure would be to select recorded sales and trace them back
to the underlying documents. However, that procedure was not given as an alternative.
Question 40
The internal auditing department has been assigned to perform an audit of a division.
Based on background review, the auditor knows the following about management
policies:
• Company policy is to rapidly promote divisional managers who show

significant success. Thus, successful managers rarely stay at a division for
more than three years.
• A significant portion of division management's compensation comes in the
form of bonuses based on the division's profitability.
The division was identified by senior management as a turnaround opportunity. The

division is growing but is not scheduled for a full audit by the external auditors this
year. The division has been growing about 7% per year for the past three years and
uses a standard cost system.
During the preliminary review, the auditor notes the following changes in financial
data compared to the prior year:
• Sales have increased by 10%.

• Cost of goods sold has increased by 2%.
• Inventory has increased by 15%.
• Divisional net income has increased by 8%.
Which of the following items might alert the auditor to the possibility of fraud in the
division?
a) The division is not scheduled for an external audit this year.
b) Sales have increased by 10%.
c) A significant portion of management's compensation is directly tied
to reported net income of the division.
d) All of the above.
. This is one of the most common red flags identified in the IIA Standards.
Question 41
policies:



It is November, and the audit manager is finalizing plans for a year-end audit of the
division. Based on the above data, the audit procedure with highest priority would be
to:
a) Select sales transactions and trace shipping documents to entries into
cost of goods sold to determine if all shipments were recorded.
b) Schedule a complete count of inventory at year-end and have the
auditor observe and test the year-end inventory.
c) Schedule a complete investigation of the standard cost system by
preparing cost build-ups of a sample of products.
d) Schedule a year-end sales cut-off test.
. The data would seem to indicate that inventory is overstated, and cost of goods sold
is understated. Inventory might be overstated because of either quantity or cost
differences. Since we are nearing year-end, the most appropriate procedure would be
to begin with a physical observation of inventory and expand to price tests after
establishing the existence of inventory.
Question 42
policies:



If the auditor decides there are significant problems with the standard cost system, the
next audit step to perform would be to:
a) Interview divisional management to determine why the standard cost
system has not been updated on a timely basis.
b) Select a random sample of products and review the standard cost
build up by tracing purchases to the standard cost record.
c) Use generalized audit software to prepare a listing of gross margin by
product by comparing standard cost with sales price. Select all high-
gross-margin items for further investigation.
d) Schedule all variances and determine their source and their
disposition (i.e., whether they are allocated to inventory or cost of
goods sold).
. If there is a problem with standard costs, it will show up in variances. Since this is an
analytical procedure, it is not costly and provides the best direction for further detailed
testing.
Question 43
policies:


