CFE Exam Coach
Maria, a successful restaurateur, has been informed of an unusually attractive investment opportunity by a recent acquaintance and decides to invest in it. Several months and a couple of underwhelming payments later, Maria grows frustrated with the diminishing disbursements and attempts to withdraw her money. After several weeks of delay, she realizes that the promoter seems to have vanished, along with her investment. Maria is the victim of which of the following fraudulent ploys? A. A Ponzi scheme B. An illegal pyramid C. A fly and buy scheme D. A dog and pony scam
A Ponzi scheme is generally defined as an illegal business practice in which new investors' money is used to make payments to earlier investors. The investment opportunity is typically presented with the promise of uncommonly high returns. While the scam is presented as a legitimate investment, there is little or no actual commerce involved. When an enterprise promotes an investment opportunity that invests little or none of the participants' money and uses new investments to make dividend payments, the enterprise is running a Ponzi scheme. Correct Answer: (A) A ponzi scheme See pages 1.1336 in the Fraud Examiner's Manual
Which of the following is the most accurate definition of a Trojan horse? A. A software program that contains various instructions that are carried out every time a computer is turned on B. A type of software that collects and reports information about a computer user without the user's knowledge or consent C. A program or command procedure that gives the appearance that it is useful but in fact contains hidden malicious code that causes damage D. A virus that changes its structure to avoid detection
A Trojan horse is a program or command procedure that gives the appearance that it is useful but in fact contains hidden malicious code that causes damage. When the hidden code in a Trojan horse is activated, it performs some unwanted or harmful function. Often, viruses and worms attach themselves to other legitimate programs, becoming Trojan horses and spreading to other systems. Correct Answer: (C) See pages 1.1424 in the Fraud Examiner's Manual
According to the going concern principle under U.S. generally accepted accounting principles (GAAP), if there is substantial doubt about a company's ability to fulfill its financial obligations over a reasonable period of time, it must be disclosed in the company's financial statements. A. True B. False
A company's management and its external auditors are required to provide disclosures when existing events or conditions indicate that it is more likely than not that the entity might be unable to meet its obligations within a reasonable period of time after the financial statements are issued. There is an underlying assumption that an entity will continue as a going concern; that is, the life of the entity will be long enough to fulfill its financial and legal obligations. Any evidence to the contrary must be reported in the entity's financial statements. Correct Answer: (A) True See pages 1.118 in the Fraud Examiner's Manual
The assumption that a business will continue indefinitely is reflected in the accounting concept of: A. Objective evidence B. Cost C. Going concern D. Materiality
A company's management is required to provide disclosures when existing events or conditions indicate that it is more likely than not that the entity might be unable to meet its obligations within a reasonable period of time after the financial statements are issued. There is an underlying assumption that an entity will continue as a going concern; that is, the life of the entity will be long enough to fulfill its financial and legal obligations. Any evidence to the contrary must be reported in the entity's financial statements. Correct Answer: (C) Going concern See pages 1.118 in the Fraud Examiner's Manual
Which of the following is the most accurate definition of a computer worm? A. A type of software that, while not definitely malicious, has a suspicious or potentially unwanted aspect to it B. Any software application in which advertising banners are displayed while a program is running C. A self-replicating computer program that penetrates operating systems to spread malicious code to other systems D. A program or command procedure that gives the appearance that it is useful but in fact contains hidden malicious code that causes damage
A computer worm is a malicious self-replicating computer program that penetrates operating systems to spread malicious code to other computers. Correct Answer: (C) See pages 1.1423 in the Fraud Examiner's Manual
Bruce is a purchaser for Acme Widgets. Bruce's brother-in-law is a salesperson for Olson Electronics, one of Acme's largest suppliers. Bruce told his supervisor about the relationship, and she approved his ordering of supplies from his brother-in-law as long as the purchases were reviewed by a senior manager. Bruce did not receive any favors or money from his brother-in-law in return for the sales. A year after Bruce discussed the situation with his supervisor, Acme's management discovers that another supplier offers the same parts as Olson Electronics but at a cheaper price. Acme Widgets is considering suing Bruce for conflict of interest. Which of the following is the MOST ACCURATE statement about Acme's chances of success? A. Acme's chances are good because it is clear that Bruce had a conflict of interest in dealing with his brother-in-law. B. Acme's chances are poor because the company was aware of the situation and allowed Bruce to do business with his brother-in-law's company despite the relationship. C. Acme's chances are poor because Bruce did not actually receive any money from his brother-in-law for sending him business. D. Acme's chances are good because it could have gotten the supplies at a lower price.
A conflict of interest occurs when an employee or agent—someone who is authorized to act on behalf of a principal—has an undisclosed personal or economic interest in a matter that could influence their professional role. But to be classified as a conflict of interest scheme, the employee's interest in the transaction must be undisclosed. The crux of a conflict case is that the fraudster takes advantage of their employer; the victim organization is unaware that its employee has divided loyalties. If an employer knows of the employee's interest in a business deal or negotiation, there can be no conflict of interest, no matter how favorable the arrangement is for the employee. Correct Answer: (B) See pages 1.627, 1.629 in the Fraud Examiner's Manual
Which of the following scenarios is an example of a conflict of interest? A. An employee for a phone installation company works as a fishing guide on weekends but does not tell the phone company about the other job. B. An employee is related to someone who works for one of their company's vendors and informs their employer of the relationship. C. An employee has an undisclosed personal relationship with a company that does business with their employer. D. An employee for a pharmaceutical company has an economic interest in a company that does business with their employer and discloses it to their employer.
A conflict of interest occurs when an employee or agent—someone who is authorized to act on behalf of a principal—has an undisclosed personal or economic interest in a matter that could influence their professional role. Thus, an employee with an undisclosed personal relationship with a company that does business with their employer is engaged in a conflict of interest. An employee who has an undisclosed side job would not be engaged in a conflict of interest provided that the job is in a different industry, does not create a time conflict, and does not create any personal or economic interest that could influence their ability to act in their primary employer's best interest. Most conflicts of interest occur because the fraudster has an undisclosed economic interest in a transaction, but a conflict can exist when the fraudster's hidden interest is not economic. In some scenarios, an employee acts in a manner detrimental to their company to provide a benefit to a friend or relative, even though the fraudster receives no financial benefit. Conflicts of interest do not necessarily constitute legal violations, as long as they are properly disclosed. Thus, to be classified as a conflict of interest scheme, the employee's interest in the transaction must be undisclosed. The crux of a conflict case is that the fraudster takes advantage of their employer; the victim organization is unaware that its employee has divided loyalties. If an employer knows of the employee's interest in a business deal or negotiation, there can be no conflict of interest, no matter how favorable the arrangement is for the employee. Correct Answer: (C) See pages 1.627-1.629 in the Fraud Examiner's Manual
In which of the following scenarios might a credit card skimming scheme be conducted? A. A customer is pumping gasoline and notices a strange device attached to the self-payment apparatus B. A retail employee processes a payment outside of the customer's view C. A server walks away from a customer's table to process a credit card payment D. All of the above
A credit card skimming scheme requires a device, often referred to as a skimmer or a wedge, that scans and stores a large amount of credit card numbers. Credit card skimming is more frequent in businesses where an employee is able to remove the card from the customer's view to process the transaction before returning it to the customer. Skimming can also be performed via the attachment of covert devices to automated teller machines (ATMs), automated fuel dispensers, vending machines, or self-service checkout kiosks. These devices are occasionally paired with a tiny hidden camera meant to record the input of a user's personal identification number (PIN). Correct Answer: (D) All of the above See pages 1.1018-1.1019 in the Fraud Examiner's Manual
Jason, a server at a popular restaurant, takes a customer's credit card to process a payment. While he is on the other side of the dining area with his back turned, Jason swipes the card through a small device that he regularly uses to steal his customers' credit card information. Jason is engaging in a scheme known as credit card ________. A. Scanning B. Probing C. Skimming D. Pinching
A credit card skimming scheme requires a device, often referred to as a skimmer or a wedge, that scans and stores a large amount of credit card numbers. Credit card skimming is more frequent in businesses where an employee is able to remove the card from the customer's view to process the transaction before returning it to the customer. This scam might occur in a retail situation in which a credit card is processed behind a concealable counter or in a restaurant scenario wherein a server walks away with a customer's card to process the transaction. Correct Answer: (C) See pages 1.1018 in the Fraud Examiner's Manual
A draw request on a construction loan should be accompanied by all of the following EXCEPT: A. Lien releases from subcontractors B. Expenses from similar contracts C. Inspection reports D. Change orders, if applicable
A draw request is the documentation substantiating that a developer has incurred the appropriate construction expenses and is now seeking reimbursement or direct payment. Generally, draw requests on construction loans are made on a periodic schedule (e.g., once a month) and are verified by a quantity surveyor (QS) or other authorized entity as agreed to by the financial institution. The request should be accompanied by the following documents: - Paid invoices for raw materials - Lien releases from each subcontractor - Inspection reports - Canceled checks from previous draw requests - Bank reconciliation for construction draw account for previous month - Loan balancing form demonstrating that the loan remains in balance - Change orders, if applicable - Wiring instructions, if applicable - Proof of developer contribution, if applicable Correct Answer: (B) Expenses from similar contracts. See pages 1.908 in the Fraud Examiner's Manual
A draw request on a construction loan should be accompanied by all of the following EXCEPT: A. Expenses from similar contracts B. Change orders, if applicable C. Inspection reports D. Lien releases from subcontractors
A draw request is the documentation substantiating that a developer has incurred the appropriate construction expenses and is now seeking reimbursement or direct payment. Generally, draw requests on construction loans are made on a periodic schedule (e.g., once a month) and are verified by a quantity surveyor (QS) or other authorized entity as agreed to by the financial institution. The request should be accompanied by the following documents: -Paid invoices for raw materials -Lien releases from each subcontractor -Inspection reports -Canceled checks from previous draw requests -Bank reconciliation for construction draw account for previous month -Loan balancing form demonstrating that the loan remains in balance -Change orders, if applicable -Wiring instructions, if applicable -Proof of developer contribution, if applicable Correct Answer: (A) See pages 1.908 in the Fraud Examiner's Manual
A favored device of phony charities is to send school-age children door to door to say that they are raising money for antidrug programs or for a group that takes underprivileged kids on trips. A. True B. False
A favored device of phony charities is to send school-age children door to door to say that they are raising money for antidrug programs or for a group that takes underprivileged kids on trips. Some of the children repeat what they are told in exchange for a few dollars. Others believe they will receive rewards and free trips when in fact they, too, are being scammed. Correct Answer: (A) True See pages 1.1331 in the Fraud Examiner's Manual
Heidi, a Certified Fraud Examiner (CFE) and internal auditor for a health care program, has been asked to review the program's system of internal controls in the claims processing area. Heidi has decided to present the management of the unit with a list of general indicators for fraud that are applicable to many health insurance fraud schemes by program beneficiaries. All of the following would be included on Heidi's list EXCEPT: A. Anonymous telephone or email inquiries regarding the status of a pending claim B. Individuals who mail their claim and ask for their claim payment to be sent through direct bank transfer C. Threats of legal action when a claim is not paid quickly D. Pressure by a claimant to pay a claim quickly
A fraud examiner should be aware of the following indicators of fraud by insured individuals and beneficiaries under health care programs: - Pressure by a claimant to pay a claim quickly - Individuals who hand-deliver claims and insist on picking up their payment in-person - Threats of legal action if a claim is not paid quickly - Anonymous telephone or email inquiries regarding the status of a pending claim - Identical claims for the same patient in different months or years - Dates of service just prior to termination of coverage or just after coverage begins - Services billed that do not appear to agree with the medical records - Billing for services or equipment that are clearly unsuitable for the patient's needs Of course, everyone wants their claim paid as soon as possible. Red flags don't arise unless the person continually pressures for payment or continually threatens legal action. Correct Answer: (B) B. Individuals who mail their claim and ask for their claim payment to be sent through direct bank transfer See pages 1.1252 in the Fraud Examiner's Manual
Belinda used her company credit card to pay for a business dinner at which she was entertaining a client, knowing the credit card bill would be paid by Belinda's employer. Belinda saved the receipt and later filed an expense report seeking reimbursement for the cost of the meal, attaching the receipt as support. This is an example of what kind of fraud? A. False billing scheme B. Mischaracterized expense scheme C. Multiple reimbursement scheme D. Personal purchases with company funds
A multiple expense reimbursement scheme involves the submission of a single expense several times to receive multiple reimbursements. The most frequent example of such a scheme is the submission of several types of support for the same expense. However, rather than file two expense reports, employees might also charge an item to the company credit card, save the receipt, and attach it to an expense report as if they paid for the item themselves. The victim company therefore ends up paying twice for the same expense. Correct Answer: (C) See pages 1.480-1.481 in the Fraud Examiner's Manual
When an employee signs a legally enforceable non-competition agreement, the provisions of the non-competition agreement continue after the employee leaves the company where they signed the agreement. A. True B. False
A non-competition agreement is an agreement whereby employees agree not to work for competing companies within a certain period of time after leaving their current employer. If an organization uses a noncompetition agreement, management should remind its employees about the agreement's provisions during an exit interview conducted before the end of their employment. When employees leave a company, it is a good idea to have them sign a statement in which they acknowledge that they understand the noncompetition agreement's terms and that they will abide by its provisions. Correct Answer: (A) True See pages 1.750-1.751 in the Fraud Examiner's Manual
Payers can make corrupt payments by giving recipients hidden interests in profit-making enterprises. A. True B. False
A payer might make a corrupt payment by giving the recipient a hidden interest in a joint venture or other profit-making enterprise. Often, corruption schemes involve corrupt payments—items of value paid to procure a benefit contrary to the rights of others. There are various ways to make corrupt payments, and many do not involve money. Any tangible benefit given or received with the intent to corruptly influence the recipient can be an illegal payment, and traditional methods of making corrupt payments include: • Gifts, travel, and entertainment • Cash payments • Checks and other financial instruments • Hidden interests • Loans • Credit cards • Transfers not at fair market value • Promises of favorable treatment Correct Answer: (A) See pages 1.609-1.611 in the Fraud Examiner's Manual
What happens when an employee records a fictitious refund of goods at the employee's cash register? A. The victim company's inventory is overstated B. Inventory is returned to the store C. The register total is out of balance with the register log D. None of the above
A refund shows a disbursement of money from the register as the customer gets their money back. In a fictitious refund scheme, an employee processes a transaction as if a customer were returning merchandise, even though no actual return takes place. Two things result from this fraudulent transaction. First, the employee takes cash from the register in the amount of the false return. Since the register log shows that a merchandise return has been made, it appears that the disbursement is legitimate. The second thing that happens in a fictitious refund scheme is that a debit is made to the inventory system showing that the merchandise has been returned. Since the transaction is fictitious, no merchandise is actually returned. The result is that the company's inventory is overstated. Correct Answer: (A) See pages 1.402-1.403 in the Fraud Examiner's Manual
What happens when an employee records a fictitious refund of goods at the employee's cash register? A. The register total is out of balance with the register log B. Inventory is returned to the store C. The victim company's inventory is overstated D. None of the above
A refund shows a disbursement of money from the register as the customer gets their money back. In a fictitious refund scheme, an employee processes a transaction as if a customer were returning merchandise, even though no actual return takes place. Two things result from this fraudulent transaction. First, the employee takes cash from the register in the amount of the false return. Since the register log shows that a merchandise return has been made, it appears that the disbursement is legitimate. The second thing that happens in a fictitious refund scheme is that a debit is made to the inventory system showing that the merchandise has been returned. Since the transaction is fictitious, no merchandise is actually returned. The result is that the company's inventory is overstated. Correct Answer: (C) See pages 1.402-1.403 in the Fraud Examiner's Manual
Samantha operates a medical lab from a mobile trailer. Her business model is to go to an area, recruit patients for an array of unnecessary tests, and bill health care programs for those tests. She also typically bills for services never actually performed using the patient data collected. Soon after, she moves the trailer to a new location and starts the process again. Which of the following best describes Samantha's scheme? A. Front organization B. DME fraud C. Fictitious provider D. Rolling lab
A rolling lab is a mobile laboratory that solicits individuals to participate in health screening tests at no cost to the patient. After conducting the tests, however, the lab bills the individual's insurance provider or health care program. Also, the lab might bill additional claims for later service dates even though no more tests are conducted. The lab typically moves to another location prior to the patient receiving the test results to avoid detection. Correct Answer: (D) See pages 1.1223 in the Fraud Examiner's Manual
How do smart cards differ from ordinary credit cards? A. Smart cards are immune from physical, side-channel, and environmental attacks. B. Smart cards are embedded with a microchip that is not easily replicated. C. Smart cards are designed to prevent fraudulent online card-not-present (CNP) transactions. D. Smart cards contain special holograms that identify the cardholder.
A smart card is a plastic card, the size of a credit card, embedded with a microchip. A key advantage of smart cards is that, unlike regular magnetic stripe credit cards, they cannot be easily replicated. Similarly, smart cards cannot be easily counterfeited, which greatly reduces the potential for fraud. Smart cards include a wide variety of hardware and software features capable of detecting and reacting to tampering attempts and countering possible attacks. If someone tries to tamper with a chip on a smart card, the card detects the intrusion and shuts itself down, rendering the card useless. Although smart cards are designed to withstand different kinds of potential attacks on security, they are not immune from attacks. There are four main classes of attacks on smart cards: physical, side-channel, software, and environmental. While the adoption of smart cards has significantly reduced fraud for card-present (CP) transactions, much of the fraud has been displaced to card-not-present (CNP) transactions on the Internet. The United Kingdom, France, and Australia have experienced significant increases in CNP fraud in the years following their transitions to smart cards. Large-scale data breaches and the continued increase in online spending have also contributed to the rising volume of CNP fraud. Correct Answer: (B) See pages 1.1033-1.1034 in the Fraud Examiner's Manual
Failure to record corresponding revenues and expenses in the same accounting period will result in an understatement of net income in the period when the revenue is recorded and an overstatement of net income in the period in which the corresponding expenses are recorded. A. True B. False
According to generally accepted accounting principles (GAAP), revenue and corresponding expenses should be recorded or matched in the same accounting period. The timely recording of expenses is often compromised due to pressures to meet budget projections and goals or due to lack of proper accounting controls. As the expensing of certain costs is pushed into periods other than the ones in which they actually occur, they are not properly matched against the income that they help produce. For example, revenue might be recognized on the sale of certain items, but the cost of goods and services that went into the items sold might intentionally not be recorded in the accounting system until the following period. This might make the sales revenue from the transaction almost pure profit, inflating earnings. In the next period, earnings would have fallen by a similar amount. Correct Answer: (B) False See pages 1.223 in the Fraud Examiner's Manual
To help promote employee awareness of sensitive information, company data should be classified into different security levels based on value and sensitivity. A. True B. False
According to the CERT (Computer Emergency Response Team) Insider Threat Center, organizations should implement a data classification policy that establishes what protections must be afforded to data of different value and sensitivity levels. Data classification allows organizations to follow a structured approach for establishing appropriate controls for different data categories. Moreover, establishing a data classification policy will help employee awareness. In short, classifying an organization's data involves: (1) organizing the entity's data into different security levels based on the data's value and sensitivity and (2) assigning each level of classification different rules for viewing, editing, and sharing the data. Correct Answer: (A) True See pages 1.751-1.752 in the Fraud Examiner's Manual
Which of the following factors enables or enhances fraudsters' abilities to conduct account takeover schemes? A. The increased use of multi-factor authentication B. Consumers using the same login and password information on multiple accounts C. Payment accounts offering the ability to be notified when they are accessed or changed D. Customers regularly checking their online accounts for changes
Account takeover fraud occurs when a fraudster surreptitiously takes control of a payment account. Targeted accounts can include credit cards, banking, brokerage, or any type of online retail account (e.g., Amazon). Because consumers often use the same username and password for multiple accounts, hackers commonly create code that can run credentials obtained from a data breach at one company to see if they are valid at another. Account takeover fraud has increased significantly in recent years. Consumers should opt for multi-factor authentication when available, request notification of account access or changes when offered, and regularly check any online accounts that hold payment information. Correct Answer: (B) See pages 1.1047 in the Fraud Examiner's Manual
Which of the following steps are often taken during an account takeover scheme? A. Place orders using funds from the overtaken account B. Steal account login information using phishing emails C. Change customer contact information on the overtaken account D. All of the above
Account takeover fraud occurs when a fraudster surreptitiously takes control of a payment account. Targeted accounts can include credit cards, banking, brokerage, or any type of online retail account (e.g., Amazon). To take over an account, thieves obtain email addresses or other login information and use various means to obtain passwords, such as phishing emails or password-cracking botnet attacks. Once the thief overtakes an account, communication methods and contact information are altered to keep the account holder unaware of the fraudulent activity. The thief is then free—depending on the type of account—to place orders using stored payment information, transfer funds, or request duplicate credit cards. Correct Answer: (D) All of the above. See pages 1.1047 in the Fraud Examiner's Manual
Which of the following is the correct accounting model? A. Assets + Liabilities = Owners' Equity B. Assets = Liabilities - Owners' Equity C. Assets = Liabilities + Owners' Equity D. None of the above
Accounting is based on the following model or accounting equation: Assets = Liabilities + Owners' Equity. Correct Answer: (C) See pages 1.101 in the Fraud Examiner's Manual
Management has an obligation to disclose all events and transactions in the financial statements that are likely to have a material effect on the entity's financial position. A. True B. False
Accounting principles require that financial statements include all the information necessary to prevent a reasonably discerning user of the financial statements from being misled. Disclosures only need to include events and transactions that have or are likely to have a material impact on the entity's financial position. Correct Answer: (A) True See pages 1.234 in the Fraud Examiner's Manual
Which of the following is NOT a common type of credit card fraud? A. Profiling B. Skimming C. Card counterfeiting D. Advance payments
Advance payments, card counterfeiting, and skimming are all forms of credit card fraud; profiling is not a type of credit card fraud. Correct Answer: (A)
The type of fraud that targets groups of people who have some social connection, such as neighborhoods of racial minorities or immigrant groups, is known as: A. Affinity fraud B. Reloading C. Consolation D. None of the above
Affinity fraud targets groups of individuals who have some social connection. Neighborhoods chiefly populated by racial minorities, especially immigrant groups, are often the site of affinity frauds, and the elderly and language minorities are frequent targets as well. In addition, religious and professional ties are often exploited. Correct Answer: (A) Affinity fraud See pages 1.1321 in the Fraud Examiner's Manual
Which of the following are information security goals that an e-commerce system should endeavor to meet for its users and asset holders? I. Penetrability of data II. Materiality of data III. Integrity of data IV. Availability of data A. II and III only B. III and IV only C. I, II, III, and IV D. I, II, and III only
All branches of an information system, including the e-commerce branch, strive to provide security to their users and asset holders. The following is a list of common information security goals that should be achieved to ensure the security of information systems for users and account holders: - Confidentiality of data - Integrity of data - Availability of data - Authentication - Non-repudiation Correct Answer: (B) III and IV only See pages 1.1437 in the Fraud Examiner's Manual
Julia runs a printing company and has an antique printing press that she uses in her business. She purchased the press ten years ago for $5,000. Similar presses are selling on the market today for about $8,000. Julia mentioned that she's thinking about retiring, so her friend offered to give Julia $9,000 for the press. According to U.S. generally accepted accounting principles (GAAP), how much should the printing press be listed for on Julia's books? A. $5,000 B. $9,000 C. $8,000 D. $3,000
Although some exceptions exist, under U.S. generally accepted accounting principles (GAAP), historical cost is generally the proper basis for the recording of assets, expenses, equities, etc. For example, a piece of operational machinery should be shown on the balance sheet at initial acquisition cost (historical cost) and not at current market value or an estimated replacement value. Some companies might try to fraudulently inflate their assets by marking them up to market value. While some might argue that market value offers a more fair presentation, historical cost remains the generally accepted accounting principle. In this example, Julia should list the printing press on her balance sheet for the amount she originally purchased it for—$5,000. Correct Answer: (A) See pages 1.116 in the Fraud Examiner's Manual
Baker, the managing partner in a small law firm, is the authorized signer on all company checks. When his personal phone bill arrived last month, Baker prepared and signed a company check to pay the bill. He did not disclose this payment to his partners. Baker committed: A. A false billing scheme B. A mischaracterized expense scheme C. An authorized maker scheme D. A forged maker scheme
An authorized maker scheme is a type of check tampering fraud in which an employee with signature authority on a company account writes fraudulent checks for their own benefit and signs their own name as the maker. The most common example occurs when a majority owner or sole shareholder uses their company to pay personal expenses directly out of company accounts. Baker's scheme is not a billing scheme because he wrote the check himself and there is no indication that he submitted the phone bill to the firm's regular payment cycle. Correct Answer: (C) An authorized maker scheme because he is actually the authorized maker See pages 1.423 in the Fraud Examiner's Manual
Which of the following real estate loan schemes would be best described as an air loan? A. A loan applicant falsifies their income sources to qualify for a mortgage. B. A property developer applying for a loan submits instances of previous development experience that are fictitious or that they had no part in. C. A builder, in collusion with an appraiser and other real estate insiders, fraudulently applies for a loan to construct a building on a nonexistent property and keeps the proceeds. D. A fraudster files fraudulent property transfer documents with the property owner's forged signature and then takes out a loan using the property as collateral.
An air loan is a loan for a nonexistent property—with air symbolizing the loan's fraudulent absence of collateral. Most or all of the documentation is fabricated, including the borrower, the property ownership documents, and the appraisal. This type of scheme involves a high level of collusion, and perpetrators might even set up a fictitious office with people pretending to be participants in the transaction, such as the borrower's employer, the appraiser, and the credit agency. Usually, air loans go into early payment default. Since there are no actual properties on which to foreclose, the losses on these loans can be enormous. Correct Answer: (C) See pages 1.927-1.928 in the Fraud Examiner's Manual
Which of the following is most indicative that the winning bid on an original construction project was not feasible? A. Missing documentation B. Draw requests C. Increasing trend in the number of change orders D. High turnover in developer's personnel
An increasing trend in the number of change orders or amounts on change orders might be an indication that construction changes have taken place that would alter the originally planned project to such an extent as to render the underwriting inappropriate. Alternatively, some projects—especially large projects—tend to have many change orders. It might be more abnormal in situations like these to have few change orders or none at all than to have many. For instance, a lack of change orders for a large project might suggest that progress is not actually being made. Ultimately, the key characteristic that the fraud examiner should look for in change orders is abnormality, which can come in many forms. Fraud examiners should discover what the normal trend for change orders is in terms of both quantity and content with the particular type of industry and project, and then they can look for deviations from those trends. Correct Answer: (C) See pages 1.912 in the Fraud Examiner's Manual
The restitution against loss to a third party when the insured fails to fulfill a specific undertaking for the third party's benefit is referred to as: A. Disability insurance B. An indemnity bond C. Fidelity insurance D. Casualty insurance
An indemnity bond reimburses its holder for any loss to third-party beneficiaries when the insured fails to fulfill a specific undertaking for the third party's benefit. Property insurance indemnifies against pecuniary loss to the insured's property for specific losses, such as those from fire, theft, or auto collision. Casualty insurance indemnifies against legal liability to others for injury or damage to persons, property, or other defined legal interests because of specified risks or conduct. Fidelity insurance indemnifies against economic loss to the insured because of employee dishonesty. Disability insurance indemnifies against income loss under defined circumstances. Correct Answer: (B) See pages 1.1101 in the Fraud Examiner's Manual
An insurance company might be guilty of fraud if it fails to pass on the fee breaks it negotiates with its providers to its consumers. A. True B. False
An insurance company might be guilty of fraud if it fails to pass on fee breaks it negotiates with its providers. The alleged overcharging occurs when an insurance company negotiates a discount on a medical bill. If the company does not pass along the discount, the consumer's copayment is made on the full price rather than the discounted price, and the consumer ends up paying a higher percentage of their bill than they should. For example, if a bill is $1,000 and a 50% discount is negotiated, the consumer's 20% portion should equal $100. If the company does not pass along the discount, the consumer pays 20% of the full $1,000 or $200. Correct Answer: (A) True See pages 1.1256-1.1257 in the Fraud Examiner's Manual
Which of the following refers to the type of network security systems that are designed to supplement firewalls and other forms of network security by detecting malicious activity coming across the network or on a host? A. Network access controls B. Intrusion admission systems C. Intrusion detection systems D. Network address prevention systems
An intrusion detection system (IDS) is a device or software application that monitors an organization's inbound and outbound network activity and identifies any suspicious patterns of activity that might indicate a network or system attack or security policy violations. These systems are designed to supplement firewalls and other forms of network security by detecting malicious activity coming across the monitored entity's network or system activities. They act much like a motion sensor would by detecting individuals who have bypassed perimeter security. Correct Answer: (C) Intrusion detection systems See pages 1.1456 in the Fraud Examiner's Manual
Which of the following groups is NOT a favorite target of identity thieves? A. Members of the military B. Seniors C. Independent contractors D. College students
Anyone can be a victim of identity theft. The following groups, however, are favorite targets of identity thieves: Children Seniors Members of the military College students The deceased Correct Answer: (C)
Which of the following are signs that a multilevel marketing (MLM) organization's activities might be illegal? A. The organization spends more time promoting its distributor levels than its product lines B. The organization recruits distributors into a pyramid-style compensation plan C. The organization offers participants large payments for each new recruit D. All of the above
As a general rule, any organization that recruits distributors into a pyramid-style compensation plan, offers big payoffs for recruiting, and spends more time extolling its distributor levels than its product lines is probably illegal. Correct Answer: (D) All of the above. See pages 1.1346 in the Fraud Examiner's Manual
With the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the U.S. Congress added which of the following offenses to the federal code? A. Committing fraud against health care benefit programs B. Theft or embezzlement in connection with health care C. False statement relating to health care fraud D. All of the above
As part of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the U.S. Congress made a number of changes to the federal criminal code. The Act established several criminal statutes related specifically to health care fraud. The statutes prohibit: -Committing fraud against health care benefit programs -Theft or embezzlement in connection with health care -False statements relating to health care matters -Obstruction of criminal investigations of health care offenses Correct Answer: (D) See pages 1.1208 in the Fraud Examiner's Manual
With the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the U.S. Congress added which of the following offenses to the federal code? A. False statement relating to health care fraud B. Theft or embezzlement in connection with health care C. Committing fraud against health care benefit programs D. All of the above
As part of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the U.S. Congress made a number of changes to the federal criminal code. The Act established several criminal statutes related specifically to health care fraud. The statutes prohibit: Committing fraud against health care benefit programs Theft or embezzlement in connection with health care False statements relating to health care matters Obstruction of criminal investigations of health care offenses. Correct Answer: (D) All of the above See pages 1.1208 in the Fraud Examiner's Manual
Which of the following statements is TRUE regarding e-commerce? A. Digital signatures function to authenticate e-commerce transactions B. E-commerce entities must make sure that they can determine with whom they (or their computers) are communicating C. In e-commerce transactions, non-repudiation is obtained through confirmation services and timestamps D. All of the above
Authentication refers to the authentication of a customer's identity. E-commerce entities must make sure that they can determine with whom they (or their computers) are communicating. Digital signatures function to authenticate e-commerce transactions. Non-repudiation refers to a method used to guarantee that the parties involved in an e-commerce transaction cannot repudiate (deny) participation in that transaction. In e-commerce, non-repudiation is obtained through the use of digital signatures, confirmation services, and timestamps. Correct Answer: (D) All of the above See pages 1.1438-1.1439 in the Fraud Examiner's Manual
Automatic debit program schemes occur when fraudsters obtain a consumer's bank account information and then use this information to draft money from the consumer's bank account without that person's consent. A. True B. False
Automatic debit programs are a convenient way to pay bills, such as recurring charges for mortgages and car loans. Fraudsters exploit these programs by obtaining consumers' bank account information through telemarketing schemes. Fraudsters then use this information to draft money from consumers' bank accounts without their consent. Correct Answer: (A) True See pages 1.1304 in the Fraud Examiner's Manual
Michael, a medical provider, performs an appendectomy, a procedure that is supposed to be billed as one code. Instead, he intentionally submits two codes for the same procedure, one for an abdominal incision and one for removal of the appendix. Which of the following best describes Michael's scheme? A. Unbundling B. Procedure compounding C. Fictitious services D. Decompressing
Because health care procedures often have special reimbursement rates for a group of procedures typically performed together (e.g., blood test panels by clinical laboratories), some providers attempt to increase profits by billing separately for procedures that are actually part of a single procedure. This process is called unbundling or coding fragmentation. Simple unbundling occurs when a provider charges a comprehensive code, as well as one or more component codes. Correct Answer: (A) Unbundling See pages 1.1236 in the Fraud Examiner's Manual
Michael, a medical provider, performs an appendectomy, a procedure that is supposed to be billed as one code. Instead, he intentionally submits two codes for the same procedure, one for an abdominal incision and one for removal of the appendix. Which of the following best describes Michael's scheme? A. Fictitious services B. Unbundling C. Decompressing D. Procedure compounding
Because health care procedures often have special reimbursement rates for a group of procedures typically performed together (e.g., blood test panels by clinical laboratories), some providers attempt to increase profits by billing separately for procedures that are actually part of a single procedure. This process is called unbundling or coding fragmentation. Simple unbundling occurs when a provider charges a comprehensive code, as well as one or more component codes. Correct Answer: (B) Unbundling See pages 1.1236 in the Fraud Examiner's Manual
Which of the following statements is TRUE? A. Both cash larceny and skimming are equally difficult to detect. B. Cash larceny schemes are generally more difficult to detect than skimming schemes. C. Skimming schemes are generally more difficult to detect than cash larceny schemes. D. Cash distraction is the most difficult type of cash receipts scheme to detect.
Because the cash stolen by an employee in a larceny scheme has already been recorded, its absence ought to be more easily detectable than the off-book funds taken in a skimming scheme. Consequently, we would expect larceny schemes to be less common and less successful than skimming schemes. Cash distraction is not a recognized type of cash receipts scheme. Correct Answer: (C) See pages 1.301, 1.320 in the Fraud Examiner's Manual
Which of the following is NOT a common red flag of a bid tailoring scheme? A. A contract is not rebid even though fewer than the minimum number of bids are received. B. There are unusually broad specifications for the type of goods or services being procured. C. Only a few bidders respond to bid requests. D. Competitive awards vary among several suppliers.
Bid tailoring schemes (also known as specifications schemes) occur during the presolicitation phase. In these schemes, an employee with procurement responsibilities, often in collusion with a contractor, drafts bid specifications in a way that gives an unfair advantage to a certain contractor. Some common red flags of bid tailoring include: Weak controls over the bidding process Only one or a few bidders respond to bid requests Contract is not rebid even though fewer than the minimum number of bids are received Similarity between specifications and the winning contractor's product or services Bid specifications and statements of work are tailored to fit the products or capabilities of a single contractor Unusual or unreasonably narrow or broad specifications for the type of goods or services being procured Requests for bid submissions do not provide clear bid submission information (e.g., no clear time, place, or manner of submitting bids) Unexplained changes in contract specifications from previous proposals or similar items High number of competitive awards to one supplier Socialization or personal contacts among contracting personnel and bidders Specifications developed by or in consultation with a contractor who is permitted to compete in the procurement High number of change orders for one supplier Correct Answer: Competitive awards vary among several suppliers. See pages 1.1515-1.1516 in the Fraud Examiner's Manual
A ____________ scheme involves the theft of cash BEFORE it appears on a company's books, and a __________ scheme involves the theft of cash AFTER it has appeared on the books. a. Cash larceny; skimming b. Skimming; cash larceny c. Cash larceny; revenue d. Fraudulent disbursement; skimming
Cash receipts schemes are what we typically think of as the outright stealing of cash. Perpetrators do not rely on the submission of phony documents or the forging of signatures; they simply grab the cash and take it. The theft schemes fall into two categories: skimming and larceny schemes. Skimming is defined as the theft of off-book funds. Skimming occurs before money appears on a company's books. Cash larceny schemes, however, involve the theft of money that has already appeared on a victim company's books. Correct Answer: (B)
Cash theft schemes fall into which of the following two categories? A. Skimming and cash larceny B. Unrecorded sales and false discounts C. Skimming and unrecorded sales D. Register manipulation and understated sales
Cash theft schemes fall into two categories: skimming and cash larceny. The difference between the two types of schemes depends completely on when the cash is stolen. Cash larceny is the theft of money that has already appeared on a victim organization's books, while skimming is the theft of cash that has not yet been recorded in the accounting system. The way in which an employee extracts the cash might be exactly the same for a cash larceny or skimming scheme. Correct Answer: (A) Skimming and cash larceny See pages 1.301 in the Fraud Examiner's Manual
Which of the following is NOT a problem situation regarding a construction loan that might be concealed using change orders? A. Design changes were requested. B. Collusive bidding is occurring. C. Shortcuts are shoring up other problems. D. The original project is not feasible.