Assume the auditor found that there was a plan to overstate inventory and therefore
increase reported profits for the division. If reported correctly, the division would not
have shown an increase in net income. The auditor has substantial evidence that the
divisional manager was aware of and approved the plan to overstate inventory. There
is also some evidence that the manager may have been responsible for the
implementation of the plan. The appropriate audit action would be to:
a) Continue to conduct interviews with subordinates until a clear-cut
case is made. Then report the case to the audit committee.
b) Inform management and the audit committee of the findings and
discuss proper follow-up action and/or further investigation with
them.
c) Inform the divisional manager of the audit suspicions and obtain the
manager's explanation of the findings before pursuing the matter
further.
d) Document the case thoroughly and report the suspicions to the
external auditor for further review and external reporting.
This is the correct response according to the IIA Standards.
Question 44
The following are facts about a subsidiary:
I. The subsidiary company has been in business for several years and enjoyed
good profit margins although the general economy was in a recession, which
affected competitors.
II. The working capital ratio had declined from a healthy 3:1 to 0.9:1.
III. Turnover for the last several years has included three controllers, two
supervisors of accounts receivable, four payables supervisors, and numerous
staffs in other financial positions.
IV. Corporate purchasing policy requires three bids. However, the supervisor of
purchasing at the subsidiary has instituted a policy of sole-source procurement
to reduce the number of suppliers.
When conducting a financial audit of the subsidiary, the internal auditor would:
a) Be unlikely to detect I, II, or III.
b) Ignore II since the economy had a downturn during this period.
c) Consider III to be normal turnover but be concerned about II and IV
as warning signals of fraud.
d) Consider I, II, III, and IV as warning signals of fraud.
. Insufficient working capital may indicate such problems as overexpansion, decreases
in revenues, transfer of funds to other companies, insufficient credit, and excessive
expenditures. The auditor should be on the lookout for diversion of funds to personal
use through such methods as unrecorded sales and falsified expenditures. Rapid
turnover in financial positions may signify existing problems that the individuals feel
uncomfortable with but do not want to disclose. Accountability for funds and other
resources should be determined upon termination of employment. Use of sole-source
procurement is not a practice that encourages competition to ensure that the
organization is obtaining the required materials or equipment at the best price. Sole-
source procurement, if not adequately justified, indicates potential favoritism or
kickbacks.
Question 45
When comparing perpetrators who have embezzled company funds to perpetrators of
financial statement fraud (falsified financial statements), those who have falsified
financial statements would be less likely to:
a) Have experienced an autocratic management
style.
b) Be living beyond their obvious means of
support.
c) Rationalize the fraudulent behavior.
d) Use company expectations as justification for
the act.
. Living beyond one's means has been linked to employee (embezzlement) fraud, not
to financial statement fraud.
Question 46
Randy and John had known each other for many years. They had become best friends
in college, where they both majored in accounting. After graduation, Randy took over
the family business from his father. His family had been in the grocery business for
several generations. When John had difficulty finding a job, Randy offered him a job
in the family store. John proved to be a very capable employee. As John demonstrated
his abilities, Randy began delegating more and more responsibility to him. After a
period of time, John was doing all of the general accounting and authorization
functions for checks, cash, inventories, documents, records, and bank statement
reconciliations. (I) John was trusted completely and handled all financial functions.
No one checked his work.
Randy decided to expand the business and opened several new stores. (II) Randy was
always handling the most urgent problem … crisis management is what his college
professors had termed it. John assisted with the problems when his other duties
allowed him time. Although successful at work, John had (III) difficulties with
personal financial problems.
At first, the amounts John stole were small. He did not even worry about making the
accounts balance. But John became greedy. “How easy it is to take the money,” he
said. He felt that he was a critical member of the business team, (IV) and that he
contributed much more to the success of the company than was represented by his
salary. It would take two or three people to replace me, he often thought to himself.
As the amounts became larger and larger, (V) he made the books balance. Because of
these activities, John was able to purchase an expensive car and take his family on
several trips each year. (VI) He also joined an expensive country club. Things were
changing at home, however. (VII) John's family observed that he was often
argumentative and at other times very depressed.
The fraud continued for six years. Each year the business performed more and more
poorly. In the last year the stores lost over $200,000. Randy's bank required an audit.
John confessed when he thought the auditors had discovered his embezzlements.
When discussing frauds, often the pressures, opportunities, and rationalizations that
cause/allow a perpetrator to commit the fraud are identified. Symptoms of fraud are
also studied.
Identify the numbered and italicized factors (from the case) as being one of the
symptoms, pressures, opportunities, or rationalizations given.
Number I, “John was trusted completely …,” is an example of a(n):
a) Document
symptom.
b) Situational
pressure.
c) Opportunity to
commit.
d) Physical
symptom.
. Complete trust is an opportunity to commit a fraud.
Question 47
also studied.
Number II, “Randy was always handling the most urgent …,” is an example of a(n):
a) Opportunity to
commit.
b) Analytical
symptom.
c) Situational
pressure.
d) Rationalization.
“Crisis management” provides an opportunity to commit a fraud.
Question 48
also studied.
Number III, “Difficulties with personal financial problems,” is an example of a(n):
a) Behavioral
symptom.
b) Situational
pressure.
c) Rationalization.
d) Opportunity to
commit.
. Personal financial problem is a situational pressure to commit a fraud.
Question 49
also studied.
Number IV, “and that he contributed much more …, “is an example of a:
a) Rationalization.
b) Behavioral
symptom.
c) Situational
pressure.
d) Physical symptom.
. Contributing more than paid is a rationalization.
Question 50
also studied.
Number V, “he made the books balance,” is an example of a(n):
a) Physical
symptom.
b) Analytical
symptom.
c) Lifestyle
symptom.
d) Document
symptom.
To make the books balance is an example of a document symptom.
Question 51
When discussing frauds, the pressures, opportunities, and rationalizations that
cause/allow a perpetrator to commit the fraud are often identified. Symptoms of fraud
are also studied.
Number VI, “He also joined an expensive country club,” is an example of a:
a) Rationalization.
b) Lifestyle
symptom.
c) Behavioral
symptom.
. “Joining an expensive country club” is an example of a lifestyle symptom.
Question 52
also studied.
Number VII, “John's family observed that he was often argumentative …,” is an
example of a:
a) Rationalization.
b) Lifestyle
symptom.
c) Behavioral
symptom.
. Being argumentative is an example of a behavioral symptom.
Question 53
An internal auditor would be concerned about the possibility of fraud if:
a) Cash receipts, net of the amounts used to pay petty cash–type expenditures, are
deposited in the bank daily.
b) The same employee who maintains the perpetual inventory records performs the
monthly bank statement reconciliation.
c) The same person maintains the accounts receivable subsidiary ledger and accounts
payable subsidiary ledger.
d) One person, acting alone, has sole access to the petty cash fund (except for a
provision for occasional surprise counts by a supervisor or auditor).
. Paying petty cash–type expenditures from cash receipts facilitates the unauthorized
removal of cash before deposit. All cash receipts should be deposited intact daily.
Petty cash–type expenditures should be handled through an imprest fund.
Question 54
When following up on a $200,000 increase in maintenance supplies during the past
year, a purchasing agent explained to the auditor that the main reason for the increase
was painting services and supplies. The auditor found a blanket purchase order
without the normal bid or quote documentation. The blanket purchase order had been
signed by the general manager and named the general manager's father as the sole
contractor for painting services on company projects. The auditor also found a number
of large invoices authorized for payment by the general manager that showed the
general manager's father as the person who signed for receipt of the material at the
supplier.
Which is not a symptom of fraud as described in this situation?
a) Purchased material is not received by authorized company personnel.
b) Routine controls are suspended for certain transactions.
c) Purchased material is not delivered to a central location on company
premises.
d) The use of blanket purchase orders.
. The use of blanket purchase orders is an acceptable business practice.
Question 55
When following up on a $200,000 increase in maintenance supplies during the past
year, a purchasing agent explained to the auditor that the main reason for the increase
was painting services and supplies. The auditor found a blanket purchase order
without the normal bid or quote documentation. The blanket purchase order had been
signed by the general manager and named the general manager’s father as the sole
contractor for painting services on company projects. The auditor also found a number
of large invoices authorized for payment by the general manager that showed the
general manager’s father as the person who signed for receipt of the material at the
supplier. The common indicator of fraud recognized by the auditor in this scenario is
that:
a) Analytical procedures revealed an extraordinary increase in account balances.
b) Paint and supplies are being purchased for a contractor.
c) The purchasing agent is selecting the contractor on the basis of a blanket
purchase order.
d) Invoices are being authorized for payment by the general manager.
. The indicators include an extraordinary change in account balances as discovered
during analytical review procedures.
Question 56
Jane Jackson had been the regional sales manager for a company over ten years.