Change orders are often submitted along with draw requests. Although many times the change orders represent legitimate construction changes (for design, cost, or other things), they can also be indicators of fraud schemes. For example, an increasing trend in the number of change orders or amounts on change orders might be an indication that construction changes have taken place that would alter the originally planned project to such an extent as to render the underwriting inappropriate. Change orders might have the same impact on a project as altering the original documents. As with anything that is contracted for on a bid basis, change orders could also be an indication of collusive bidding. Furthermore, change orders might be an indication that the original project was not feasible and that shortcuts are shoring up other problem areas. Change orders should be approved by the architect and engineer on the project in addition to the lender's inspector. Correct Answer: (A) Design changes were requested See pages 1.911-1.912 in the Fraud Examiner's Manual
The chances of being arrested and prosecuted for check fraud are high, and the penalties are relatively severe. A. True B. False
Check fraud is considered a relatively low-risk crime; the chances of being arrested and prosecuted are low, and the penalties are relatively mild. Correct Answer: (B) False See pages 1.1008 in the Fraud Examiner's Manual
The equipment needed to run a check fraud ring is very expensive and difficult to obtain. A. True B. False
Check fraud rings thrive because the items needed to commit check fraud are easily obtainable and the cost is minimal. Often, the only necessary equipment for a check fraud ring is a scanner, printer, and personal computer. Correct Answer: (B) False See pages 1.1008 in the Fraud Examiner's Manual
Which of the following types of malware can be used to generate illicit income in the form of cryptocurrency, while slowing down an infected computer and causing victims to incur costs related to power usage or cloud storage? A. Spyware B. Keyloggers C. Overwrite viruses D. Coin miners
Coin miners, or cryptojacking malware, are programs that, upon infecting a computer, use that computer's processing power to mine for cryptocurrencies without the owner's knowledge or consent. Many criminals who once used other malware and computer fraud methods for generating illicit income have shifted their focus to cryptojacking due to an increase in the value of numerous cryptocurrencies. Coin miners are relatively simple programs, so there is a low barrier of entry for cyber fraudsters. Cryptojacking can slow down infected devices due to the processing power required for cryptocurrency mining and potentially cause serious or permanent damage. Victims, including companies or corporate networks, can also incur exorbitant costs for power usage or cloud storage related to coin miners. Internet of Things (IOT) devices could be of particular risk due to their frequent lack of security or monitoring. Correct Answer: (D) See pages 1.1428 in the Fraud Examiner's Manual
Which of the following is NOT a common red flag of procurement fraud schemes involving collusion among contractors? A. More competitors than usual submit bids on a project or product. B. There is limited competition within the industry. C. The same contractors bid on each project or product. D. Bid prices begin to fall when a new competitor enters the competition.
Common red flags of procurement fraud schemes involving collusion among contractors include: The industry has limited competition. The same contractors bid on each project or product. The winning bid appears too high. All contractors submit consistently high bids. Qualified contractors do not submit bids. The winning bidder subcontracts work to one or more losing bidders or to non-bidders. Bids appear to be complementary bids by companies unqualified to perform the work. Some bids fail to conform to the essential requirements of the solicitation documents (i.e., some bids do not comply with bid specifications). Some losing bids were poorly prepared. Fewer competitors than usual submit bids on a project or product. When a new contractor enters the competition, the bid prices begin to fall. There is a rotational pattern to winning bidders (e.g., geographical, customer, job, or type of work). There is evidence of collusion in the bids (e.g., bidders make the same mathematical or spelling errors; bids are prepared using the same typeface, handwriting, stationery, or envelope; or competitors submit identical bids). There is a pattern where the last party to bid wins the contract. There are patterns of conduct by bidders or their employees that suggest the possibility of collusion (e.g., competitors regularly socialize, hold meetings, visit each other's offices, or subcontract with each other). Correct Answer: (A) See pages 1.1513 in the Fraud Examiner's Manual
Which of the following methods would be useful in detecting a ghost employee scheme? A. Analyzing payroll withholdings B. Examining payroll checks for dual endorsements C. Comparing personnel records to payroll data D. All of the above
Comparing personnel records maintained by the human resources (HR) department to payroll data can be useful in detecting ghost employee schemes. An analysis of payroll withholdings might also reveal either ghost employees or trust account abuses. Ghost employees often will have no withholding taxes, insurance, or other normal deductions. Therefore, a listing of any employee without these items might reveal a ghost employee. Another way to detect a ghost employee scheme is to examine paychecks for dual endorsements. This might indicate that the fraudster has forged an endorsement in order to deposit the ghost's paychecks into the fraudster's own account. Correct Answer: (D) All of the above See pages 1.469-1.470 in the Fraud Examiner's Manual
Julia, a fraud examiner, is performing tests to look for potential asset misappropriation schemes at her company. One of her routine tests is to compare the payroll records to the human resources (HR) files. What type of fraud scheme is she most likely looking for when performing this test? A. A fraudulent commissions scheme B. A check tampering scheme C. A ghost employee scheme D. A falsified hours and wages scheme
Comparing personnel records maintained by the human resources (HR) department to payroll data can be useful in detecting ghost employee schemes. The term ghost employee refers to someone on the payroll who does not actually work for the victim company. Through the falsification of personnel or payroll records, a fraudster causes paychecks to be generated to a non-employee, or ghost. For example, comparing employee names, addresses, government identification numbers, and bank account numbers can determine if there are any unexpected duplicates or discrepancies that would indicate a ghost on the payroll. Correct Answer: (C) A ghost employee scheme See pages 1.456, 1.469 in the Fraud Examiner's Manual
Implementing privilege escalation and using buffer overflow exploits are examples of administrative controls used for securing computer systems and communication networks. A. True B. False
Computer networks and communications are inherently insecure and vulnerable to attack and disruption. Consequently, management must use technical and administrative controls to protect systems against threats like unauthorized use, disclosure, modification, destruction, or denial of service. Technical security involves the use of safeguards incorporated in computer hardware, operations or applications software, communications hardware and software, and related devices. Administrative security involves the use of tools to provide an acceptable level of protection for computing resources. Common technical and administrative controls used to secure computer systems and communication networks include: Logical access controls Network security Operating system security Encryption Application security Separation of duties Buffer overflows and privilege escalation are not controls to prevent computer fraud. Rather, they are both methods of exploiting design flaws in computer systems to gain unauthorized access. Correct Answer: (B) False See pages 1.1417, 1.1450-1.1451 in the Fraud Examiner's Manual
Which of the following is a common method used by fraudsters to physically infiltrate and spy on organizations? A. Fabricate or steal an employee badge B. Secure a position as an employee C. Pose as a contractor D. All of the above
Corporate spies might use physical infiltration techniques to obtain sensitive information. Physical infiltration is the process whereby an individual enters a target organization to spy on the organization's employees. One common infiltration technique is to secure a position, or pose, as an employee or contract laborer of the target organization. For example, a spy might obtain work as a security officer or a member of the janitorial crew for the target organization. Another common physical infiltration technique is to steal or fabricate employee badges belonging to the target organization. Correct Answer: (D) All of the above. See pages 1.717 in the Fraud Examiner's Manual
Roxanne works in the accounting department of a bank but is having difficulty paying her personal expenses. She decides to debit the bank's general ledger and credit her own account. Which of the following best describes Roxanne's scheme? A. False accounting entry B. Daisy chain C. Sham loan D. Unrecorded cash payment
Correct Answer: (A) False accounting entry
Which of the following statements about the methods used to make corrupt payments in bribery and corruption schemes is INCORRECT? A. Payers often make corrupt payments by making outright payments falsely described as innocent loans. B. Payers often make corrupt payments by buying assets from recipients and allowing the recipients to retain title or use of the items. C. Payers often make corrupt payments by using their credit cards to pay recipients' transportation, vacation, and entertainment expenses. D. Payers often make corrupt payments by selling property to recipients at prices higher than the property's market value.
Corrupt payments often take the form of loans. Three types of loans often turn up in fraud cases: -An outright payment that is falsely described as an innocent loan -A legitimate loan in which a third party—the corrupt payer—makes or guarantees payments to satisfy the loan -A legitimate loan made on favorable terms (e.g., an interest-free loan) A corrupt payment can be in the form of credit card use or payments toward a party's credit card debt. The payer might use a credit card to pay a recipient's transportation, vacation, or entertainment expenses, or the payer might pay off a recipient's credit card debt. In some instances, the recipient might carry and use the corrupt payer's credit card. Corrupt payments also might come in the form of promises of favorable treatment. In addition, corrupt payments might occur in the form of transfers for a value other than fair market. In such transfers, the corrupt payer might sell or lease property to the recipient at a price that is less than its market value, or the payer might agree to buy or rent property from the recipient at an inflated price. The recipient might also "sell" an asset to the payer but retain the title or use of the property. Correct Answer: (D) See pages 1.610 in the Fraud Examiner's Manual
Which of the following is NOT a type of loan that frequently turns up in corruption cases? A. An outright payment falsely described as an innocent loan B. A legitimate loan made at market rates C. A legitimate loan made on favorable terms D. A legitimate loan in which a third party makes the loan payments
Corrupt payments often take the form of loans. Three types of loans often turn up in fraud cases: -An outright payment that is falsely described as an innocent loan -A legitimate loan in which a third party—the corrupt payer—makes or guarantees payments to satisfy the loan -A legitimate loan made on favorable terms (e.g., an interest-free loan) A legitimate loan made at market rates would not typically turn up in a corruption case because the loan recipient would not be receiving anything unusual or special. See pages 1.610 in the Fraud Examiner's Manual
Which of the following is a method that can be used to destroy or manipulate data? A. Wire tapping into a computer's communication links B. Using malware to infect computers C. Transmitting data to an outside destination without authorization D. All of the above
Data manipulation refers to the use or manipulation of a computer to perpetrate a crime, and data destruction involves the unauthorized modification, suppression, or erasure of computer data or computer functions, with the intent to alter or hinder the normal functions of the targeted system. Data manipulation and destruction involves either direct or covert unauthorized access to a computer system by the introduction of malicious software such as viruses, worms, or logic bombs. Some of the methods used to destroy and manipulate data include: - Using malware to infect computers - Using the salami technique to steal a substantial amount of money by "slicing" off "thin" amounts of cash repeatedly over time - Entering false or misleading information into a system to achieve a specific fraudulent purpose - Transmitting data to an outside destination without authorization - Wire tapping into a computer's communication links - Launching a buffer overflow attack - Exploiting a vulnerability in an operating system or software application to gain access that is beyond the user's authorized access level Correct Answer: (D) All of the above. See pages 1.1415-1.1417 in the Fraud Examiner's Manual
Which of the following is a method by which contractors can inflate labor costs in negotiated contracts? A. Use valid cost schedules. B. Use higher-wage personnel to perform work at lower rates. C. Account for learning-curve cost reductions. D. Subcontract to affiliated companies at inflated rates.
Defective pricing arises when contractors intentionally use inaccurate cost or pricing data to inflate costs in negotiated contracts (i.e., the contracting method that permits negotiations between the procuring entity and prospective contractors). A contractor can use various defective pricing schemes to increase the cost of the contract and thereby its profits, but, generally, defective pricing schemes involve inflated labor costs or inflated material costs. A contractor can inflate labor costs by: - Using outdated cost schedules - Using lower-wage personnel to perform work at higher rates - Using salaried personnel to perform uncompensated overtime - Failing to account for learning-curve cost reductions - Subcontracting to affiliated companies at inflated rates Correct Answer: (D) Subcontract to affiliated companies at inflated rates. See pages 1.1521-1.1522 in the Fraud Examiner's Manual
Which of the following is a common red flag of a defective pricing procurement fraud scheme? A. A contractor submits a request for change orders. B. A contractor delivers products that appear to be counterfeit. C. A contractor uses valid cost schedules. D. A contractor's cost estimates are inconsistent with its prices.
Defective pricing arises when contractors intentionally use inaccurate cost or pricing data to inflate costs in negotiated contracts (i.e., the contracting method that permits negotiations between the procuring entity and prospective contractors). A contractor can use various defective pricing schemes to increase the cost of the contract and thereby its profits, but, generally, defective pricing schemes involve inflated labor costs or inflated material costs. The following are general red flags that relate directly to defective pricing schemes: -Contractor provides inadequate, inaccurate, or incomplete documentation to support cost proposals. -Contractor is late in providing, delays providing, or cannot provide supporting cost or pricing data. -Contractor's cost estimates are inconsistent with its prices (i.e., discrepancy between quoted prices and actual prices). -Contractor uses out-of-date pricing information (e.g., outdated cost schedules) in cost proposals. -Contractor fails to update cost or pricing data when past activity showed that costs or prices have decreased. -Contractor fails to disclose internal documents on discounts, rebates, and so on. -Contractor fails to disclose information regarding significant cost issues that reduce proposal costs. -Contractor uses vendors or subcontractors during contract performance that are different from the ones named in the proposal or contract. -Materials, supplies, or components that the contractor used in production are different than those listed in the proposal or contract. -Contractor delays releasing information that could result in price reductions. -There is evidence of falsifications or alterations of documentation used to support cost calculations. -Contractor has unrealistically high profit margins on completed work. -Contractor fails to correct known system deficiencies that lead to defective pricing. -Unqualified personnel developed cost or pricing data used in contractor's estimating process. See pages 1.1520, 1.1522-1.1523 in the Fraud Examiner's Manual
Which of the following activities is included in the post-award and administration phase of procurements involving open and free competition? A. The procuring entity develops the bid specifications. B. The procuring entity evaluates the bids or proposals. C. The procuring entity issues the solicitation document. D. The procuring entity performs its contractual obligations.
During the post-award and administration phase, the contracting parties fulfill their respective duties through the performance of their contractual obligations. Activities that occur during this phase include contract modifications (i.e., change orders); review of completed portions and release of monies; and assessment of deliverables for compliance with the contract terms, including quality control. Correct Answer: (D) See pages 1.1510 in the Fraud Examiner's Manual
A detailed expense report should require which of the following components? A. Original receipts (when possible) B. Explanation of the business purpose of each expense C. Time period when the expense occurred D. All of the above
Detailed expense reports should require the following information: -Receipts or other support documentation -Explanation of the expense, including specific business purpose -Time period when the expense occurred -Place of expenditure -Amount When possible, require that employees submit original paper receipts. Given the amount of electronic and Internet commerce that happens in today's world, this is not always possible. Keep in mind that electronic copies of receipts are often much easier to forge and alter than paper receipts. Special attention should be paid to any receipts that come via email or email attachment. Consider corroborating prices on Internet receipts with those found on the vendor's website. It is not enough to have the detailed reports submitted if they are not reviewed. A policy requiring the periodic review of expense reports, coupled with examining the appropriate detail, will help deter employees from submitting personal expenses for reimbursement. Correct Answer: (D) All of the above See pages 1.482 in the Fraud Examiner's Manual
Which of the following is NOT a symptom that might indicate a malware infection? A. A system's files are erased with no warning. B. Several system programs launch automatically at start-up. C. Excessive pop-up windows appear without cause. D. Unexplained changes to the system's memory occur.
Detecting malware might be as simple as reading a message on the screen, but some malware goes undetected. The following are some symptoms that might indicate a malware infection: -The system suddenly, and for no apparent reason, slows down its response time to commands. -The computer stops responding or locks up frequently. -The computer crashes and then restarts every few minutes. -The computer restarts on its own. -The computer does not run as usual. -The computer experiences a sudden and sometimes dramatic decrease of free space. -The size of some files increases. -The operating system or other programs and applications begin behaving in unpredictable ways. -Files cannot be accessed or are suddenly erased with no warning. -There has been a change in the length of executable files, a change in their content, or a change in their file date or timestamps. -Disks or disk drives are inaccessible. -An attachment that was recently opened has a double extension, such as a .jpg, .vbs, .gif, or .exe extension. -The system does not boot up. -There are unusual graphics and messages. -The user cannot access a hard disk drive. -There are unexplained and repeated maintenance repairs. -There are unexplained changes to memory. -System or data files disappear or become fragmented. -Items cannot be printed correctly. -Unusual error messages appear. -Menus and dialog boxes are distorted. -New icons, which are not associated with any new programs, appear on the desktop. -Programs experience unexplained changes in size. -Antivirus program is disabled for no reason. -Antivirus program cannot be restarted. -Antivirus program displays messages stating that a virus has been encountered. -The Web browser's homepage is changed automatically. -When performing an Internet search, the Web browser visits a strange website. -The user is unable to stop the excessive pop-up windows that appear without cause. -The user receives a lot of bounced back email. -There is evidence that emails are being sent without the user's knowledge. -Unusual and unexpected toolbars appear in the system's Web browser. Correct Answer: (B) Several system programs launch automatically at start-up is not a sysmpton of malware. See pages 1.1430-1.1431 in the Fraud Examiner's Manual
Which of the following is NOT a symptom that might indicate a malware infection? A. A system's files are erased with no warning. B. Unexplained changes to the system's memory occur. C. Several system programs launch automatically at start-up. D. Excessive pop-up windows appear without cause.
Detecting malware might be as simple as reading a message on the screen, but some malware goes undetected. The following are some symptoms that might indicate a malware infection: The system suddenly, and for no apparent reason, slows down its response time to commands. The computer stops responding or locks up frequently. The computer crashes and then restarts every few minutes. The computer restarts on its own. The computer does not run as usual. The computer experiences a sudden and sometimes dramatic decrease of free space. The size of some files increases. The operating system or other programs and applications begin behaving in unpredictable ways. Files cannot be accessed or are suddenly erased with no warning. There has been a change in the length of executable files, a change in their content, or a change in their file date or timestamps. Disks or disk drives are inaccessible. An attachment that was recently opened has a double extension, such as a .jpg, .vbs, .gif, or .exe extension. The system does not boot up. There are unusual graphics and messages. The user cannot access a hard disk drive. There are unexplained and repeated maintenance repairs. There are unexplained changes to memory. System or data files disappear or become fragmented. Items cannot be printed correctly. Unusual error messages appear. Menus and dialog boxes are distorted. New icons, which are not associated with any new programs, appear on the desktop. Programs experience unexplained changes in size. Antivirus program is disabled for no reason. Antivirus program cannot be restarted. Antivirus program displays messages stating that a virus has been encountered. The Web browser's homepage is changed automatically. When performing an Internet search, the Web browser visits a strange website. The user is unable to stop the excessive pop-up windows that appear without cause. The user receives a lot of bounced back email. There is evidence that emails are being sent without the user's knowledge. Unusual and unexpected toolbars appear in the system's Web browser. Correct Answer: (C) Several system programs launch automatically at start-up. See pages 1.1430-1.1431 in the Fraud Examiner's Manual
Diagnostic-related groupings (DRG) creep occurs when staff members at medical institutions intentionally manipulate diagnostic and procedural codes in a pattern to increase claim reimbursement amounts. A. True B. False
Diagnostic-related groupings (DRG) is a reimbursement methodology for the payment of institutional services. This method or similar models have become more popular in various countries for the purposes of determining costs and reimbursing institutional providers. DRG categorizes patients who are medically related with respect to various types of information, such as primary and secondary diagnosis, age, gender, weight, length of stay, and complications. Reimbursements are determined by the DRG. DRG creep occurs when medical staff members manipulate diagnostic and procedural codes to increase reimbursement amounts or other forms of funding. When it becomes a pattern and intent is established, it becomes fraud. For example, a hospital might repeatedly and incorrectly code angina (pain or discomfort in the chest due to some obstruction of the arteries) as a myocardial infarction (a more serious event, commonly known as a heart attack), and thus be reimbursed at a higher level. Correct Answer: (A) True See pages 1.1240-1.1241 in the Fraud Examiner's Manual
Which of the following is the best definition of the automobile insurance scheme known as ditching? A. An insured has two insurance policies in place and files claims with both. B. An agent collects a customer's premium but does not remit the payment to the insurance company. C. An agent inflates their commissions by pressuring customers to unnecessarily replace existing policies for new ones. D. An insured falsely reports a vehicle as stolen to collect on an insurance policy.
Ditching, also known as owner give-ups, involves getting rid of a vehicle to collect on an insurance policy or to settle an outstanding loan. The vehicle is normally expensive and purchased with a small down payment. The owner falsely reports the vehicle as stolen while orchestrating its destruction or disappearance in some way, such as by having it stripped for parts, burned, or submerged in a large body of water. In some cases, the owner just abandons the vehicle, hoping that it actually will be stolen. The scheme also sometimes involves a homeowner's insurance claim for the property that was supposedly in the vehicle when it was "stolen." Correct Answer: (D) See pages 1.1105 in the Fraud Examiner's Manual
Credit card receipts, bank statements, and birthday cards can all provide dumpster divers with useful information for committing an identity theft scheme. A. True B. False
Dumpster diving involves looking through someone else's trash. Fraudsters often engage in dumpster diving to find the personal and business information that makes identity theft possible. Most people do not destroy their personal financial data; they simply throw it away with the rest of their trash. Dumpster diving can yield bills, credit card receipts, bank statements, and other items that contain a person's name, address, and telephone number. Solicitations for pre-approved credit cards are especially valuable to identity thieves, but even nonfinancial information can be useful. For example, a discarded birthday card might contain a potential victim's name, birthdate, and address. Correct Answer: (A) True See pages 1.809 in the Fraud Examiner's Manual
Electronic payment tampering is generally easier to detect than traditional check tampering because it leaves a clear audit trail. A. True B. False
Electronic payment tampering is generally more difficult to detect than traditional check tampering schemes. As with other schemes, once the fraudulent payment has been made, the employee must cover their tracks. However, the lack of physical evidence and forged signatures can make concealment of fraudulent electronic payments less challenging than other check tampering schemes. Some fraudsters attempt to conceal their schemes by altering the bank statement, miscoding transactions in the accounting records, or sending fraudulent payments to a shell company with a name similar to that of an existing vendor. Others merely rely on the company's failure to monitor or reconcile its accounts. Correct Answer: (B) False See pages 1.433-1.434 in the Fraud Examiner's Manual
Elizabeth, a grocery store cashier, slips on a wet floor and falls while at work. She is unharmed, but she pretends to suffer an injury from the fall. She files a claim against the store's workers' compensation insurance policy, and she collects payments from the insurance carrier. She also misses several weeks of work, even though she is fully capable of working. Under which category of workers' compensation schemes does Elizabeth's scheme fall? A. Premium fraud B. Claimant fraud C. Agent fraud D. Organized fraud
Elizabeth's scheme is classified as claimant fraud. Claimant fraud involves misrepresenting the circumstances of any injury or fabricating that an injury occurred. Such schemes are perpetrated by employees who stage accidents or exaggerate minor injuries, sometimes in collusion with unethical doctors, to fraudulently receive compensation benefits. Workers' compensation is essentially an employee benefit, entitling persons who are injured on the job to compensation while they heal. The primary victim of a workers' compensation scheme is not the employer but the insurance carrier for the employer. It is the insurance carrier who pays for the perpetrator's fraudulent medical bills and unnecessary absences. Nevertheless, the employer is a tertiary victim of these crimes, as the fake claims can result in higher premiums for the company in the future. Correct Answer: (B) Claimant fraud See pages 1.1114, 1.1116, 1.1118 in the Fraud Examiner's Manual
Examples of expense reimbursement schemes include which of the following? A. Listing dinner with a friend as a business development expense B. Requesting reimbursement for an expense that was never incurred C. Listing personal travel as business travel D. All of the above
Employees can manipulate an organization's expense reimbursement procedures to generate fraudulent disbursements. The four most common types of expense reimbursement schemes are mischaracterized expenses, overstated expenses, fictitious expenses, and multiple reimbursements. Correct Answer: (D) All of the above See pages 1.473 in the Fraud Examiner's Manual
The accounting concept of consistency prohibits any change in an accounting principle previously employed. A. True B. False
Entities should employ consistent accounting procedures from period to period. However, the concept of consistency does not completely prohibit changes in the accounting principles used. Changes are permissible when it is believed that the use of a different principle will result in a more fair financial presentation of the entity. The change in accounting principle must be justifiable, however; the desire to project an artificially strong performance, for example, is not a justifiable reason for a change in accounting principle. Examples of changes in accounting principles include a change in the method of inventory pricing, a change in the depreciation method for previously recorded assets, and a change in the method of accounting for long-term construction contracts. The disclosure for a change in accounting principles should include the justification for the change and should explain why the newly adopted principle is preferable. Correct Answer: (B) False See pages 1.117 in the Fraud Examiner's Manual
Chapman Inc. has always used the last-in, first-out (LIFO) inventory valuation method when calculating its cost of goods sold. This is also the standard inventory valuation method for other comparable entities in Chapman's industry. Chapman's controller wants to change to the first-in, first-out (FIFO) method because it will make Chapman's net income appear much larger than LIFO valuation will. After several years of poor performance, management wants to boost the company's appearance to potential investors. However, Chapman must continue to use the LIFO inventory valuation method. This is reflected in which U.S. generally accepted accounting principle (GAAP)? A. Consistency B. Full disclosure C. Valuation D. Going concern
Entities should employ consistent accounting procedures from period to period. Variations or changes in accounting policies and procedures must be justifiable. Standards used to value inventory, depreciate assets, or accrue expenses should be consistent from one accounting period to the next. Any changes in accounting policy or procedures must be disclosed in the supplemental notes to the financial statements. The desire to project an artificially strong performance is not a justifiable reason for a change in accounting principle. Since Chapman has always used last-in, first-out (LIFO), and since LIFO is the industry norm, a change to first-in, first-out (FIFO) is not justifiable. Correct Answer: (A) Consistency See pages 1.117 in the Fraud Examiner's Manual
In double-entry accounting, every transaction in the accounting records will have both a debit and a credit side, and these sides will always be equal. A. True B. False
Entries to the left side of an account are debits, and entries to the right side of an account are credits. Debits increase asset and expense accounts, while credits decrease them. Conversely, credits increase liability, owners' equity, and revenue accounts; debits decrease them. Every transaction recorded in the accounting records will have both a debit and a credit, thus the term double-entry accounting. The debit side of an entry will always equal the credit side so that the accounting equation remains in balance. Correct Answer: (A) True See pages 1.102 in the Fraud Examiner's Manual
Entries to the left side of an account are referred to as credits, while entries to the right side of an account are debits. A. True B. False
Entries to the left side of an account are referred to as debits, and entries to the right side of an account are referred to as credits. Asset and expense accounts are increased with debits and decreased with credits, while liabilities, owners' equity, and revenue accounts are increased with credits and decreased with debits. Correct Answer: (B) False See pages 1.102 in the Fraud Examiner's Manual
Which of the following types of accounts are increased by credits? A. Liability B. Owners' equity C. Revenue D. All of the above
Entries to the left side of an account are referred to as debits, and entries to the right side of an account are referred to as credits. Debits increase asset and expense accounts, whereas credits decrease these accounts. On the other side of the equation, credits increase liabilities, revenue, and owners' equity accounts. Conversely, debits decrease liabilities, revenues, and owners' equity. Correct Answer: (D) All of the above See pages 1.102 in the Fraud Examiner's Manual
Which of the following types of accounts are decreased by debits? A. Owners' equity B. Revenue C. Liabilities D. All of the above
Entries to the left side of an account are referred to as debits, and entries to the right side of an account are referred to as credits. Debits increase asset and expense accounts, whereas credits decrease these accounts. On the other side of the equation, credits increase liabilities, revenue, and owners' equity accounts. Conversely, debits decrease liabilities, revenues, and owners' equity. In bookkeeping, a debit is an entry on the left side of a double-entry bookkeeping system that represents the addition of an asset or expense or the reduction to a liability or revenue. The opposite of a debit is a credit. Correct Answer: (D) See pages 1.102 in the Fraud Examiner's Manual
Credits decrease asset and expense accounts. A. True B. False
Entries to the left side of an account are referred to as debits, and entries to the right side of an account are referred to as credits. Debits increase asset and expense accounts, whereas credits decrease these accounts. On the other side of the equation, credits increase liability, revenue, and owners' equity accounts. Conversely, debits decrease liabilities, revenues, and owners' equity. Correct Answer: (A) True See pages 1.102 in the Fraud Examiner's Manual Does a credit decrease an expense account? A debit increases asset or expense accounts, and decreases liability, revenue or equity accounts. A credit is always positioned on the right side of an entry. It increases liability, revenue or equity accounts and decreases asset or expense accounts.
Excessive write-offs are a form of concealment for which of the following schemes? A. Phantom loans B. Embezzlement C. Conflicts of interest D. All of the above
Excessive write-offs are a form of concealment for phantom loans, conflicts of interest, and embezzlement. Therefore, if all write-offs are subject to management review before they are written off, then management reduces the potential environment for fraud. Correct Answer: (D) All of the above Phantom loans, Embezzlement, and Conflict of interest may all be concealed by excessive write-offs. See pages 1.950 in the Fraud Examiner's Manual
Jill is an accountant who needs to satisfy continuing professional education (CPE) requirements throughout the year to maintain her professional license. Her supervisor usually signs off on these requests without paying them much attention or scrutiny. Wanting to use this to her advantage, Jill figures out that it would be easy to copy the image of the logo from a popular CPE provider and generate a receipt using basic computer software. She creates a fraudulent receipt and submits it to her supervisor for reimbursement. What type of scheme is Jill committing? A. A mischaracterized expense scheme B. A multiple reimbursement scheme C. A fictitious expense scheme D. Collusion with a supervisor
Expense reimbursements are sometimes sought by employees for wholly fictitious items. Instead of overstating a real business expense or seeking reimbursement for a personal expense, an employee just invents a purchase that needs to be reimbursed. One way to generate a reimbursement for a fictitious expense is to create fraudulent support documents, such as false receipts. Using simple computer software, it is easy for employees to create realistic-looking counterfeit receipts at home. These counterfeits are often very sophisticated, even including the logos of the stores in which goods or services were allegedly purchased. Correct Answer: (C) A fictitious expense scheme See pages 1.478 in the Fraud Examiner's Manual
Which of the following is an example of a fictitious expense reimbursement scheme? A. An employee who travels frequently on business submits receipts from a hotel stay during a family vacation as a business expense. B. An employee generates a fake receipt using basic computer software and includes it with an expense report. C. An employee submits a receipt for a hotel reservation in one expense report and a copy of the credit card statement reflecting the same reservation in the next period's expense report. D. An employee alters an electronic receipt using photo editing software to reflect a higher cost than what the employee actually paid.
Expense reimbursements are sometimes sought by employees for wholly fictitious items. Instead of overstating a real business expense or seeking reimbursement for a personal expense, an employee just invents a purchase that needs to be reimbursed. One way to generate a reimbursement for a fictitious expense is to create fraudulent support documents, such as false receipts. Using simple computer software, it is easy for employees to create realistic-looking counterfeit receipts at home. These counterfeits are often very sophisticated, even including the logos of the stores in which goods or services were allegedly purchased. Instead of seeking reimbursement for personal expenses, some employees overstate the cost of actual business expenses. This is considered an overstated expense reimbursement scheme. In a multiple reimbursement scheme, an employee submits several types of support for the same expense in order to get reimbursed multiple times. In a mischaracterized expense scheme, an employee requests reimbursement for a personal expense, claiming that it is business related. Correct Answer: (B) See pages 1.473, 1.475, 1.478, 1.480-1.481 in the Fraud Examiner's Manual
When an employee or official uses force or fear to demand money in exchange for making a particular business decision, that individual is engaging in: A. An illegal gratuity scheme B. Bribery C. Economic extortion D. A kickback scheme
Extortion is defined as the obtaining of property from another, with the other party's consent induced by wrongful use of actual or threatened force or fear. Economic extortion is present when an employee or official, through the wrongful use of actual or threatened force or fear, demands money or some other consideration to make a particular business decision. Thus, an example of an economic extortion scheme is if an employee or government official demands money in exchange for making a business decision. Similarly, another example of an economic extortion scheme would be if a politician threatens to shut down a business if it does not pay a bribe. Correct Answer: (C) Economic Extorsion See pages 1.608 in the Fraud Examiner's Manual
Daniela, a plant manager for a utility company, has her own commercial cleaning business on the side. Daniela threatened to withhold business from any vendors of the utility company that did not hire her cleaning business for their office cleaning needs. Which of the following best describes the type of corruption scheme in which Daniela engaged? A. Illegal gratuity scheme B. Economic extortion scheme C. Collusion scheme D. Kickback scheme
Extortion is defined as the obtaining of property from another, with the other party's consent induced by wrongful use of actual or threatened force or fear. Economic extortion is present when an employee or official, through the wrongful use of actual or threatened force or fear, demands money or some other consideration to make a particular business decision. Thus, because Daniela threatened to withhold business from any vendors of the utility company that did not hire her cleaning business for their office cleaning needs, she engaged in an extortion scheme. Correct Answer: (B) Economic extortion scheme See pages 1.608 in the Fraud Examiner's Manual
Both falsely increasing the perpetual inventory balance and failing to reconcile inventory records are ways a fraudster might conceal inventory shrinkage. A. True B. False
Falsely increasing the perpetual inventory record would only worsen the shrinkage problem. Instead, a fraudster seeking to conceal shrinkage would falsely decrease the perpetual inventory record to match the lower physical inventory count. In addition, failing to reconcile inventory records would likely cause more suspicion to arise. One of the simplest methods for concealing shrinkage is to change the perpetual inventory record so that it matches the physical inventory count. This is also known as a forced reconciliation of the account. The perpetrator simply changes the numbers in the perpetual inventory to make them match the amount of inventory on hand. For example, the employee might credit (decrease) the perpetual inventory and debit (increase) the cost of sales account to lower the perpetual inventory numbers so that they match the actual inventory count. Instead of using correct entries to adjust the perpetual inventory, some employees simply delete or cover up the correct totals and enter new numbers. Correct Answer: (B) False See pages 1.511 in the Fraud Examiner's Manual
Both falsely increasing the perpetual inventory balance and failing to reconcile inventory records are ways a fraudster might conceal inventory shrinkage. A. True B. False
Falsely increasing the perpetual inventory record would only worsen the shrinkage problem. Instead, a fraudster seeking to conceal shrinkage would falsely decrease the perpetual inventory record to match the lower physical inventory count. In addition, failing to reconcile inventory records would likely cause more suspicion to arise. One of the simplest methods for concealing shrinkage is to change the perpetual inventory record so that it matches the physical inventory count. This is also known as a forced reconciliation of the account. The perpetrator simply changes the numbers in the perpetual inventory to make them match the amount of inventory on hand. For example, the employee might credit (decrease) the perpetual inventory and debit (increase) the cost of sales account to lower the perpetual inventory numbers so that they match the actual inventory count. Instead of using correct entries to adjust the perpetual inventory, some employees simply delete or cover up the correct totals and enter new numbers. See pages 1.511 in the Fraud Examiner's Manual
_________________ is the most common type of identity theft. A. Criminal identity theft B. Business identity theft C. Medical identity theft D. Financial identity theft
Financial identity theft occurs when a fraudster uses an individual's personal information for fraudulent financial transactions. Examples of financial identity theft include: Using an individual's stolen credit card or credit card number to purchase goods (account takeover) Impersonating an individual to gain access to the individual's bank account (account takeover) Using an individual's personal information to open a new credit card account (true name fraud) Most identity theft involves accessing existing financial accounts or creating new financial accounts. Therefore, most identity theft is financial identity theft. Correct Answer: (D) Financial Identity Theft See pages 1.804 in the Fraud Examiner's Manual
Which of the following statements is TRUE with regard to a fictitious revenue scheme? A. If a fictitious revenue scheme has taken place, there will typically be no accounts receivable on the books. B. Uncollected accounts receivable are a red flag of fictitious revenue schemes. C. Fictitious revenues must involve sales to a fake customer. D. The debit side of a fictitious sales entry usually goes to accounts payable.
Fictitious or fabricated revenues involve the recording of sales of goods or services that did not occur. Fictitious sales most often involve fake customers but can also involve legitimate customers. At the end of the accounting period, the sale will be reversed (as will all revenue accounts), which will help to conceal the fraud. Recording the sales revenue is easy, but the challenge for the fraudster is how to balance the other side of the entry. A credit to revenue increases the revenue account, but the corresponding debit in a legitimate sales transaction typically either goes to cash or accounts receivable. Since no cash is received in a fictitious revenue scheme, increasing accounts receivable is the easiest way to get away with completing the entry. Unlike revenue accounts, however, accounts receivable are not reversed at the end of the accounting period. They stay on the books as an asset until collected. If the outstanding accounts never get collected, they will eventually need to be written off as bad debt expense. Mysterious accounts receivable on the books that are long overdue are a common sign of a fictitious revenue scheme. Correct Answer: (B) See pages 1.214 in the Fraud Examiner's Manual
Laura, the sales manager of Sam Corp., is afraid sales revenue for the period is not going to meet company goals. To make up for the shortfall, she decides to mail invoices to fake customers and credit (increase) revenue on the books for these sales. What account will she most likely debit to balance these fictitious revenue entries and conceal her scheme? A. Inventory B. Cash C. Accounts payable D. Accounts receivable
Fictitious or fabricated revenues involve the recording of sales of goods or services that did not occur. Fictitious sales most often involve fake customers but can also involve legitimate customers. At the end of the accounting period, the sale will be reversed (as will all revenue accounts), which will help to conceal the fraud. Recording the sales revenue is easy, but the challenge for the fraudster is how to balance the other side of the entry. A credit to revenue increases the revenue account, but the corresponding debit in a legitimate sales transaction typically either goes to cash or accounts receivable. Since no cash is received in a fictitious revenue scheme, increasing accounts receivable is the easiest way to get away with completing the entry. Unlike revenue accounts, however, accounts receivable are not reversed at the end of the accounting period. They stay on the books as an asset until collected. If the outstanding accounts never get collected, they will eventually need to be written off as bad debt expense. Mysterious accounts receivable on the books that are long overdue are a common sign of a fictitious revenue scheme. Correct Answer: (D) Accounts receivables. See pages 1.214 in the Fraud Examiner's Manual
A large amount of overdue accounts receivable on the books is a red flag of a fictitious revenue scheme. A. True B. False
Fictitious or fabricated revenues involve the recording of sales of goods or services that did not occur. Fictitious sales most often involve fake customers but can also involve legitimate customers. Recording the sales revenue is easy, but the challenge for the fraudster is how to balance the other side of the entry. A credit to revenue increases the revenue account, but the corresponding debit in a legitimate sales transaction typically either goes to cash or accounts receivable. Since no cash is received in a fictitious revenue scheme, increasing accounts receivable is the easiest way to get away with completing the entry. However, accounts receivable stay on the books as an asset until they are collected. If the outstanding accounts never get collected, they will eventually need to be written off as bad debt expense. Mysterious accounts receivable on the books that are long overdue are a common sign of a fictitious revenue scheme. Correct Answer: (A) True See pages 1.214 in the Fraud Examiner's Manual
_____________________ is the deliberate misrepresentation of the financial condition of an enterprise accomplished through the intentional misstatement or omission of amounts or disclosures in the financial statements to deceive financial statement users. A. Material misstatement B. Financial statement fraud C. Accounting fraud D. Occupational fraud
Financial statement fraud is the deliberate misrepresentation of the financial condition of an enterprise accomplished through the intentional misstatement or omission of amounts or disclosures in the financial statements to deceive financial statement users. Correct Answer: (B) Financial statement fraud See pages 1.203 in the Fraud Examiner's Manual
Financial statement fraud is the intentional or erroneous misrepresentation of the financial condition of an enterprise. A. True B. False
Financial statement fraud is the deliberate misrepresentation of the financial condition of an enterprise accomplished through the intentional misstatement or omission of amounts or disclosures in the financial statements to deceive financial statement users. Note that financial statement fraud, much like all types of fraud, is an intentional act. Correct Answer: (B) False See pages 1.203 in the Fraud Examiner's Manual
Early revenue recognition is classified as what type of financial fraud scheme? A. Fictitious revenues B. Improper disclosures C. Timing differences D. Improper asset valuations
Financial statement fraud might involve timing differences—that is, the recording of revenues or expenses in improper periods. This can be done to shift revenues or expenses between one period and the next, increasing or decreasing earnings as desired. Early revenue recognition is a common type of timing difference scheme since companies are often trying to make themselves look as profitable as possible. This practice is also referred to as income smoothing. Correct Answer: (C) Timing differences See pages 1.217 in the Fraud Examiner's Manual
What financial statement fraud scheme involves recording revenues and expenses in improper periods? A. Improper asset valuations B. Concealed expenses C. Timing differences D. Improper disclosures
Financial statement fraud often involves timing differences—that is, the recording of revenues or expenses in improper periods. This can be done to shift revenues or expenses between one period and the next, increasing or decreasing earnings as desired. This practice is also referred to as income smoothing. Correct Answer: (C) Timing difference See pages 1.217 in the Fraud Examiner's Manual
Which of the following is the most accurate definition of a firewall? A. A system that blocks unauthorized or unverified access to network assets by surveying incoming and outgoing transmissions B. A device that takes information and scrambles it so that it is unreadable by anyone who does not have a specific code C. A system that authenticates users by monitoring their statistical characteristics, such as typing speed and keystroke touch D. None of the above
Firewalls are network hardware and software that block unauthorized or unverified access to computer systems and network assets. These tools survey incoming and outgoing transmissions and decide what type of traffic to permit onto an organization's internal network based on factors such as origination or destination address, content of the message, protocol being used to transmit the message, and other filtering methods. Correct Answer: (A) See pages 1.1455 in the Fraud Examiner's Manual
Sean is responsible for delivering timesheets to the payroll department on behalf of his supervisor. One day he decides to withhold his timesheet from those being sent to his supervisor for approval. He falsely increases the number of hours he has worked and then forges his supervisor's signature on his timesheet. He adds the timesheet to the stack of authorized sheets and delivers them to payroll. This is an example of: A. A falsified hours and salary scheme B. A fictitious reimbursement scheme C. A ghost employee scheme D. A check tampering scheme
For hourly employees, the size of a paycheck is based on two essential factors: the number of hours worked and the rate of pay. Therefore, for hourly employees to fraudulently increase the size of their paycheck, they must either falsify the number of hours they have worked or change their wage rate. One form of control breakdown that is common in falsified hours and salary schemes is the failure to maintain proper control over timecards. In a properly run system, once timecards are authorized by management, they should be sent directly to payroll. Those who prepare the timecards should not have access to them after they have been approved. When this procedure is not observed, the person who prepared a timecard can alter it after that person's supervisor has approved it but before it is delivered to payroll. Common ways to commit a falsified hours and salary scheme include: Inflating the number of hours worked Inflating the rate of pay Forging a supervisor's signature Collusion with a supervisor Implementing poor custody procedures Altering a timesheet after it has been approved Correct Answer: (A) A Falsified Hours and Salary Scheme See pages 1.461-1.465 in the Fraud Examiner's Manual
Which of the following is NOT one of the key phases of procurement processes that employ competitive bidding mechanisms? A. The solicitation phase B. The pre-solicitation phase C. The purchase and procurement phase D. The post-award and administration phase
For the purpose of fraud detection, procurement processes that employ competitive bidding mechanisms can be reduced to four basic stages: -The pre-solicitation phase -The solicitation phase -The bid evaluation and award phase -The post-award and administration phase Correct Answer: (C) See pages 1.1508 in the Fraud Examiner's Manual
A forged maker scheme is a check tampering scheme in which an employee intercepts a company check intended for a third party and converts the check by signing the third party's name on the check's endorsement line. A. True B. False
Forged endorsement frauds are those check tampering schemes in which an employee intercepts a company check intended for a third party and converts the check by signing the third party's name on the check's endorsement line. The person who signs a check is known as the maker of the check. A forged maker scheme is defined as a check tampering scheme in which an employee misappropriates a check and fraudulently affixes the signature of an authorized maker thereon. Correct Answer: (B) See pages 1.411, 1.415-1.416 in the Fraud Examiner's Manual
Fraud in financial statements generally takes the form of overstated assets or revenue and understated liabilities and expenses. A. True B. False
Fraud in financial statements takes the form of overstated assets or revenue and understated liabilities and expenses. Overstating assets or revenue falsely reflects a financially stronger company by inclusion of fictitious asset costs or artificial revenues. Understated liabilities and expenses are shown through exclusion of costs or financial obligations. Both methods result in increased equity and net worth for the company. This overstatement and/or understatement results in increased earnings per share or partnership profit interests or a more stable picture of the company's financial situation. Correct Answer: (A) True See pages 1.210 in the Fraud Examiner's Manual
Which of the following situations would be MOST indicative of a customer committing new account fraud at a bank? A. A customer opens a new personal account and immediately requests two ATM cards. B. A customer deposits a substantial amount of funds in a new personal account and does not spend or withdraw them for several months. C. An invalid address or phone number is listed in the customer's account information. D. A customer opens a business account and soon after has payroll transactions on the account.
Fraud is much more likely to occur in new accounts than in established accounts. New account fraud is generally defined as fraud that occurs on an account within the first ninety days that it is open; often, perpetrators open accounts with the sole intent of committing fraud. Prompt, decisive action is necessary to manage and/or close apparent problem accounts. Some of the more common red flags of potential new account schemes are: -Customer residence outside the bank's trade area -Dress and/or actions inconsistent or inappropriate for the customer's stated age, occupation, or income level -New account holder requesting immediate cash withdrawal upon deposit -Request for large quantity of temporary checks -Services included with the account that do not match the customer's purpose -Missing or inaccurate customer application information -Invalid phone numbers or addresses in customer account information -Use of a mail drop address (a service where a non-affiliated party collects and distributes a person or entity's mail) -Large check or automated teller machine (ATM) deposits followed by rapid withdrawal or transfer of funds (a flow-through account) -Business accounts without standard business transactions, such as payroll or transactions that would be expected in that business -Transactions without a clear purpose in jurisdictions known for high levels of corruption -Opening deposit that is a nominal cash amount -Rare customer ID type -Applicants over the age of 25 with no credit history -Customers who cannot remember basic application information (i.e., phone number, address) Correct Answer: (C) See pages 1.937, 1.940-1.941 in the Fraud Examiner's Manual
Examples of fraud schemes perpetrated by health care institutions and their employees include all of the following EXCEPT: A. Improper contractual relationships B. Unintentional misrepresentation of the diagnosis C. Billing for experimental procedures D. DRG creep
Fraud schemes perpetrated by institutions and their employees include those commonly used by doctors and other providers. However, the more common schemes in which hospitals are primarily involved include: -Filing of false cost reports -Diagnostic-related groupings (DRG) creep -Billing for experimental procedures -Improper contractual and other relationships with physicians -Revenue recovery firms to (knowingly or unknowingly) bill extra charges Correct Answer: (B) Unintentional misrepresentation of the diagnosis is NOT an example of a fraud scheme perpetrated by health care institutions and their employees See pages 1.1239 in the Fraud Examiner's Manual
Examples of fraud schemes perpetrated by health care institutions and their employees include all of the following EXCEPT: A. Unintentional misrepresentation of the diagnosis B. Billing for experimental procedures C. DRG creep D. Improper contractual relationships
Fraud schemes perpetrated by institutions and their employees include those commonly used by doctors and other providers. However, the more common schemes in which hospitals are primarily involved include: - Filing of false cost reports - Diagnostic-related groupings (DRG) creep - Billing for experimental procedures - Improper contractual and other relationships with physicians - Revenue recovery firms to (knowingly or unknowingly) bill extra charges Correct Answer: (A) Unintentional misrepresentation of the diagnosis. See pages 1.1239 in the Fraud Examiner's Manual
Frequent check deposits in round numbers or for the same amount and checks written to individuals for large, even amounts might be indicators of check fraud. A. True B. False
Frequent deposits in round numbers or for the same amount and checks issued to individuals for large, even amounts are both indicators of check fraud. Correct Answer: (A) True See pages 1.1011 in the Fraud Examiner's Manual
Nondisclosure agreements are generally an expensive and inefficient means of protecting an organization's proprietary information. A. True B. False
Generally, a nondisclosure agreement is a written agreement providing that signatories must keep all trade secrets and proprietary information learned during their employment confidential. Nondisclosure agreements are one of the least expensive and most efficient methods for controlling the loss of proprietary information. Correct Answer: (A) True See pages 1.750 in the Fraud Examiner's Manual
Jason, an employee at Go Marketing, has just informed his supervisor that he intends to leave the company and go work for a competitor. Upon accepting his resignation, Jason's boss reminds him of a document that he signed several years prior in which Jason agreed not to divulge confidential or proprietary company information. What is the name of the document that Jason signed? A. Nondisclosure agreement B. Noncompetition agreement C. Employee awareness statement D. Employee testimonial statement
Generally, a nondisclosure agreement is a written agreement providing that signatories must keep all trade secrets and proprietary information learned during their employment confidential. Nondisclosure agreements are one of the least expensive and most efficient methods for controlling the loss of proprietary information. A noncompetition agreement is an agreement whereby employees agree not to work for competing companies within a certain period of time after leaving their current employer. Correct Answer: (A) Nondisclosure Agreement See pages 1.750 in the Fraud Examiner's Manual
A recommended practice to detect expense reimbursement schemes is to compare current period expenses to both historical expenditure amounts and budgeted expense amounts. A. True B. False
Generally, expense account review uses one of two methods: historical comparisons or comparisons with budgeted amounts. A historical comparison compares the balance expended this period in relation to the balance spent in prior, similar periods. Budgets are estimates of the money or time necessary to complete a task. They are based on past experience with consideration for current and future business conditions. Therefore, when comparing actual and budgeted expenses, determining excessive expenses or inaccurate budget estimates is important. Correct Answer: (A) True See pages 1.481 in the Fraud Examiner's Manual
Which of the following types of procurement fraud schemes involves procurement employees who convince their employer, the procuring entity, that it needs excessive or unnecessary products or services? A. Bid manipulation schemes B. Need recognition schemes C. Bid tailoring schemes D. Nonconforming goods schemes
Generally, procurement actions begin with the procuring entity making a determination of its general needs. These initial determinations include assessments of the types and amounts of goods or services required to meet the entity's needs. In need recognition schemes, procurement employees convince their employer that it needs excessive or unnecessary products or services. Correct Answer: (B) Need recognition schemes See pages 1.1514 in the Fraud Examiner's Manual
Green, a door-to-door appliance salesperson, sold several appliances to households in a neighborhood. Green took the money the customers gave him as down payments for the sales and spent it. He did not turn the orders in to his employer. Green's scheme can best be classified as: A. A cash larceny scheme B. An understated sales (skimming) scheme C. An unrecorded sales (skimming) scheme D. A commission scheme
Green's scheme is an unrecorded sales (skimming) scheme. An unrecorded sales scheme occurs when an employee sells goods or services to a customer and collects the customer's payment but makes no record of the sale. Independent salespersons are in a good position to perform sales skimming schemes. A prime example is a person who sells goods door-to-door and does not turn in the orders to his employer. In this case, Green did not remit any of his sales to the appliance company, so the skimming scheme that took place was an unrecorded sales scheme. Correct Answer: (C) See pages 1.302 in the Fraud Examiner's Manual
Common methods of inflating health care billings include all of the following EXCEPT: A. Sliding policies B. Added services C. Code manipulation D. Altered claims
Health care billings can be inflated by providers as well as beneficiaries. The following are some of the most common fraud schemes encountered by investigators and claims approvers: - Altered claims - Added services - Code manipulation Correct Answer: (A) Sliding Policies See pages 1.1232 in the Fraud Examiner's Manual
Elena Smith, a city commissioner, negotiated a land development deal with a group of private investors. After the deal was approved, the investors rewarded Elena with an all-expenses-paid trip, even though giving such rewards to government officials is prohibited by law. Which of the following is the most appropriate term to describe what has taken place? A. Need recognition B. Illegal gratuity C. Economic extortion D. Collusion
Illegal gratuities are items of value given to reward a decision, often after the recipient has made the decision. Illegal gratuities are similar to bribery schemes except that, unlike bribery schemes, illegal gratuity schemes do not necessarily involve an intent to influence a particular decision before the fact. That is, an illegal gratuity occurs when an item of value is given for, or because of, some act. Often, an illegal gratuity is merely something that a party who has benefited from a decision offers as an underhanded thank-you to the person who made the beneficial decision. Correct Answer: (B)n Illegal Gratuity See pages 1.607 in the Fraud Examiner's Manual
In a _________, a bank buys, sells, and swaps its bad loans for the bad loans of another bank, creating new documentation in the process. A. Linked financing arrangement B. Reciprocal loan arrangement C. False swap scheme D. Daisy chain
In a daisy chain, a bank buys, sells, and swaps its bad loans for the bad loans of another bank, creating new documentation in the process. Its purpose is to mask or hide bad loans by making them look like they are recent and good. Correct Answer: (D) Daisy Chain See pages 1.905 in the Fraud Examiner's Manual
Zane obtained a loan from Bank A, agreeing to give the bank a security interest in his commercial property. Before Bank A's lien was filed, Zane managed to get another loan from Bank B using the same commercial property as collateral (unbeknownst to Bank B). In which of the following schemes did Zane engage? A. Linked financing B. Daisy chain C. Sham loan D. Double-pledging collateral
In a double-pledging collateral scheme, borrowers pledge the same collateral with different lenders before liens are recorded and without telling the lenders. Correct Answer: (D) Double-pledging collateral See pages 1.905 in the Fraud Examiner's Manual
Which of the following does NOT happen in a fictitious refund scheme? A. The company's inventory is overstated. B. The register log balances with the amount of money in the register. C. A fraudster processes a transaction as if a customer were returning merchandise. D. Merchandise is returned to the stock room.
In a fictitious refund scheme, an employee processes a transaction as if a customer were returning merchandise, even though no actual return takes place. Two things result from this fraudulent transaction. First, the employee takes cash from the register in the amount of the false return. Since the register log shows that a merchandise return has been made, the disbursement appears legitimate. The register log balances with the amount of money in the register because the money that was taken by the employee is supposed to have been removed and given to a customer as a refund. The second thing that happens in a fictitious refund scheme is that a debit is made to the inventory system showing that the merchandise has been returned to the inventory. Because the transaction is fictitious, no merchandise is actually returned. As a result, the company's inventory is overstated. Correct Answer: (D) See pages 1.402-1.403 in the Fraud Examiner's Manual
Which of the following is a common way a procuring employee might engage in a bid manipulation scheme? A. Extending bid opening dates without justification B. Opening bids prematurely C. Altering bids D. All of the above
In bid manipulation schemes, a procuring employee manipulates the bidding process to benefit a favored contractor or supplier. Some common ways to commit these schemes include: -Opening bids prematurely -Altering bids -Extending bid opening dates without justification Correct Answer: (D) See pages 1.1516-1.1517 in the Fraud Examiner's Manual
Which of the following practices is a potential indicator of a bid splitting scheme? A. Low employee turnover in an organization's procurement department B. Sequential purchases under the competitive bidding limits that are followed by change orders C. Two or more purchases from the same supplier in amounts just above competitive bidding limits D. Frequent use of sole-source procurement contracts
In general, procuring entities must use competitive methods for projects over a certain amount. To avoid this requirement, a dishonest employee might break up a large project into several small projects that fall below the mandatory bidding level and award some or all of the component jobs to a contractor with whom the employee is conspiring. Some common red flags of bid splitting schemes include: -Two or more similar or identical procurements from the same supplier in amounts just under upper-level review or competitive-bidding limits -Two or more consecutive related procurements from the same contractor that fall just below the competitive-bidding or upper-level review limits -Unjustified split purchases that fall under the competitive-bidding or upper-level review limits -Sequential purchases just under the upper-level review or competitive-bidding limits -Sequential purchases under the upper-level review or competitive-bidding limits that are followed by change orders Correct Answer: (C) See pages 1.1519 in the Fraud Examiner's Manual
Which of the following types of accounting changes must be disclosed in an organization's financial statements? I. Changes in estimates II. Changes in accounting principles III. Changes in reporting entities A. II and III only B. I and II only C. I and III only D. I, II, and III
In general, three types of accounting changes must be disclosed to avoid misleading the user of financial statements: changes in accounting principles, estimates, and reporting entities. Although the required treatment for these accounting changes varies for each type and across jurisdictions, they are all susceptible to manipulation. For example, fraudsters might fail to properly retroactively restate financial statements for a change in accounting principle if the change causes the company's financial statements to appear weaker. Likewise, they might fail to disclose significant changes in estimates such as the useful lives and estimated salvage values of depreciable assets or the estimates underlying the determination of warranty or other liabilities. They might even secretly change the reporting entity by adding entities owned privately by management or by excluding certain company-owned units to improve reported results. Correct Answer: (D) See pages 1.237 in the Fraud Examiner's Manual
Jessica worked at the cash register of a department store. Her friend Molly came to the store one day to help Jessica steal a watch she wanted but couldn't afford. Molly took the watch to Jessica's register and, instead of charging Molly for it, Jessica rang a "no sale" on the register. Molly pretended to give Jessica cash to make it look like she was paying for the watch. Molly then took the watch out of the store and later gave it to Jessica. What type of scheme did Molly and Jessica commit? A. A false sale scheme B. A register disbursement scheme C. A purchasing and receiving scheme D. A skimming scheme
In many cases, corrupt employees use outside accomplices to help steal inventory. The false, or fake, sale is one method that depends upon an accomplice. Like most inventory thefts, the fake sale is not complicated. The employee-fraudster's accomplice pretends to buy merchandise, but the employee does not ring up the sale. The accomplice then takes the merchandise without paying for it. To a casual observer, it will appear that the transaction is a normal sale. The employee bags the merchandise and might act as though a transaction is being entered on the register when in fact the "sale" is not recorded. The accomplice might even pass a nominal amount of money to the employee to complete the illusion. A related scheme occurs when an employee sells merchandise to an accomplice at an unauthorized discount. Correct Answer: (A) A false sale scheme. See pages 1.505 in the Fraud Examiner's Manual
Katie is a sales clerk at a jewelry store. She watched another sales clerk, Helen, type her access code into her register and memorized it. When Helen called in sick, Katie logged in to the cash register using Helen's code and processed customer transactions as usual. After completing one sale, she left the drawer open and slipped a large sum of money into her pocket from the register drawer. What type of scheme did she commit? A. A register disbursement scheme B. A skimming scheme C. An understated sales scheme D. A cash larceny scheme
In some retail organizations, there is one cash register, and each employee has a different access code. By using someone else's access code to enter the register and then steal cash under their name, the perpetrator makes sure that another employee will be the prime suspect in the theft. Katie's theft was not a skimming scheme because the cash she stole was already in the company's possession and recorded in the register. An understated sales scheme is a type of skimming scheme in which a fraudster records a sale for less than it actually is and skims the difference. Katie did not commit a register disbursement scheme because register disbursement schemes involve a fraudulent transaction that justifies the removal of cash from the register, such as a false return or a voided sale. Katie did not make any entry that would account for the missing money—she simply took money out of the register under Helen's name so that she could avoid blame. Therefore, Katie committed a cash larceny scheme. Correct Answer: (D) A cash larceny scheme. See pages 1.301, 1.307, 1.323, 1.401 in the Fraud Examiner's Manual
Which of the following activities is included in the bid evaluation and award phase of procurements involving open and free competition? A. The procuring employees perform their contractual obligations. B. The procuring employees develop the bid specifications. C. The procuring employees assess the bids or proposals. D. The procuring employees issue the solicitation document.
In the bid evaluation and award phase, the procuring employees evaluate the bids or proposals, conduct discussions and negotiations, and give the bidders an opportunity to revise their proposals. Procuring employees then select the winning bid or proposal. Correct Answer: (C) See pages 1.1509 in the Fraud Examiner's Manual
All of the following activities are included in the presolicitation phase of procurements involving open and free competition EXCEPT: A. The procuring entity develops the bid specifications. B. The procuring entity identifies its needs. C. The procuring entity determines the method for acquiring the goods or services. D. The procuring entity issues the solicitation document.
In the presolicitation phase, the procuring entity identifies its needs, develops the bid specifications (what, how much, and how good), determines the method to use for acquiring the goods or services, and develops the criteria used to award the contract. Bid specifications are a list of elements, measurements, materials, characteristics, required functions, and other specific information detailing the goods and services that a procuring entity needs from a contractor. The procuring entity issues the solicitation document in the solicitation phase of the procurement process. Correct Answer: (D) See pages 1.1508 in the Fraud Examiner's Manual
To conduct an electronic payment using a person-to-person (P2P) system, the two individuals must meet in person at a financial institution to sign an order requesting the transfer of money from one person's account to the other. A. True B. False
Individuals can pay each other for goods or services electronically, which is known as the person-to-person (P2P) system. Many credit cards and banks offer this service to their customers. P2P payments can now be made through a variety of services using a computer, smartphone application, or email address. Correct Answer: (B) False See pages 1.1036 in the Fraud Examiner's Manual
Zach was booking travel arrangements for a business trip. He purchased an airline ticket online using his own funds and obtained a receipt for the ticket via email. Using photo-editing software, Zach inflated the ticket price on the electronic receipt and submitted the altered receipt to his employer for reimbursement. This is an example of what type of fraud scheme? A. Mischaracterized expense scheme B. Personal purchases with company funds C. Overstated expense scheme D. Multiple reimbursement scheme
Instead of seeking reimbursement for personal expenses, some employees overstate the cost of actual business expenses. The most fundamental example of an overstated expense reimbursement scheme occurs when an employee alters a receipt or other supporting documentation to reflect a higher cost than what the employee actually paid. Correct Answer: (C) See pages 1.475-1.477 in the Fraud Examiner's Manual
Sheila, an accounts payable supervisor for ABC Company, bought supplies for a company she owns on the side. Sheila entered vouchers in ABC Company's accounts payable system for the cost of the supplies. Checks were cut to pay for these unauthorized expenses during normal daily check runs. The goods were drop-shipped to a location where Sheila could collect them. What type of occupational fraud is this? A. A personal purchases with company funds scheme B. An invoice kickback scheme C. A pay and return scheme D. An expense reimbursement scheme
Instead of undertaking billing schemes to generate cash, many fraudsters simply purchase personal items with their company's money. Company accounts are used to buy items for employees, their businesses, their families, and so on. This type of scheme is classified as a fraudulent billing scheme rather than theft of inventory. The heart of the scheme is not the theft of the items but rather the purchase of them. The perpetrator causes the victim company to purchase something it did not actually need, so the damage to the company is the money lost in purchasing the item. Correct Answer: (A) See pages 1.444 in the Fraud Examiner's Manual
White, an employee of ABC Corporation, intentionally issued two payments for the same invoice. After the checks had been mailed, White called the vendor and explained that a double payment had been made by mistake. She asked the vendor to return one of the checks to her attention. When the vendor returned the check, White took it and cashed it. This is an example of: A. A receivables skimming scheme B. A shell company scheme C. A pay and return scheme D. A pass-through scheme
Instead of using shell companies in their overbilling schemes, some employees generate fraudulent disbursements by using the invoices of legitimate third-party vendors who are not a part of the fraud scheme. In a pay and return scheme, an employee intentionally mishandles payments that are owed to legitimate vendors. One way to do this is to purposely double-pay an invoice. For instance, a clerk might intentionally pay an invoice twice and then call the vendor to request that one of the checks be returned. The clerk then intercepts the returned check. Correct Answer: (C) A pay and return scheme. See pages 1.442 in the Fraud Examiner's Manual
The warehouse supervisor at South Corp. has stolen $50,000 worth of inventory over the last year and has made no effort to conceal the theft in any of the inventory records. During an analytical review of the financial statements, which of the following red flags might South Corp.'s auditors find that would indicate the inventory theft? A. The percentage change in cost of goods sold was significantly higher than the percentage change in sales. B. The percentage change in sales was significantly higher than the percentage change in cost of goods sold. C. Sales and cost of goods sold moved together. D. None of the above possible outcomes would indicate inventory theft.
Inventory fraud might be detected by using an analytical review because certain trends become immediately clear. For example, sales and cost of goods sold should move together since they are directly related. However, if the cost of goods sold increases by a disproportionate amount relative to sales, and no changes occur in the purchase prices, quantities purchased, or quality of products purchased, the cause of the disproportionate increase in cost of goods sold might be one of three things: (1) ending inventory has been depleted by theft, (2) someone has been embezzling money through a false billing scheme, or (3) someone has been skimming sales revenue. Correct Answer: (A) See pages 1.514 in the Fraud Examiner's Manual
Sales and cost of goods sold almost always move together, unless there have been changes in purchase prices, quantities purchased, or quality of products being purchased. A. True B. False
Inventory fraud might be detected by using an analytical review because certain trends become immediately clear. For example, sales and cost of goods sold should move together since they are directly related. However, if the cost of goods sold increases by a disproportionate amount relative to sales, and no changes occur in the purchase prices, quantities purchased, or quality of products purchased, the cause of the disproportionate increase in cost of goods sold might be one of three things: (1) ending inventory has been depleted by theft, (2) someone has been embezzling money through a false billing scheme, or (3) someone has been skimming sales revenue. Correct Answer: (A) True See pages 1.514 in the Fraud Examiner's Manual
___________________ is the unaccounted-for reduction in a company's inventory that results from error or theft. A. Defalcation B. Shrinkage C. Depreciation D. Shortness
Inventory shrinkage is the unaccounted-for reduction in the company's inventory that results from error or theft. For instance, assume a computer retailer has one thousand computers in stock. After work one day, an employee loads ten computers into a truck and takes them home. Now the company only has nine hundred ninety computers, but since there is no record that the employee took ten computers, the inventory records still show one thousand units on hand. The company has experienced inventory shrinkage in the amount of ten computers. Correct Answer: (B) See pages 1.511 in the Fraud Examiner's Manual
In a construction loan, developer overhead is a ripe area for abuse. The purpose of developer overhead is to provide: A. Budget shortfall B. Profit margin C. Operating capital D. Labor reimbursements
It is not uncommon in construction financing to have a budget line item for developer overhead. This is a ripe area for abuse. The purpose of developer overhead is to supply the developer with operating capital while the project is under construction. This overhead allocation should not include a profit percentage, as the developer realizes profit upon completion. Correct Answer: (C) Operating Capital See pages 1.908 in the Fraud Examiner's Manual
In a construction loan, developer overhead is a ripe area for abuse. The purpose of developer overhead is to provide: A. Labor reimbursements B. Profit margin C. Operating capital D. Budget shortfall
It is not uncommon in construction financing to have a budget line item for developer overhead. This is a ripe area for abuse. The purpose of developer overhead is to supply the developer with operating capital while the project is under construction. This overhead allocation should not include a profit percentage, as the developer realizes profit upon completion. Correct Answer: (C) Operating capital See pages 1.908 in the Fraud Examiner's Manual
Which of the following is the most accurate definition of a software keylogger? A. A self-replicating computer program that penetrates operating systems to spread malicious code to other systems B. A type of software that, while not definitely malicious, has a suspicious or potentially unwanted aspect to it C. A type of program that monitors and logs the keys pressed on a system's keyboard D. A program or command procedure that gives the appearance that it is useful but in fact contains hidden malicious code that causes damage
Keyloggers monitor and log (or track) the keys pressed on a system's keyboard, and they can be either software or hardware based. Accordingly, some keyloggers are malware, but others are not. Correct Answer: (C) See pages 1.1427 in the Fraud Examiner's Manual
Which of the following scenarios is an example of a kickback scheme? A. A government official demands money in exchange for making a business decision B. A politician threatens to shut down a business if it does not pay a bribe C. A vendor inflates the amount of an invoice submitted to the company for payment D. An employee receives a payment for directing excess business to a vendor
Kickbacks are improper, undisclosed payments made to obtain favorable treatment. Thus, an employee who receives a payment for directing excess business to a vendor is an example of a kickback scheme. In such cases, there might not be any over-billing involved; the vendor simply pays the kickbacks to ensure a steady stream of business from the purchasing company. Extortion is defined as the obtaining of property from another, with the other party's consent induced by wrongful use of actual or threatened force or fear. Economic extortion is present when an employee or official, through the wrongful use of actual or threatened force or fear, demands money or some other consideration to make a particular business decision. Thus, an example of an economic extortion scheme is if a government official demands money in exchange for making a business decision. Similarly, another example of an economic extortion scheme would be if a politician threatens to shut down a business if it does not pay a bribe. Correct Answer: (D) See pages 1.602, 1.604, 1.608 in the Fraud Examiner's Manual
Fraudulent kickbacks in the health care industry can include which of the following? A. Payment for referral of patients B. Payment for additional medical coverage C. Waiver of deductibles and co-payments D. All of the above
Kickbacks in the health care industry can come from several sources. Examples of kickbacks include: -Payment for referral of patients -Waiver of deductibles and co-payments -Payment for additional medical coverage -Payment for vendor contracts -Payments to adjusters Correct Answer: (D) All of the above See pages 1.1238 in the Fraud Examiner's Manual
Fraudulent kickbacks in the health care industry can include which of the following? A. Payment for referral of patients B. Waiver of deductibles and copayments C. Payment for additional medical coverage D. All of the above
Kickbacks in the health care industry can come from several sources. Examples of kickbacks include: -Payment for referral of patients -Waiver of deductibles and copayments -Payment for additional medical coverage -Payment for vendor contracts -Payments to adjusters Correct Answer: (D) All of the above See pages 1.1238 in the Fraud Examiner's Manual
Lindsey, a medical provider, provides monetary payments to existing patients and other providers for referring new patients to her practice. Which of the following best describes Lindsey's scheme? A. Beneficiary fraud B. Deductible forfeiture C. Fictitious services D. Kickback
Kickbacks in the health care industry can come from several sources. Examples of kickbacks include: - Payment for referral of patients - Waiver of deductibles and copayments - Payment for additional medical coverage - Payment for vendor contracts - Payments to adjusters Providers in an area of high competition will pay runners to recruit new patients. In addition, patients might receive a monetary reward if they refer another patient to a provider. The provider makes up for the kickback in the unnecessary billing of medical expenses or false claims. In addition, providers will pay kickbacks to other physicians for patient referrals. Correct Answer: (D) Kickback See pages 1.1238 in the Fraud Examiner's Manual
ABC Bank recently acquired a new portfolio of consumer loans. Because this particular loan portfolio is experiencing a higher than normal default rate, management has asked Bradley, a Certified Fraud Examiner (CFE), to evaluate the portfolio. Bradley notices that the loan package was sold without recourse to the broker, the brokerage fee was high relative to other purchases, and the broker is no longer in business. Which of the following types of schemes has Bradley most likely uncovered? A. Daisy chain fraud B. Letter of credit fraud C. Brokered loan fraud D. Money transfer fraud
Loan brokering applies to either packages of individual residential (consumer) loans or single commercial loans. A variation of a brokered loan is loan participation, where multiple parties purchase and have interests in a loan or a package of loans. The fraud schemes associated with brokered loans or loan participation generally involve selling phony loans (packages) or selling participations in loans that have not been properly underwritten. Normally, a large fee is charged for these brokered loans. With residential loan packages, the broker sells the package, takes the money, and disappears. Brokered loans are not usually sold with any recourse to the broker. Therefore, the purchaser must look to the borrower and the underlying collateral for debt satisfaction. With loan participations, the lead bank generally performs the underwriting. However, this does not relieve the participating bank from its obligation to perform its own due diligence. Correct Answer: (C) Broker loan fraud See pages 1.947-1.948 in the Fraud Examiner's Manual
Which of the following methods might be used to conceal a sham loan transaction in which the loan officer receives part of the proceeds (kickback)? A. Turning the loan over to a collections agency B. Letting the loan go into arrears C. Charging off the loan as a bad loan D. "Digging" the loan on the books
Loan officers will sometimes make loans to accomplices who then share all or part of the proceeds with the lending officer. This is called a sham loan scheme. In some instances, the loans are charged off as bad debts; in other instances, the fake loans are paid off with the proceeds of new fraudulent loans. Correct Answer: (C) See pages 1.905 in the Fraud Examiner's Manual
Which of the following methods might be used to conceal a sham loan transaction in which the loan officer receives part of the proceeds (kickback)? A. Turning the loan over to a collections agency B. Letting the loan go into arrears C. "Digging" the loan on the books D. Charging off the loan as a bad loan
Loan officers will sometimes make loans to accomplices who then share all or part of the proceeds with the lending officer. This is called a sham loan scheme. In some instances, the loans are charged off as bad debts; in other instances, the fake loans are paid off with the proceeds of new fraudulent loans. Correct Answer: (D) See pages 1.905 in the Fraud Examiner's Manual
All of the following are options for authenticating users in information systems EXCEPT:All of the following are options for authenticating users in information systems EXCEPT: A. Passwords B. Biometrics C. Encryption D. Card-based systems
Logical access controls are tools used for identification, authentication, and authorization in computer information systems. All of the following are options for authenticating users in information systems: -Passwords -Card-based systems -Biometrics Encryption is the process whereby information is taken and scrambled so that it is unreadable by anyone who does not have the decryption code. Correct Answer: (C) Encryption See pages 1.1451-1.1452, 1.1458 in the Fraud Examiner's Manual
Loyalty programs are susceptible to fraud for all of the following reasons EXCEPT: A. Loyalty points can only be used for products or services offered by the original company. B. Some airlines allow the conversion of travel points for tickets in another person's name. C. Loyalty points can often be used to purchase sellable items such as gift cards. D. Many loyalty programs allow the transfer of points from one account to another.