During this time, she had become a very close friend with Frank Hansen, an internal
audit manager. In addition to being neighbours, Jane and Frank had many of the same
interests and belonged to the same tennis club. They trusted each other. Frank had
helped Jane solve some sales problems, and Jane had given Frank some information
that led to significant audit findings during the past three audits.
Below are selected analytical data from the company that have led staff auditors to
believe that there has been a financial statement fraud. The perpetrator appears to have
falsified sales information for the past two years. Frank is concerned because he
recently completed an audit in the area and accepted Jane's explanation for differences
in the analytical data. Frank is now certain that Jane is involved in the fraud.
Which combination of the following analytical data provides the strongest indication
of the possibility of the fraud?
Current year Last year −2 year −3 year −4 year
Percent increase in sales 10% 8% 6% 4% 5%
Inventory turnover 5 4 5 3.5 4
Gross margin percentage 54 49 42 39 40
Percent change in sales returns 8% 6% 3% 2.5% 3%
a) Percentage increase in sales and inventory
turnover.
b) Gross margin percentage and change in sales
returns.
c) Inventory turnover and change in sales returns.
d) Percentage increase in sales and gross margin
percentage.
. One would expect rapid increases in gross margin percentage if sales were fictitious;
the large increase in returns is also symptomatic of falsified sales.
Question 57
Jane Jackson had been the regional sales manager for a company over ten years.
During this time she had become a very close friend with Frank Hansen, an internal
audit manager. In addition to being neighbours, Jane and Frank had many of the same
interests and belonged to the same tennis club. They trusted each other. Frank had
helped Jane solve some sales problems, and Jane had given Frank some information
that led to significant audit findings during the past three audits.
Below are selected analytical data from the company that have led staff auditors to
believe that there has been a financial statement fraud. The perpetrator appears to have
falsified sales information for the past two years. Frank is concerned because he
recently completed an audit in the area and accepted Jane's explanation for differences
in the analytical data. Frank is now certain that Jane is involved in the fraud.
The current dilemma in which Frank finds himself was least likely caused by:
a) Not rotating audit assignments every year.
b) Accepting an audit assignment in an area where he was a close
personal friend of management.
c) Failure to select the appropriate analytical procedures.
d) Accepting the response of management without additional audit
testing.
. From the information given, it appears Frank found the analytic data but accepted
management's explanation of the findings.
Question 58
Internal auditors would be more likely to detect fraud if they developed/strengthened
their ability to:
a) Recognize and question changes that occur in organizations.
b) Interrogate fraud perpetrators to discover why the fraud was
committed.
c) Develop internal controls to prevent the occurrence of fraud.
d) Document computerized operating system programs.
. The recognition and questioning of change is critical to the detection of fraud.
Question 59
According to the IIA Standards, which of the following best describes the two general
categories or types of fraud that concern most internal auditors?
a) Improper payments (i.e., bribes and kickbacks) and tax fraud.
b) Fraud designed to benefit the organization and fraud perpetrated to
the detriment of the organization.
c) Acceptance of bribes or kickbacks and improper related-party
transactions.
d) Acceptance of kickbacks or embezzlement and misappropriation of
assets.
. These are the two overall categories or types of fraud given in the IIA Standards
(IIA Standard 1220—Due Professional Care).
Question 60
A company hired a highly qualified accounts payable manager who had been
terminated from another company for alleged wrongdoing. Six months later the
manager diverted $12,000 by sending duplicate payments of invoices to a relative. A
control that might have prevented this situation would be to:
a) Adequately check prior employment backgrounds for all new
employees.
b) Not hire individuals who appear overqualified for a job.
c) Verify educational background for all new employees.
d) Check to see if close relatives work for vendors.
. This practice might give some leads to previous shortcomings.
Question 61
Red flags are conditions that indicate a higher likelihood of fraud. Which of the
following would not be considered a red flag?
a) Management has delegated the authority to make purchases under a
certain dollar limit to subordinates.
b) An individual has held the same cash-handling job for an extended
period without any rotation of duties.
c) An individual handling marketable security is responsible for making
the purchases, recording the purchases, and reporting any
discrepancies and gains/losses to senior management.
d) The assignment of responsibility and accountability in the accounts
receivable department is not clear.
. This is an acceptable control procedure aimed at limiting risk while promoting
efficiency. It is not, by itself, considered a red flag.
Question 62
Internal auditors and management have become increasingly concerned about
computer fraud. Which of the following control procedures would be least important
in preventing computer fraud?
a) Program change control that requires a distinction between
production programs and test programs.
b) Testing of new applications by users during the systems development
process.
c) Segregation of duties between the applications programmer and the
program librarian function.
d) Segregation of duties between the programmer and systems analyst.
. This would be the least important control procedure. The analyst is responsible for
communicating the nature of the design to the programmer. There is no control reason
not to combine these functions.
Question 63
During a regularly scheduled information technology (IT) audit of a major division,
the IT auditor discovers a complicated programming algorithm that adds costs to a
cost-plus program billing the government. The amount added accounted for 95% of
the net income for the division for the most recent year. Upon further investigation,
the IT auditor finds that only the marketing manager, the divisional manager, and the
programmer know of the algorithm.
The company has a separate section to investigate fraud. The auditor communicates
with management and the special investigation section, and the investigation is turned
over to that group. However, after a month, it becomes apparent that senior
management has instructed the group to not make waves and to drop the investigation.
The internal audit department should:
a) Immediately report the circumstances and the IT auditor's findings to
the audit committee.
b) Immediately report the circumstances and the IT auditor's findings to
the appropriate governmental regulatory agency because the auditor
cannot knowingly be a party to an illegal act.
c) Take no further action. The nature of the fraud has been reported to
the proper authorities within the company and the auditor has no
power to pursue the investigation further.
d) Report the findings to the external auditor because the external
auditor should be aware of any material misstatement of account
balances.
. The auditor cannot knowingly be a party to any illegal act. If the auditor does not do
anything, he or she might be perceived as a party. The auditor should report the
problem directly to the audit committee and await its decision as to further action to
be taken.
Question 64
Which of the following statements correctly characterize(s) the red flags literature that
has recently developed in the auditing profession?
I. Red flags are items or actions that have been associated with fraudulent
conduct.
II. The auditor should document all red flags that may have been noted on an audit
engagement.
III. Many red flags are subjective in nature and might not come to the auditor's
attention during the course of an audit that is properly planned and conducted
in accordance with the Standards.
a) I and
II
b) I and
III
c) II and
III
d) III
only
. Red flags are associated with fraudulent conduct. However, many red flags are
personal in nature and would not necessarily come to the attention of the auditor.
These would include items such as an excessive living style by a manager, excessive
gambling, and so on.
Question 65
An employee of an insurance company processed a fraudulent policy loan application
for an amount less than the established level requiring supervisory review. The
employee then obtained the check and cashed it by forging the endorsement. To
prevent the loan’s appearance on a subsequent policyholder statement, the loan
amount was transferred to a suspense account. Which of the following should expose
this situation at the earliest date?
a) A computer report identifying unusual entries to the suspense account.
b) The use of prenumbered checks that are periodically accounted for.
c) An annual internal audit.
d) Regular reconciliation of the suspense account performed by an independent
employee.
. A programmed computer output notification identifying unusual entries would
identify the write‐off of the payee’s account to suspense as an unusual item
immediately when it occurs.
Question 66
The primary purpose of operating a fraud hotline within a company is to:
a) Reduce total costs of operating the company.
b) Measure how well organizational units are achieving the organization’s goals.
c) Establish channels of communication for people to report suspected improprieties.
d) Concentrate on areas that deserve attention and to place less attention on areas operatin
expected.
. Fraud hotlines may identify areas where existing internal controls need to be
modified or enhanced.
Question 67
A programmer accumulating round‐off errors into one account that is later accessed
by the programmer is a type of computer fraud. The best way to prevent this type of
fraud is to:
a) Build in judgment with reasonableness tests.
b) Independently test programs during development and limit access to the
programs.
c) Segregate duties of systems development and programming.
d) Use control totals and check the results of the computer.
. The accumulation of round‐off errors into one person’s account is a procedure
written into the program. Independent testing of a program will lead to discovery of
this programmed fraud. If access to programs was not limited, it would be possible for
a programmer to change a program without approval.
Question 68
Which of the following statements is (are) correct regarding the deterrence of fraud?
I. The primary means of deterring fraud is through an effective control system

initiated by top management.
II. Internal auditors are responsible for assisting in the deterrence of fraud by
examining and evaluating the adequacy of the control system.
III. Internal auditors should determine whether communication channels provide
management with adequate and reliable information regarding the effectiveness
of the control system and the occurrence of unusual transactions.
a) I only
b) I and
II
only
c) II
only
d) I, II,
and
III
. All three items are correct statements according to the IIA Standards.
Question 69
A significant employee fraud took place shortly after an internal audit. The internal
auditor may not have properly fulfilled the responsibility for the deterrence of fraud
by failing to note and report that:
a) Policies, practices, and procedures to monitor activities and safeguard
assets were less extensive in low-risk areas than in high-risk areas.
b) A system of control that depended on separation of duties could be
circumvented by collusion among three employees.
c) There were no written policies describing prohibited activities and the
action required whenever violations are discovered.
d) Divisional employees had not been properly trained to distinguish
between bona fide signatures and cleverly forged ones on
authorization forms.
. In carrying out its responsibility for the deterrence of fraud, internal auditing should
determine whether such written policy statements exist
Question 70
Fraudulent use of corporate credit cards would be minimized by which of the
following internal control procedures?
a) Establishing a corporate policy on the issuance of credit cards to authorized employees.
b) Reviewing the validity of credit card need at executive and operating levels on a
periodic basis.
c) Reconciling the monthly statement from the credit card company with the submitted
copies of the cardholders’ charge slips.
d) Subjecting credit card charges to the same expense controls as those used on regular
company expense forms.
. Subjecting credit card expenses to the same controls used in processing similar
expense reports. In this way, per diems and authorization limits would be reviewed.
Question 71
A fraud was perpetrated in a moderate-size company when the accounting clerk was
delegated too much responsibility. During the year, the company switched suppliers of
a service to a new vendor. The accounting clerk continued to submit fraudulent
invoices from the old supplier. Because contracting for services and approval of
supplier invoices had been delegated to the clerk, it was possible for her to continue
billings from the old supplier and deposit the subsequent checks, which she was
responsible to mail, into a new account she opened in the name of the old supplier.
The clerk was considered an excellent employee and eventually was improperly given
the added responsibility of preparing the department budgets. This added
responsibility allowed her to actually budget for the amount of the fraudulent
payments.
Analytical tests can be useful in detecting frauds. Which of the following analytical
procedures would most likely have signalled the existence of the fraud?
a) Current production with prior-period production
b) Current- and prior-period service expenses
c) Budget to actual service expense
d) Company cost of goods sold to industry cost of
goods sold
. Period-to-period analysis of expenses would have shown a sudden increase in
material costs.
Question 72
payments.
Which of the following controls would be least likely to prevent or detect the fraud
described above?
a) Require authorization of payments by someone other than the clerk
negotiating the contract
b) Comparison by person signing checks of invoices to an independent
verification of services rendered
c) Budget preparation by someone other than person signing contract
and approving payment
a) Mailing of check by someone other than person responsible for check
signing or invoice approval
. Once invoices have been approved and checks are prepared and signed, the mailing
of the check by an independent person provides no means of preventing improper
payments.
Question 73
payments.
Which of the following audit procedures would most likely lead to the detection of the
fraud?
a) Take a sample of paid invoices and verify receipt of services by
departments involved.
b) Trace a sample of checks disbursed to approved invoices for services.
c) Perform bank statement reconciliation and account for all outstanding
checks.
d) Trace a sample of receiving documents to invoices and to checks
disbursed.
. Confirming with the using department the receipt of services that have been paid for
would uncover the fraud.
Question 74
A production manager for a moderate-size manufacturing company began ordering
excessive raw materials and had them delivered to a wholesale company he runs as a
side business. He falsified receiving documents and approved the invoices for
payment. Which of the following audit procedures would most likely detect this
fraud?
a) Take a sample of cash disbursements; compare purchase orders,
receiving reports, invoices, and check copies.
b) Take a sample and confirm the amount purchased, purchase price,
and date of shipment with the vendors.
c) Observe the receiving dock and count material received; compare
your counts to receiving reports completed by receiving personnel.
d) Prepare analytical tests, comparing production, material purchased,
and raw material inventory levels, and investigate differences.
. Because materials are shipped and used in another business, the analytic comparisons
would show an unexplained increase in materials used.
Question 75
A purchasing agent acquired items for personal use with company funds. The
company allowed designated employees to purchase as much as $250 per day in
merchandise under open‐ended contracts. Supervisory approval of the purchases was
required, but that information was not communicated to the vendor. Instead of
reviewing and authorizing each purchase order, supervisors routinely signed the
authorization sheet at the end of the month without reviewing any of the supporting
documentation. Since purchases of this nature were not subject to normal company
receiving policies, the dishonest employee picked up the supplies at the vendor’s
warehouse. All purchases were for items routinely ordered by the company. During
the past year, the employee amassed enough merchandise to start a printing and
photography business. Which of the following internal controls would have been most
effective in preventing this fraud?
a) Allowing purchases only from a list of preapproved vendors.
b) Requiring the use of prenumbered purchase orders for all purchases of merchandise.
c) Cancelling supporting documents, such as purchase orders and receiving reports,
at the time invoices are paid.
d) Establishing separation of duties between the ordering and receiving of merchandise.
. If the supplies in question had been sent to the company and a receiving report had
been signed by an employee other than the one ordering them, the fraud could not
have occurred.
Question 76
photography business. Which of the following audit procedures performed by the
internal auditor would be most effective in leading to the discovery of this fraud?
a) Tracing selected cancelled checks to the cash payments journal and to the related
vendors’ invoices.
b) Performing a trend analysis of printing supplies expenses for a two‐year period.
c) Tracing prices and quantities on selected vendors’ invoices to the related purchase
orders.
d) Recomputing the clerical accuracy of selected vendors’ invoices, including
discounts and sales taxes.
. Analytical procedures would identify an excess use of supplies.
Question 77
photography business. Once the internal auditor becomes reasonably certain that this
defalcation is taking place, what should the auditor do next?
a) Immediately report the matter to the appropriate law enforcement official, since a
potential felony is involved.
b) Say nothing now but include a description of the suspected defalcation in the audit.
c) Immediately report the matter to the appropriate level of management.
d) Immediately discuss the matter with the employee suspected of the defalcation
in order to confirm the audit findings.
. The IIA Standards state: “When an internal auditor suspects wrongdoing, the
appropriate authorities within the organization should be informed.”
Question 78
Management discovers that a supervisor at one of their restaurant locations removes
excess cash and resets sales totals throughout the day on the point-of-sale (POS)
system. At closing, the supervisor deposits cash equal to the recorded sales on the
POS system and keeps the rest.
The supervisor forwards the close-of-day POS reports from the POS system along
with a copy of the bank deposit slip to the company's revenue accounting department.
The revenue accounting department records the sales and the cash for the location in
the general ledger and verifies the deposit slip to the bank statement. Any differences
between sales and deposits are recorded in an over/short account and, if necessary,
followed up with the location supervisor. The customer food order checks are serially
numbered, and it is the supervisor's responsibility to see that they are accounted for at
the end of each day. Customer checks and the transaction journal tapes from the POS
system are kept by the supervisor for one week at the location and then destroyed.
Which of the following control procedures allowed the fraud to occur?
a) The accounting of customer food checks by the supervisor
b) The deposit of cash receipts by the supervisor
c) The matching of the bank deposit slips to the bank statement by
revenue accounting
d) The forwarding of the close-of-day POS reports to revenue
accounting
. An inappropriate segregation of duties was created when responsibility for
accounting for customer food checks and the depositing of receipts was given to the
supervisor.
Question 79
Management discovers that a supervisor at one of their restaurant locations removes
excess cash and resets sales totals throughout the day on the point-of-sale (POS)
system. At closing, the supervisor deposits cash equal to the recorded sales on the
POS system and keeps the rest.
The supervisor forwards the close-of-day POS reports from the POS system along
with a copy of the bank deposit slip to the company's revenue accounting department.
The revenue accounting department records the sales and the cash for the location in
the general ledger and verifies the deposit slip to the bank statement. Any differences
between sales and deposits are recorded in an over/short account and, if necessary,
followed up with the location supervisor. The customer food order checks are serially
numbered, and it is the supervisor's responsibility to see that they are accounted for at
the end of each day. Customer checks and the transaction journal tapes from the POS
system are kept by the supervisor for one week at the location and then destroyed.
Which of the following audit procedures would have detected the fraud?
a) Flowcharting the controls over the verification of bank deposit
b) Comparing a sample of the close of day POS reports to copies of the
bank deposit slips
c) On a test basis, verifying that the serial-numbered customer food
checks are accounted for
d) For selected days, reconciling the total of customer food checks to
daily bank deposits
. Using the total of the customer food checks as a confirmation of sales would have
detected the shortage in the bank deposit.
Question 80
The IIA Standards require internal auditors to have knowledge about factors (red
flags) that have proven to be associated with management fraud. Which of the
following factors have generally not been associated with management fraud?
a) Generous performance-based reward systems.
b) A domineering management.
c) Regular comparison of actual results to budgets.
d) A management preoccupation with increased financial
performance.
. Regular actual to budget comparisons encourage performance and detect problems
before they become too large.
Question 81
A personnel department is responsible for processing placement agency fees for new
hires. A recruiter established some bogus placement agencies. When interviewing
walk‐in applicants, the recruiter would list one of the bogus agencies as referring the
candidate. A possible means of detection or deterrence is to:
a) Process all personnel agency invoices via a purchase order through the purchasing
department.
b) Verify new vendors to firms listed in a professional association catalogue and/or
verify the vendor name and address through the telephone book.
c) Monitor the closeness of the relationships of recruiters with specific vendors.
d) Require all employees to sign an annual conflict‐of‐interest statement.
. This type of checking would prove that the agency is a genuine one.
Question 82
Experience has shown that certain conditions in an organization are symptoms of
possible management fraud. Which of the following conditions would not be
considered an indicator of possible fraud?
a) Managers regularly assuming subordinates' duties.
b) Managers dealing in matters outside their profit center's
scope.
c) Managers not complying with corporate directives and
procedures.
d) Managers subject to formal performance reviews on a
regular basis.
. This would be internal control strength.
Question 83
Which of the following is an indicator of possible financial reporting fraud being
perpetrated by management of a manufacturer?
a) A trend analysis discloses (1) sales increases of 50% and (2) cost of goods sold
increases of 25%.
b) A ratio analysis discloses (1) sales of $50 million and (2) cost of goods sold of $25
million.
c) A cross‐sectional analysis of common size statements discloses: (1) the firm’s ratio
of cost of goods sold to sales is 0.4 and (2) the industry average ratio of cost of
goods sold to sales is 0.5.
d) A cross‐sectional analysis of common size statements discloses: (1) the firm’s ratio
of cost of goods sold to sales is 0.5 and (2) the industry average ratio of cost of
goods sold to sales is 0.4.
. A 50% increase in sales supported by a 25% increase in cost of goods sold is either
fortuitous or fraudulent. Increases in sales usually are accompanied by close to
proportional increases in cost of goods sold. Examples of situation in which increases
in sales can be disproportionately larger than increases in cost of goods sold include:
(1) operations within the realm of economies of scale (increasing returns to scale) and
(2) the introduction of a highly accepted fashion item. Cases where disproportionately
large sales increases indicate fraudulent conduct include: (1) collusion by the host
firm’s sales personnel and the buying firm’s purchasing personnel and (2) collusion by
members of two departments within the host firm, such as sales and transportation.
Since the internal auditor would not know whether the disproportionately large
increase in sales is legitimate, the auditor should view this as an indicator of possible
fraud.
Question 84
Which of the following might be considered a red flag indicating possible fraud in a
large manufacturing company with several subsidiaries?
a) The existence of a financial subsidiary.
b) A consistent record of above‐average return on investment for all
subsidiaries.
c) Complex sales transactions and transfers of funds between affiliated
companies.
d) Use of separate bank accounts for payrolls by each subsidiary.
. Experience shows that such transfers are often used in fraud schemes. This is the
only red flag among the options.
Question 85
A subsidiary president terminated a controller and hired a replacement without the
required corporate approvals. The new controller and president then manipulated
sales, cash flow, and profit statistics via accelerated depreciation and sale of capital
assets to obtain larger performance bonuses for themselves. An approach that might
detect this fraudulent activity would be:
a) Analysis of overall management control for segregation
of duties.
b) Required exit interviews for all terminated employees.
c) Periodic changes of outside public accountants.
d) Regular analytical review of operating divisions.
. Analytical review of the divisions would reveal trends that might indicate fraud.
Question 86
Bank management suspects that a bank loan officer frequently made loans to fictitious
companies, disbursed loan proceeds to personally established accounts, and then let
the loans go into default. Some pertinent facts about the loan officer include:
• A high standard of living explained as the result of sound investments and not
taking vacations.
• An expensive personal car obtained through business contacts.
• Gasoline and repair bills submitted for an assigned company car that are higher
than company average (mileage logs were submitted on a quarterly basis).
• Marked annoyance with questions from auditors.
In this situation, typical indicators of the suspected fraud would include all of the
following except:
a) Not taking an annual vacation.
b) Becoming easily annoyed with auditor inquiries about
questionable loans.
c) Explaining a high standard of living as the result of investments.
d) Submitting gasoline and repair bills that are higher than company
average.
. This choice is not correlated to making fraudulent loans.
Question 87
taking vacations.
The most appropriate trend analysis to indicate this potential fraud is:
a) Loan default rates by loan officer.
b) Accumulation of unpaid vacation days.
c) Automobile operating expenses by loan
officer.
d) Total dollar volume of loans by loan
officer.
. Trend analysis would detect an increase in the default rate due to bogus loans.
Question 88
taking vacations.
The extent of loans made to fictitious borrowers by the loan officer could best be
determined by:
a) Reviewing a representative sample of the loan officer's transactions
for compliance with bank policies and procedures.
b) Reviewing a representative sample of loan files for properly
completed documents, such as loan agreements, credit approvals, and
approval of secured collateral.
c) Comparing current loan approval balances with those of prior years.
d) Requesting positive confirmations for all outstanding loans made by
the loan officer.
. Secured collateral would be difficult to obtain.
Question 89
taking vacations.
The above fraud would least likely be discovered by:

a) Analyses of the number of loans made by each loan officer.
b) Analysis of total dollar volume of loans by loan officer.
c) External or internal audits of loan files.
d) Reconciliation of total loans outstanding to the general ledger
balance.
Reconciling outstanding loans to the general ledger would be least likely to discover
this fraud.
Question 90
Which of the following policies is most likely to result in an environment conducive
to the occurrence of fraud?
a) Budget preparation input by the employees who are responsible for meeting the
budget.
b) Unreasonable sales and production goals.
c) A division hiring process that frequently results in the rejection of adequately
trained applicants.
d) The application of some accounting controls on a sample basis.
. A prod to achieve an unrealistically high sales or production quota can become a

prod to falsify the records so that it appears the quota has been met.
Question 91
Internal auditors must exercise due care if they are to meet their responsibilities for
fraud detection. Thus, the existence of certain conditions should raise red flags and
arouse auditors' professional skepticism concerning possible fraud. Which of the
following is most likely to be considered an indication of possible fraud?
a) A new management team installed as the result of a
takeover.
b) Rapid turnover of financial executives.
c) Rapid expansion into new markets.
d) An Internal Revenue Service audit of tax returns.
. This is considered a red flag that indicates possible fraud.
Question 92
In order for internal auditors to be able to recognize potential fraud, they must be
aware of the basic characteristics of fraud. Which of the following is not a
characteristic of fraud?
a) Intentional deception.
b) Taking unfair or dishonest advantage.
c) Perpetration for the benefit or detriment of the
organization.
d) Negligence on the part of executive management.
Negligence is not fraud because it does not involve wilful wrongdoing.
Question 93
Auditors have been advised to look at red flags to determine whether management is
involved in a fraud. Which of the following does not represent a difficulty in using the
red flags as fraud indicators?
a) Many common red flags are also associated with situations where no
fraud exists.
b) Some red flags are difficult to quantify or to evaluate.
c) Red flag information is not gathered as a normal part of an audit
engagement.
d) The red flags literature is not well enough established to have a
positive impact on auditing.
. This is not a difficulty. The red flags literature is well established. Although red flags
will be refined in the future as research is done, this does not preclude their effective
use.
Question 94
Which of the following, if observed, would not indicate the need to search for other
indicators of fraud?
a) The standard of living of one of the purchasing agents has increased.
b) The internal control structure has significant weaknesses.
c) Management, at the purchasing agents' request, has adopted a policy
of paying vendors on a more timely basis to avoid incurring penalty
charges.
d) The cost of goods procured seems to be excessive in comparison with
previous years.
. This, by itself, would not be considered a red flag. It represents a valid business
reason for more timely payment.
Question 95
Which of the following statements regarding the internal auditor's responsibility for
detecting fraud in the environment described in the scenario above is not correct? The
auditor should:
a) Detect fraud if red flags are present in the environment.
b) Have sufficient knowledge to correctly identify indicators that fraud
may have been committed.
c) Identify control weaknesses that could allow fraud to occur.
d) Evaluate the indicators of fraud sufficiently to determine if a fraud
investigation should take place.
. The presence of red flags does not make the auditor responsible for detecting fraud.
Question 96
The internal auditor's responsibility for the prevention of fraud would include all of
the following except:
a) Determining if the organizational environment fosters control
consciousness.
b) Ensuring against the occurrence of fraud.
c) Being aware of activities in which fraud is likely to occur.
d) Evaluating the effectiveness of actions taken by management to
deter fraud.
. The auditor is not responsible for acting as an ensurer or guarantor against fraud
(IIA Standard 1220—Due Professional Care).
Question 97
When an auditor's sampling objective is to obtain a measurable assurance that a
sample will contain at least one occurrence of a specific critical exception existing in a
population, the sampling approach to use is:
a) Random.
b) Discovery.
c) Probability proportional
to size.
d) Variables.
. Discovery sampling is structured to measure the probability of at least one exception
occurring in a sample if there are a minimum number of errors in the population.
Question 98
What is a salami technique?
a) Taking small amounts of assets.
b) Using the rounding-down concept.
c) Stealing small amounts of money from bank
accounts.
. A salami technique is a theft of small amounts of assets and money from a number of
sources (e.g., bank accounts, inventory accounts, and accounts payable and receivable
accounts). It is also using the rounding-down concept, where a fraction of money is
taken from bank accounts.
Question 99
Data diddling can be prevented by all of the following except:
a) Access controls.
b) Program change
controls.
c) Rapid correction of
data.
d) Integrity checking.
. Data diddling can be prevented by limiting access to data and programs and limiting
the methods used to perform modification to such data and programs. Integrity
checking also helps in prevention. Rapid detection is needed—the sooner the better—
because correcting data diddling is expensive.
Question 100
A reliable way to detect super zapping work is by:
a) Comparing current data files with previous
data files.
b) Examining computer usage logs.
c) Noting discrepancies by those who receive
reports.
d) Reviewing undocumented transactions.
. Super zapping leaves no evidence of file changes, and the only reliable way to detect
this activity is by comparing current data files with previous generations of the same
file.
Question 101
With respect to computer security and fraud, a legal liability exists to an organization
under which of the following conditions?
a) When estimated security costs are greater than
estimated losses
b) When estimated security costs are equal to estimated
losses
c) When estimated security costs are less than estimated
losses
d) When actual security costs are equal to actual losses
. Courts do not expect organizations to spend more money than losses resulting from a
security flaw, threat, risk, or vulnerability. Implementing countermeasures and
safeguards to protect information system assets costs money. Losses can result from
risks, that is, exploitation of vulnerabilities. When estimated costs are less than
estimated losses, a legal liability exists. Courts can argue that the organization's
management should have installed safeguards but did not and that management did
not exercise due care and due diligence.
Question 102
Are an investigator's handwritten notes considered valid evidence in court of law?