Loyalty fraud typically results from fraudsters gaining access to a rewards account by obtaining login credentials through phishing or hacking. Fraudulent transactions can be difficult to recognize because many consumers use their points to purchase gifts for others, with many airlines even allowing the conversion of travel points for tickets in another person's name. Increasingly, points programs from one company are joined with programs from other companies to enhance the options and utility available for consumers. Whereas airline points at one time might have only been valid toward the purchase of an airline ticket with the issuing airline, rewards programs are increasingly offered as part of an alliance of expanded loyalty networks that allow consumers to exchange their points for numerous unrelated products and services, such as hotel stays, retail purchases, or gift cards. The ability to convert loyalty points to sellable items such as gift cards allows fraudsters to leverage compromised loyalty accounts for cash. Furthermore, many loyalty programs allow the transfer of points from one account to another within the expanded program network, thus allowing fraudsters to transfer points from numerous compromised accounts into whichever program is most conducive to their scheme. Correct Answer: (A) See pages 1.1051-1.1052 in the Fraud Examiner's Manual
The primary reason for a company's management to construct an electronically and acoustically shielded quiet room is to protect the company's computer servers and other sensitive electronic equipment. A. True B. False
Management can prevent corporate spies from listening in on meetings through the use of a quiet room. A quiet room is an area that is acoustically and radio-frequency shielded so that conversations that occur within the room cannot be monitored or heard from outside the room. Correct Answer: (B) False See pages 1.755 in the Fraud Examiner's Manual
Visitors to a company's facilities should be allowed unrestricted access as long as they have signed in as a visitor in the company's logbook and have been issued a visitor's badge. A. True B. False
Management should monitor and limit visitor access. Visitors should be required to sign in and out of an organization logbook. It is considered a best practice to issue visitors a badge that identifies them as a non-employee. Also, visitors should be escorted by a host at all times, and visitors should not be allowed into areas containing sensitive information. Additionally, locks on doors leading to secure areas should be changed or reprogrammed regularly, especially if an employee has recently quit or been terminated. Correct Answer: (B) False See pages 1.755 in the Fraud Examiner's Manual
Failing to record bad debt expense for the period will result in fraudulently overstated accounts receivable. A. True B. False
Managers can overstate their company's accounts receivable balance by failing to record bad debt expense. Bad debt expense is recorded to account for any uncollectible accounts receivable. The debit side of the entry increases bad debt expense, and the credit side of the entry increases the allowance (or provision) for doubtful accounts, which is a contra account that is recorded against accounts receivable. Therefore, if the controller fails to record bad debt expense, the allowance (or provision) for doubtful accounts will be understated. Correct Answer: (A) True See pages 1.226 in the Fraud Examiner's Manual
Which of the following statements is TRUE with regard to detecting a cash larceny scheme? A. Reconciling the cash register total to the amount of cash in the drawer is helpful in detecting a cash larceny scheme B. Someone other than the accounts receivable clerk should prepare the bank deposit C. If employees who handle cash go on vacation, other employees should take over their duties D. All of the above
Mandatory vacations are an excellent method of detecting cash fraud. If mandatory vacations are within the company's policies, it is important that during an employee's absence, that employee's normal workload be performed by another individual. The purpose of mandatory vacations is lost if the work is allowed to remain undone during the employee's time off. In contrast to skimming schemes, the register records should NOT match up with the cash in the drawer when a cash larceny scheme has occurred. For this reason, cash larceny schemes are much easier to detect than skimming schemes—they leave an audit trail. To detect a cash larceny scheme, one recommended practice is to perform independent reconciliations of the register totals to the amount of cash in the drawer. The bank deposit should be made by someone other than the cashier or the accounts receivable clerk. A person independent of the cash receipts and accounts receivable functions should compare entries to the cash receipts journal with: -Authenticated bank deposit slips -The deposit per the bank statements Correct Answer: (D) All of the above See pages 1.329-1.330, 1.332 in the Fraud Examiner's Manual
Due to the paper trail involved and the emphasis placed on the problem by law enforcement, the vast majority of check fraud offenders are pursued and prosecuted. A. True B. False
Many merchants overburden police and prosecutors with reports of check fraud rather than implementing effective training and controls to help prevent such schemes from the outset; therefore, law enforcement and prosecutors do not have the time or manpower to pursue all such cases and are often uneager to do so. Furthermore, check fraud perpetrators frequently migrate from one location to another, making their apprehension and prosecution difficult. Correct Answer: (B) See pages 1.1002 in the Fraud Examiner's Manual
A fraud scheme in which an accountant fails to write down obsolete inventory to its current fair market value has what effect on the company's current ratio? A. The current ratio will not be affected. B. It is impossible to determine. C. The current ratio will be artificially inflated. D. The current ratio will be artificially deflated.
Many schemes are used to inflate current assets at the expense of long-term assets. In the case of such schemes, the net effect is seen in the current ratio, which divides current assets by current liabilities to evaluate a company's ability to satisfy its short-term obligations. By misclassifying long-term assets as short-term, the current ratio will appear artificially stronger. This type of misclassification can be of critical concern to lending institutions that often require certain financial ratio minimums to be maintained. This is of particular consequence when the loan covenants are on unsecured or under-secured lines of credit and other short-term borrowings. Sometimes these misclassifications are referred to as window dressing. Correct Answer: (C) See pages 1.224 in the Fraud Examiner's Manual
Mario, an employee of a person-to-person (P2P) payment company, has been writing down the account numbers and passwords of customer accounts with the intent of fraudulently using them to pay for items he purchases online. Mario is engaging in: A. Check fraud B. Credit card transfer fraud C. Electronic funds transfer fraud D. None of the above
Mario is committing an electronic funds transfer (EFT) scheme by misappropriating customers' account and password information. There are several ways in which fraud can be perpetrated through the electronic transfer of funds. Potential sources of fraud include the following: -A biller might send a bill for services not rendered or for goods never sent. -A person who has obtained information about another person's bank account might instruct a biller to obtain payment from the other person's account. -A hacker might obtain passwords and usernames from an aggregator and use that information to direct transfers from a consumer's bank account. -An employee at the site providing electronic bill presentment and payment (EBPP) services who knows consumers' usernames and passwords for screen-scraping purposes might use that information to direct transfers from consumers' bank accounts. -A bank employee might use customer information to direct transfers from a customer's account. Correct Answer: (C) Electronic funds transfer fraud See pages 1.1042-1.1043 in the Fraud Examiner's Manual
Because it is a common occurrence, the fact that documents are missing from a loan file is generally not a red flag for loan fraud. A. True B. False
Missing or altered documentation is a red flag for any type of fraud scheme, and it is a particular concern for loan fraud. While it is true that many loan files have missing documents, it is important to determine if the documents have been misplaced or were never received. A waiver of certain documents is one common way for lenders to conceal fraud schemes. Correct Answer: (B) See pages 1.912-1.913 in the Fraud Examiner's Manual
Which of the following describes the primary purpose of an automated clearing house (ACH) filter? A. It requires the bank to contact the account holder before any payments are made. B. It is a tool used by auditors to examine electronic payment activity on the bank records. C. It matches the details of incoming payments with those on a list of expected payments provided by the account holder. D. It enables account holders to provide their banks with a list of criteria to ensure only designated individuals get paid.
Most large banks offer multiple security services that can help business account holders mitigate fraud through early detection and prevention of fraudulent electronic payments. For example, automated clearing house (ACH) blocks allow account holders to notify their banks that ACH debits should not be allowed on specific accounts. ACH filters enable account holders to provide their banks with a list of defined criteria (such as the sending company ID, account number, and transaction code) against which banks can filter ACH debits and reject any unauthorized transactions. Positive pay for ACH is another security feature offered by banks to their account holders. With positive pay, banks match the details of ACH payments with those on a list of legitimate and expected payments provided by the account holder. Only authorized electronic transactions are allowed to be withdrawn from the account; exceptions are reported to the customer for review. Correct Answer: (D) See pages 1.435 in the Fraud Examiner's Manual
Most shell company schemes involve the purchase of fictitious: A. Supplies B. Goods C. Inventory D. Services
Most shell company schemes involve the purchase of services rather than goods. The primary reason for this is that services are not tangible. If an employee sets up a shell company to make fictitious sales of goods to their employer, these goods will obviously never arrive. By comparing its purchases to its inventory levels, the victim organization might detect the fraud. It is much more difficult for the victim organization to verify that the services were never rendered. For this reason, many employees involved in shell company schemes bill their employers for things like "consulting services." Correct Answer: (D) See pages 1.441 in the Fraud Examiner's Manual
Non-repudiation refers to a method used to guarantee that parties involved in an e-commerce transaction cannot deny their participation in it. A. True B. False
Non-repudiation refers to a method used to guarantee that the parties involved in an e-commerce transaction cannot repudiate (deny) participation in that transaction. In e-commerce, non-repudiation is obtained through the use of digital signatures, confirmation services, and timestamps. Correct Answer: (A) True See pages 1.1439 in the Fraud Examiner's Manual
Which of the following is NOT an appropriate technique for detecting a nonconforming goods or services scheme? A. Conduct unannounced inspections of questioned goods or materials. B. Determine if contract costs have exceeded or are expected to exceed the contract value. C. Review the inspection and testing reports of questioned goods or materials. D. Interview procurement personnel about the presence of any red flags.
Nonconforming goods or services fraud, also known as product substitution or failure to meet contract specifications, refers to attempts by contractors to deliver goods or services to the procuring entity that do not conform to the underlying contract specifications. Once contractors deliver goods that do not conform to the contract, they bill and receive payment for conforming goods or services without informing the purchaser of the deficiency. To detect nonconforming schemes, the fraud examiner should, at a minimum, examine the following for red flags: -Contract or purchase order (PO) specifications -Contractor's statements, claims, invoices, and supporting documents -Received product -Test and inspection results for the relevant period, searching for discrepancies between tests and inspection results and contract specifications Additionally, to detect nonconforming schemes, the fraud examiner should: -Review correspondence and contract files for indications of noncompliance. -Request assistance from outside technical personnel to conduct after-the-fact tests. -Inspect or test questioned goods or materials by examining packaging, appearance, and description to determine if the items are appropriate. -Segregate and identify the source of the suspect goods or materials. -Review inspection reports to determine whether the work performed and materials used in a project were inspected and considered acceptable. -Review the contractor's books, payroll, and expense records to see if they incurred necessary costs to comply with contract specifications. -Review the inspection and testing reports of questioned goods or materials. -Conduct routine and unannounced inspections and tests of questioned goods or materials. -Examine the contractor's books and manufacturing or purchase records for additional evidence, looking for discrepancies between claimed and actual costs, contractors, etc. -Interview procurement personnel about the presence of any red flags or other indications of noncompliance. -Search and review external records (e.g., court records, prior complaints, audit reports, investigative reports, media sources) to determine if there is any history of misconduct. Correct Answer: (B) See pages 1.1524, 1.1526-1.1527 in the Fraud Examiner's Manual
High percentages of returns, missing compliance certificates, and evidence of falsified test inspection results are red flags of which of the following procurement fraud scenarios? A. Two or more competing contractors agreeing to refrain from bidding B. A contractor delivering goods or services that do not conform to the contract specifications C. A procuring employee manipulating the bidding process to benefit a favored contractor D. A contractor charging the procuring entity for labor costs that are not allowable
Nonconforming goods or services fraud, also known as product substitution or failure to meet contract specifications, refers to attempts by contractors to deliver goods or services to the procuring entity that do not conform to the underlying contract specifications. Once contractors deliver goods that do not conform to the contract, they bill and receive payment for conforming goods or services without informing the purchaser of the deficiency. The following is a list of potential red flags for nonconforming schemes: - High percentage of returns for noncompliance with specifications - Missing, altered, or modified product compliance certificate - Compliance certificates signed by employees with no quality assurance responsibilities - Materials testing done by supplier, using the supplier's own personnel and facilities - Evidence that test or inspection results were falsified (e.g., documents appear altered or modified, test documents are illegible, signatures on documents are illegible, documents were signed by unqualified or inappropriate personnel, or test reports are similar or identical to sample descriptions and test results) - Highest profit product lines have the highest number of material return authorizations or reshipments - Discrepancy between product's description or normal appearance and actual appearance (e.g., a new product appears to be used) - Used, surplus, or reworked parts are delivered - Delivery of products that appear counterfeit (e.g., product packaging, appearance, and description do not appear genuine; items that are consistently defaced in the same area; items that appear different from each other) - Offers by contractors to select the sample and prepare it for testing - Delivery of look-alike goods - Unusually high number of early replacements - Contractor restricts or avoids inspections of goods or services upon delivery Correct Answer: (B) A contractor delivering goods or services that do not conform to the contract specifications See pages 1.1524-1.1526 in the Fraud Examiner's Manual
A contractor who delivers materials of lesser quality than specified in the contract or uses a lower quality staff than specified in the contract might be involved in which of the following types of procurement fraud schemes? A. Labor mischarging fraud B. Material mischarging fraud C. Product division fraud D. Nonconforming goods or services fraud
Nonconforming goods or services fraud, also known as product substitution or failure to meet contract specifications, refers to attempts by contractors to deliver goods or services to the procuring entity that do not conform to the underlying contract specifications. Once contractors deliver goods that do not conform to the contract, they bill and receive payment for conforming goods or services without informing the purchaser of the deficiency. These schemes can involve a wide variety of conduct, but, generally, they include any deliberate departures from contract requirements to increase profits or comply with contract time schedules. Correct Answer: (D) Nonconforming goods or service fraud. See pages 1.1524 in the Fraud Examiner's Manual
Which of the following is NOT an appropriate technique for detecting a nonconforming goods or services scheme? A. Review the inspection and testing reports of questioned goods or materials. B. Interview procurement personnel about the presence of any red flags. C. Conduct unannounced inspections of questioned goods or materials. D. Determine if contract costs have exceeded or are expected to exceed the contract value.
Nonconforming goods or services fraud, also known as product substitution or failure to meet contract specifications, refers to attempts by contractors to deliver goods or services to the procuring entity that do not conform to the underlying contract specifications. Once contractors deliver goods that do not conform to the contract, they bill and receive payment for conforming goods or services without informing the purchaser of the deficiency. To detect nonconforming schemes, the fraud examiner should, at a minimum, examine the following for red flags: Contract or purchase order (PO) specifications Contractor's statements, claims, invoices, and supporting documents Received product Test and inspection results for the relevant period, searching for discrepancies between tests and inspection results and contract specifications Additionally, to detect nonconforming schemes, the fraud examiner should: Review correspondence and contract files for indications of noncompliance. Request assistance from outside technical personnel to conduct after-the-fact tests. Inspect or test questioned goods or materials by examining packaging, appearance, and description to determine if the items are appropriate. Segregate and identify the source of the suspect goods or materials. Review inspection reports to determine whether the work performed and materials used in a project were inspected and considered acceptable. Review the contractor's books, payroll, and expense records to see if they incurred necessary costs to comply with contract specifications. Review the inspection and testing reports of questioned goods or materials. Conduct routine and unannounced inspections and tests of questioned goods or materials. Examine the contractor's books and manufacturing or purchase records for additional evidence, looking for discrepancies between claimed and actual costs, contractors, etc. Interview procurement personnel about the presence of any red flags or other indications of noncompliance. Search and review external records (e.g., court records, prior complaints, audit reports, investigative reports, media sources) to determine if there is any history of misconduct. Correct Answer: (D) Determine if contract costs have exceeded or are expected to exceed the contract value. See pages 1.1524, 1.1526-1.1527 in the Fraud Examiner's Manual
When looking at a set of financial statements, on which statement would you find notes payable, current assets, retained earnings, and accumulated depreciation? A. Balance sheet B. Statement of cash flows C. Income statement D. Statement of changes in owners' equity
Notes payable, current assets, retained earnings, and accumulated depreciation can all be found on the balance sheet. The balance sheet is an expansion of the accounting equation, Assets = Liabilities + Owners' Equity. That is, it lists a company's assets on one side and its liabilities and owners' equity on the other side. Assets are classified as either current or noncurrent. Current assets consist of cash or other liquid assets that are expected to be converted to cash, sold, or used up, usually within a year or less. Current assets listed on the balance sheet include cash, accounts receivable, inventory, supplies, and prepaid expenses. Following the current assets are the long-term assets, or those assets that will likely not be converted to cash within one year, such as fixed assets and intangible assets. A company's fixed assets are presented net of accumulated depreciation, an amount that represents the cumulative expense taken for normal wear and tear on a company's property. Liabilities are presented in order of maturity. Like current assets, current liabilities are those obligations that are expected to be paid within one year, such as accounts payable (the amount owed to vendors by a company for purchases on credit), accrued expenses (e.g., taxes payable or salaries payable), and the portion of long-term debts that will come due within the next year. Those liabilities that are not due for more than a year are listed under the heading long-term liabilities. The most common liabilities in this group are bonds, notes, and mortgages payable. Correct Answer: (A) Balance sheet See pages 1.106-1.107 in the Fraud Examiner's Manual
When looking at a set of financial statements, on which statement would you find notes payable, current assets, retained earnings, and accumulated depreciation? A. Income statement B. Balance sheet C. Statement of changes in owners' equity D. Statement of cash flows
Notes payable, current assets, retained earnings, and accumulated depreciation can all be found on the balance sheet. The balance sheet is an expansion of the accounting equation, Assets = Liabilities + Owners' Equity. That is, it lists a company's assets on one side and its liabilities and owners' equity on the other side. Assets are classified as either current or noncurrent. Current assets consist of cash or other liquid assets that are expected to be converted to cash, sold, or used up, usually within a year or less. Current assets listed on the balance sheet include cash, accounts receivable, inventory, supplies, and prepaid expenses. Following the current assets are the long-term assets, or those assets that will likely not be converted to cash within one year, such as fixed assets and intangible assets. A company's fixed assets are presented net of accumulated depreciation, an amount that represents the cumulative expense taken for normal wear and tear on a company's property. Liabilities are presented in order of maturity. Like current assets, current liabilities are those obligations that are expected to be paid within one year, such as accounts payable (the amount owed to vendors by a company for purchases on credit), accrued expenses (e.g., taxes payable or salaries payable), and the portion of long-term debts that will come due within the next year. Those liabilities that are not due for more than a year are listed under the heading long-term liabilities. The most common liabilities in this group are bonds, notes, and mortgages payable. Correct Answer: (B) Balance Sheet See pages 1.106-1.107 in the Fraud Examiner's Manual
Employees are often willing to abide by nondisclosure agreements, but they sometimes do not understand that the information they are communicating might be confidential. A. True B. False
Often, employees are willing to abide by nondisclosure agreements, but they do not understand that the information they are communicating might be confidential. To more effectively implement nondisclosure agreements, employees must be clearly informed as to what information is considered confidential upon hiring, upon signing a nondisclosure agreement, and during exit interviews. Correct Answer: (A) True See pages 1.750 in the Fraud Examiner's Manual
When should an employee be made aware of the need to maintain the confidentiality of an organization's proprietary information, as well as which information is considered confidential? A. During an exit interview B. When signing a nondisclosure agreement C. Upon being hired D. All of the above
Often, employees are willing to abide by nondisclosure agreements, but they do not understand that the information they are communicating might be confidential. To more effectively implement nondisclosure agreements, employees must be clearly informed as to what information is considered confidential upon hiring, upon signing a nondisclosure agreement, and during exit interviews. Correct Answer: (D) All of the above See pages 1.750 in the Fraud Examiner's Manual
Research and development (R&D) personnel often inadvertently divulge confidential information through which of the following? A. Articles written for industry journals B. Hiring outside academic professionals C. Discussions with colleagues at conferences D. All of the above
Often, intelligence professionals target research and development (R&D) employees because their positions generally involve the communication of information. For example, many R&D employees attend or participate in trade shows, conferences, or other industry functions where it is common to network with other professionals in their field and exchange ideas. Such events provide intelligence spies with the opportunity to learn key product- or project-related details simply by listening to a presentation or asking the right questions. R&D employees' publications are also a good source of information for intelligence professionals. Researchers sometimes inadvertently include sensitive project details when writing articles about their findings for industry journals or other mediums. This is particularly true in the case of academic professionals who might be hired by a company to perform research or conduct a study. If a company hires an academician to conduct research, management must ensure that the academician understands the need to keep the results confidential. In addition, management must make sure that the academician's use of teaching assistants or graduate students is kept to a minimum and that those individuals understand the confidentiality requirements. Correct Answer: (D) All of the above. See pages 1.712-1.713 in the Fraud Examiner's Manual
Billing for experiments with new medical devices that have not yet been approved by a jurisdiction's health care authority is one form of medical fraud. A. True B. False
One form of medical fraud is the billing for experimental use of new medical devices that have not yet been approved by the jurisdiction's health care authority. Some hospitals deliberately mislead third-party payers by getting them to pay for the manufacturer's research. Many of the doctors involved are alleged to have stock in the manufacturing companies. Correct Answer: (A) True See pages 1.1241 in the Fraud Examiner's Manual
Which of the following best describes a mischaracterized reimbursement expense scheme? A. An employee alters a receipt to reflect a higher cost than what the employee actually paid and submits it for reimbursement. B. An employee who travels frequently on business submits receipts from a hotel stay during a family vacation as a business expense. C. An employee produces a fictitious receipt and includes it with an expense report. D. An employee submits a receipt for an item in one expense report and an email confirmation for the same item in the next period's expense report.
One of the most basic expense schemes is perpetrated by simply requesting reimbursement for a personal expense, claiming that it is business related. Examples of mischaracterized expenses include claiming personal travel as a business trip or listing dinner with a friend as "business development" or "client entertainment." Employees might submit the receipts from their personal expenses along with their expense reports but concoct business reasons for the incurred costs. Instead of seeking reimbursement for personal expenses, some employees overstate the cost of actual business expenses. This is considered an overstated expense reimbursement scheme. In a fictitious expense reimbursement scheme, an employee seeks reimbursement for wholly fictitious expenses. Instead of overstating a real business expense or seeking reimbursement for a personal expense, an employee just invents an expense by producing a fictitious receipt and requests that it be reimbursed. In a multiple reimbursement scheme, an employee submits several types of support for the same expense in order to get reimbursed multiple times. Correct Answer: (B) See pages 1.473, 1.475, 1.478, 1.480-1.481 in the Fraud Examiner's Manual
Jackson is a receiving clerk at a warehouse. His job is to count the number of units in incoming shipments, record the figures in receiving reports, and forward copies of the reports to the accounts payable department. One day, Jackson received a box of 20 laptop computers at the warehouse. His wife's computer recently broke, so he stole one of the computers from the box. To conceal his scheme, Jackson sent a receiving report to accounts payable that 20 computers arrived, but he only recorded 19 on the copy of the receiving report used for the inventory records. What type of scheme did Jackson commit? A. An asset transfer scheme B. A purchasing and receiving scheme C. A noncash larceny scheme D. None of the above
One of the most common examples of an employee abusing the purchasing and receiving functions occurs when a person charged with receiving goods on the victim company's behalf—such as a warehouse supervisor or receiving clerk—falsifies the records of incoming shipments. If, for example, one thousand units of a particular item are received, the perpetrator indicates that only nine hundred were received. By marking the shipment short, the perpetrator can steal the one hundred unaccounted-for units. The obvious problem with this kind of scheme is the fact that the receiving report does not match the vendor's invoice, which will likely cause a problem with payment. Some employees avoid this problem by altering only one copy of the receiving report. The copy that is sent to accounts payable indicates receipt of a full shipment, so the vendor will be paid without any questions. The copy used for inventory records indicates a short shipment so that the assets on hand will equal the assets in the perpetual inventory. Correct Answer: (B) See pages 1.507 in the Fraud Examiner's Manual
Publicly available information that anyone can lawfully obtain by request, purchase, or observation is known as which of the following? A. Free-source information B. Wide-source information C. Open-source information D. Confidential-source information
Open-source information is information in the public domain; it can be defined as publicly available data "that anyone can lawfully obtain by request, purchase, or observation." Correct Answer: (C) Open-source information See pages 1.704 in the Fraud Examiner's Manual
Calendars and schedules displayed at an employee's workstation can inadvertently provide a company's competitors with valuable proprietary information. A. True B. False
Organizations must take reasonable measures to protect manual file systems, which are composed of all human-readable files and documents. These include items like contact lists, schedules, and calendars located at employees' workstations. To attack a manual file system, an information thief might pilfer trash, act as a cleaning crew member, or commit theft or burglary. Correct Answer: (A) True See pages 1.754 in the Fraud Examiner's Manual
Shredding sensitive documents with a cross-cut shredder, sending and receiving mail at a secure site, and employing a perimeter security system at the office are all measures aimed to do which of the following? A. Guard manual file systems. B. Catch a fraudster in the act. C. Prevent misappropriation of office supplies. D. Protect digital documentation.
Organizations must take reasonable measures to protect manual file systems, which are composed of all human-readable files and documents. These include items like contact lists, schedules, and calendars. To attack a manual file system, an information thief might pilfer trash, act as a cleaning crew member, or commit theft or burglary. Reasonable measures to protect manual file systems include the following: -Place sensitive documents in high-grade locked filing cabinets. It is advisable to lock sensitive documents in a safe when not in use. -Use a cross-cut shredder for sensitive documentary waste, or have sensitive trash disposed of by a bonded waste-disposal company. -Receive and send mail at a secure site (e.g., mail drops, post office boxes, or locked mailboxes). The key is that the site remains secure. -Provide reasonable perimeter security for offices by using an alarm system and securing locks to doors and windows. -Pay attention to securing auxiliary materials. Correct Answer: (A) Guard manual file systems See pages 1.754 in the Fraud Examiner's Manual
Pass-through schemes are usually undertaken by employees who receive inventory on the victim company's behalf. A. True B. False
Pass-through schemes are usually undertaken by employees in charge of purchasing on the victim company's behalf. Instead of buying merchandise directly from a vendor, the employee sets up a shell company and purchases the merchandise through that fictitious entity. They then resell the merchandise to their employer from the shell company at an inflated price, thereby making an unauthorized profit on the transaction. Correct Answer: (B) False See pages 1.441 in the Fraud Examiner's Manual
Pam is the purchasing manager at a retail store. She decides to form her own shell company and purchase merchandise through this entity. She then sells the merchandise to her employer at an inflated price as if she were a legitimate vendor. What type of scheme is Pam committing? A. A pay and return scheme B. A need recognition scheme C. A cash larceny scheme D. A pass-through scheme
Pass-through schemes are usually undertaken by employees in charge of purchasing on the victim company's behalf. Instead of buying merchandise directly from a vendor, the employee sets up a shell company and purchases the merchandise through that fictitious entity. They then resell the merchandise to their employer from the shell company at an inflated price, thereby making an unauthorized profit on the transaction. Correct Answer: (D) A pass-through scheme. See pages 1.441 in the Fraud Examiner's Manual
Which of the following is the term used to describe the method of gaining unauthorized access to a computer system in which attackers use an automated process to guess a system user's passwords? A. Password cracking B. Password sniffing C. Password logging D. Password engineering
Password cracking is an automated process by which an attacker attempts to guess a system user's most likely passwords. Correct Answer: (A) See pages 1.1410 in the Fraud Examiner's Manual
The primary purpose of physical access controls is to prevent unauthorized access to computer software. A. True B. False
Physical access controls refer to the process by which users are allowed access to physical objects (e.g., buildings). In contrast, logical access controls are tools used to control access to computer information systems and their components. Correct Answer: (B) See pages 1.1449, 1.1451 in the Fraud Examiner's Manual
Jeremy is involved in an automobile accident but does not have insurance. To be reimbursed for the damages, he gets insurance, waits a short time, and then reports the vehicle as having been in an accident. He has committed an insurance scam known as _____________. A. Ditching B. Past posting C. Churning D. None of the above
Past posting is a scheme in which a person is involved in an automobile accident but does not have insurance. After the accident, the person gets insurance, waits a short time, and then reports the vehicle as having been damaged in some manner, thus collecting for the earlier loss. Correct Answer: (B) See pages 1.1105 in the Fraud Examiner's Manual
Pharming differs from phishing in that in a pharming scheme: A. The attacker has to rely on having users click on a link in an email or other message to direct them to the malicious website that is imitating a legitimate website. B. The attacker does not have to rely on having users click on a link in an email or other message to direct them to the malicious website that is imitating a legitimate website. C. The attacker delivers the solicitation message via telephones using Voice over Internet Protocol (VoIP) instead of email. D. The attacker delivers the solicitation message via short message service (also known as SMS or text messaging) instead of email.
Pharming is an attack in which users are fooled into entering sensitive data (such as a password or credit card number) into a malicious website that imitates a legitimate website. It is different from phishing in that the attacker in a pharming scheme does not have to rely on having users click on a link in an email or other message to direct them to the imitation website. Correct Answer: (B) See pages 1.1409 in the Fraud Examiner's Manual
_________ is an attack in which users are fooled into entering sensitive data into a malicious website that imitates a legitimate website. A. SMiShing B. Spear phishing C. Pharming D. Phishing
Pharming is an attack in which users are fooled into entering sensitive data (such as a password or credit card number) into a malicious website that imitates a legitimate website. It is different from phishing in that the attacker in a pharming scheme does not have to rely on having users click on a link in an email or other message to direct them to the imitation website. Correct Answer: (C) See pages 1.1409 in the Fraud Examiner's Manual
Which of the following best describes phishing? A. A method for acquiring sensitive information by falsely claiming through electronic communication to be from an entity with which the target does business B. A method for acquiring sensitive information in which an attacker hides near the target to gain unauthorized access to a computer system C. A method for acquiring sensitive information by bypassing a computer system's security through the use of an undocumented operating system and network functions D. A method for acquiring sensitive information needed to facilitate a specific scheme by searching through large quantities of available data
Phishing is a type of social engineering scheme that involves impersonating a trusted individual or entity. Generally, phishers manipulate victims into providing sensitive information by falsely claiming to be from an actual business, bank, Internet service provider (ISP), or other entity with which the target does business. In these schemes, phishers typically use emails to direct Internet users to websites that look like legitimate e-commerce websites, such as online banks, retailers, or government agencies. Phishers control these imitation websites and use them to steal sensitive information, such as bank account details and passwords. Correct Answer: (A) See pages 1.1406 in the Fraud Examiner's Manual
Which of the following is an example of the piggybacking method used to gain access to restricted areas? A. Pretending to be a member of a large crowd of people authorized to enter a restricted area B. Taking advantage of a legitimate computer user's active session when the user attends to other business while still logged on C. Following behind an individual who has been cleared for access into a restricted area D. All of the above
Piggybacking is a method used to gain access to restricted areas, including computer systems, in which the attacker exploits another person's access capability. Unlike most other methods of attack, piggybacking can be done to gain physical or electronic access. Physical access via piggybacking involves gaining access to an area that is secured by locked doors, and it occurs when an attacker exploits a false association with another person who has legitimate access to the area. Examples of piggybacking to gain physical access into a restricted area would include: -Following behind an individual who has been cleared for access into the restricted area -Tricking an authorized individual into believing the piggybacker is authorized and convincing the individual to agree to allow the piggybacker to tag along into the restricted area -Surreptitiously following behind an individual who has been cleared for access into a restricted area, giving the appearance of being legitimately escorted -Pretending to be a member of a large crowd of people authorized to enter a restricted area Electronic piggybacking occurs when an attacker gains access to an electronic system by exploiting the access capability of another person with legitimate access. One type of electronic piggybacking occurs when the attacker takes advantage of a legitimate computer user's active session when the user did not properly terminate the session, the user's logoff is unsuccessful, or the user attends to other business while still logged on. Correct Answer: (D) All of the above See pages 1.1414-1.1415 in the Fraud Examiner's Manual
_______________ is a system by which the bank verifies checks presented for payment against the list provided by the company of approved checks written on the account. A. Payment patrol B. Check matching C. Verification control D. Positive pay
Positive pay allows a company and its bank to work together to detect fraudulent items presented for payment. The company provides the bank with a list of checks and amounts that are written each day. The bank verifies items presented for payment against the company's list and rejects items that are not on the list. Investigations are conducted as to the origin of the unlisted items. Correct Answer: (D) See pages 1.432 in the Fraud Examiner's Manual
How does positive pay help prevent check fraud? A. Positive pay establishes a maximum amount above which the company's bank will not accept checks drawn against the account. B. Positive pay controls which vendors the company's bank can deposit checks from. C. The bank scans all checks presented for payment to determine whether the signatures are forged. D. The bank verifies checks presented for payment against a list of approved checks provided by the company.
Positive pay allows a company and its bank to work together to detect fraudulent items presented for payment. The company provides the bank with a list of checks and amounts that are written each day. The bank verifies items presented for payment against the company's list and rejects items that are not on the list. Investigations are conducted as to the origin of the unlisted items. Positive Pay is an automated fraud detection tool offered by the Cash Management Department of most banks. In its simplest form, it is a service that matches the account number, check number and dollar amount of each check presented for payment against a list of checks previously authorized and issued by the company. Correct Answer: (D) See pages 1.432 in the Fraud Examiner's Manual
Which of the following best describes the difference between a flipping scheme and a flopping scheme in the context of mortgage fraud? A. In a flopping scheme, the value of the first transaction is deflated instead of inflating the second transaction. B. In a flopping scheme, the second transaction in the scheme usually occurs several years after the first. C. In a flopping scheme, the original seller always ends up as the final owner of the property. D. In a flopping scheme, the lender is not one of the potential victims of the scheme.
Property flipping is the process by which an investor purchases a home and then resells it at a higher price shortly thereafter. For example, an investor buys a house in need of work for $250,000 in July, renovates the kitchen and bathrooms, and landscapes the yard at a cost of $50,000. The investor then resells the house two months later (the time it takes to make the renovations) for a price that is reflective of the market for a house in that condition. This is a legitimate business transaction, and many individuals and groups make an honest living flipping properties. Property flipping is not intrinsically illegal or fraudulent, but it becomes so when a property is purchased and resold within a short period of time at an artificially or unjustly inflated value, often as the result of a fraudulent appraisal. In a flipping scheme, the property is sold twice in rapid succession at a significant increase in value (also known as an ABC transaction, where the property moves from party A to party B to party C very quickly). Property flopping is a variation on property flipping, but it generally involves a property subject to a short sale (meaning the owner sells the property at a lower value than the unpaid mortgage amount on the property). This variation typically is conducted by industry insiders or unscrupulous entrepreneurs rather than the homeowner. Property flopping involves a rapid transfer of property with an unjustified, significant change in value (like the ABC transaction in flipping schemes), but instead of inflating the value on the second transaction, the value on the first transaction is deflated. To prevent problematic short sale flopping, some lenders are starting to require all interested parties to sign an affidavit requiring disclosure of an immediate subsequent sale. See pages 1.933-1.935 in the Fraud Examiner's Manual
Which of the following can best be described as fraud perpetrated by medical practitioners, medical suppliers, or medical institutions on patients or health care programs to increase their own income by illicit means? A. Beneficiary fraud B. Provider fraud C. Uncovered party fraud D. Insurer fraud
Provider fraud consists of practices by health care providers (including practitioners, medical suppliers, and medical institutions) that cause unnecessary costs to health care programs or patients through reimbursement for unnecessary or excessive services or services that do not meet the recognized standards for health care. Correct Answer: (B) Provider fraud See pages 1.1222 in the Fraud Examiner's Manual
Which of the following is a common avenue through which proprietary company information is compromised? A. Publications B. Speeches by executives C. Company website D. All of the above
Publications such as newsletters or reports to shareholders and speeches or papers that are presented at conferences can inadvertently provide valuable information to competitors. A company's website might also contain accidental leaks. Corporate spies frequently visit their targets' websites to gather information that these companies have unknowingly made public. Employee telephone and email directories, financial information, key employees' biographical data, product features and release dates, details on research and development (R&D), and job postings can all be found on many corporate websites. Correct Answer: (D) All of the above See pages 1.714-1.715 in the Fraud Examiner's Manual
A pyramid scheme is designed to pay off its earliest investors. A. True B. False
Pyramid schemes are designed to pay off their earliest investors but not later investors. Probability studies have shown that 93-95% of the participants in a pyramid scheme (all but those who join at the earliest stage) will lose most of their money. Half can expect to lose all the money they invest. Correct Answer: (A) True See pages 1.1343 in the Fraud Examiner's Manual
Which of the following statements about ransomware is TRUE? A. Ransomware is a classification of malware designed to simplify or automate online criminal activities. B. Ransomware is a program or command procedure that gives the appearance of being useful but in fact contains hidden malicious code that causes damage. C. Ransomware is a form of malware that locks a user's operating system and restricts access to data files until a payment is made. D. Ransomware is a type of software that collects and reports information about a computer user without the user's knowledge or consent.
Ransomware, as its name implies, is a form of malware that locks a user's operating system and restricts access to data files until a ransom is paid. To intimidate Internet users into compliance, ransomware often employs a convincing professional interface, commonly emblazoned with police insignia or an official government logo. Messages sometimes consist of threatening accusations that the user has been caught viewing illegal videos, downloading pirated media, or otherwise accessing forbidden Internet content, with the only remedy being to pay a fine. Other forms are far more direct and make no effort to conceal their obvious attempts at extortion. Spyware is a type of software that collects and reports information about a computer user without the user's knowledge or consent. A Trojan horse is a program or command procedure that gives the appearance of being useful but in fact contains hidden malicious code that causes damage. When the hidden code in a Trojan horse is activated, it performs some unwanted or harmful function. Often, viruses and worms attach themselves to other legitimate programs, becoming Trojan horses and spreading to other systems. Crimeware is not a type of malware but rather a classification of malware denoted by its intent to facilitate criminal behavior. Crimeware can be described as malware designed to simplify or automate online criminal activities, such as programs to fraudulently obtain financial gain from the affected user or other third parties. Correct Answer: (C) See pages 1.1425-1.1426, 1.1428 in the Fraud Examiner's Manual
After paying the ransom demanded by the fraudster, a ransomware victim is always granted access to all locked files on the compromised computer. A. True B. False
Ransomware, as its name implies, is a form of malware that locks a user's operating system and restricts access to data files until a ransom is paid. While some ransomware simply prevents access to files, other forms actually encrypt users' files. This is of particular concern to businesses due to the potentially disastrous threat of encrypted network drives. These schemes typically promise that, after payment is received, the user will be provided with a key to release the system and unencrypt files; however, even after money is transferred, many victims find that the virus remains installed on their machine and a key is never provided. Less sophisticated forms of ransomware have also appeared that claim to have encrypted victims' files when the malware has simply deleted the files, thus tricking victims into paying to regain access to files that no longer exist. Some forms of this imitation ransomware go a step farther by deleting the restore points and registry keys needed to reboot a system in safe mode or overwriting deleted files to make them nearly impossible to recover. Correct Answer: (B) False See pages 1.1425-1.1426 in the Fraud Examiner's Manual
Which of the following is TRUE regarding an overstated refund scheme? A. An employee overstates the amount of a legitimate refund and keeps the excess cash. B. It is based on an entirely fictitious refund transaction. C. It requires collusion between the customer and the employee. D. The company's inventory balance on the books will be understated.
Rather than create an entirely fictitious refund, some employees merely overstate the amount of a legitimate refund and steal the excess money. For example, if a customer returns $100 worth of merchandise, the employee might ring up a $200 return. The employee gives the customer $100 in return for the merchandise and then keeps the remaining $100. The customer might or might not be aware of the scheme taking place. This will result in shrinkage of $100 worth of inventory. In other words, the inventory balance on the books will be overstated by the amount of the excess refund. Correct Answer: (A) See pages 1.403 in the Fraud Examiner's Manual
Real estate scams are easily recognized, as there is almost always an element of time pressure or "now-or-never" pitch from the perpetrator. A. True B. False
Real estate scams are easily recognized. There is almost always an element of time pressure, with the victims being convinced they are participating in a "once-in-a-lifetime, now-or-never" deal. Perpetrators mislead victims into thinking they will miss the opportunity to make a fortune if they do not act fast. Correct Answer: (A) See pages 1.1326 in the Fraud Examiner's Manual
Which of the following situations is often present in real estate fraud schemes? A. A false appraisal report B. No expert assistance at closing C. The services of an arms-length legal representative D. All of the above
Real estate transactions assume a willing buyer and a willing seller. Fraud can occur when the transaction breaks down or the expert assistance is not at arm's length. Many real estate fraud schemes have a false appraisal report as a condition precedent. Correct Answer: (A) A false appraisal report. See pages 1.918 in the Fraud Examiner's Manual
A register disbursement scheme is easier to conceal when register employees have the authority to void their own transactions. A. True B. False
Red flags of fraudulent register disbursements include the following: -Inappropriate separation of duties exists. Cashiers, rather than supervisors, have access to the control keys necessary for refunds and voids. -Register employees have the authority to void their own transactions. -Register refunds are not carefully reviewed. -Multiple cashiers operate from a single cash drawer without separate access codes. -Personal checks from cashiers are found in the register. -Voided transactions are not properly documented or approved by a supervisor. -Voided cash receipt forms (manual systems) or supporting documents for voided transactions (cash register systems) are not retained on file. -Gaps exist in the sequence of transactions on the register log. -There is an excessive number of refunds, voids, or no-sales on the register log. -Inventory totals appear forced. -There are multiple refunds or voids for amounts just under the review limit. Correct Answer: (A) True See pages 1.409 in the Fraud Examiner's Manual
Gaps in the sequence of transactions on the register log might indicate that a fraudulent register disbursement scheme is taking place. A. True B. False
Red flags of fraudulent register disbursements include the following: -Inappropriate separation of duties exists. -Cashiers, rather than supervisors, have access to the control keys necessary for refunds and voids. -Register employees have the authority to void their own transactions. -Register refunds are not carefully reviewed. -Multiple cashiers operate from a single cash drawer without separate access codes. -Personal checks from cashiers are found in the register. -Voided transactions are not properly documented or approved by a supervisor. -Voided cash receipt forms (manual systems) or supporting documents for voided transactions (cash register systems) are not retained on file. -Gaps exist in the sequence of transactions on the register log. -There is an excessive number of refunds, voids, or no-sales on the register log. -Inventory totals appear forced. -There are multiple refunds or voids for amounts just under the review limit. Correct Answer: (A) True See pages 1.409 in the Fraud Examiner's Manual
Which of the following is a red flag of fraudulent register disbursements? A. There are multiple refunds or voids just under the review limit B. Voided transactions are not properly documented or approved by a supervisor C. Personal checks from cashiers are found in the register D. All of the above
Red flags of fraudulent register disbursements include the following: - Inappropriate separation of duties exists. - Cashiers, rather than supervisors, have access to the control keys necessary for refunds and voids. - Register employees have the authority to void their own transactions. - Register refunds are not carefully reviewed. - Multiple cashiers operate from a single cash drawer without separate access codes. - Personal checks from cashiers are found in the register. - Voided transactions are not properly documented or approved by a supervisor. - Voided cash receipt forms (manual systems) or supporting documents for voided transactions (cash register systems) are not retained on file. - Gaps exist in the sequence of transactions on the register log. - There is an excessive number of refunds, voids, or no-sales on the register log. - Inventory totals appear forced. - There are multiple refunds or voids for amounts just under the review limit. Correct Answer: (D) All of the above See pages 1.409 in the Fraud Examiner's Manual
ABC Company purchases a material amount of products from another entity whose operating policies can be controlled by ABC Company's management, but it does not disclose this situation on its financial statements. In which type of improper disclosure scheme has ABC Company engaged? A. Related-party transaction B. Accounting change C. Improper asset valuation D. Significant event
Related-party transactions are business deals or arrangements between two parties who hold a pre-existing connection prior to the transaction. These transactions generally occur when a company does business with another entity whose management or operating policies can be controlled or significantly influenced by the company or by some other party in common. There is nothing inherently wrong with related-party transactions, as long as they are fully disclosed. If the transactions are not fully disclosed, the company might injure its shareholders by engaging in economically harmful dealings without their knowledge. The financial interest that a company official might have might not be readily apparent. For example, common directors of two companies that do business with each other, any corporate general partner and the partnerships with which it does business, and any controlling shareholder of the corporation with which they do business may be related parties. Family relationships can also be considered related parties, such as all direct descendants and ancestors, without regard to financial interests. Related-party transactions are sometimes referred to as self-dealing. Correct Answer: (A) Related-party transaction See pages 1.236 in the Fraud Examiner's Manual
ABC Company purchases a material amount of products from another entity whose operating policies can be controlled by ABC Company's management, but it does not disclose this situation on its financial statements. In which type of improper disclosure scheme has ABC Company engaged? A. Accounting change B. Related-party transaction C. Improper asset valuation D. Significant event
Related-party transactions are business deals or arrangements between two parties who hold a pre-existing connection prior to the transaction. These transactions generally occur when a company does business with another entity whose management or operating policies can be controlled or significantly influenced by the company or by some other party in common. There is nothing inherently wrong with related-party transactions, as long as they are fully disclosed. If the transactions are not fully disclosed, the company might injure its shareholders by engaging in economically harmful dealings without their knowledge. The financial interest that a company official might have might not be readily apparent. For example, common directors of two companies that do business with each other, any corporate general partner and the partnerships with which it does business, and any controlling shareholder of the corporation with which they do business may be related parties. Family relationships can also be considered related parties, such as all direct descendants and ancestors, without regard to financial interests. Related-party transactions are sometimes referred to as self-dealing. Correct Answer: (B) Related-party transaction See pages 1.236 in the Fraud Examiner's Manual
For employee expense reimbursement requests, electronic receipts are preferred to paper receipts because they are more difficult to alter or forge. A. True B. False
Requiring receipts to be submitted electronically is NOT a recommended form of expense reimbursement fraud prevention. In fact, electronic receipts are often much easier to forge or alter than paper receipts. Correct Answer: (B) See pages 1.482 in the Fraud Examiner's Manual
Falsified prescriptions for equipment, excessive supplies, noncovered supplies, and scooter scams are forms of fraud commonly involving what type of health care entity? A. Special care facilities B. Out-patient services groups C. Hospitals D. Reusable medical equipment suppliers
Reusable medical equipment, often called durable medical equipment (DME), includes items such as crutches, wheelchairs, and specialized patient beds. Fraud schemes perpetrated by reusable medical equipment suppliers frequently involve: -Falsified prescriptions for equipment or supplies -Intentionally providing excessive supplies -Equipment not delivered or billed before delivery -Billing for equipment rental beyond when the equipment was checked out -Billing for supplies not covered by the insurance policy or health care program -Scooter scams (i.e., billing for electric-powered wheelchairs that are either unnecessary or are of poorer quality than the model billed for) Correct Answer: (D) See pages 1.1225 in the Fraud Examiner's Manual
What effect would the improper recording of an expenditure as a capitalized asset rather than as an expense have on the financial statements? A. Net income would be falsely understated, lowering the company's tax liability B. Expenses would be overstated, giving the appearance of poor financial performance C. Assets would be falsely overstated, giving the appearance of a stronger company D. None of the above
SImproperly capitalizing expenses is one way to increase income and assets and make the entity's financial position appear stronger. If ineligible expenditures are capitalized as assets and not expensed during the current period, income will be overstated. As the assets are depreciated, income in following periods will be understated. Correct Answer: (C) Assets would be falsely overstated, giving the appearance of a stronger company See pages 1.232 in the Fraud Examiner's Manual
Rock phishing is a type of phishing scheme that uses text messages or other short message systems to dupe an individual or business into providing sensitive data by falsely claiming to be from an actual business, bank, Internet service provider (ISP), or other entity. A. True B. False
SMiShing is a hybrid of phishing and short message service (SMS), also known as text messaging. These schemes use text messages or other short message systems to conduct phishing activities. That is, in SMiShing schemes, the attacker uses text messages or other SMSs to dupe an individual or business into providing sensitive data by falsely claiming to be from an actual business, bank, Internet service provider (ISP), or other entity with which the target does business. Rock phishers use botnets to send massive amounts of phishing emails to huge volumes of Internet users. The emails contain a message from a financial institution, enticing users to click on a fraudulent URL. There is some indication that rock phishers cycle through multiple email lists and attempt to reach the Internet users most likely to use the brands that they are targeting. Correct Answer: (B) False See pages 1.1408-1.1409 in the Fraud Examiner's Manual
Cooper is an intelligence professional for Whetstone Intelligence, a competitive intelligence firm. She is tasked with gathering intelligence about Cryptic Global, the major competitor of Whetstone's biggest client. To gather the intelligence, Cooper infiltrates Cryptic Global's office by posing as a member of its cleaning crew and collects information left around employees' computers and desks. Cooper's approach is an example of: A. Scavenging B. Dumpster diving C. Spoofing D. Shoulder surfing
Scavenging involves collecting information left around computer systems (e.g., on desks or workstations). Dumpster diving involves obtaining sensitive information by looking through someone else's trash (e.g., via dumpsters and other trash receptacles). Shoulder surfing involves observing an unsuspecting target from a nearby location while the target enters a username and password into a system, talks on the phone, fills out financial forms, or performs some other task from which valuable information can be obtained. Spoofing refers to the process whereby an individual impersonates a legitimate user to obtain access to the target's network. Correct Answer: (A) Scavenging See pages 1.706, 1.722, 1.1413 in the Fraud Examiner's Manual
Which of the following is a way that dishonest contractors collude to circumvent the competitive bidding process? A. Use obscure publications to publish bid solicitations. B. Submit invoices for work that was not performed or materials that were not delivered. C. Submit token bids that are not serious attempts to win the contract. D. Submit bids that are competitive in price.
Schemes involving collusion among contractors seek to circumvent the competitive bidding process. In these schemes, competitors in the same market collude to defeat competition or to inflate the prices of goods and services artificially. Complementary bidding (also known as protective, shadow, or cover bidding) is a common form of collusion between competitors, and it occurs when competitors submit token bids that are not serious attempts to win the contract. Token bids give the appearance of genuine bidding, but, by submitting token bids, the conspirators can influence the contract price and who is awarded the contract. Correct Answer: (C) See pages 1.1510-1.1511 in the Fraud Examiner's Manual
Skimming schemes can involve the theft of cash sales or the theft of accounts receivable payments. A. True B. False
Skimming is the removal of cash from a victim entity prior to its entry in an accounting system. Employees who skim from their companies steal sales OR accounts receivable payments before they are recorded in the company books. Correct Answer: (A) True See pages 1.301 in the Fraud Examiner's Manual
The removal of cash from a victim organization before the cash is entered in the organization's accounting system is: A. Skimming B. A fraudulent disbursement C. Lapping D. Cash larceny
Skimming is the removal of cash from a victim entity prior to its entry in an accounting system. Employees who skim from their companies steal sales or receivables before they are recorded in the company books. Because of this aspect of their nature, skimming schemes are known as off-book frauds; they leave no direct audit trail. Correct Answer: (A) Skimming See pages 1.301 in the Fraud Examiner's Manual
Which of the following is a way that dishonest contractors collude to circumvent the competitive bidding process? A. Agree to stay out of each other's designated markets B. Refrain from submitting bids on certain contracts C. Alternate business among themselves on a rotating basis D. All of the above
Schemes involving collusion among contractors seek to circumvent the competitive bidding process. In these schemes, competitors in the same market collude to defeat competition or to inflate the prices of goods and services artificially. The following schemes are common forms of collusion between competitors: -Bid rotation: Bid rotation, also known as bid pooling, occurs when two or more contractors conspire to alternate the business among themselves on a rotating basis. -Bid suppression: Bid suppression occurs when two or more contractors enter into an illegal agreement whereby at least one of the conspirators refrains from bidding or withdraws a previously submitted bid. -Market division: Market division (or market allocation) schemes involve agreements among competitors to divide and allocate markets and to refrain from competing in each other's designated portion of the market. Correct Answer: (D) All of the above See pages 1.1510-1.1512 in the Fraud Examiner's Manual
To ensure separation of duties within the information systems department and between IT and business unit personnel, computer operators should be responsible for performing computer programming. A. True B. False
Separation of duties is a key element in a well-designed internal control system, and it is fundamental to data security. There are various options for achieving separation of duties in information security, and the options vary depending on department responsibilities. For example, some of the best practices for ensuring separation of duties within the information systems department and between IT and business unit personnel include: -Programmers should not have unsupervised access to production programs or have access to production data sets (data files). -IT personnel's access to production data should be limited. -Application system users should only be granted access to those functions and data required for their job duties. -Program developers should be separated from program testers. -System users should not have direct access to program source code. -Computer operators should not perform computer programming. -Development staff should not have access to production data. -Development staff should not access system-level technology or database management systems. -End users should not have access to production data outside the scope of their normal job duties. -End users or system operators should not have direct access to program source code. -Programmers should not be server administrators or database administrators. -IT departments should be separated from information user departments. -Functions involving the creation, installation, and administration of software programs should be assigned to different individuals. -Managers at all levels should review existing and planned processes and systems to ensure proper separation of duties. -Employees' access to documents should be limited to those that correspond with their related job tasks. Correct Answer: (B) False See pages 1.1458-1.1460 in the Fraud Examiner's Manual
Joe formed a company called Glenn Corp. He opened a bank account in Glenn Corp.'s name and used his home computer to create fraudulent invoices from Glenn Corp. for "consulting services." However, Glenn Corp. is a fictitious entity that was created solely to commit fraud, and no services have been rendered. Joe mailed these invoices to his employer, Paisley Company. Paisley Company promptly submitted payment to Glenn Corp., not realizing that the company was fake, and Joe deposited the money. What type of billing scheme did Joe commit? A. A pass-through scheme B. A cash larceny scheme C. A shell company scheme D. A pay and return scheme
Shell companies, though sometimes created for legitimate purposes, are often fictitious entities created for the sole purpose of committing fraud. They might be nothing more than a fabricated name and address that an employee uses to collect disbursements from false billings. However, since the checks received are made out in the name of the shell company, the perpetrator normally also sets up a bank account in their shell company's name. Once a shell company has been formed and a bank account has been opened, the corrupt employee is in a position to begin billing their employer by mailing forged invoices for fictitious goods or services. Correct Answer: (C) A shell company scheme. See pages 1.436, 1.439 in the Fraud Examiner's Manual
Which of the following is an example of an off-book fraud? A. Skimming B. Cash larceny C. Billing schemes D. Ghost employee schemes
Skimming is the removal of cash from a victim entity prior to its entry in an accounting system. Employees who skim from their companies steal sales or receivables before they are recorded in the company books. Because of this aspect of their nature, skimming schemes are known as off-book frauds; they leave no direct audit trail. Cash larceny, billing schemes, and ghost employee schemes all involve the misappropriation of cash that has already been recorded on the victim's books. Correct Answer: (A) Skimming See pages 1.301 in the Fraud Examiner's Manual
Which of the following is NOT an effective control to protect against skimming schemes? A. Installing visible video cameras to monitor a store's cash registers B. Reconciling the sales records to the cash receipts C. Reconciling the physical inventory count with the perpetual inventory records D. Restricting the accounts receivable clerk from preparing the bank deposit
Since skimming is an off-book fraud, routine account reconciliation is not likely to prevent or detect a skimming scheme. If such a scheme is taking place, reconciling the sales records to the amount of cash received will not indicate there is anything amiss; because the skimmed sale was never recorded, the books will remain in balance. Reconciling the physical inventory count with the perpetual inventory records, however, might reveal that there is shrinkage and therefore a skimming scheme. As with most fraud schemes, internal control procedures are a key to the prevention of skimming schemes. For instance, employees who have access to the cash register should not also be responsible for delivering the bank deposit. The accounts receivable clerk should be restricted from preparing the bank deposit, accessing the accounts receivable journal, and having access to collections from customers. An essential part of developing control procedures is management's communication to employees. Controlling whether an employee will not record a sale, understate a sale, or steal incoming payments is extremely difficult. Some physical controls can be put in place to prevent employee skimming, such as video cameras monitoring employees who handle cash and the implementation of a lock box. Correct Answer: (B) See pages 1.318-1.319 in the Fraud Examiner's Manual
Which of the following would be helpful in detecting a skimming scheme? A. Examining journal entries for false credits to inventory B. Examining journal entries for accounts receivable write-offs C. Confirming customers' outstanding account balances D. All of the above
Skimming can sometimes be detected by reviewing and analyzing all journal entries made to the cash and inventory accounts. Journal entries involving the following topics should be examined: Credits to inventory to conceal unrecorded or understated sales Write-offs of lost, stolen, or obsolete inventory Write-offs of accounts receivable accounts Irregular entries to cash accounts A skimming scheme that involves lapping can be detected by independent confirmation of customers' account balances. In a receivables skimming scheme, the fraudster skims a customer's payment instead of posting it to the customer's account. The next payment that arrives gets posted to the skimming victim's account, and so on. Therefore, in a skimming scheme, at least one customer account will appear delinquent on the books, even though that customer has paid. Correct Answer: (D) All of the above See pages 1.318 in the Fraud Examiner's Manual
__________ is the term used for including additional coverages in an insurance policy without the insured's knowledge. A. Sliding B. Churning C. Twisting D. None of the above
Sliding is the term used for including additional coverage in an insurance policy without the insured's knowledge. The extra charges are hidden in the total premium. Since the insured is unaware of the coverage, few claims are ever filed. For example, motor club memberships, accidental death, and travel accident coverage can usually be added to the policy without the insured's knowledge. Correct Answer: (A) Sliding See pages 1.1104 in the Fraud Examiner's Manual
Large businesses are usually at greater risk for business identity theft than smaller ones. A. True B. False
Small businesses are particularly at risk for business identity theft because they have the lines of credit, capital, and other features desired by fraudsters, while often lacking the resources and technology needed to properly defend against identity theft. Correct Answer: (B) False See pages 1.808 in the Fraud Examiner's Manual
Which of the following best describes social engineering? A. A method for gaining unauthorized access to a computer system in which an attacker hides near the target to obtain sensitive information that they can use to facilitate their intended scheme B. A method for gaining unauthorized access to a computer system in which an attacker searches through large quantities of available data to find sensitive information that they can use to facilitate their intended scheme C. A method for gaining unauthorized access to a computer system in which an attacker deceives victims into disclosing personal information or convinces them to commit acts that facilitate the attacker's intended scheme D. A method for gaining unauthorized access to a computer system in which an attacker bypasses a system's security through the use of an undocumented operating system and network functions
Social engineering is a method for gaining unauthorized access to a computer system in which the attacker deceives victims into disclosing personal information or convinces them to commit acts that facilitate the attacker's intended scheme. Correct Answer: (C) See pages 1.1405 in the Fraud Examiner's Manual
When a fraudster calls someone at the target company and cajoles or tricks the person into providing valuable information, that corporate espionage technique is referred to as which of the following? A. Spamming B. Social engineering C. Replicating D. None of the above
Social engineering is the act of using deceptive techniques to manipulate people into taking certain actions or disclosing information. In social engineering schemes, social engineers use various forms of trickery, persuasion, threats, or cajolery to encourage their targets to release information that the engineers can use and exploit to achieve their goals. Attackers engage in social engineering for various reasons. Some use social engineering to gain unauthorized access to systems or obtain confidential communication so that they can commit fraud, intrude into networks, gain access to buildings, steal another party's secrets, commit identity theft, or engage in some other nefarious act. In some situations, attackers use social engineering to procure information that will give them a competitive advantage, whereas others might engage in social engineering to find ways in which they can install malware. See pages 1.719-1.720 in the Fraud Examiner's Manual
Which of the following is NOT a method that is used to conceal inventory shrinkage? A. Performing a forced reconciliation of the inventory records B. Writing off stolen inventory as scrap C. Selling merchandise without recording the sale D. Placing empty boxes on warehouse shelves
Some fraudsters try to make it appear as though there are more assets present in the warehouse or stockroom than there actually are by physically padding the inventory. In one case, employees stole liquor from their stockroom and re-stacked the containers for the missing merchandise. This made it appear that the missing inventory was present when in fact there were really empty boxes on the stockroom shelves. Another method would be to fill boxes with bricks or other inexpensive materials and stack the boxes on warehouse shelves. One of the simplest methods for concealing shrinkage is to decrease the perpetual inventory record so that it matches the physical inventory count. This is also known as a forced reconciliation of the account. Basically, the perpetrator just changes the numbers in the perpetual inventory to make them match the amount of inventory on hand. Writing off inventory as obsolete, damaged, or unsellable is also a relatively common way for fraudsters to remove assets from the books before or after they are stolen. This is beneficial to the fraudster because it eliminates the problem of shrinkage that inherently exists in every case of non-cash asset misappropriation. Selling merchandise without recording the sale would actually increase the amount of shrinkage on a company's books because the physical inventory would be depleted without a corresponding adjustment to the perpetual inventory. Correct Answer: (C) See pages 1.511-1.513 in the Fraud Examiner's Manual
Of the following, who should conduct physical observations of a company's inventory in order to most effectively prevent inventory theft? A. Purchasing supervisor B. Warehouse personnel C. Sales representative D. Purchasing agents
Someone independent of the purchasing or warehousing functions should conduct physical observation of inventory. For example, sales representatives usually communicate with customers and encourage them to buy the company's products, but they typically have no access to the physical inventory. The personnel conducting the physical observations also should be knowledgeable about the inventory. Correct Answer: (C) Sales Representative See pages 1.518 in the Fraud Examiner's Manual
All of the following are measures that would be helpful in preventing cash larceny schemes EXCEPT: A. Having all employees use the same cash register for their transactions B. Ensuring that the duties of making bank deposits and performing bank reconciliations are assigned to different individuals C. Assigning an employee's duties to another individual when that employee goes on vacation D. Sending out a company-wide communication informing employees of the company's surprise cash-count policy
Surprise cash counts and supervisory observations are a useful fraud prevention method if properly used. It is important that employees know that cash will be counted on a periodic and unscheduled basis. Having all employees use the same cash register will not deter cash larceny. However, each employee should have a unique code to the cash registers to facilitate detection of such schemes. Mandatory vacations are an excellent method of detecting cash fraud. If mandatory vacations are within the company's policies, it is important that during an employee's absence, that employee's normal workload be performed by another individual. The purpose of mandatory vacations is lost if the work is allowed to remain undone during the employee's time off. The primary means of preventing cash fraud is separation of duties. Whenever one individual has control over the entire accounting transaction (e.g., authorization, recording, and custody), the opportunity is present for cash fraud. Each of the following duties/responsibilities should be separated: -Cash receipts -Bank deposits -Bank reconciliation -Cash disbursements Therefore, no one person, including the accounts receivable clerk, should be responsible for both depositing cash at the bank and performing bank reconciliations. Correct Answer: (A) See pages 1.332-1.333 in the Fraud Examiner's Manual
Which of the following best illustrates the use of technical surveillance for purposes of corporate espionage? A. A spy impersonates a help desk representative to obtain an employee's network password. B. A spy hacks into a target computer and monitors an employee's communications. C. A spy uses a phony employee badge to enter an office and take a sensitive document. D. A spy creates a deceptive website to trick employees into entering confidential information.
Technical surveillance is the practice of covertly acquiring audio, visual, or other types of data from targets through the use of technical devices, procedures, and techniques. When corporate spies resort to the use of technical surveillance, it is usually to gather non-documentary evidence or information that cannot be found through open sources. Corporate spies might employ various forms of technological surveillance, such as aerial photography, bugging and wiretapping, video surveillance, photographic cameras, mobile phones, monitoring computer emanations, and computer system penetrations. Correct Answer: (B) See pages 1.707, 1.729-1.735 in the Fraud Examiner's Manual
Which of the following statements is TRUE with regard to factoring companies? A. Factoring companies in Asian and European countries tend to charge more for their services than factoring companies in other countries. B. Factoring groups buy credit card receipts from telemarketing operations at a discount. C. Factoring companies approach banks on a telemarketer's behalf in order to secure credit card processing services. D. Factoring is illegal in all jurisdictions.
Telemarketing operations commonly engage factoring companies. These groups buy credit card receipts from telemarketing operations at a discount, and then use their merchant bank accounts to convert the receipts into cash. Some factors charge as much as 30% of the receipts' gross value to launder the slips. Factoring is illegal in some jurisdictions, though perpetrators find loopholes or ways to disguise their alliances. Factoring through Asian and European merchants is becoming increasingly common. Factoring companies in these countries tend to charge a lower price for their services than some other countries—between 9-10% of the gross. Correct Answer: (B) Factoring groups buy credit card receipts from telemarketing operations at a discount. See pages 1.1319 in the Fraud Examiner's Manual
If a fraudster wants to conceal the misappropriation of cash, which of the following actions will NOT result in a balanced accounting equation? A. Decreasing another asset B. Reducing owners' equity C. Creating an expense D. Decreasing a liability
The accounting equation, Assets = Liabilities + Owners' Equity, is the basis for all double-entry accounting. If an asset (e.g., cash) is stolen, the equation can be balanced by increasing another asset, reducing a liability, reducing an owners' equity account, reducing revenues (and thus retained earnings), or creating an expense (and thus reducing retained earnings). Correct Answer: (A) See pages 1.101-1.102 in the Fraud Examiner's Manual
Delta, a Certified Fraud Examiner (CFE) and expert accounting witness in the United States, was explaining to the jury that a company's financial statements must include information on changes in accounting methods, contingent liabilities, significant subsequent events, and all other information necessary for users to make valid, informed decisions. Delta was explaining the concept of: A. Consistency B. Full disclosure C. Going concern D. None of the above
The accounting principle of full disclosure requires an entity's financial statements to include all information necessary for users to make valid decisions. The statements should not include too much information, but they are required to include enough information to refrain from misleading the user. Supplemental notes to the financial statements are often required to meet these criteria. Correct Answer: (B) Full disclosure See pages 1.117 in the Fraud Examiner's Manual
At the end of each fiscal year, the accounts reflected on the income statement are reduced to a zero balance. A. True B. False
The accounts reflected on the income statement are temporary; at the end of each fiscal year, they are reduced to a zero balance (closed), with the resulting net income (or loss) added to (or subtracted from) retained earnings on the balance sheet. Correct Answer: (A) True See pages 1.108 in the Fraud Examiner's Manual
Annika, a bookkeeper for a small company, created checks to a local vendor and had her boss sign them. She then used correctional fluid to cover up the vendor's name and insert her own. She also changed the amounts of the checks in the same manner. Then she cashed the checks. What kind of scheme did Annika commit? A. A forged maker scheme B. An altered payee scheme C. A forged endorsement scheme D. A cash larceny scheme
The altered payee scheme is a type of check tampering fraud in which an employee intercepts a company check intended for a third party and alters the payee designation so that the check can be converted by the employee or an accomplice. The fraudster inserts their own name, the name of a fictitious entity, or some other name on the check's payee line. Correct Answer: (B) An Altered Payee Scheme See pages 1.419 in the Fraud Examiner's Manual
The asset turnover ratio is used to assess a company's ability to meet sudden cash requirements. A. True B. False
The asset turnover ratio (net sales divided by average total assets) is used to determine the efficiency with which asset resources are used by the entity. The asset turnover ratio is one of the more reliable indicators of financial statement fraud. A sudden or continuing decrease in this ratio is often associated with improper capitalization of expenses, which increases the denominator without a corresponding increase in the numerator. The quick ratio is used to assess a company's ability to meet sudden cash requirements. The quick ratio, commonly referred to as the acid test ratio, compares quick assets (i.e., those that can be immediately liquidated) to current liabilities. It is calculated by dividing the total of cash, securities, and receivables by current liabilities. The quick ratio offers a more conservative view of a company's liquidity because it excludes inventory and other current assets that are more difficult to rapidly turn into cash. Correct Answer: (B) False See pages 1.246, 1.249 in the Fraud Examiner's Manual
Which of the following appears on the balance sheet? A. Current assets B. Expenses C. Revenues D. Cost of goods sold
The balance sheet, or statement of financial position, is an expansion of the accounting equation, Assets = Liabilities + Owners' Equity. That is, it lists a company's assets on one side and its liabilities and owners' equity on the other side. Assets are classified as either current or noncurrent. Current assets consist of cash or other liquid assets that are expected to be converted to cash, sold, or used up, usually within a year or less. Current assets listed on the balance sheet include cash, accounts receivable, inventory, supplies, and prepaid expenses. Revenues, expenses, and cost of goods sold are all items that appear on a company's income statement. Correct Ansswer: (A) Current Assets See pages 1.106-1.107, 1.109 in the Fraud Examiner's Manual
The accounts receivable clerk should be responsible for preparing the bank deposit. A. True B. False
The bank deposit should be made by someone other than the cashier or the accounts receivable clerk. A person independent of the cash receipts and accounts receivable functions should compare entries to the cash receipts journal with: -Authenticated bank deposit slips -The deposit per the bank statements Correct Answer: (B) False See pages 1.330 in the Fraud Examiner's Manual
Which financial ratio is calculated by dividing current assets by current liabilities? A. Profit margin B. Current ratio C. Quick ratio D. Receivable turnover
The current ratio—current assets divided by current liabilities—is probably the most-used liquidity ratio in financial statement analysis. This comparison measures a company's ability to meet present obligations from its liquid assets; specifically, the current ratio measures the amount of times current assets would be able to pay back current liabilities. In detecting fraud, this ratio can be a prime indicator of manipulation of accounts involved. Embezzlement will cause the ratio to decrease. Liability concealment will cause a more favorable ratio. Correct Answer: (B) See pages 1.246 in the Fraud Examiner's Manual
Which financial ratio is calculated by dividing current assets by current liabilities? A. Quick ratio B. Current ratio C. Profit margin D. Receivable turnover
The current ratio—current assets divided by current liabilities—is probably the most-used liquidity ratio in financial statement analysis. This comparison measures a company's ability to meet present obligations from its liquid assets; specifically, the current ratio measures the amount of times current assets would be able to pay back current liabilities. In detecting fraud, this ratio can be a prime indicator of manipulation of accounts involved. Embezzlement will cause the ratio to decrease. Liability concealment will cause a more favorable ratio. Correct Answer: (B) Current Ratio See pages 1.246 in the Fraud Examiner's Manual
Liam is the manager of a small bank that has recently experienced an increase in the amount of fraud related to electronic funds transfers (EFTs). Which of the following methods can Liam implement to reduce his bank's exposure to EFT fraud? A. Separate the duties of bank employees so that responsibilities for the issuance of access devices are separate from the issuance of PINs B. Send a welcome letter to new customers to determine if the address submitted on the account application is valid C. Ensure that PINs are mailed separately from other associated account information D. All of the above
The following are safeguards that banks can perform to reduce the risk that they or their customers become victimized by unauthorized electronic funds transfers (EFTs): -Confirm phone and mailing addresses on the application to ensure that they are consistent with information about the applicant that is available from other sources and, with respect to existing customers, consistent with current records about these customers. This might involve obtaining credit reports about the applicant or obtaining copies of utility bills that show the applicant's address. -Make sure that the area or city code in the applicant's telephone number matches the geographical area for the applicant's address. -Send a welcome letter to the address on the application with the bank's return address so that the letter is returned if the applicant does not live there. -Verify by telephone or additional mailings any change of address requests in the same way that new account applications are verified. -If a customer reports the loss or theft of an access device, cancel the existing card, personal identification number (PIN), or other form of access and issue a new one. -If a customer reports that a person previously authorized to use an access device no longer has that authority, cancel all cards, PINs, or other access devices and issue new ones to the customer. -Always mail PINs separately from other information, such as usernames, with which they are associated. -Separate the responsibility of bank employees who have custody of information relating to access devices from those who have responsibility for issuance, verification, or reissuance of PINs. -Ensure that any communication concerning usernames or passwords is sent in a secure encrypted format. -Require customers who register for electronic bill presentment and payment (EBPP) or person-to-person (P2P) systems to provide information indicating that they are authorized to use the bank account or credit card from which payments will be made. -Employ multifactor authentication to verify transfers via EBPP or P2P systems. Correct Answer: (D) All of the above See pages 1.1043-1.1044 in the Fraud Examiner's Manual
Which of the following is a recommended step that businesses should take to protect their customers and employees from identity theft? A. Only retain personal information for as long as it is necessary B. Conduct regular employee training on information-handling best practices C. Require employees to use complex passwords or passphrases D. All of the above
The following are some of the steps businesses can take to protect personal information and prevent identity theft: -Limit the personal information collected from customers. For example, do not collect customers' government identification numbers unless there is a legal requirement to do so. -Restrict employees' access to the personal information of customers and coworkers. -Use network-security tools to monitor who accesses personal information. -Do not retain personal information for longer than necessary. -Adopt an information-handling policy that governs how personal information is stored, protected, and disposed of. Strictly enforce the policy, and discipline employees who violate it. -Conduct regular employee training regarding the company's information-handling policy and best practices for preventing identity theft. -Ensure the security of buildings by using locks, access codes, and other security features. -Keep physical documents containing personal information in locked rooms or locked file cabinets. -Secure all computer networks and electronic information. -Use encryption to protect all personal information stored by the company or sent to third parties. Encryption should also be used to protect information sent over the company's wireless network. -Restrict the use of laptops to those employees who need them to do their jobs. -Require employees to use complex passwords or passphrases. -Where permitted by law, perform background checks on prospective employees. -Thoroughly investigate contractors and vendors before hiring them. -Do not use government identification numbers as employee identification numbers or print them on paychecks. -Perform regular audits of information-handling practices, network security, and other internal controls. -Create a data breach response plan. Correct Answer: (D) All of the above See pages 1.816 in the Fraud Examiner's Manual
All of the following are methods of identity theft prevention recommended for businesses EXCEPT: A. Restrict the use of laptops to those employees who need them to do their jobs. B. Limit employees' access to customers' personal information. C. Perform audits of information-handling practices only when required to do so by regulators. D. Conduct background checks on prospective employees when permitted by law to do so.
The following are some of the steps businesses can take to protect personal information and prevent identity theft: -Limit the personal information collected from customers. For example, do not collect customers' government identification numbers unless there is a legal requirement to do so. -Restrict employees' access to the personal information of customers and coworkers. -Use network-security tools to monitor who accesses personal information. -Do not retain personal information for longer than necessary. -Adopt an information-handling policy that governs how personal information is stored, protected, and disposed of. Strictly enforce the policy, and discipline employees who violate it. -Conduct regular employee training regarding the company's information-handling policy and best practices for preventing identity theft. -Ensure the security of buildings by using locks, access codes, and other security features. -Keep physical documents containing personal information in locked rooms or locked file cabinets. -Secure all computer networks and electronic information. -Use encryption to protect all personal information stored by the company or sent to third parties. Encryption should also be used to protect information sent over the company's wireless network. -Restrict the use of laptops to those employees who need them to do their jobs. -Require employees to use complex passwords or passphrases. -Where permitted by law, perform background checks on prospective employees. -Thoroughly investigate contractors and vendors before hiring them. -Do not use government identification numbers as employee identification numbers or print them on paychecks. -Perform regular audits of information-handling practices, network security, and other internal controls. -Create a data breach response plan. Correct Answer: (C) See pages 1.816 in the Fraud Examiner's Manual
All of the following are methods of identity theft prevention recommended for individuals EXCEPT: A. Use the same password or passphrase for all accounts. B. Use biometric authentication when available. C. Instruct the post office to suspend mail during vacations. D. Avoid using unsecured, public Wi-Fi networks.