a) No.
b) Maybe.
c) Yes.
d) Depends.
. An investigator's handwritten notes are considered valid evidence as long as the
affected parties can read and understood the notes. Handwritten notes are no different
from typed or printed versions.
Question 103
A security investigator or law enforcement officer should observe which of the
following during a computer crime investigation?
a) Chain of
events.
b) Chain of
custody.
c) Chain of
computers.
d) Chain of logs.
. Chain of custody is required when evidence is collected and handled so that there is
no dispute about it.
Question 104
Which of the following security techniques allows time for response by investigative
authorities?
a) Deter.
b) Detect.
c) Delay.
d) Deny.
. If a system perpetrator can be delayed longer while attacking a computer system,
investigative authorities can trace his or her origins and location.
Question 105
Most of the evidence submitted in a computer crime case is:
a) Legal evidence.
b) Documentary
evidence.
c) Secondary
evidence.
d) Admissible
evidence.
. Documentary evidence is created information, such as letters, contracts, accounting
records, invoices, and management information reports on performance and
production.
Question 106
When computers and peripheral equipment are seized in relation to a computer crime,
it is an example of:
a) Duplicate
evidence.
b) Physical
evidence.
c) Best
evidence.
d) Collateral
evidence.
. Direct inspection or observation of people, property, or events obtains physical
evidence.
Question 107
From a computer security viewpoint, courts expect what amount of care from
organizations?
a) Super care.
b) Due care.
c) Extraordinary
care.
d) Great care.
. Courts will find computer owners responsible for their insecure systems. Courts will
not find liability every time a computer is hijacked. Rather, courts will expect
organizations to become reasonably prudent computer owners taking due care
(reasonable care) to ensure adequate security. The term “due care” means having the
right policies and procedures, access controls, firewalls, and other reasonable security
measures in place. Computer owners need not take super care, great care, or
extraordinary care.
Question 108
Management is legally required to prepare a shipping document for all movement of
hazardous materials. The document must be filed with bills of lading. Management
expects 100% compliance with the procedure. Which of the following sampling
approaches would be most appropriate?
a) Attributes
sampling
b) Discovery
sampling
c) Targeted
sampling
d) Variables
sampling
. Discovery sampling is best because this application deals with an attribute that is
expected to be quite rare.
Question 109
Which of the following is not a criminal activity in most jurisdictions?
a) Writing a computer virus
program.
b) Using a computer virus
program.
c) Releasing a computer virus
program.
d) Spreading a computer virus
program.
. It is the intentions of the developer of a computer virus program that matter the most
in deciding what is a criminal activity. Simply writing a virus program is not a
criminal activity. However, using, releasing, and spreading a virus with bad intentions
of destroying computer resources are the basis for criminal activity.
Question 110
Once evidence is seized, a law enforcement officer should follow which of the
following?
a) Chain of command.
b) Chain of control.
c) Chain of custody.
d) Chain of
communications.
. The chain of custody or the chain of evidence is a method of authenticating an object
by the testimony of witnesses who can trace possession of the object from hand to
hand and from the beginning to the end.
Question 111
The concept of admissibility of evidence does not include which of the following?
a) Relevance.
b) Competence.
c) Materiality.
d) Sufficiency.
. Laying a proper foundation for evidence is “the practice or requirement of
introducing evidence of things necessary to make further evidence relevant, material,
or competent.” Sufficiency is not part of the concept of admissibility of evidence.
Question 112
The chain of custody does not ask which of the following questions?
a) Who damaged the
evidence?
b) Who collected the
evidence?
c) Who stored the
evidence?
d) Who controlled the
evidence?
. The chain of custody deals with who collected, stored, and controlled the evidence
and does not ask who damaged the evidence. It looks at the positive side of the
evidence. If the evidence is damaged, there is nothing to show in the court.
Question 113
When large volumes of writing are presented in court, which type of evidence is
inapplicable?
a) Best evidence.
b) Flowchart
evidence.
c) Storage device
evidence.
d) Demonstrative
evidence.
. Best evidence is primary evidence, which is the most natural evidence. Best evidence
gives the most satisfactory proof of the fact under investigation. It is confined to
documents, records, and papers. For cases with a large volume of evidence, a
recommendation is to assemble a single exhibit book containing all documents, send
copies to the defense and to the judge, and introduce it as a single exhibit in court.
This saves time in court. Also, a record of exhibits should be prepared, the counts each
is connected with, and the names of the witnesses who are to testify as to each item.
Question 114
Evidence is needed to do which of the following?
a) Charge a
case.
b) Classify a
case.
c) Make a
case.
d) Prove a
case.
. Proper elements of proof and correct types of evidence are needed to prove a case.
Question 115
What determines whether a computer crime has been committed?
a) When the crime is reported.
b) When a computer expert has completed his or
her work.
c) When the allegation has been substantiated.
d) When the investigation is completed.
. A computer crime is committed when the allegation is substantiated with proper
evidence that is relevant, competent, and material.
Question 116
The correct sequence of preliminary investigation is
I. Consult with a computer expert.