The following are some of the steps individuals can take to protect their personal information and prevent identity theft: -Do not give out government identification numbers unless absolutely necessary. -Do not carry government identification cards (or numbers) in purses or wallets. -Create complex passwords or passphrases that are at least eight characters in length and contain upper- and lowercase letters, numbers, and symbols. -Do not reuse passwords. Use a different password for every website, account, or device. -Never send personal information, such as a password or government identification number, via email. Reputable organizations will not request personal information by email. -When available, use biometric authentication (e.g., fingerprints, voice recognition). -Create unique answers for security questions. Do not choose answers containing personal information that is publicly available (e.g., name of high school, mother's maiden name). -Protect computers with strong and regularly updated firewall and antivirus software, and promptly install all security updates and patches. -Avoid suspicious websites. -Delete messages from unknown senders without opening them. -Only download software from trusted websites. -Avoid using unsecured, public Wi-Fi networks. -Limit the amount of personal information shared on social media. -Use software to permanently erase all data from hard drives before disposing of computers, smartphones, copiers, printers, and other electronic devices. -Secure physical mailboxes with a lock, check physical mail regularly, and instruct the post office to suspend mail during vacations. -Shred all sensitive documents. -Opt out of unsolicited offers for pre-approved credit cards or other lines of credit. -Pay attention to billing cycles and review all bills and statements. -Check credit reports regularly. Correct Answer: (A) See pages 1.815 in the Fraud Examiner's Manual
Which of the following is a recommended step that individuals should take to protect themselves from identity theft? A. Use passwords that are at least eight characters long B. Limit personal information shared on social media C. Create unique answers for security questions D. All of the above
The following are some of the steps individuals can take to protect their personal information and prevent identity theft: -Do not give out government identification numbers unless absolutely necessary. -Do not carry government identification cards (or numbers) in purses or wallets. -Create complex passwords or passphrases that are at least eight characters in length and contain upper- and lowercase letters, numbers, and symbols. -Do not reuse passwords. Use a different password for every website, account, or device. -Never send personal information, such as a password or government identification number, via email. Reputable organizations will not request personal information by email. -When available, use biometric authentication (e.g., fingerprints, voice recognition). -Create unique answers for security questions. Do not choose answers containing personal information that is publicly available (e.g., name of high school, mother's maiden name). -Protect computers with strong and regularly updated firewall and antivirus software, and promptly install all security updates and patches. -Avoid suspicious websites. -Delete messages from unknown senders without opening them. -Only download software from trusted websites. -Avoid using unsecured, public Wi-Fi networks. -Limit the amount of personal information shared on social media. -Use software to permanently erase all data from hard drives before disposing of computers, smartphones, copiers, printers, and other electronic devices. -Secure physical mailboxes with a lock, check physical mail regularly, and instruct the post office to suspend mail during vacations. -Shred all sensitive documents. -Opt out of unsolicited offers for pre-approved credit cards or other lines of credit. -Pay attention to billing cycles and review all bills and statements. -Check credit reports regularly. Correct Answer: (D) All of the above See pages 1.815 in the Fraud Examiner's Manual
A financial fund operator who insists that investors continually reinvest their profits, rather than take payouts, is a red flag of a Ponzi scheme. A. True B. False
The following red flags can help investigators uncover Ponzi schemes: Sounds too good to be true: If an investment sounds too good to be true, it probably is. Promises of low risk or high rewards: Promoters of Ponzi schemes typically promise implausibly high or quick returns with little risk. As all legitimate investments include some degree of risk, any guarantee that an investment will perform in a certain way is a clear signal that it might be part of a Ponzi scheme. History of consistent returns: Any firm that generates remarkably consistent returns regardless of market conditions should raise suspicions. High-pressure sales tactics: Reputable investment firms and agents do not push potential investors to act immediately, and legitimate investment opportunities are rarely that time sensitive. Pressure to reinvest: Often, fraudsters keep Ponzi schemes alive by convincing investors to reinvest their profits rather than take a payout. Complex trading strategies: Legitimate agents should be able to provide clear explanations about their investment strategies. For obvious reasons, Ponzi-scheme boosters purposefully employ complicated strategies that confound unsophisticated investors. Lack of transparency or access: Secrecy surrounding the operations of a financial company should be an immediate warning sign. Ponzi operators are often unlicensed, and their supposed investments are typically unregistered. Additionally, a lack of access to regular statements or an online account should trigger alarm. Lack of separation of duties: Investors should be wary of any financial manager who manages, administers, and retains custody of the fund in question. Correct Answer: (A) True See pages 1.1342-1.1343 in the Fraud Examiner's Manual
Which of the following is one of the four major categories of check tampering schemes? A. Altered payee schemes B. Forged maker schemes C. Forged endorsement schemes D. All of the above
The four major categories of check tampering schemes include: -Forged maker schemes -Forged endorsements -Altered payees -Authorized maker schemes Correct Answer: (D) All of the above See pages 1.410 in the Fraud Examiner's Manual
Which U.S. generally accepted accounting principle (GAAP) requires corresponding expenses and revenue to be recorded in the same accounting period? A. Full disclosure B. Matching C. Conservatism D. Consistency
The matching principle requires that expenses be recorded in the same accounting period as the revenues they help generate. Estimates, accruals, and allocations are often needed to meet this requirement. When a sale is recorded, the appropriate charges for cost of goods sold, or other expenses directly corresponding to the sale, should be recorded in the same accounting period. Correct Answer: (B) Matching See pages 1.117 in the Fraud Examiner's Manual
David runs a local catering company. He keeps his books on a calendar year and uses the accrual basis of accounting. In December of Year 1, a customer placed an order with him to cater the food for a party that would take place in February of Year 2. The contract was signed and the balance was paid in full when the order was placed in December. When should David report the revenue from this party and the associated expenses of catering it? A. The revenue should be recorded in December when David received the cash, and the expenses should be recorded in February after the party takes place. B. Both the revenue and expenses should be recorded in December. C. Both the revenue and expenses should be recorded in February. D. It doesn't matter because it is up to David to decide whether he reports the revenue and expenses in December or February.
The matching principle requires that expenses be recorded in the same accounting period as the revenues they help generate. Estimates, accruals, and allocations are often needed to meet this requirement. When a sale is recorded, the appropriate charges for cost of goods sold, or other expenses directly corresponding to the sale, should be recorded in the same accounting period. In this example, since the expenses will not be incurred until David caters the event in February, the revenue David received should not be recorded until February as well. Correct Answer: (C) See pages 1.117 in the Fraud Examiner's Manual
The most common giveaway scheme, in which a postcard arrives in the mail telling the recipient they have already won a prize such as a luxurious vacation or cash, is known as: A. The "Bait and Switch" B. The "Fly and Buy" C. The "1-in-5" D. None of the above
The most common giveaway scheme is known as the 1-in-5. In this scheme, a consumer receives a letter or postcard in the mail informing that individual that they have already won a prize. The prizes usually include luxurious vacations, new cars, or cash. Unfortunately, the odds of winning any of the prizes are extremely low. Victims might receive items of minimal or no value or coupons redeemable only for the company's substandard merchandise. Correct Answer: (C) See pages 1.1331 in the Fraud Examiner's Manual
The most effective way to prevent and detect electronic payment fraud is through proper separation of duties. A. True B. False
The most important practice for preventing and detecting electronic payment fraud is separation of duties. For example, in the case of online bill payments, such as those made through a bank's website or a third-party business-to-business payment service, separate individuals should be responsible for maintaining payment templates, entering payments, and approving payments. For wire transfers, duties for creating, approving, and releasing wires should be segregated. And to prevent attempts to conceal fraudulent electronic payment activity, no individual involved in the payment process should reconcile the bank statement or even have access to it. In addition to separating duties, companies should consider segregating their bank accounts to maintain better control over them—for example, separate accounts can be used for paper and electronic transactions. Correct Answer: (A) True See pages 1.434 in the Fraud Examiner's Manual
Which of the following is an acceptable justification for a departure from generally accepted accounting principles (GAAP)? A. Departing from GAAP would make the company appear more profitable B. Adhering to GAAP is significantly more expensive than using an alternative method C. The literal application of GAAP would render the financial statements misleading D. None of the above
The question of when it is appropriate to stray from generally accepted accounting principles (GAAP) is a matter of professional judgment; there is not a clear-cut set of circumstances that justifies such a departure. However, the fact that complying with GAAP would be more expensive or would make the financial statements look weaker is not a reason to use a non-GAAP method of accounting for a transaction. It can be assumed that adherence to GAAP almost always results in financial statements that are fairly presented. However, the standard-setting bodies recognize that, upon occasion, there might be an unusual circumstance when the literal application of GAAP would render the financial statements misleading. In these cases, a departure from GAAP is the proper accounting treatment. Departures from GAAP can be justified in the following circumstances: -It is common practice in the entity's industry for a transaction to be reported in a particular way. -The substance of the transaction is better reflected (and, therefore, the financial statements are more fairly presented) by not strictly following GAAP. -If a transaction is considered immaterial (i.e., it would not affect a decision made by a prudent reader of the financial statements), then it need not be reported. -There is concern that assets or income would be overstated and expenses or liabilities would be understated (the conservatism constraint requires that when there is any doubt, one should avoid overstating assets and income or understating expenses and liabilities). -The results of departure appear reasonable under the circumstances, especially when strict adherence to GAAP will produce misleading financial statements and the departure is properly disclosed. Correct Answer: (C) See pages 1.125-1.127 in the Fraud Examiner's Manual
It is considered acceptable practice to deviate from generally accepted accounting principles (GAAP) in which of the following circumstances? A. Adherence to GAAP would produce misleading results B. There is concern that assets or income would be overstated C. It is common practice in the industry to give particular transactions a specific accounting treatment D. All of the above
The question of when it is appropriate to stray from generally accepted accounting principles (GAAP) is a matter of professional judgment; there is not a clear-cut set of circumstances that justifies such a departure. It can be assumed that adherence to GAAP almost always results in financial statements that are fairly presented. However, the standard-setting bodies recognize that, upon occasion, there might be an unusual circumstance when the literal application of GAAP would render the financial statements misleading. In these cases, a departure from GAAP is the proper accounting treatment. Departures from GAAP can be justified in the following circumstances: -It is common practice in the entity's industry for a transaction to be reported in a particular way. -The substance of the transaction is better reflected (and, therefore, the financial statements are more fairly presented) by not strictly following GAAP. -If a transaction is considered immaterial (i.e., it would not affect a decision made by a prudent reader of the financial statements), then it need not be reported. -There is concern that assets or income would be overstated and expenses or liabilities would be understated (the conservatism constraint requires that when there is any doubt, one should avoid overstating assets and income or understating expenses and liabilities). -The results of departure appear reasonable under the circumstances, especially when strict adherence to GAAP will produce misleading financial statements and the departure is properly disclosed. Correct Answer: (D) All of the above See pages 1.125-1.127 in the Fraud Examiner's Manual
The quick ratio is used to determine the efficiency with which a company uses its assets. A. True B. False
The quick ratio, commonly referred to as the acid test ratio, compares quick assets (i.e., those that can be immediately liquidated) to current liabilities. This calculation divides the total of cash, securities, and receivables by current liabilities to yield a measure of a company's ability to meet sudden cash requirements. The quick ratio offers a more conservative view of a company's liquidity because it excludes inventory and other current assets that are more difficult to rapidly turn into cash. The asset turnover ratio is used to determine the efficiency with which asset resources are used by the entity. Correct Answer: (B) False See pages 1.246, 1.249 in the Fraud Examiner's Manual
Which of the following is the correct calculation of the quick ratio? A. (Cash + marketable securities + receivables) / current liabilities B. (Cash + marketable securities) / accounts payable C. Current assets / current liabilities D. (Cash + receivables) / current liabilities
The quick ratio, commonly referred to as the acid test ratio, compares quick assets (i.e., those that can be immediately liquidated) to current liabilities. This ratio is a measure of a company's ability to meet sudden cash requirements. It is important to note that while the current ratio includes inventory in its current assets, the quick ratio does not. Thus, the quick ratio offers a more conservative view of a company's liquidity because it excludes inventory and other current assets that are more difficult to rapidly turn into cash. The equation for the quick ratio is: quick ratio = (cash + marketable securities + receivables) / current liabilities. Correct Answer: (A) See pages 1.246 in the Fraud Examiner's Manual
Which of the following is the correct calculation of the quick ratio? A. (Cash + marketable securities + receivables) / current liabilities B. Current assets / current liabilities C. (Cash + marketable securities) / accounts payable D. (Cash + receivables) / current liabilities
The quick ratio, commonly referred to as the acid test ratio, compares quick assets (i.e., those that can be immediately liquidated) to current liabilities. This ratio is a measure of a company's ability to meet sudden cash requirements. It is important to note that while the current ratio includes inventory in its current assets, the quick ratio does not. Thus, the quick ratio offers a more conservative view of a company's liquidity because it excludes inventory and other current assets that are more difficult to rapidly turn into cash. The equation for the quick ratio is: quick ratio = (cash + marketable securities + receivables) / current liabilities. Correct Answer: (A) (Cash + marketable securities + receivables) / current liabilities See pages 1.246 in the Fraud Examiner's Manual
Why is the health care industry concerned about the potential effect of the electronic data interchange (EDI) on fraudulent activity? A. Only a few types of health care transactions can be processed by EDI B. The tools required to detect EDI fraud are difficult to use C. The efficiency of EDI allows for more vendors and thus more claims to process D. All of the above
The reasons the health care industry is concerned about electronic data interchange's (EDI) potential to stimulate fraudulent activity include: There is a lack of tools to detect EDI fraud. The variety of health care services increases the potential for dissimilar frauds. The efficiency of EDI allows for more vendors and thus more claims to account for. The swiftness in which transactions take place allows less time to uncover fraud. Correct Answer: (C) See pages 1.1263 in the Fraud Examiner's Manual
The solicitation phase of procurements involving open and free competition includes which of the following activities? A. The prospective contractors prepare and submit their bids. B. The procuring entity identifies its needs and develops the criteria used to award the contract. C. The procuring entity performs its contractual obligations. D. The procuring entity determines the method for acquiring the goods or services.
The solicitation phase involves the bid solicitation, bid preparation, and bid submission. During this phase, the procuring entity prepares the solicitation document, provides notices of solicitation, and issues the solicitation document. After the procuring entity issues the solicitation document, the bidders prepare and submit their bids or proposals. Correct Answer: (A) See pages 1.1509 in the Fraud Examiner's Manual
Which of the following statements is TRUE with regard to the statement of cash flows? A. There are four types of cash flows: cash flows from operating activities, from investing activities, from financing activities, and from revenue activities. B. The statement of cash flows is not always necessary because most companies operate under cash-basis accounting rather than accrual accounting. C. The statement of cash flows shows a company's financial position at a specific point in time. D. The statement of cash flows is often used in tandem with the income statement to determine a company's true financial performance.
The statement of cash flows reports a company's sources and uses of cash during the accounting period. This statement is often used by potential investors and other interested parties in tandem with the income statement to determine a company's true financial performance during the period being reported. The nature of accrual accounting allows (and often requires) the income statement to contain many noncash items and subjective estimates that make it difficult to fully and clearly interpret a company's operating results. However, it is much harder to falsify the amount of cash that was received and paid during the year, so the statement of cash flows enhances the financial statements' transparency. The balance sheet shows a company's financial position at a specific point in time. Correct Answer: (D) See pages 1.106, 1.112 in the Fraud Examiner's Manual
Which of the following statements is NOT true regarding the statement of cash flows? A. The statement of cash flows shows a company's financial position at a specific point in time. B. The statement of cash flows is often used in tandem with the income statement to determine a company's true financial performance. C. The statement of cash flows reports a company's sources and uses of cash during the accounting period. D. There are three types of cash flows: cash flows from operating activities, from investing activities, and from financing activities.
The statement of cash flows reports a company's sources and uses of cash during the accounting period. This statement is often used by potential investors and other interested parties in tandem with the income statement to determine a company's true financial performance during the period being reported. The statement of cash flows is broken down into three sections: cash flows from operating activities, cash flows from investing activities, and cash flows from financing activities. The balance sheet shows a company's financial position at a specific point in time. Correct Answer: (A) See pages 1.106, 1.112 in the Fraud Examiner's Manual
The statement of changes in owners' equity acts as the connecting link between which two financial statements? A. Income statement and balance sheet B. Income statement and statement of cash flows C. Statement of cash flows and balance sheet D. Balance sheet and statement of retained earnings
The statement of changes in owners' equity details the changes in the total owners' equity amount listed on the balance sheet. Because it shows how the amounts on the income statement flow through to the balance sheet, it acts as the connecting link between the two statements. The balance of the owners' equity at the beginning of the year is the starting point for the statement. The transactions that affect owners' equity are listed next and are added together. The result is added to (or subtracted from, if negative) the beginning-of-the-year balance, which provides the end-of-the-year balance for total owners' equity. Correct Answer: (A)
Which of the following schemes refers to the falsification of personnel or payroll records, causing paychecks to be generated to someone who does not actually work for the victim company? A. Falsified salary scheme B. Record alteration scheme C. Ghost employee scheme D. Inflated commission scheme
The term ghost employee refers to someone on the payroll who does not actually work for the victim company. Through the falsification of personnel or payroll records, a fraudster causes paychecks to be generated to a non-employee, or ghost. The fraudster or an accomplice then converts these paychecks. The ghost employee may be a fictitious person or a real individual who simply does not work for the victim employer. Correct Answer: (C) Ghost employee scheme See pages 1.456 in the Fraud Examiner's Manual
Bank reconciliations should be performed by an authorized signatory on the account. A. True B. False
To prevent check fraud, bank reconciliations should NOT be performed by an authorized check signatory. Bank statements should be reviewed and reconciled by more than one person each month. Correct Answer: (B) False See pages 1.431 in the Fraud Examiner's Manual
Common fraud schemes involving automated teller machines (ATMs) include all of the following EXCEPT: A. Employee manipulation B. Unauthorized access to PINs and account codes C. Counterfeit ATM cards D. Credit data blocking
There are a number of fraud schemes that are being perpetrated with regard to automated teller machines (ATMs). These schemes include: -Theft of card and/or unauthorized access to personal identification numbers (PINs) and account codes for ATM transactions by unauthorized persons -Employee manipulation -Counterfeit ATM cards -Counterfeit ATMs -Magnetic strip skimming devices -Shimming devices that target chip-based cards -ATM deposit fraud Correct Answer: (D) Credit data blocking See pages 1.944-1.945 in the Fraud Examiner's Manual
Unauthorized personal use of a company vehicle constitutes misuse of a non-cash asset, a form of asset misappropriation. A. True B. False
There are basically two ways a person can misappropriate a company asset. The asset can be misused (or "borrowed") or it can be stolen. Assets that are misused but not stolen typically include company vehicles, supplies, computers, and other office equipment. Correct Answer: (A) True See pages 1.501 in the Fraud Examiner's Manual
Generally, if the dollar amount of an embezzlement scheme at a financial institution is small enough such that the targeted entity's financial statements will not be materially affected, the scheme can be most effectively detected through which of the following methods? A. Educating employees who are responsible for handling currency B. Conducting a financial statement analysis C. Conducting a review of source documents D. Reviewing all disbursements below the approval limit
There are several methods by which embezzlement can be detected. Generally, if the dollar amount of an embezzlement scheme is small enough such that the targeted entity's financial statements will not be materially affected, embezzlement fraud can be most effectively detected through the review of source documents (e.g., receipts, deposit slips). There can be many types of clues in the source documents, and the particular situation will often determine what the fraud examiner needs to look for. The following are common red flags in source documents that might indicate that embezzlement has occurred: - Missing source documents - Payees on source documents (e.g., checks) do not match entries in the general ledger - Receipts or invoices lack professional quality - Duplicate payment documents for different transactions - Payee identification information that matches an employee's information or that of their relatives - Apparent signs of alteration to source documents - Lack of original source documents (photocopies only) If the scheme is so large that the financial statements of the institution are affected, then a review of the source documents will serve to confirm or refute an allegation that an embezzlement scheme has occurred or is occurring. Generally, for large embezzlements, the most efficient method of detection is an analysis of the financial statements. Correct Answer: (C) Conducting a review of source documents. See pages 1.904 in the Fraud Examiner's Manual
Heather is a fraud examiner who is investigating a fraud case at a bank. Which of the following of Heather's findings might be a red flag of embezzlement? A. Only photocopies are available as source documents instead of originals B. Payees on source documents do not match entries on the general ledger C. Some source documents are missing or altered D. All of the above
There are several methods by which embezzlement can be detected. Generally, if the dollar amount of an embezzlement scheme is small enough such that the targeted entity's financial statements will not be materially affected, embezzlement fraud can be most effectively detected through the review of source documents (e.g., receipts, deposit slips). There can be many types of clues in the source documents, and the particular situation will often determine what the fraud examiner needs to look for. The following are common red flags in source documents that might indicate that embezzlement has occurred: -Missing source documents -Payees on source documents (e.g., checks) do not match entries in the general ledger -Receipts or invoices lack professional quality -Duplicate payment documents for different transactions -Payee identification information that matches an employee's information or that of their relatives -Apparent signs of alteration to source documents -Lack of original source documents (photocopies only) Correct Answer: (D) All of the above See pages 1.904 in the Fraud Examiner's Manual
All of the following are classifications of billing schemes EXCEPT: A. Bid rigging B. Shell company schemes C. Personal purchases with company funds D. Invoicing via nonaccomplice vendors
There are three principal types of billing schemes: -Invoicing via shell companies -Invoicing via nonaccomplice vendors -Personal purchases with company funds Correct Answer: (A) Bid rigging See pages 1.436 in the Fraud Examiner's Manual
All of the following are classifications of billing schemes EXCEPT: A. Shell company schemes B. Bid rigging C. Invoicing via nonaccomplice vendors D. Personal purchases with company funds
There are three principal types of billing schemes: -Invoicing via shell companies -Invoicing via nonaccomplice vendors -Personal purchases with company funds Correct Answer: (B) Bid rigging See pages 1.436 in the Fraud Examiner's Manual
There is nothing inherently wrong with a company engaging in related-party transactions, as long as the transactions are fully disclosed. A. True B. False
There is nothing inherently wrong with related-party transactions, as long as they are fully disclosed. If the transactions are not fully disclosed, the company might injure its shareholders by engaging in economically harmful dealings without their knowledge. Correct Answer: (A) True See pages 1.236 in the Fraud Examiner's Manual
The asset turnover ratio is calculated by dividing net sales by average total assets. A. True B. False
To calculate the asset turnover ratio, divide net sales or revenue by the average total assets. The asset turnover ratio is used to determine the efficiency with which assets are used during the period. The asset turnover ratio is typically calculated by dividing net sales by average total assets (net sales / average total assets). However, average operating assets can also be used as the denominator (net sales / average operating assets). Correct Answer: (A) True See pages 1.249 in the Fraud Examiner's Manual
When developing a program for safeguarding proprietary information (SPI), an organization should form a company task force to develop the program, and the task force should include representatives from relevant departments across the company, such as research and development (R&D), corporate security, and records management. A. True B. False
To coordinate a company-wide program for safeguarding proprietary information (SPI), management should establish a task force and charge it with developing the program. The task force should include managers and staff from departments that deal with proprietary information, such as research and development (R&D) and production. The task force should also include representatives from the following departments: corporate security, human resources (HR), records management, data processing, and legal. Once the task force is assembled, it must identify the information that is to be protected. To make this determination, the task force should identify those areas that give the company its competitive edge (e.g., quality of the product, service, price, manufacturing technology, marketing, and distribution). When doing so, the task force should ask, "What information would a competitor like to know?" Correct Answer: (A) See pages 1.744-1.745 in the Fraud Examiner's Manual
When a task force is charged with developing a program for safeguarding proprietary information (SPI), which of the following should be the first step that it takes? A. Shred sensitive documents. B. Develop an employee awareness program. C. Determine what information should be protected. D. Institute an encryption policy.
To coordinate a company-wide program for safeguarding proprietary information (SPI), management should establish a task force and charge it with developing the program. The task force should include managers and staff from departments that deal with proprietary information, such as research and development (R&D) and production. The task force should also include representatives from the following departments: corporate security, human resources (HR), records management, data processing, and legal. Once the task force is assembled, it must identify the information that is to be protected. To make this determination, the task force should identify those areas that give the company its competitive edge (e.g., quality of the product, service, price, manufacturing technology, marketing, and distribution). When doing so, the task force should ask, "What information would a competitor like to know?" Correct Answer: (C) See pages 1.744-1.745 in the Fraud Examiner's Manual
Traditionally, there are two methods of percentage analysis of financial statements. They are: A. Horizontal and historical analysis B. Balance sheet and income statement analysis C. Vertical and historical analysis D. Horizontal and vertical analysis
Traditionally, there are two methods of percentage analysis of financial statements. Vertical analysis is a technique for analyzing the relationships among the items on an income statement, balance sheet, or statement of cash flows during a specific accounting period by expressing components as percentages of a specified base value within the statement being analyzed. Horizontal analysis, on the other hand, is a technique for analyzing the percentage change in individual financial statement line items from one accounting period to the next. The first period in the analysis is considered the base period, and the changes to subsequent periods are computed as a percentage of the base period. Correct Answer: (D) See pages 1.243-1.244 in the Fraud Examiner's Manual
Which of the following statements is TRUE with regard to gross margin? A. Gross margin is equal to net sales less cost of goods sold. B. Gross margin is the top line of the income statement. C. Gross margin is another term for net income. D. Gross margin is equal to revenues less operating expenses.
Two basic types of accounts are reported on the income statement—revenues and expenses. Revenues represent amounts received from the sale of goods or services during the accounting period. Most companies present net sales as the first line item on the income statement. The term net means that the amount shown is the company's total sales minus any sales refunds, returns, discounts, or allowances. From net sales, an expense titled cost of goods sold or cost of sales is deducted. Regardless of the industry, this expense denotes the amount a company spent (in past, present, and/or future accounting periods) to produce the goods or services that were sold during the current period. The difference between net sales and cost of goods sold is called gross profit or gross margin, which represents the amount left over from sales to pay the company's operating expenses. Correct Answer: (A) Gross margin is equal to net sales less cost of goods sold. See pages 1.109-1.110 in the Fraud Examiner's Manual
Which of the following financial statement manipulations is NOT a type of improper asset valuation scheme? A. Inflated inventory valuation B. Booking of fictitious assets C. Overstated accounts receivable D. Recording expenses in the wrong period
Types of improper asset valuation schemes. Inflated inventory valuation Booking of fictitious assets Overstated accounts receivable Not a type of improper asset valuation scheme. Recording expenses in the wrong period Most improper asset valuations involve the fraudulent overstatement of inventory or receivables, with the goal being to strengthen the appearance of the balance sheet and/or certain financial ratios. Other improper asset valuations include manipulation of the allocation of the purchase price of an acquired business to inflate future earnings, misclassification of fixed and other assets, or improper capitalization of inventory or start-up costs. Improper asset valuations usually take the form of one of the following classifications: -Inventory valuation -Accounts receivable -Business combinations -Fixed assets Correct Answer: (D) See pages 1.224 in the Fraud Examiner's Manual
ABC Corporation is the defendant in a class-action lawsuit for selling defective consumer products. While the lawsuit is estimated to continue for several more years, ABC's management believes that it is highly likely that the company will lose the lawsuit and be ordered to pay a significant amount of damages to the plaintiffs. ABC does NOT have to disclose a liability related to the lawsuit in its financial statements. A. True B. False
Typical liability omissions include the failure to disclose loan covenants or contingent liabilities. Loan covenants are agreements, in addition to or as part of a financing arrangement, that a borrower has promised to keep as long as the financing is in place. The agreements can contain various types of covenants, including certain financial ratio limits and restrictions on other major financing arrangements. Contingent liabilities are potential obligations that will materialize only if certain events occur in the future. A corporate guarantee of personal loans received by a company officer and potential losses from ongoing litigation are examples of contingent liabilities that must be disclosed. Current accounting standards require entities to disclose contingent liabilities in the notes to the financial statements if it is possible that an outflow of cash will be required to settle a present obligation in the future. Correct Answer: (B) False See pages 1.235 in the Fraud Examiner's Manual
A fraudster can understate expenses and their related liabilities to make a company appear more profitable than it actually is. A. True B. False
Understating liabilities and expenses is one of the ways financial statements can be manipulated to make a company appear more profitable. Because pre-tax income will increase by the full amount of the expense or liability not recorded, this financial statement fraud method can significantly affect reported earnings with relatively little effort by the fraudster. There are three common methods for concealing liabilities and expenses: -Omitting liabilities and/or expenses -Improperly capitalizing costs rather than expensing them -Failing to disclose warranty costs and product-return liabilities Correct Answer: (A) True See pages 1.229 in the Fraud Examiner's Manual
Which of the following is a common reason why people commit financial statement fraud? A. To cover inability to generate cash flow B. To encourage investment through the sale of stock C. To demonstrate compliance with loan covenants D. All of the above
Unlike some other types of fraud (such as embezzlement), the motivation for financial statement fraud does not always involve personal gain. Most commonly, financial statement fraud is used to make a company's earnings appear better on paper. Financial statement fraud occurs through a variety of methods, such as valuation judgments and manipulating the timing of transaction recording. These more subtle types of fraud are often dismissed as either mistakes or errors in judgment and estimation. Some of the more common reasons why people commit financial statement fraud include: To encourage investment through the sale of stock To demonstrate increased earnings per share or partnership profits interest, thus allowing increased dividend/distribution payouts To cover inability to generate cash flow To avoid negative market perceptions To obtain financing, or to obtain more favorable terms on existing financing To receive higher purchase prices for acquisitions To demonstrate compliance with financing covenants To meet company goals and objectives To receive performance-related bonuses Correct Answer: (D) All of the above See pages 1.204-1.205 in the Fraud Examiner's Manual
A medical provider billed an insurance company for a name-brand drug, while providing the patient with a generic version of the drug. This inflated billing scheme is known as which of the following? A. Undercharging B. Unbundling C. Upcoding D. Replacement fraud
Upcoding occurs when a provider bills for a higher level of service than actually rendered. One common form of upcoding involves generic substitution—filling a prescription with a less expensive drug, while billing for the more expensive form of the drug. Correct Answer: (C) Upcoding See pages 1.1238 in the Fraud Examiner's Manual
Vertical analysis can best be described as a technique for analyzing the percentage change in individual financial statement line items from one accounting period to the next. A. True B. False
Vertical analysis is a technique for analyzing the relationships among the items on an income statement, balance sheet, or statement of cash flows during a specific accounting period by expressing components as percentages of a specified base value within the statement being analyzed. Horizontal analysis is a technique for analyzing the percentage change in individual financial statement line items from one accounting period to the next. Ratio analysis is a means of measuring the relationship between any two different financial statement amounts. The relationship and comparison are the keys to any of these types of financial analyses. Correct Answer: (B) False See pages 1.243-1.245 in the Fraud Examiner's Manual
How does vertical analysis differ from horizontal analysis? A. Vertical analysis is a means of measuring the relationship between any two different financial statement amounts, whereas horizontal analysis examines the relationship between specific financial statement ratios. B. Vertical analysis compares items on one financial statement to items on a different financial statement, while horizontal analysis compares items on the same financial statement. C. Vertical analysis expresses the percentage of component items to a specific base item, while horizontal analysis analyzes the percentage change in individual financial statement line items from one accounting period to the next. D. Vertical analysis compares the performance of a parent company to its subsidiary, while horizontal analysis compares different companies across an industry.
Vertical analysis is a technique for analyzing the relationships among the items on an income statement, balance sheet, or statement of cash flows during a specific accounting period by expressing components as percentages of a specified base value within the statement being analyzed. Horizontal analysis is a technique for analyzing the percentage change in individual financial statement line items from one accounting period to the next. Ratio analysis is a means of measuring the relationship between any two different financial statement amounts. The relationship and comparison are the keys to any of these types of financial analyses. Correct Answer: (C) See pages 1.243-1.245 in the Fraud Examiner's Manual
Wealth in a virtual economy can only be generated by spending significant time and effort participating in massively multiplayer online (MMO) gaming platforms to slowly earn in-game currency. A. True B. False
Wealth in a virtual economy is typically generated by spending significant time and effort participating in massively multiplayer online (MMO) gaming platforms to slowly earn in-game currency, or it can be generated by simply paying for in-game currency using outside payment methods, such as credit cards, PayPal, or bitcoin. Correct Answer: (B) False See pages 1.1050 in the Fraud Examiner's Manual
Bruce, a manager for a retail store, suspects his cashiers of skimming sales. Bruce will be able to detect this kind of scheme by comparing their register totals to the amount of money in their cash drawers. A. True B. False
When an employee skims money by making off-book sales of merchandise, it is impossible to detect theft by comparing the register to the cash drawer because the sale was not recorded on the register. You will often hear about the theft of cash using two terms: larceny and skimming. The difference is in the timing: larceny is the theft of cash that the organization has already accounted for, and skimming is the stealing of money before the organization has the opportunity to account for it. Correct Answer: (B) See pages 1.302 in the Fraud Examiner's Manual
Which of the following is the best description of what is shown on a company's income statement? A. The company's financial position at a specific point in time B. How much profit (or loss) the company earned over a particular period of time C. The company's sources and uses of cash during a particular period of time D. The changes in the total owners' equity amount listed on the balance sheet
Whereas the balance sheet shows a company's financial position at a specific point in time, the income statement, or statement of profit or loss and other comprehensive income, details how much profit (or loss) a company earned during a period of time, such as a quarter or a year. The statement of changes in owners' equity details the changes in the total owners' equity amount listed on the balance sheet. The statement of cash flows reports a company's sources and uses of cash during a particular period of time. Correct Answer: (B) See pages 1.108, 1.111-1.112 in the Fraud Examiner's Manual
Which of the following is the best description of what is shown on a company's income statement? A. The company's sources and uses of cash during a particular period of time B. How much profit (or loss) the company earned over a particular period of time C. The company's financial position at a specific point in time D. The changes in the total owners' equity amount listed on the balance sheet
Whereas the balance sheet shows a company's financial position at a specific point in time, the income statement, or statement of profit or loss and other comprehensive income, details how much profit (or loss) a company earned during a period of time, such as a quarter or a year. The statement of changes in owners' equity details the changes in the total owners' equity amount listed on the balance sheet. The statement of cash flows reports a company's sources and uses of cash during a particular period of time. Correct Answer: (B) How much profit (or loss) the company earned over a particular period of time. See pages 1.108, 1.111-1.112 in the Fraud Examiner's Manual
Which of the following is TRUE concerning the different types of workers' compensation fraud schemes? A. In an organized fraud scheme, a lawyer, a capper, a doctor, and the claimant often collude to defraud the insurance company B. In an agent fraud scheme, agents sometimes issue certificates of coverage to the insured customer while pilfering the premium C. In premium fraud, an employer might understate the amount of the payroll for higher-risk classifications to get a lower-cost premium D. All of the above
Workers' compensation schemes are generally broken into four categories: premium fraud, agent fraud, claimant fraud, and organized fraud schemes. Premium fraud involves the misrepresentation of information to the insurer by employers to lower the cost of workers' compensation premiums. For example, an employer might understate the amount of the payroll for higher-risk classifications, thus receiving lower-cost premiums. Agent fraud schemes consist primarily of pilfering premiums and conspiring to reduce premiums. Underhanded agents sometimes issue certificates of coverage to the ostensibly insured customer while misappropriating the premium rather than forwarding it to the insurance carrier. Agents might also conspire to alter or improperly influence insurance applications to offer lower premiums to their clients. Claimant fraud involves misrepresenting the circumstances of any injury or fabricating that an injury occurred. Organized fraud schemes are composed of the united efforts of a lawyer, a capper, a doctor, and the claimant. This type of scheme is used not only in workers' compensation cases but also in other medical frauds, such as automobile injuries. Correct Answer: (D) All of the above See pages 1.1114-1.1119 in the Fraud Examiner's Manual
The assumption that a business will continue indefinitely is reflected in the accounting concept of: A. Materiality B. Objective evidence C. Going concern D. Cost
A company's management is required to provide disclosures when existing events or conditions indicate that it is more likely than not that the entity might be unable to meet its obligations within a reasonable period of time after the financial statements are issued. There is an underlying assumption that an entity will continue as a going concern; that is, the life of the entity will be long enough to fulfill its financial and legal obligations. Any evidence to the contrary must be reported in the entity's financial statements. Correct Answer: (C) Going concern See pages 1.118 in the Fraud Examiner's Manual
Which of the following parties is responsible for overseeing business operations by assessing the strategy and underlying purpose of management's decisions and actions? a. External auditors b. Shareholders c. Industry regulators d. The board of directors
A corporation's board of directors is made up of individuals who are generally elected by the entity's voting members (e.g., shareholders in the case of a corporation or members in the case of an association). The directors represent the middlemen between the corporation's owners (i.e., shareholders) and those carrying out its activities (i.e., management), and they act as guardians of the organization's resources and assets. As such, the board oversees business operations by assessing the strategy and underlying purpose of management's decisions and actions. Correct Answer: (D)
When an employee signs a legally enforceable non-competition agreement, the provisions of the non-competition agreement continue after the employee leaves the company where they signed the agreement. a. True b. False
A noncompetition agreement is an agreement whereby employees agree not to work for competing companies within a certain period of time after leaving their current employer. If an organization uses a noncompetition agreement, management should remind its employees about the agreement's provisions during an exit interview conducted before the end of their employment. When employees leave a company, it is a good idea to have them sign a statement in which they acknowledge that they understand the noncompetition agreement's terms and that they will abide by its provisions. Correct Answer: (A)
If a bank loan is a nonperforming loan, it might be a red flag for fraud. Which of the following is a fraud scheme that is often connected to a nonperforming loan? A. Construction over-budget items B. Bribery C. Land flips D. All of the above
A nonperforming loan is a loan that is in default or close to being in default. The interest and principal payments might be overdue, and the creditor has reason to believe the loan will not be collected in full. This is often indicative of a fraud scheme. Fraud schemes resulting in a nonperforming loan include: Fraudulent appraisals—The cash flow cannot support an inflated loan and resulting debt amount. False statements—The loan was made on false or fraudulently presented assumptions. Equity skimming—The borrower never intended to make the underlying loan payments. Construction over-budget items—The amount over budget might be a concealment method for other schemes such as embezzlement, misappropriation, or false statements. Bribery—The loan was made because the lender received a bribe or a kickback from the borrower. Land flips—The purpose of the loan was to finance the seller out of a property that has an artificially inflated value. Disguised transactions—The loans are sham transactions without substance, made to conceal other ills. Correct Answer: (D) All of the above See pages 1.910-1.911 in the Fraud Examiner's Manual
Smart cards include a wide variety of hardware and software features capable of detecting and reacting to tampering attempts and countering possible attacks. A. True B. False
A smart card is a plastic card, the size of a credit card, embedded with a microchip. A key advantage of smart cards is that, unlike regular magnetic stripe credit cards, they cannot be easily replicated. Similarly, smart cards cannot be easily counterfeited, which greatly reduces the potential for fraud. Smart cards include a wide variety of hardware and software features capable of detecting and reacting to tampering attempts and countering possible attacks. If someone tries to tamper with a chip on a smart card, the card detects the intrusion and shuts itself down, rendering the card useless. Correct Answer: (A)
Which of the following lists the information security goals that an e-commerce system should achieve for its users and asset holders? A. Exactness, invulnerability, accuracy, materiality, and data/systems response B. Penetrability, accuracy, exactness, materiality, and systems reliability C. Confidentiality, integrity, availability, authentication, and non-repudiation D. Penetrability, accuracy, availability, authentication, and systems reliability
All branches of an information system, including the e-commerce branch, strive to provide security to their users and asset holders. The following is a list of common information security goals that should be achieved to ensure the security of information systems for users and account holders: -Confidentiality of data -Integrity of data -Availability of data -Authentication -Non-repudiation Correct Answer: (C) See pages 1.1437 in the Fraud Examiner's Manual
Which of the following real estate loan schemes would be best described as an air loan? A. A fraudster files fraudulent property transfer documents with the property owner's forged signature and then takes out a loan using the property as collateral. B. A property developer applying for a loan submits instances of previous development experience that are fictitious or that they had no part in. C. A builder, in collusion with an appraiser and other real estate insiders, fraudulently applies for a loan to construct a building on a nonexistent property and keeps the proceeds. D. A loan applicant falsifies their income sources to qualify for a mortgage.