II. Prepare an investigative plan.
III. Consult with a prosecutor.
IV. Substantiate the allegation.
a) IV, I,
II, and
III.
b) III, I, II,
and IV.
c) IV, II,
III, and
I.
d) I, IV,
II, and
III.
. Step 1 is substantiating the allegation. Step 2 is consulting with a computer expert, as
appropriate. Step 3 is preparing an investigation plan that sets forth the scope of the
investigation and serves as a guide in determining how much technical assistance will
be needed. Step 4 is consulting with a prosecutor, depending on the nature of the
allegation and scope of the investigation. Items to discuss with the prosecutor may
include the elements of proof, evidence required, and parameters of a prospective
search.
Question 117
The objective of which of the following team members is similar to that of the
information systems security officer involved in a computer crime investigation?
a) Investigator
b) District attorney
c) Computer expert
d) Internal systems
auditor.
. A team approach is desirable when a computer‐related crime case is a complex one.
Each person has a definite and different role and brings varied capabilities to the team
approach. Both the internal system auditor's and the security officer's objectives are
the same since they work for the same organization. The objectives are to understand
system vulnerabilities, to strengthen security controls, and to support the investigation.
A district attorney's role is to prove the case while the objective of the investigator is
to gather facts.
Question 118
A search warrant is required:
a) Before the allegation has been substantiated.
b) After establishing the probable cause(s).
c) Before identifying the number of investigators
needed.
d) After seizing the computer and related
equipment.
. Once the allegation has been substantiated, the prosecutor should be contacted to
determine if there is probable cause for a search. Because of the technical orientation
of a computer‐related crime investigation, presenting a proper technical perspective in
establishing probable cause becomes crucial to securing a search warrant.
Question 119
The appropriate sampling plan to use to identify at least one irregularity, assuming
some number of such irregularities exist in a population, and then to discontinue
sampling when one irregularity is observed is:
a) Stop‐and‐go
sampling.
b) Discovery
sampling.
c) Variables
sampling.
d) Attributes
sampling.
Discovery sampling involves identifying characteristics that could include discovering
single instances of suspected special characteristics (irregularities).
Question 120
In a computer-related crime investigation, computer evidence is:
a) Volatile and
invisible.
b) Apparent and
magnetic
c) Electronic and
inadmissible
d) Difficult and
erasable
. Discovery and recognition is one of several considerations involved in the care and
handling of evidence. It is the investigator's ability to discover and to recognize the
potential source of evidence. When a computer is involved, the evidence is probably
not apparent or visible. Nevertheless, the investigator must recognize that computer
storage devices are nothing more than electronic file cabinets and should be searched
if it normally would be reasonable to search an ordinary file cabinet. The evidence is
highly volatile (i.e., subject to change).
Question 121
In a computer‐related crime investigation, maintenance of evidence is important for
which of the following reasons?
a) To record the crime.
b) To collect the
evidence.
c) To protect the
evidence.
d) To avoid problems
of proof.
. It is proper to maintain computer‐related evidence. Special procedures are needed to
avoid problems of proof caused by improper care and handling of such evidence.
Question 122
If a computer or peripheral equipment involved in a computer crime is not covered by
a search warrant, what should the investigator do?
a) Seize it before someone takes it away.
b) Leave it alone until a warrant can be
obtained.
c) Analyze the equipment or its contents and
record it.
d) Store it in a locked cabinet in a secure
warehouse.
If a computer or peripheral equipment involved in a computer crime is not covered by
a search warrant, leave it alone until a warrant can be obtained. The point is that a
warrant is required for anything to be collected by the investigator.
Question 123
All of the following are proper ways to handle the computer equipment and storage
media items involved in a computer crime investigation except:
a) Seal, store, and tag the items.
b) Seal and store items in a
cardboard box.
c) Seal and store items in a paper
bag.
d) Seal and store items in a plastic
bag.
. After all equipment and storage media have been labelled and inventoried, seal and
store each item in a paper bag or cardboard box to keep out dust. Attach an additional
label to the bag identifying its contents and noting any identifying numbers, such as
the number of the evidence tag. Do not use plastic bags or sandwich bags to store any
piece of computer equipment and/or storage media, since plastic material can cause
both static electricity and condensation, which can damage electronically stored data
and sensitive electronic components.
Question 124
The most objective and relevant evidence in a computer environment involving fraud
is.
a) Physical
examination.
b) Physical
observation.
c) Inquiries of
people.
d) Computer logs.
. Relevant evidence is essential for a successful computer fraud examination. For