An air loan is a loan for a nonexistent property—with air symbolizing the loan's fraudulent absence of collateral. Most or all of the documentation is fabricated, including the borrower, the property ownership documents, and the appraisal. This type of scheme involves a high level of collusion, and perpetrators might even set up a fictitious office with people pretending to be participants in the transaction, such as the borrower's employer, the appraiser, and the credit agency. Usually, air loans go into early payment default. Since there are no actual properties on which to foreclose, the losses on these loans can be enormous. Correct Answer: (C) See pages 1.927-1.928 in the Fraud Examiner's Manual
AD&N Railway solicits bids to lay several miles of new railroad track. Bob, who works for AD&N, writes the specifications for the project to provide that AD&N will only contract with companies that have more than 25 years of experience. Bob knows that only B&P Track Co., one of the prospective bidders, has more than 25 years of experience. What type of procurement fraud scheme has taken place? A. Bid alteration B. Bid tailoring C. Bid suppression D. Bid division
Bid tailoring schemes (also known as specifications schemes) occur during the pre-solicitation phase. In these schemes, an employee with procurement responsibilities, often in collusion with a contractor, drafts bid specifications in a way that gives an unfair advantage to a certain contractor. Bid specifications are a list of elements, measurements, materials, characteristics, required functions, and other specific information detailing the goods and services that a procuring entity needs from a contractor. Specifications assist prospective contractors in the bidding process, informing them of what they are required to do and providing a firm basis for making bids, and they provide procurement officials with a firm basis for selecting bids. There are three primary methods used to commit bid tailoring schemes. One method involves drafting narrow specifications. In these schemes, a corrupt employee tailors the bid specifications to accommodate a vendor's capabilities and to eliminate other competitors so that the favored contractor is effectively guaranteed to win the contract. For instance, the tailored bid might require potential contractors to have a certain percentage of female or minority ownership. Such a requirement is not illegal, but if it is placed in the specifications as a result of a bribe, then the employee has sold their influence to benefit a dishonest vendor. A second method involves drafting broad specifications. In these schemes, a corrupt employee of the buyer designs unduly broad qualification standards to qualify an otherwise unqualified contractor. A third method involves drafting vague specifications. In these schemes, the buyer's personnel and the contractor collude to write vague specifications or intentionally omit bid specifications. This enables subsequent contract amendments, allowing the contractor to raise the contract's price. Correct Answer: (B) Bid Tailoring See pages 1.1515-1.1516 in the Fraud Examiner's Manual
Which of the following is a technical or administrative control for securing computer systems and communication networks? A. Encrypting sensitive data files B. Installing network security defenses C. Installing operating system security D. All of the above
Computer networks and communications are inherently insecure and vulnerable to attack and disruption. Consequently, management must use technical and administrative controls to protect systems against threats like unauthorized use, disclosure, modification, destruction, or denial of service. Technical security involves the use of safeguards incorporated in computer hardware, operations or applications software, communications hardware and software, and related devices. Administrative security involves the use of tools to provide an acceptable level of protection for computing resources. Common technical and administrative controls used to secure computer systems and communication networks include: -Logical access controls -Network security -Operating system security -Encryption -Application security -Separation of duties Correct Answer: (D) All of the above See pages 1.1450-1.1451 in the Fraud Examiner's Manual
Rowena, a Certified Fraud Examiner (CFE), is an auditor for the government's Office of Audit and Evaluation. While conducting a routine audit of ten construction contracts from the Public Works Department, Rowena notices some unusual characteristics in the contracts' bidding documents. The contracts were all awarded to the same contractor, and the specifications in all ten contracts had unreasonably narrow specifications for the types of goods being procured. Which of the following types of procurement fraud schemes is most likely at issue here? A. A procurement employee convinced their employer that it needs excessive or unnecessary products or services. B. A procurement employee has drafted bid specifications in a way that gives an unfair advantage to a certain contractor. C. A procurement employee broke up a large project into several small projects that fall below the mandatory bidding level. D. A procurement employee has intentionally included unallowable costs in the projects' contracts and budgets.
Bid tailoring schemes (also known as specifications schemes) occur during the pre-solicitation phase. In these schemes, an employee with procurement responsibilities, often in collusion with a contractor, drafts bid specifications in a way that gives an unfair advantage to a certain contractor. Some common red flags of bid tailoring include: -Weak controls over the bidding process -Only one or a few bidders respond to bid requests -Contract is not rebid even though fewer than the minimum number of bids are received -Similarity between specifications and the winning contractor's product or services -Bid specifications and statements of work are tailored to fit the products or capabilities of a single contractor -Unusual or unreasonably narrow or broad specifications for the type of goods or services being procured -Requests for bid submissions do not provide clear bid submission information (e.g., no clear time, place, or manner of submitting bids) -Unexplained changes in contract specifications from previous proposals or similar items -High number of competitive awards to one supplier -Socialization or personal contacts among contracting personnel and bidders -Specifications developed by or in consultation with a contractor who is permitted to compete in the procurement -High number of change orders for one supplier Correct Answer: (B) See pages 1.1515-1.1516 in the Fraud Examiner's Manual
James is a purchaser for a large government entity. ABC Inc. tells James that if he will award ABC at least $5 million in contracts over the next two years, ABC will hire James at the end of the two years at twice his current salary. Because no actual money changes hands, this could not be considered a bribery or corruption scheme. A. True B. False
Bribes do not necessarily involve direct payments of cash or goods. Bribery may be defined as the offering, giving, receiving, or soliciting of corrupt payments—items of value paid to procure a benefit contrary to the rights of others—to influence an official act or business decision. Promises of favorable treatment can constitute corrupt payments. Such promises commonly take the following forms: -A payer might promise a government official lucrative employment when the recipient leaves government service. -An executive leaving a private company for a related government position might be given favorable or inflated retirement and separation benefits. -The spouse or other relative of the intended recipient might also be employed by the payer company at an inflated salary or with minimal actual responsibility. Correct Answer: (B) False See pages 1.601, 1.610 in the Fraud Examiner's Manual
A fraudster uses the email account of a company's president to impersonate the president and ask an employee to make a wire transfer. This can best be described as which of the following types of fraud schemes? A. Rock phishing B. Pharming C. Reverse social engineering D. Business email compromise
Business email compromise (BEC) is a form of spear phishing attack that directly targets executives or other high-ranking corporate employees who have the ability to make large payments. BEC schemes typically involve fraudulent emails that appear to be from the company's own chief executive officer (CEO) or from the head of a foreign supplier that the company has done business with for years. The emails often instruct the employee to perform a time-sensitive wire transfer to ensure that the supply chain is not disturbed. Increasingly, these emails are paired with an insistent phone call from someone posing as the email sender or as the sender's attorney. Rock phishers use botnets to send massive amounts of phishing emails to huge volumes of Internet users. The emails contain a message from a financial institution, enticing users to click on a fraudulent URL. Pharming is a type of attack in which users are fooled into entering sensitive data (such as a password or credit card number) into a malicious website that imitates a legitimate website. It is different from phishing in that in pharming schemes, the attacker does not have to rely on having users click on a link in an email or other message to direct them to the malicious website that is impersonating a legitimate website. In most social engineering scams, attackers approach the computer users, pretending that they need help; however, in reverse social engineering schemes, attackers get the users to make the contact. In these schemes, attackers disguise themselves as technical assistants or someone from whom the user needs help (a need often created beforehand by the attacker through sabotage). It is the reverse of social engineering—the user asks the attacker for help. Correct Answer: (D) Business email compromise See pages 1.1407-1.1410 in the Fraud Examiner's Manual
All of the following are red flags of fraudulent insurance claims EXCEPT: A. A claim is made a short time after the policy's inception. B. A theft claim includes a lot of recently purchased expensive property. C. The insured does not have a history of making insurance claims. D. A fire loss claim does not include family heirlooms or other sentimental items.
Claim fraud might well represent an insurance company's largest fraud risk. Most claims are legitimate; however, some claims are illegitimate. Red flags of insurance claim fraud include the following: -The claim is made a short time after the policy's inception or after a coverage increase or change. -The insured has a history of many insurance claims. -The insured previously asked the insurance agent hypothetical questions about coverage in the event of a loss similar to the actual claim. -In a theft or fire loss claim, the claim includes a lot of recently purchased, expensive property, but the insured cannot provide receipts, owner's manuals, or other proof-of-purchase documentation. -In a fire loss claim, the claim does not include personal or sentimental items, such as photographs or family heirlooms, that would usually be listed among the lost property. -The insured has discarded the claimed damaged property before the adjuster can examine it. Correct Answer: (C) The insured does not have a history of making insurance claims. See pages 1.1109-1.1111 in the Fraud Examiner's Manual
Implementing privilege escalation and using buffer overflow exploits are examples of administrative controls used for securing computer systems and communication networks. A. True B. False
Computer networks and communications are inherently insecure and vulnerable to attack and disruption. Consequently, management must use technical and administrative controls to protect systems against threats like unauthorized use, disclosure, modification, destruction, or denial of service. Technical security involves the use of safeguards incorporated in computer hardware, operations or applications software, communications hardware and software, and related devices. Administrative security involves the use of tools to provide an acceptable level of protection for computing resources. Common technical and administrative controls used to secure computer systems and communication networks include: -Logical access controls -Network security -Operating system security -Encryption -Application security -Separation of duties Buffer overflows and privilege escalation are not controls to prevent computer fraud. Rather, they are both methods of exploiting design flaws in computer systems to gain unauthorized access. Correct Answer: (B) False See pages 1.1417, 1.1450-1.1451 in the Fraud Examiner's Manual
Which of the following is a common area for construction loan fraud schemes? A. Estimates of costs to complete B. Retainage C. Developer overhead D. All of the above
Construction lending has different vulnerabilities than other permanent or interim lending. More risks are associated with construction projects than with already-built projects. Construction loan fraud schemes are numerous; the more common ones are related to estimates of costs to complete, developer overhead, draw requests, and retainage/holdback schemes. Correct Answer: (D) All of the above See pages 1.906 in the Fraud Examiner's Manual
The purpose of draw requests in construction lending is to provide: A. Documentation that all architectural and engineering designs and quotes have been completed B. Documentation that costs have been incurred and reimbursement is sought C. Documentation that the construction project cannot continue without additional funding D. Documentation that the design is approved by the International Union of Architects
Construction loan advances are generally supported by draw requests. A draw request is the documentation substantiating that a developer/borrower has incurred the appropriate construction expenses and is now seeking reimbursement or direct payment. A typical fraud scheme involves requesting advances on the loan for inappropriate costs, such as personal expenses and/or construction costs for an unrelated project. Draw requests might provide the greatest opportunity for a developer to commit fraud because the lender relies upon the developer's documentation. Correct Answer: (B) See pages 1.908 in the Fraud Examiner's Manual
Many health care claims are now paid via electronic data interchange (EDI). Because EDI leaves no paper trail, it makes detecting fraud in the health care industry easier. A. True B. False
Electronic data interchange (EDI) frustrates fraud examiners' ability to detect fraud in the health care industry in three ways: The automation of claims has erased claims professionals' ability to detect suspicious-looking claims. Because they are used to handling the paperwork of claims, EDI hampers the claims professional from getting a good picture of the overall nature of an account, instead reducing each transaction to individual claims. Because of the impersonal nature of electronic transactions, EDI raises the temptation of would-be fraudsters to commit white-collar crime. EDI leaves no paper trail, making the process of fraud detection difficult for the fraud examiner. Correct Answer: (B)
Events occurring after the close of the period that could have a significant effect on the entity's financial position must be disclosed in the entity's financial statements. A. True B. False
Events occurring or becoming known after the close of the period that could have a significant effect on the entity's financial position must be disclosed. Fraudsters typically avoid disclosing court judgments and regulatory decisions that undermine the reported values of assets, that indicate unrecorded liabilities, or that adversely reflect upon management's integrity. A review of subsequent financial statements, if available, might reveal whether management improperly failed to record a subsequent event that it had knowledge of in the previous financial statements. Public record searches can also help reveal this information. Correct Answer: (A)
All of the following are types of medical provider fraud EXCEPT: A. Fictitious services B. Smurfing C. Fictitious providers D. Rolling labs
Fictitious services, rolling labs, and fictitious providers are all types of medical provider fraud. In a fictitious services scheme, legitimate health care providers charge or bill a health care program for services that were not rendered at all. Often, the companies or clinics submit bills for patients they have never seen but whose private patient information they purchased from someone involved in identity theft or someone who otherwise improperly obtained it. In a fictitious provider scheme, corrupt providers or other criminals fraudulently obtain and use another provider's identification information and steal or purchase lists of patients' identifying information. Thereafter, the perpetrator submits bills using the fictitious provider's information to the insurance provider or government health care program for medical services, although no services are performed. A rolling lab is a mobile laboratory that solicits individuals to participate in health screening tests at no cost to the patient. After conducting the tests, however, the lab bills the individual's insurance provider or health care program. Also, the lab might bill additional claims for later service dates even though no more tests are conducted. The lab typically moves to another location prior to the patient receiving the test results to avoid detection. Smurfing is a scheme to launder funds through financial institutions. Correct Answer: (B) Smurfing See pages 1.1222-1.1223 in the Fraud Examiner's Manual
Which of the following would be considered a timing difference financial statement fraud scheme? A. Recognizing a percentage of revenue on a construction project corresponding to the percentage of the project that is complete B. Recording revenue in Year 1 when the payment is received, even though the service won't be performed until Year 2 C. Recognizing revenue in Year 1 when the service is performed, even though the customer doesn't have to pay until Year 2 D. Waiting to record revenue on a contract until a construction job is complete
Financial statement fraud often involves timing differences—that is, the recording of revenues or expenses in improper periods. This can be done to shift revenues or expenses between one period and the next, increasing or decreasing earnings as desired. This practice is also referred to as income smoothing. Examples of timing difference fraud schemes include: -Premature revenue recognition—in general, revenue is recognized when (or as) an entity satisfies a performance obligation by transferring a promised good or service (asset) to a customer. Consequently, even if the seller has received payment for a service, revenue cannot be recognized until the service has been performed, thus satisfying the performance obligation. -Long-term contracts—in some jurisdictions, revenue on long-term contracts can be recognized under one of two methods. The completed-contract method does not record revenue until the project is 100% complete. The percentage-of-completion method, on the other hand, recognizes revenues and expenses in proportion to what percentage of the project is complete. -Recording expenses in the wrong period—per the matching principle, expenses must be recognized in the same period as the corresponding revenues. The timely recording of expenses is sometimes compromised due to pressures to meet budget projections and goals. Correct Answer: (B) See pages 1.217-1.223 in the Fraud Examiner's Manual
Which of the following is a red flag for new bank account fraud? A. A customer leaves out requested information on the account application B. A customer lists a mail drop as the account's mailing address C. A customer requests a large cash withdrawal immediately after opening the account D. All of the above
Fraud is much more likely to occur in new accounts than in established accounts. New account fraud is generally defined as fraud that occurs on an account within the first ninety days that it is open; often, perpetrators open these accounts with the sole intent of committing fraud. Prompt, decisive action is necessary to manage and/or close apparent problem accounts. Some of the more common red flags of potential new account schemes are: -Customer residence outside the bank's trade area -Dress and/or actions inconsistent or inappropriate for the customer's stated age, occupation, or income level -New account holder requesting immediate cash withdrawal upon deposit -Request for large quantity of temporary checks -Services included with the account that do not match the customer's purpose -Missing or inaccurate customer application information -Invalid phone numbers or addresses in customer account information -Use of a mail drop address (a service where a non-affiliated party collects and distributes a person or entity's mail) -Large check or automated teller machine (ATM) deposits followed by rapid withdrawal or transfer of funds (a flow-through account) -Business accounts without standard business transactions, such as payroll or transactions that would be expected in that business -Transactions without a clear purpose in jurisdictions known for high levels of corruption -Opening deposit that is a nominal cash amount -Rare customer ID type -Applicants over the age of 25 with no credit history -Customers who cannot remember basic application information (i.e., phone number, address) Correct Answer: (D) All of the above See pages 1.937, 1.940-1.941 in the Fraud Examiner's Manual
Karl finds a residential property with a non-resident owner. He then forges contractual property documents showing that the owner is transferring ownership of the property completely to Karl, such as would normally happen during a property sale. The property owner is unaware that Karl has created and filed the documents. Later, Karl takes the falsified documents to a lender and borrows money against the property. Which of the following best describes Karl's scheme? a. Air loan b. Fraudulent sale c. Property flipping d. Unauthorized draw on home equity line of credit
Fraudulent sale scams are particularly harmful because they involve the fraudulent acquisition of real estate by filing a fraudulent deed or respective real estate document that makes it appear that the property legally belongs to the criminal. This scam does not happen at the origination of the loan, but rather it might occur without the homeowner's knowledge decades after the property was originally sold. The perpetrator identifies a property—typically belonging to an estate or non-resident owner—that is owned free and clear. They then create fictitious property transfer documents that purport to grant all rights and title on the property to the fraudster. The true owner's signature is forged on the documents, and the scammer files them in the jurisdiction's real property records. Once the ownership documents are filed, they apply for and execute a loan on the property (using a straw borrower). Often, the value is inflated. The perpetrator absconds with 100% of the loan proceeds. Correct Answer: (B)
Green, a door-to-door appliance salesperson, sold several appliances to households in a neighborhood. Green took the money the customers gave him as down payments for the sales and spent it. He did not turn the orders in to his employer. Green's scheme can best be classified as: a. An unrecorded sales (skimming) scheme b. An understated sales (skimming) scheme c. A cash larceny scheme d. A commission scheme
Green's scheme is an unrecorded sales (skimming) scheme. An unrecorded sales scheme occurs when an employee sells goods or services to a customer and collects the customer's payment but makes no record of the sale. Independent salespersons are in a good position to perform sales skimming schemes. A prime example is a person who sells goods door-to-door and does not turn in the orders to his employer. In this case, Green did not remit any of his sales to the appliance company, so the skimming scheme that took place was an unrecorded sales scheme. Correct Answer: (A)
Horizontal analysis is a technique for analyzing the relationships among the items on an income statement, balance sheet, or statement of cash flows during a specific accounting period by expressing components as percentages of a specified base value within the statement being analyzed. A. True B. False
Horizontal analysis is a technique for analyzing the percentage change in individual financial statement line items from one accounting period to the next. The first period in the analysis is considered the base period, and the changes in the subsequent period are computed as a percentage of the base period. Vertical analysis is a technique for analyzing the relationships among the items on an income statement, balance sheet, or statement of cash flows during a specific accounting period by expressing components as percentages of a specified base value within the statement being analyzed. Ratio analysis is a means of measuring the relationship between any two different financial statement amounts. The relationship and comparison are the keys to any of these types of financial analyses. Correct Answer: (B) False See pages 1.243-1.245 in the Fraud Examiner's Manual
All of the following are correct statements about identity theft EXCEPT: A. One way to conceal identity theft is to change the victim's mailing address. B. Solicitations for pre-approved credit cards are especially valuable to identity thieves. C. The type of malware most commonly associated with identity theft is ransomware. D. Identity thieves often engage in pretexting by impersonating the victim's bank.
Identity thieves use malware to steal personal and business information from computers. The type of malware most commonly associated with identity theft is spyware, software that collects and reports information about a computer user without the user's knowledge or consent. Dumpster diving can yield bills, credit card receipts, bank statements, and other items that contain a person's name, address, and telephone number. Solicitations for pre-approved credit cards are especially valuable to identity thieves, but even non-financial information can be useful. Another way to obtain personal or business information is to surreptitiously change the victim's mailing address (or email address) to an address selected by the identity thief. In this way, the identity thief receives the victim's mail directly, and no theft is required. Identity thieves often engage in pretexting by impersonating the victim's bank or another financial institution with which the victim has a business relationship. Correct Answer: (C) See pages 1.809-1.811, 1.814 in the Fraud Examiner's Manual
Which of the following statements is TRUE regarding a fictitious refund scheme? A. Inventory is returned to the store B. The amount of cash in the register balances with the register log C. The victim company's inventory is understated D. All of the above
In a fictitious refund scheme, an employee processes a transaction as if a customer were returning merchandise, even though no actual return takes place. The register log balances with the amount of cash in the register because the money that was taken by the fraudster is supposed to have been removed and given to the customer as a refund. Instead, however, the employee keeps this cash. The second thing that happens in a fictitious refund scheme is that a debit is made to the inventory system showing that the merchandise has been returned. Since the transaction is fictitious, no merchandise is actually returned. The result is that the company's inventory is overstated. Correct Answer: (B)
A pyramid scheme is promoted by encouraging victim investors to recruit new members. The more members recruited, the higher the investor rises in the ranks of the enterprise, and the more money the investor is supposed to make. A. True B. False
In an illegal pyramid scheme, the more members that are recruited, the higher the investor is purported to rise in the ranks of the enterprise, and the more money the investor is supposed to make. The difference between a Ponzi scheme and an illegal pyramid lies in how the operation is promoted. Illegal pyramids are promoted as pyramids, whereas Ponzi schemes are promoted as investment opportunities. In an illegal pyramid, the pyramidal structure helps draw new players, each believing that they will rise through the ranks of the pyramid. A Ponzi scheme, on the other hand, masquerades as some type of investment. Correct Answer: (A) True See pages 1.1343, 1.1349 in the Fraud Examiner's Manual
Reconciling the cash register total to the amount of cash in the drawer is an ineffective method of detecting a cash larceny scheme. A. True B. False
In contrast to skimming schemes, the register records should NOT match up with the cash in the drawer when a cash larceny scheme has occurred. For this reason, cash larceny schemes are much easier to detect than skimming schemes—they leave an audit trail. To detect a cash larceny scheme, one recommended practice is to perform independent reconciliations of the register totals to the amount of cash in the drawer. Correct Answer: (B) False See pages 1.321, 1.329-1.330 in the Fraud Examiner's Manual
All of the following are payroll scheme types EXCEPT: A. Falsified hours and salary B. Stolen paychecks C. Commission schemes D. Ghost employees
In general, payroll schemes fall into one of the following categories: Ghost employees Falsified hours and salary Commission schemes If an employee stole paychecks, this would fall under check tampering, not payroll fraud. The reason is that the heart of the scheme is stealing the check, not generating false payroll disbursements. Correct Answer: (B)
Which of the following practices is a potential indicator of a bid splitting scheme? A. Sequential purchases under the competitive bidding limits that are followed by change orders B. Low employee turnover in an organization's procurement department C. Frequent use of sole-source procurement contracts D. Two or more purchases from the same supplier in amounts just above competitive bidding limits
In general, procuring entities must use competitive methods for projects over a certain amount. To avoid this requirement, a dishonest employee might break up a large project into several small projects that fall below the mandatory bidding level and award some or all of the component jobs to a contractor with whom the employee is conspiring. Some common red flags of bid splitting schemes include: -Two or more similar or identical procurements from the same supplier in amounts just under upper-level review or competitive-bidding limits -Two or more consecutive related procurements from the same contractor that fall just below the competitive-bidding or upper-level review limits -Unjustified split purchases that fall under the competitive-bidding or upper-level review limits -Sequential purchases just under the upper-level review or competitive-bidding limits -Sequential purchases under the upper-level review or competitive-bidding limits that are followed by change orders Correct Answer: (A) See pages 1.1519 in the Fraud Examiner's Manual
In credit repair scams, the fraudster promises to "erase" or "doctor" an applicant's credit history, but in reality there is no way to erase bad credit. A. True B. False
Similar to loan scams are those that promise to repair credit. Fraudsters who pitch credit repair services like to say that they can "wipe away," "doctor," or "cosmeticize" negative items on credit, insinuating they have ways of changing or disguising a person's credit history. Despite the fact that there is really no way to erase bad credit, many people fall for this scam, paying large sums of money to expunge their records. Correct Answer: (A) True See pages 1.1324 in the Fraud Examiner's Manual
Katie is a sales clerk at a jewelry store. She watched another sales clerk, Helen, type her access code into her register and memorized it. When Helen called in sick, Katie logged in to the cash register using Helen's code and processed customer transactions as usual. After completing one sale, she left the drawer open and slipped a large sum of money into her pocket from the register drawer. What type of scheme did she commit? A. A register disbursement scheme B. An understated sales scheme C. A cash larceny scheme D. A skimming scheme
In some retail organizations, there is one cash register, and each employee has a different access code. By using someone else's access code to enter the register and then steal cash under their name, the perpetrator makes sure that another employee will be the prime suspect in the theft. Katie's theft was not a skimming scheme because the cash she stole was already in the company's possession and recorded in the register. An understated sales scheme is a type of skimming scheme in which a fraudster records a sale for less than it actually is and skims the difference. Katie did not commit a register disbursement scheme because register disbursement schemes involve a fraudulent transaction that justifies the removal of cash from the register, such as a false return or a voided sale. Katie did not make any entry that would account for the missing money—she simply took money out of the register under Helen's name so that she could avoid blame. Therefore, Katie committed a cash larceny scheme. Correct Answer: (C) A cash larceny scheme See pages 1.301, 1.307, 1.323, 1.401 in the Fraud Examiner's Manual
In a U.S. Chapter 11 bankruptcy proceeding, the court receives allegations of fraud committed by the debtor. Which of the following is likely to occur? a. The court will dismiss the bankruptcy proceeding. b. The case will be transferred out of the bankruptcy court. c. The court will appoint an examiner to investigate the allegations. d. The debtor will either hire a private examiner or abandon the fraud allegations.
In the context of bankruptcy proceedings in the United States, an examiner is a neutral party appointed by the bankruptcy court to investigate and report on relevant matters to Chapter 11 bankruptcy cases. An examiner is normally appointed in a bankruptcy proceeding to investigate certain allegations of fraud and misconduct on the part of the debtor (or principals of the debtor). Typically, a bankruptcy examiner is appointed when creditors, the U.S. Trustee Program (USTP), or other interested parties file a motion for the appointment of a trustee or an examiner in which allegations of fraud or misconduct are made. A bankruptcy judge will hold a hearing on the motion and consider the evidence submitted by all filing parties (e.g., creditors), as well as the debtor's response to the allegations. After hearing the evidence, the judge can either appoint a trustee or an examiner or leave the debtor in possession of the business—a decision that depends on what the judge determines is best for the interested parties. If an examiner is appointed, that individual's sole responsibility is to investigate and report the results of the investigation to the court and other parties in interest as quickly as possible. Examiners have the power to subpoena records and depose witnesses. They do not have the power to run businesses, make business decisions, or propose plans of reorganization (generally speaking). Courts might expand the examiner's powers to perform certain duties of trustees or debtors-in-possession. Correct Answer: (C)
To conduct an electronic payment using a person-to-person (P2P) system, the two individuals must meet in person at a financial institution to sign an order requesting the transfer of money from one person's account to the other. a. True b. False
Individuals can pay each other for goods or services electronically, which is known as the person-to-person (P2P) system. Many credit cards and banks offer this service to their customers. P2P payments can now be made through a variety of services using a computer, smartphone application, or email address. Correct Answer: (B)
White, an employee of ABC Corporation, intentionally issued two payments for the same invoice. After the checks had been mailed, White called the vendor and explained that a double payment had been made by mistake. She asked the vendor to return one of the checks to her attention. When the vendor returned the check, White took it and cashed it. This is an example of: A. A receivables skimming scheme B. A shell company scheme C. A pass-through scheme D. A pay and return scheme
Instead of using shell companies in their over-billing schemes, some employees generate fraudulent disbursements by using the invoices of legitimate third-party vendors who are not a part of the fraud scheme. In a pay and return scheme, an employee intentionally mishandles payments that are owed to legitimate vendors. One way to do this is to purposely double-pay an invoice. For instance, a clerk might intentionally pay an invoice twice and then call the vendor to request that one of the checks be returned. The clerk then intercepts the returned check. Correct Answer: (D) A Pay and return scheme See pages 1.442 in the Fraud Examiner's Manual
One method that competitive intelligence professionals commonly use to gather data about a competitor involves posing as a job applicant and interviewing with key employees at the competing company. This practice is best described as conducting surveillance. A. True B. False
Intelligence professionals might gather data through human intelligence (i.e., through direct contact with people). Generally, human intelligence is gathered from subject-matter experts and informed individuals. Such efforts typically target individuals who can provide the most valuable information. For example, an intelligence professional might gather intelligence by posing as a customer of the target entity. This approach exploits two weaknesses of corporate culture: (1) all salespeople want to make a sale and (2) many salespeople will do almost anything to make a sale. Other approaches include: -Employment interviews (real and fake) -False licensing negotiations -False acquisition or merger negotiations -Hiring an employee away from a target entity -Planting an agent in a target organization -Social engineering Correct Answer: (B) False See pages 1.707-1.708 in the Fraud Examiner's Manual
In credit repair scams, the fraudster promises to "erase" or "doctor" an applicant's credit history, but in reality there is no way to erase bad credit. a. True b. False
Similar to loan scams are those that promise to repair credit. Fraudsters who pitch credit repair services like to say that they can "wipe away," "doctor," or "cosmeticize" negative items on credit, insinuating they have ways of changing or disguising a person's credit history. Despite the fact that there is really no way to erase bad credit, many people fall for this scam, paying large sums of money to expunge their records. Correct Answer: (A)
Janice, a Certified Fraud Examiner (CFE) for a major insurance company, has received an anonymous tip that an employee in the claims department is processing claims for their own benefit during nonworking hours. To gather information about the validity of this tip, Janice should look at which of the following reports? A. Exception report B. Address similarity report C. Manual override report D. All of the above
Janice could look at several different types of reports to determine the validity of the tip. For instance, address similarity reports electronically compare multiple payments going to the same address. They are extremely useful because they might show a payment defalcation or funds going to another insurance company, broker, or fictitious payee. Additionally, the exception or manual override reports list all exceptions to normal electronic processing, thereby pointing out when a computer is being used outside the normal processing time—such as on the weekend. Correct Answer: (D) Payment defalcation - Defalcation predominantly refers to the theft, misuse or misappropriation of money or funds held by an official trustee, or other senior-level fiduciary. Defalcation is a form of embezzlement, either through the misallocation of funds, or the failure to account for received funds.
Darla is an accounts receivable clerk at Richmond Storage Rental. Carson, who rents one of the company's storage units, submits his monthly payment to Richmond's office. Instead of applying the payment to Carson's account, Darla takes the money and keeps it for herself. The next payment that arrives comes from Fisher. Instead of applying Fisher's payment to the correct account, Darla applies it to Carson's account so that it doesn't appear delinquent. The next payment that arrives gets applied to Fisher's account, and Darla continues to apply incoming customer payments to the previous customer's account so that no one discovers her theft of Carson's payment. What type of scheme is Darla committing? A. Kiting B. Lapping C. Substitution D. Padding
Lapping customer payments is one of the most common methods of concealing skimming. It is a technique that is particularly useful to employees who skim receivables. Lapping is the crediting of one account through the abstraction of money from another account. For example, suppose a company has three customers: A, B, and C. When A's payment is received, the fraudster steals it instead of posting it to A's account. Customer A expects that their account will be credited with the payment they have made, but this payment has actually been stolen. When A's next statement arrives, A will see that the payment was not applied to their account and will complain. To avoid this, some action must be taken to make it appear that the payment was posted. When B's payment arrives, the fraudster takes this money and posts it to A's account. Payments now appear to be up to date on A's account, but B's account is short. When C's payment is received, the perpetrator applies it to B's account. Correct Answer: (B) Lapping See pages 1.313 in the Fraud Examiner's Manual
The method of concealing a receivables skimming scheme whereby one customer account is credited for a payment that was made on another account is called which of the following? a. Altered payee designation b. Inventory padding c. Currency substitution d. Lapping
Lapping customer payments is one of the most common methods of concealing skimming. It is a technique that is particularly useful to employees who skim receivables. Lapping is the crediting of one account through the abstraction of money from another account.For example, suppose a company has three customers: A, B, and C. When A's payment is received, the fraudster steals it instead of posting it to A's account. Customer A expects that their account will be credited with the payment they have made, but this payment has actually been stolen. When A's next statement arrives, A will see that the payment was not applied to their account and will complain. To avoid this, some action must be taken to make it appear that the payment was posted. When B's payment arrives, the fraudster takes this money and posts it to A's account. Payments now appear to be up to date on A's account, but B's account is short. When C's payment is received, the perpetrator applies it to B's account. Correct Answer: (D)
ABC Bank recently acquired a new portfolio of consumer loans. Because this particular loan portfolio is experiencing a higher than normal default rate, management has asked Bradley, a Certified Fraud Examiner (CFE), to evaluate the portfolio. Bradley notices that the loan package was sold without recourse to the broker, the brokerage fee was high relative to other purchases, and the broker is no longer in business. Which of the following types of schemes has Bradley most likely uncovered? a. Daisy chain fraud b. Letter of credit fraud c. Brokered loan fraud d. Money transfer fraud
Loan brokering applies to either packages of individual residential (consumer) loans or single commercial loans. A variation of a brokered loan is loan participation, where multiple parties purchase and have interests in a loan or a package of loans. The fraud schemes associated with brokered loans or loan participation generally involve selling phony loans (packages) or selling participations in loans that have not been properly underwritten. Normally, a large fee is charged for these brokered loans. With residential loan packages, the broker sells the package, takes the money, and disappears. Brokered loans are not usually sold with any recourse to the broker. Therefore, the purchaser must look to the borrower and the underlying collateral for debt satisfaction. With loan participations, the lead bank generally performs the underwriting. However, this does not relieve the participating bank from its obligation to perform its own due diligence. Correct Answer: (C)
Which of the following is a technical or administrative control for securing computer systems and communication networks? A. Implementing privilege escalation B. Installing a network address prevention system C. Implementing logical access controls D. Using an intrusion admission system
Logical access controls, network security, operating system security, encryption, application security, and separation of duties. Computer networks and communications are inherently insecure and vulnerable to attack and disruption. Consequently, management must use technical and administrative controls to protect systems against threats like unauthorized use, disclosure, modification, destruction, or denial of service. Technical security involves the use of safeguards incorporated in computer hardware, operations or applications software, communications hardware and software, and related devices. Administrative security involves the use of tools to provide an acceptable level of protection for computing resources. Common technical and administrative controls used to secure computer systems and communication networks include: Logical access controls Network security Operating system security Encryption Application security Separation of duties Privilege escalation is not a control, but it is in fact a way that hackers gain unauthorized access to a computer system. Correct Answer: (C)
Which of the following is NOT a common carrier of malware? A. Freeware and shareware files B. Email attachments C. Files downloaded from the Internet D. Dual in-line memory modules
Malware can infect computer systems from many sources. Some of the more common carriers of malware include: -Unknown or unchecked application software -Infected websites -Banner ads -Software or media that employees bring to work -Files downloaded from the Internet -Infected software from vendors and suppliers -Uncontrolled and shared program applications -Demonstration software -Freeware and shareware files -Email attachments Correct Answer: (D) See pages 1.1418 in the Fraud Examiner's Manual
Due to the paper trail involved and the emphasis placed on the problem by law enforcement, the vast majority of check fraud offenders are pursued and prosecuted. a. True b. False
Many merchants overburden police and prosecutors with reports of check fraud rather than implementing effective training and controls to help prevent such schemes from the outset; therefore, law enforcement and prosecutors do not have the time or manpower to pursue all such cases and are often uneager to do so. Furthermore, check fraud perpetrators frequently migrate from one location to another, making their apprehension and prosecution difficult. Correct Answer: (B)
Mario, an employee of a person-to-person (P2P) payment company, has been writing down the account numbers and passwords of customer accounts with the intent of fraudulently using them to pay for items he purchases online. Mario is engaging in: a. Check fraud b. Credit card transfer fraud c. Electronic funds transfer fraud d. None of the above
Mario is committing an electronic funds transfer (EFT) scheme by misappropriating customers' account and password information. A biller might send a bill for services not rendered or for goods never sent. A person who has obtained information about another person's bank account might instruct a biller to obtain payment from the other person's account. A hacker might obtain passwords and usernames from an aggregator and use that information to direct transfers from a consumer's bank account. An employee at the site providing electronic bill presentment and payment (EBPP) services who knows consumers' usernames and passwords for screen-scraping purposes might use that information to direct transfers from consumers' bank accounts. A bank employee might use customer information to direct transfers from a customer's account. Correct Answer: (C)
Special care facilities generally have the capability to meet all of their patients' needs without the services of outside providers, leading to a lower likelihood of fraud involving such institutions. A. True B. False
Medical facilities that offer special care services, such as nursing homes and psychiatric hospitals, and the patients in them are at a greater risk of fraud than most other medical institutions. Many health care fraud schemes are revealed after a patient reports strange charges or other red flags. Unfortunately, criminals take advantage of the fact that patients in special care facilities are more vulnerable to fraud. Many special care facilities do not have the in-house capability to provide all the services and supplies their patients need. Accordingly, outside providers market their services and supplies to special care facilities to meet the needs of their patients. Some special care facilities allow outside providers or their representatives to review patient medical records; these providers can obtain all the information necessary to order and bill for services and supplies that are not necessary or even provided. Correct Answer: (B) False See pages 1.1247-1.1248 in the Fraud Examiner's Manual
According to the Committee of Sponsoring Organizations of the Treadway Commission's (COSO) internal control model, an organization should perform both ongoing evaluations and periodic, separate evaluations to ascertain whether the components of internal control are present and functioning. a. True b. False
Monitoring is the process that assesses the effectiveness of a control system over time. This component of the Committee of Sponsoring Organizations of the Treadway Commission's (COSO) Internal Control—Integrated Framework (the Framework) should include both ongoing evaluations and periodic, separate evaluations, the findings of which should be evaluated against predefined criteria. The following are the Framework principles supporting this component:1) The organization selects, develops, and performs ongoing and separate evaluations to ascertain whether the components of internal control are present and functioning.2) The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. Correct Answer: (A)
Which of the following describes the primary purpose of an automated clearing house (ACH) filter? A. It enables account holders to provide their banks with a list of criteria to ensure only designated individuals get paid. B. It is a tool used by auditors to examine electronic payment activity on the bank records. C. It requires the bank to contact the account holder before any payments are made. D. It matches the details of incoming payments with those on a list of expected payments provided by the account holder.