example, data usage and access control security logs will identify (1) who has
accessed the computer, (2) what information was accessed, (3) where the computer
was accessed, and (4) how long the access lasted. These logs can be manually, or
computer maintained; the latter method is timelier and more reliable than the former
method.
Question 125
Which of the following is needed to produce technical evidence in computer‐related
crimes?
a) Audit
methodology
b) System
methodology
c) Forensic
methodology
d) Criminal
methodology
. A forensic methodology is a process for the analysis of electronically stored data.
The process must be completely documented to ensure that the integrity of the
evidence is not questioned in court. The forensic methodology deals with technical
evidence.
Question 126
The final stage of reporting results of computer evidence life cycle is:
a) Return.
b) Receive.
c) Examine.
d) Report.
. The first stage is preparing a report documenting what was done and the results
obtained. The second stage is sending printouts and reports to the contributor or
subject matter expert for additional analysis. The third stage is repacking the computer
and all storage disks. The final stage is returning the evidence to the contributor.
Question 127
Which of the following investigative tools is most effective when large volumes of
evidence need to be analyzed?
a) Interviews
b) Questionnaires
c) Forensic analysis
d) Computer
. Computers can be used to collect and compile large amounts of data and provide
statistics, reports, and graphs to assist the investigator in analysis and decision
making.
Question 128
Which of the following methods is acceptable to handle computer equipment seized in
a computer crime investigation?
a) Exposing the storage media to radio waves.
b) Laying the storage media on top of electronic equipment.
c) Subjecting the storage media to forensic testing.
d) Leaving the storage media in the trunk of a vehicle containing a
radio unit.
. Forensic analysis is the art of retrieving computer data in such a way that will make
it admissible in court. Exposing storage media to electromagnetic fields, such as radio
waves, may alter or destroy data. Do not carry storage media in the trunk of a vehicle
containing a radio unit, and do not lay storage media on top of any electronic
equipment.
Question 129
Computer fraud is discouraged by:
a) Being willing to prosecute.
b) Ostracizing whistleblowers.
c) Overlooking inefficiencies in the judicial
system.
d) Accepting the lack of integrity in the
system.
. Situational pressures (e.g., gambling, drugs), opportunities to commit fraud (e.g.,
weak system of controls), and personal characteristics (e.g., lack of integrity, honesty)
are major causes of fraud, whether computer related or not. There is nothing new
about the act of committing fraud. There is no new way to commit fraud because
someone has already tried it somewhere. The other options encourage computer fraud
whereas the correct answer discourages it. Willingness to prosecute sends a strong
message to potential perpetrators.
Question 130
After partially completing an internal control review of the accounts payable
department, the auditor suspects that some type of fraud has occurred. To ascertain
whether the fraud is present, the best sampling approach would be to use:
a) Simple random sampling to select a sample of vouchers processed by
the department during the past year.
b) Probability-proportional-to-size sampling to select a sample of
vouchers processed by the department during the past year.
c) Discovery sampling to select a sample of vouchers processed by the
department during the past year.
d) Judgmental sampling to select a sample of vouchers processed by
clerks identified by the department manager as acting suspiciously.
. The purpose here is to determine whether any fraud has taken place rather than to
estimate its overall frequency. Discovery sampling is a method designed specifically
to do this.
Question 131
Identify the computer‐related crime and fraud method that involves obtaining
information that may be left in or around a computer system after the execution of a
job.
a) Data diddling.
b) Salami
technique.
c) Scavenging.
d) Piggybacking.
. Scavenging fits the description.
Question 132
Computer fraud is increased when:
a) Employees are not trained.
b) Documentation is not available.
c) Audit trails are not available.
d) Employee performance appraisals are not
given.
. Audit trails indicate what actions are taken by the system. The fact that the system
has adequate and clear audit trails will deter fraud perpetrators because they fear
getting caught. There is no direct correlation between computer fraud and lack of
employee training, lack of documentation, and lack of performance appraisals.
Question 133
Because of control weaknesses, it is possible that the individual managers of 122
restaurants could have placed fictitious employees on the payroll. Each restaurant
employs between 25 and 30 people. To efficiently determine whether this fraud exists
at less than a 1% level, the auditor should use:
a) Attributes
sampling.
b) Judgment
sampling.
c) Directed
sampling.
d) Discovery
sampling.
. Discovery sampling is most often interested in the occurrence of fraud. It efficiently
defines a sampling effort that will have a specified probability of containing at least
one occurrence of the attribute within the population, given that it is expected to occur
at a certain rate.
Question 134
In the audit of a health insurance claims processing department, a sample is taken to
test for the presence of fictitious payees, although none is suspected. The most
appropriate sampling plan would be:
a) Attributes
sampling.
b) Discovery
sampling.
c) Variables
sampling.
d) Stop‐and‐go
sampling.
. Discovery sampling is appropriate when a near‐zero error rate is expected and the
characteristic under scrutiny is critical.
Question 135
An auditor applying a discovery sampling plan with a 5% risk of overreliance may
conclude that there is:
a) A 95% probability that the actual rate of occurrence in the population
is less than the critical rate if only one exception is found.
b) A 95% probability that the actual rate of occurrence in the population
is less than the critical rate if no exceptions are found.
c) A 95% probability that the actual rate of occurrence in the population
is less than the critical rate if the occurrence rate in the sample is less
than the critical rate.
d) Greater than a 95% probability that the actual rate of occurrence in
the population is less than the critical rate if no exceptions are found.
. If no exceptions are found, the correct conclusion is that the occurrence rate is less
than the critical rate at a given probability level.
Question 136
An internal auditor suspects fraud. Which of the following sample plans should be
used if the purpose is to select a sample with a given probability of containing at least
one example of the irregularity?
a) Attributes.
b) Discovery.
c) Stop and go.
d) Probability proportional
to size.
. Discovery sampling is used when the internal auditor suspects a rare but material
error or fraud. The plan seeks to select a sample just large enough to include one
example of the error or irregularity a specified percentage of the time.
Question 137
What is a data diddling technique?
I. Changing data before input to a computer system

II. Changing data during input to a computer system
III. Changing data during output from a computer system
IV. All options.
a) I.
b) II.
c) III.
d) IV.
. Data diddling involves changing data before or during input to computers or during
output from a computer system.
Question 138
An internal auditor suspects fraud in the purchasing department. Whom should the
auditor communicate with first?
a) The board of directors.
b) The audit committee.
c) The vice president of
purchasing.
d) Audit management.
. The internal auditor should follow the chain of command principle in that he or she
should report the suspected fraud in the purchasing department first to audit
management. Later, based on the outcome of the fraud investigation and evidence,
audit management can report the fraud to the vice president of purchasing. Based on
the size and severity of the fraud, audit management should report the fraud to the
audit committee and the board of directors.

Domain 6

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Domain 6

Caricato da

Copyright:

Formati disponibili

Domain 6 – Fraud Risks

Embedded data analytics show future events and outcomes.

Which of the following thrives on big data?

. Prescriptive analytics thrive on big data because prescriptive analytics indicate or

I. Establish security controls.

I. Data mapping tools

I. High performance-dependent rewards

• Company policy is to rapidly promote divisional managers who show

The division was identified by senior management as a turnaround opportunity. The

• Sales have increased by 10%.

• Company policy is to rapidly promote divisional managers who show

The division was identified by senior management as a turnaround opportunity. The

• Sales have increased by 10%.

• Company policy is to rapidly promote divisional managers who show

The division was identified by senior management as a turnaround opportunity. The

• Sales have increased by 10%.

• Company policy is to rapidly promote divisional managers who show

The division was identified by senior management as a turnaround opportunity. The

I. The primary means of deterring fraud is through an effective control system

. Secured collateral would be difficult to obtain.

The above fraud would least likely be discovered by:

. A prod to achieve an unrealistically high sales or production quota can become a

Are an investigator's handwritten notes considered valid evidence in court of law?

I. Consult with a computer expert.

. Relevant evidence is essential for a successful computer fraud examination. For

I. Changing data before input to a computer system

Potrebbero piacerti anche