Most large banks offer multiple security services that can help business account holders mitigate fraud through early detection and prevention of fraudulent electronic payments. For example, automated clearing house (ACH) blocks allow account holders to notify their banks that ACH debits should not be allowed on specific accounts. ACH filters enable account holders to provide their banks with a list of defined criteria (such as the sending company ID, account number, and transaction code) against which banks can filter ACH debits and reject any unauthorized transactions. Positive pay for ACH is another security feature offered by banks to their account holders. With positive pay, banks match the details of ACH payments with those on a list of legitimate and expected payments provided by the account holder. Only authorized electronic transactions are allowed to be withdrawn from the account; exceptions are reported to the customer for review. Correct Answer: (A) See pages 1.435 in the Fraud Examiner's Manual
Which of the following is NOT an appropriate technique for detecting a nonconforming goods or services scheme? A. Review the inspection and testing reports of questioned goods or materials. B. Conduct unannounced inspections of questioned goods or materials. C. Interview procurement personnel about the presence of any red flags. D. Determine if contract costs have exceeded or are expected to exceed the contract value.
Nonconforming goods or services fraud, also known as product substitution or failure to meet contract specifications, refers to attempts by contractors to deliver goods or services to the procuring entity that do not conform to the underlying contract specifications. Once contractors deliver goods that do not conform to the contract, they bill and receive payment for conforming goods or services without informing the purchaser of the deficiency. To detect nonconforming schemes, the fraud examiner should, at a minimum, examine the following for red flags: -Contract or purchase order (PO) specifications -Contractor's statements, claims, invoices, and supporting documents -Received product -Test and inspection results for the relevant period, searching for discrepancies between tests and inspection results and contract specifications Additionally, to detect nonconforming schemes, the fraud examiner should: -Review correspondence and contract files for indications of noncompliance. -Request assistance from outside technical personnel to conduct after-the-fact tests. -Inspect or test questioned goods or materials by examining packaging, appearance, and description to determine if the items are appropriate. -Segregate and identify the source of the suspect goods or materials. -Review inspection reports to determine whether the work performed and materials used in a project were inspected and considered acceptable. -Review the contractor's books, payroll, and expense records to see if they incurred necessary costs to comply with contract specifications. -Review the inspection and testing reports of questioned goods or materials. -Conduct routine and unannounced inspections and tests of questioned goods or materials. -Examine the contractor's books and manufacturing or purchase records for additional evidence, looking for discrepancies between claimed and actual costs, contractors, etc. -Interview procurement personnel about the presence of any red flags or other indications of noncompliance. -Search and review external records (e.g., court records, prior complaints, audit reports, investigative reports, media sources) to determine if there is any history of misconduct. Correct Answer: (D) See pages 1.1524, 1.1526-1.1527 in the Fraud Examiner's Manual
All organizations with a pyramid structure are illegal. A. True B. False
Not all organizations with a pyramid structure are engaging in illegal activity. Some legitimate merchandising companies use a pyramid structure to rank their employee-owners and to determine those people's compensation. A pyramid structure becomes an illegal pyramid scheme when the recruitment of new members takes precedence over the product or service that the company is ostensibly promoting. The more members that are recruited, the higher the investor is purported to rise in the ranks of the enterprise, and the more money the investor is supposed to make. Correct Answer: (B) False See pages 1.1343 in the Fraud Examiner's Manual
When looking at a set of financial statements, on which statement would you find notes payable, current assets, retained earnings, and accumulated depreciation? A. Balance sheet B. Income statement C. Statement of changes in owners' equity D. Statement of cash flows
Notes payable, current assets, retained earnings, and accumulated depreciation can all be found on the balance sheet. The balance sheet is an expansion of the accounting equation, Assets = Liabilities + Owners' Equity. That is, it lists a company's assets on one side and its liabilities and owners' equity on the other side. Assets are classified as either current or non-current. Current assets consist of cash or other liquid assets that are expected to be converted to cash, sold, or used up, usually within a year or less. Current assets listed on the balance sheet include cash, accounts receivable, inventory, supplies, and prepaid expenses. Following the current assets are the long-term assets, or those assets that will likely not be converted to cash within one year, such as fixed assets and intangible assets. A company's fixed assets are presented net of accumulated depreciation, an amount that represents the cumulative expense taken for normal wear and tear on a company's property. Liabilities are presented in order of maturity. Like current assets, current liabilities are those obligations that are expected to be paid within one year, such as accounts payable (the amount owed to vendors by a company for purchases on credit), accrued expenses (e.g., taxes payable or salaries payable), and the portion of long-term debts that will come due within the next year. Those liabilities that are not due for more than a year are listed under the heading long-term liabilities. The most common liabilities in this group are bonds, notes, and mortgages payable. Correct Answer: (A) Balance Sheet See pages 1.106-1.107 in the Fraud Examiner's Manual
Jacob was on a business trip in another city. One night, he met up with some friends (unrelated to his work) at an expensive restaurant and paid for the group's entire meal on his credit card, announcing that "the company would pay for it." He submitted the receipt for the dinner along with the rest of his legitimate business receipts from the trip and described the dinner as "client entertainment." What type of scheme did Jacob commit? A. An overstated expense scheme B. A multiple reimbursement scheme C. A fictitious expense scheme D. A mischaracterized expense scheme
One of the most basic expense reimbursement schemes is perpetrated by simply requesting reimbursement for a personal expense, claiming that it is business related. Examples of mischaracterized expenses include claiming personal travel as a business trip or listing dinner with a friend as "business development" or "client entertainment." Employees might submit the receipts from their personal expenses along with their expense reports but concoct business reasons for the incurred costs. Correct Answer: (D) A mischaracterized expense scheme See pages 1.473 in the Fraud Examiner's Manual
Tanya, a cash register attendant at a department store, regularly inflates the amount of customer refunds. For instance, if a customer returns an item for $100, Tanya records a $150 refund. Then Tanya gives the customer $100 and keeps $50 for herself. This scheme is known as: A. A false void scheme B. An overstated refund scheme C. A fictitious refund scheme D. Skimming
One type of register disbursement scheme is the overstated refund. Rather than creating an entirely fictitious refund, a fraudster might overstate the value of a real customer's refund, pay the customer the actual amount owed for the returned merchandise, and then keep the excess portion of the return. In a fictitious refund scheme, an employee processes a transaction as if a customer were returning merchandise, even though there is no actual return. Then the employee takes cash from the register in the amount of the false return. The customer might or might not be aware of the scheme taking place. Fictitious voids are similar to refund schemes in that they make fraudulent disbursements from the register appear to be legitimate. To process a false void, the first thing the perpetrator needs is the customer's copy of the sales receipt. Typically, when an employee sets about processing a fictitious void, the employee simply withholds the customer's receipt at the time of the sale. In many cases, customers do not notice that they are not given a receipt. Skimming is the removal of cash from a victim entity prior to its entry in an accounting system. Correct Answer: (B) An overstated refund scheme See pages 1.402-1.404 in the Fraud Examiner's Manual
Which of the following types of transactions is LEAST likely to use a person-to-person (P2P) payment system? A. A person paying for an item on an online auction site B. A person transferring money to a friend abroad C. A person buying groceries at a supermarket CORRECT D. A person making an online donation to a charity
Person-to-person (P2P) payment systems are an increasingly popular method for making payments between individuals or between an individual and a business. P2P payments are commonly used to make online payments but are not as common for in-person payments, such as paying for clothes at a department store or buying groceries at a supermarket. These services are also used to move money internationally and between various currencies at exchange rates that rival traditional methods of currency exchange. TransferWise and PayPal are examples of popular P2P payment systems. Mobile payment applications or digital wallets, such as Venmo or Apple Pay, might also have P2P payment features. Correct Answer: (C) See pages 1.1041 in the Fraud Examiner's Manual
A property flipping scheme occurs when someone purchases a piece of real estate and sells it shortly thereafter at an unjustly inflated value. A. True B. False
Property flipping is the process by which an investor purchases a home and then resells it at a higher price shortly thereafter. For example, an investor buys a house in need of work for $250,000 in July, renovates the kitchen and bathrooms, and landscapes the yard at a cost of $50,000. The investor then resells the house two months later (the time it takes to make the renovations) for a price that is reflective of the market for a house in that condition. This is a legitimate business transaction, and many individuals and groups make an honest living flipping properties. Property flipping is not intrinsically illegal or fraudulent, but it becomes so when a property is purchased and resold within a short period of time at an artificially or unjustly inflated value, often as the result of a fraudulent appraisal. In a flipping scheme, the property is sold twice in rapid succession at a significant increase in value (also known as an ABC transaction, where the property moves from party A to party B to party C very quickly). Correct Answer: (A) True See pages 1.933-1.934 in the Fraud Examiner's Manual
All of the following are best practices for ensuring separation of duties within the information systems department and between IT and business unit personnel EXCEPT: A. Program developers should not be responsible for testing programs. B. IT departments should not overlap with information user departments. C. Only programmers should be server administrators. D. End users should not have access to production data outside the scope of their normal job duties.
Separation of duties is a key element in a well-designed internal control system, and it is fundamental to data security. There are various options for achieving separation of duties in information security, and the options vary depending on department responsibilities. For example, some of the best practices for ensuring separation of duties within the information systems department and between IT and business unit personnel include: -Programmers should not have unsupervised access to production programs or have access to production data sets (data files). -IT personnel's access to production data should be limited. -Application system users should only be granted access to those functions and data required for their job duties. -Program developers should be separated from program testers. -System users should not have direct access to program source code. -Computer operators should not perform computer programming. -Development staff should not have access to production data. -Development staff should not access system-level technology or database management systems. -End users should not have access to production data outside the scope of their normal job duties. -End users or system operators should not have direct access to program source code. -Programmers should not be server administrators or database administrators. -IT departments should be separated from information user departments. -Functions involving the creation, installation, and administration of software programs should be assigned to different individuals. -Managers at all levels should review existing and planned processes and systems to ensure proper separation of duties. -Employees' access to documents should be limited to those that correspond with their related job tasks. Correct Answer: (C) See pages 1.1458-1.1460 in the Fraud Examiner's Manual
Which of the following is NOT an effective control to protect against skimming schemes? A. Installing visible video cameras to monitor a store's cash registers B. Reconciling the physical inventory count with the perpetual inventory records C. Restricting the accounts receivable clerk from preparing the bank deposit D. Reconciling the sales records to the cash receipts
Since skimming is an off-book fraud, routine account reconciliation is not likely to prevent or detect a skimming scheme. If such a scheme is taking place, reconciling the sales records to the amount of cash received will not indicate there is anything amiss; because the skimmed sale was never recorded, the books will remain in balance. Reconciling the physical inventory count with the perpetual inventory records, however, might reveal that there is shrinkage and therefore a skimming scheme. As with most fraud schemes, internal control procedures are a key to the prevention of skimming schemes. For instance, employees who have access to the cash register should not also be responsible for delivering the bank deposit. The accounts receivable clerk should be restricted from preparing the bank deposit, accessing the accounts receivable journal, and having access to collections from customers. An essential part of developing control procedures is management's communication to employees. Controlling whether an employee will not record a sale, understate a sale, or steal incoming payments is extremely difficult. Some physical controls can be put in place to prevent employee skimming, such as video cameras monitoring employees who handle cash and the implementation of a lockbox. Correct Answer: (D)
Grey, a controller for a small company, took a large sum of money from the company deposits and concealed the theft by making false accounting entries. The money that Grey stole had already been recorded in his company's accounting system. Grey's scheme can best be classified as a(n): a. Cash larceny scheme b. Illegal gratuities scheme c. Fraudulent financial statement scheme d. Skimming scheme
Skimming is defined as the theft of off-book funds. Cash larceny schemes, however, involve the theft of money that has already appeared on a victim company's books. Neither of the other choices is correct because neither of those schemes is a type of asset misappropriation scheme. Grey's scheme involves the misappropriation of company assets (cash). Correct Answer: (A)
Grey, a controller for a small company, took a large sum of money from the company deposits and concealed the theft by making false accounting entries. The money that Grey stole had already been recorded in his company's accounting system. Grey's scheme can best be classified as a(n): A. Illegal gratuities scheme B. Skimming scheme C. Fraudulent financial statement scheme D. Cash larceny scheme
Skimming is defined as the theft of off-book funds. Cash larceny schemes, however, involve the theft of money that has already appeared on a victim company's books. Neither of the other choices is correct because neither of those schemes is a type of asset misappropriation scheme. Grey's scheme involves the misappropriation of company assets (cash). Correct Answer: (D)
Which of the following scenarios illustrates a fraudster's use of social engineering? A. A fraudster calls a company employee and requests sensitive information while claiming to be a coworker whose systems are down B. A fraudster has lunch at a restaurant where a target company's employees are known to eat with the intention of overhearing sensitive conversations C. A fraudster without an employee badge gains access to a secure facility by following legitimate employees who are oblivious to the fraudster's presence D. None of the above
Social engineering is the act of using deceptive techniques to manipulate people into taking certain actions or disclosing information. In social engineering schemes, social engineers use various forms of trickery, persuasion, threats, or cajolery to encourage their targets to release information that the engineers can use and exploit to achieve their goals. Attackers engage in social engineering for various reasons. Some use social engineering to gain unauthorized access to systems or obtain confidential communication so that they can commit fraud, intrude into networks, gain access to buildings, steal another party's secrets, commit identity theft, or engage in some other nefarious act. In some situations, attackers use social engineering to procure information that will give them a competitive advantage, whereas others might engage in social engineering to find ways in which they can install malware. Correct Answer: (A) See pages 1.719-1.720 in the Fraud Examiner's Manual
Favorite targets for intelligence-gathering purposes include employees in all of the following departments EXCEPT: A. Marketing B. Research and development C. Shipping and receiving D. Purchasing
Some of the favorite targets of intelligence gatherers include employees in the following departments: research and development (R&D), marketing, manufacturing and production, human resources (HR), sales, and purchasing. Correct Answer: (C) Shipping & Receiving See pages 1.712 in the Fraud Examiner's Manual
If employees are aware that surprise cash counts are conducted, they will generally be less inclined to commit a cash larceny scheme. A. True B. False
Surprise cash counts and supervisory observations are a useful fraud prevention method if properly used. It is important that employees know that cash will be counted on a periodic and unscheduled basis. These surprise counts must be made at all steps of the process, from receiving the check, to reconciling the register log to the cash in the drawer, to depositing funds in the bank. Correct Answer: (A) True See pages 1.332-1.333 in the Fraud Examiner's Manual
Telemarketing schemes target individuals, not businesses. A. True B. False
Telemarketing offenses are classified as consumer fraud, yet many businesses are affected by office supply and marketing services scams. The nature of phone rooms, the geographical distances between the perpetrators and their victims, and the resources and priorities of law enforcement agencies all make enforcement efforts difficult. Correct Answer: (B) False See pages 1.1316 in the Fraud Examiner's Manual
The ________________ is an office within the U.S. Department of the Treasury (the Treasury) charged with administering and enforcing U.S. sanction policies against targeted foreign organizations and individuals that sponsor terrorism and international narcotics traffickers. a. Central Intelligence Agency b. FinCEN c. Office of Foreign Assets Control d. Office of Money Laundering Compliance
The Office of Foreign Assets Control (OFAC) is an office within the U.S. Department of the Treasury (the Treasury) charged with administering and enforcing U.S. sanction policies against targeted foreign organizations and individuals that sponsor terrorism and international narcotics traffickers. OFAC maintains a list of individuals, governmental entities, companies, and merchant vessels around the world that are known or suspected to engage in illegal activities. Persons or entities on the list, known as Specially Designated Nationals and Blocked Persons (SDNs), include foreign agents, front organizations, terrorists and terrorist organizations, and drug traffickers. Correct Answer: (C)
Which of the following statements is TRUE regarding the balance sheet? A. Assets are generally presented on the balance sheet in order of liquidity. B. The balance sheet shows the financial performance of a company over a certain period of time, such as a quarter or a year. C. The accounts that appear on the balance sheet include revenues and expenses. D. Balance sheets are usually manipulated by understating assets or overstating liabilities.
The balance sheet, or statement of financial position, shows a snapshot of a company's financial situation at a specific point in time, generally the last day of the accounting period. The balance sheet is an expansion of the accounting equation, Assets = Liabilities + Owners' Equity. That is, it lists a company's assets on one side and its liabilities and owners' equity on the other side. Assets are the resources owned by a company. Generally, assets are presented on the balance sheet in order of liquidity (i.e., how soon they are expected to be converted to cash). Generally, in a financial statement fraud scheme, the balance sheet is manipulated to appear stronger by overstating assets and/or understating liabilities. Correct Answer: (A) See pages 1.106-1.107 in the Fraud Examiner's Manual
Assets, liabilities, and owners' equity are all items that appear on a company's balance sheet. A. True B. False
The balance sheet, or statement of financial position, shows a snapshot of a company's financial situation at a specific point in time, generally the last day of the accounting period. The balance sheet is an expansion of the accounting equation, Assets = Liabilities + Owners' Equity. That is, it lists a company's assets on one side and its liabilities and owners' equity on the other side. Correct Answer: (A)
What is the primary difference between a Ponzi scheme and a pyramid scheme? A. A pyramid scheme promotes itself as a pyramid, whereas a Ponzi scheme promotes itself as an investment opportunity. B. In a pyramid scheme, old investors are paid with money from new investors. C. A Ponzi scheme is promoted by encouraging victim members to recruit new members. D. All pyramid schemes are legal, whereas all Ponzi schemes are illegal.
The difference between a Ponzi scheme and an illegal pyramid lies in how the operation is promoted. Illegal pyramids are promoted as pyramids, whereas Ponzi schemes are promoted as investment opportunities. In an illegal pyramid, the pyramidal structure helps draw new players, each believing that they will rise through the ranks of the pyramid. A Ponzi scheme, on the other hand, masquerades as some type of investment. Correct Answer: (A) See pages 1.1349 in the Fraud Examiner's Manual
Which of the following are considered red flags of insider computer fraud? I. Access privileges limited to those required to perform assigned tasks. II. Access logs are not reviewed. III. Production programs are run during normal business hours. IV. Exception reports are not reviewed and resolved. A. III and IV only B. I and III only C. I, II, III, and IV D. II and IV only
The following are indicators of insider computer fraud: -Access privileges are beyond those required to perform assigned job functions. -Exception reports are not reviewed and resolved. -Access logs are not reviewed. -Production programs are run at unusual hours. -Lack of separation of duties exists in the data center. Correct Answer: (D) See pages 1.1441 in the Fraud Examiner's Manual
Which of the following is considered a red flag of check tampering? A. Payee addresses that match employee addresses B. Large gaps in the check register C. Non-payroll checks payable to employees D. All of the above
The following are red flags of check tampering: -Missing checks or large gaps in the check register might indicate lax control over the physical safekeeping of checks. Stop payments should be issued for all missing checks. -Checks payable to employees, with the exception of regular payroll checks, should be closely scrutinized. Such an examination might indicate other schemes, such as conflicts of interest, fictitious vendors, or duplicate expense reimbursements. -Altered endorsements or dual endorsements of returned checks might indicate possible tampering. -Returned checks with obviously forged or questionable signature endorsements should be verified with the original payee. -Altered payees on returned checks should be verified with the intended payee. -Duplicate or counterfeit checks indicate fraud. These checks might be traceable to the depositor through bank check coding. -An examination of all cash advances might reveal that not all advances are properly documented and, therefore, inappropriate payments have been made to employees. -A questionable payee or payee address on a check should trigger review of the corresponding check and support documentation. Correct Answer: (D) All of the above See pages 1.430-1.431 in the Fraud Examiner's Manual
If a customer reports the loss or theft of an access device, the financial institution should attempt to prevent fraud related to electronic funds transfers (EFTs) by canceling the existing card, personal identification number (PIN), or other form of access and issuing a new one. A. True B. False
The following are safeguards that banks can perform to reduce the risk that they or their customers become victimized by unauthorized electronic funds transfers (EFTs): -Confirm phone and mailing addresses on the application to ensure that they are consistent with information about the applicant that is available from other sources and, with respect to existing customers, consistent with current records about these customers. This might involve obtaining credit reports about the applicant or obtaining copies of utility bills that show the applicant's address. -Make sure that the area or city code in the applicant's telephone number matches the geographical area for the applicant's address. -Send a welcome letter to the address on the application with the bank's return address so that the letter is returned if the applicant does not live there. -Verify by telephone or additional mailings any change of address requests in the same way that new account applications are verified. -If a customer reports the loss or theft of an access device, cancel the existing card, personal identification number (PIN), or other form of access and issue a new one. -If a customer reports that a person previously authorized to use an access device no longer has that authority, cancel all cards, PINs, or other access devices and issue new ones to the customer. -Always mail PINs separately from other information, such as usernames, with which they are associated. -Separate the responsibility of bank employees who have custody of information relating to access devices from those who have responsibility for issuance, verification, or reissuance of PINs. -Ensure that any communication concerning usernames or passwords is sent in a secure encrypted format. -Require customers who register for electronic bill presentment and payment (EBPP) or person-to-person (P2P) systems to provide information indicating that they are authorized to use the bank account or credit card from which payments will be made. -Employ multifactor authentication to verify transfers via EBPP or P2P systems. Correct Answer: (A) True See pages 1.1043-1.1044 in the Fraud Examiner's Manual
To help prevent identity theft, businesses should strive to limit the personal information they collect from customers. A. True B. False
The following are some of the steps businesses can take to protect personal information and prevent identity theft: Limit the personal information collected from customers. For example, do not collect customers' government identification numbers unless there is a legal requirement to do so. Restrict employees' access to the personal information of customers and coworkers. -Use network-security tools to monitor who accesses personal information. -Do not retain personal information for longer than necessary. -Adopt an information-handling policy that governs how personal information is stored, protected, and disposed of. Strictly enforce the policy, and discipline employees who violate it. -Conduct regular employee training regarding the company's information-handling policy and best practices for preventing identity theft. -Ensure the security of buildings by using locks, access codes, and other security features. -Keep physical documents containing personal information in locked rooms or locked file cabinets. -Secure all computer networks and electronic information. -Use encryption to protect all personal information stored by the company or sent to third parties. Encryption should also be used to protect information sent over the company's wireless network. -Restrict the use of laptops to those employees who need them to do their jobs. -Require employees to use complex passwords or passphrases. -Where permitted by law, perform background checks on prospective employees. -Thoroughly investigate contractors and vendors before hiring them. -Do not use government identification numbers as employee identification numbers or print them on paychecks. -Perform regular audits of information-handling practices, network security, and other internal controls. -Create a data breach response plan. Correct Answer: (A) True See pages 1.816 in the Fraud Examiner's Manual
All of the following can help prevent a computer from being infected by malicious software EXCEPT: A. Updating the operating system regularly B. Installing shareware into a system's root directory C. Using anti-malware software D. Updating with the latest security patches
The following measures can help avoid infection from a malicious program: -Use anti-malware software to scan all incoming email messages and files. -Regularly update virus definitions in anti-malware programs. -Use precaution when opening emails from acquaintances. -Do not open email attachments unless they are from trusted sources. -Only download files from reputable sources. -Regularly update the operating system. -Regularly update the computer with the latest security patches available for the operating system, software, browser, and email programs. -Ensure that there is a clean boot disk to facilitate testing with antivirus software. -Use a firewall and keep it turned on. -Consider testing all computer software on an isolated system before loading it. -In a network environment, do not place untested programs on the server. -Secure the computer against unauthorized access from external threats such as hackers. -Keep backup copies of production data files and computer software in a secure location. -Scan pre-formatted storage devices before using them. -Consider preventing the system from booting with a removable storage device; this might prevent accidental infection. -Establish corporate policies and an employee education program to inform employees of how malware is introduced and what to do if malware is suspected. -Encourage employees to protect their home systems as well. Many malware infections result from employees bringing infected storage devices or files from home. Correct Answer: (B) See pages 1.1431 in the Fraud Examiner's Manual
Which of the following is NOT considered to be a red flag of a Ponzi scheme? A. A financial manager who manages, administers, and retains custody of the investment funds B. An investment that promises extremely high or short-term returns with little risk involved C. An investment that has a history of inconsistent returns coinciding with fluctuations in financial markets D. A financial manager who puts an unusual amount of pressure on investors to act immediately
The following red flags can help investigators uncover Ponzi schemes: Sounds too good to be true: If an investment sounds too good to be true, it probably is. -Promises of low risk or high rewards: Promoters of Ponzi schemes typically promise implausibly high or quick returns with little risk. As all legitimate investments include some degree of risk, any guarantee that an investment will perform in a certain way is a clear signal that it might be part of a Ponzi scheme. -History of consistent returns: Any firm that generates remarkably consistent returns regardless of market conditions should raise suspicions. -High-pressure sales tactics: Reputable investment firms and agents do not push potential investors to act immediately, and legitimate investment opportunities are rarely that time sensitive. -Pressure to reinvest: Often, fraudsters keep Ponzi schemes alive by convincing investors to reinvest their profits rather than take a payout. -Complex trading strategies: Legitimate agents should be able to provide clear explanations about their investment strategies. For obvious reasons, Ponzi-scheme boosters purposefully employ complicated strategies that confound unsophisticated investors. -Lack of transparency or access: Secrecy surrounding the operations of a financial company should be an immediate warning sign. Ponzi operators are often unlicensed, and their supposed investments are typically unregistered. Additionally, a lack of access to regular statements or an online account should trigger alarm. -Lack of separation of duties: Investors should be wary of any financial manager who manages, administers, and retains custody of the fund in question. Correct Answer: (C) See pages 1.1342-1.1343 in the Fraud Examiner's Manual
All of the following are types of expense reimbursement schemes EXCEPT: A. Mischaracterized expenses B. Fictitious expenses C. Ghost expense reports D. Multiple reimbursements
The four main types of expense reimbursement schemes are: -Mischaracterized expenses -Overstated expenses -Fictitious expenses -Multiple reimbursements There is no such scheme as ghost expense reports. Ghost employees, however, are a common payroll fraud scheme. Correct Answer: (C) Ghost expense reports See pages 1.473 in the Fraud Examiner's Manual
When fabricating a counterfeit credit card, which of the following is the most difficult facet to reproduce? A. The magnetic strip B. The embossed numbers C. The card thickness D. The hologram
The hologram is the most difficult aspect of a credit card to reproduce. True holograms use a lenticular refraction process; counterfeits are generally only reflected materials, usually foil with an image stamped on it. These decals are attached to the card's surface rather than fixed into the plastic, as is the case with legitimate cards. Some fraudulent holograms do not change colors—as legitimate ones do—when viewed from various angles. Correct Answer: (D) See pages 1.1016 in the Fraud Examiner's Manual
Brittany, a cash register teller, signed onto her register, rang a "no sale" transaction to open the drawer, and then removed a large sum of money. Which of the following schemes has taken place? A. A skimming scheme B. A cash larceny scheme C. A register disbursement scheme D. None of the above
The most straightforward cash larceny scheme is one in which the perpetrator just opens the register and removes currency. This might be done as a sale is being conducted to make the theft appear to be part of the transaction, or perhaps when no one is around to notice the perpetrator digging into the cash drawer. For instance, a teller could simply sign onto a register, ring a "no sale," and take currency from the drawer.This scheme is not a register disbursement scheme because register disbursement schemes involve a fraudulent transaction that justifies the removal of cash from the register, such as a false return or a voided sale. Brittany did not make any entry that would account for the missing money. In addition, the scheme is not a skimming scheme because the money in the register was already a part of the company's accounting system. There was no indication that the cash was part of an unrecorded or understated sale. Correct Answer: (B) See pages 1.321, 1.323, 1.401 in the Fraud Examiner's Manual
Brittany, a cash register teller, signed onto her register, rang a "no sale" transaction to open the drawer, and then removed a large sum of money. Which of the following schemes has taken place? a. A register disbursement scheme b. A skimming scheme c. A cash larceny scheme d. None of the above
The most straightforward cash larceny scheme is one in which the perpetrator just opens the register and removes currency. This might be done while a sale is being conducted to make the theft appear to be part of the transaction, or perhaps when no one is around to notice the perpetrator digging into the cash drawer. For instance, a teller could simply sign onto a register, ring a "no sale," and take currency from the drawer. This scheme is not a register disbursement scheme because register disbursement schemes involve a fraudulent transaction that justifies the removal of cash from the register, such as a false return or a voided sale. Brittany did not make any entry that would account for the missing money. In addition, the scheme is not a skimming scheme because the money in the register was already a part of the company's accounting system. There was no indication that the cash was part of an unrecorded or understated sale. Correct Answer: (C)
Which of the following is an acceptable justification for a departure from generally accepted accounting principles (GAAP)? A. The literal application of GAAP would render the financial statements misleading B. Departing from GAAP would make the company appear more profitable C. Adhering to GAAP is significantly more expensive than using an alternative method D. None of the above
The question of when it is appropriate to stray from generally accepted accounting principles (GAAP) is a matter of professional judgment; there is not a clear-cut set of circumstances that justifies such a departure. However, the fact that complying with GAAP would be more expensive or would make the financial statements look weaker is not a reason to use a non-GAAP method of accounting for a transaction. It can be assumed that adherence to GAAP almost always results in financial statements that are fairly presented. However, the standard-setting bodies recognize that, upon occasion, there might be an unusual circumstance when the literal application of GAAP would render the financial statements misleading. In these cases, a departure from GAAP is the proper accounting treatment. Departures from GAAP can be justified in the following circumstances: -It is common practice in the entity's industry for a transaction to be reported in a particular way. -The substance of the transaction is better reflected (and, therefore, the financial statements are more fairly presented) by not strictly following GAAP. -If a transaction is considered immaterial (i.e., it would not affect a decision made by a prudent reader of the financial statements), then it need not be reported. -There is concern that assets or income would be overstated and expenses or liabilities would be understated (the conservatism constraint requires that when there is any doubt, one should avoid overstating assets and income or understating expenses and liabilities). -The results of departure appear reasonable under the circumstances, especially when strict adherence to GAAP will produce misleading financial statements and the departure is properly disclosed. Correct Answer: (A) See pages 1.125-1.127 in the Fraud Examiner's Manual
The quick ratio is used to determine the efficiency with which a company uses its assets. A. True B. False
The quick ratio, commonly referred to as the acid test ratio, compares quick assets (i.e., those that can be immediately liquidated) to current liabilities. This calculation divides the total of cash, securities, and receivables by current liabilities to yield a measure of a company's ability to meet sudden cash requirements. The quick ratio offers a more conservative view of a company's liquidity because it excludes inventory and other current assets that are more difficult to rapidly turn into cash. The quick ratio measures the dollar amount of liquid assets available for each dollar of current liabilities. Thus, a quick ratio of 1.5 means that a company has $1.50 of liquid assets available to cover each $1 of current liabilities. ... Activity ratios gauge an organization's operational efficiency and profitability. The asset turnover ratio is used to determine the efficiency with which asset resources are used by the entity. Correct Answer: (B) False See pages 1.246, 1.249 in the Fraud Examiner's Manual
Generally, if the dollar amount of an embezzlement scheme at a financial institution is small enough such that the targeted entity's financial statements will not be materially affected, the scheme can be most effectively detected through which of the following methods? A. Conducting a review of source documents B. Conducting a financial statement analysis C. Reviewing all disbursements below the approval limit D. Educating employees who are responsible for handling currency
There are several methods by which embezzlement can be detected. Generally, if the dollar amount of an embezzlement scheme is small enough such that the targeted entity's financial statements will not be materially affected, embezzlement fraud can be most effectively detected through the review of source documents (e.g., receipts, deposit slips). There can be many types of clues in the source documents, and the particular situation will often determine what the fraud examiner needs to look for. The following are common red flags in source documents that might indicate that embezzlement has occurred: -Missing source documents -Payees on source documents (e.g., checks) do not match entries in the general ledger -Receipts or invoices lack professional quality -Duplicate payment documents for different transactions -Payee identification information that matches an employee's information or that of their relatives -Apparent signs of alteration to source documents -Lack of original source documents (photocopies only) If the scheme is so large that the financial statements of the institution are affected, then a review of the source documents will serve to confirm or refute an allegation that an embezzlement scheme has occurred or is occurring. Generally, for large embezzlements, the most efficient method of detection is an analysis of the financial statements. Correct Answer: (A) Conducting a review of source documents See pages 1.904 in the Fraud Examiner's Manual
Which of the following is an example of a way in which an electronic funds transfer (EFT) fraud scheme can be committed? A. An employee of a person-to-person (P2P) provider misappropriates a customer's account and password information B. A hacker obtains consumer account and password information to direct funds from consumers' accounts C. A person who has stolen information about another person's bank account instructs a biller to obtain payment from that account D. All of the above
There are several ways in which fraud can be perpetrated through the electronic transfer of funds. Potential sources of fraud include the following: A biller might send a bill for services not rendered or for goods never sent. A person who has obtained information about another person's bank account might instruct a biller to obtain payment from the other person's account. A hacker might obtain passwords and usernames from an aggregator and use that information to direct transfers from a consumer's bank account. An employee at the site providing electronic bill presentment and payment (EBPP) services who knows consumers' usernames and passwords for screen-scraping purposes might use that information to direct transfers from consumers' bank accounts. A bank employee might use customer information to direct transfers from a customer's account. Correct Answer: (D)
In a grandparent scheme targeting the elderly, which of the following is a way to confirm if a caller is the grandparent's actual grandchild? A. Ask the caller questions only the grandchild would know B. Hang up the phone and contact the grandchild directly C. Ask relatives if they know of any issues with the grandchild D. All of the above
There are ways the elderly can protect themselves against grandparent schemes. If they receive a call from someone claiming to be their grandchild, they should confirm the person's identity before sending any money. Several ways to confirm the legitimacy of the caller would be to: -Ask questions an imposter would not know, such as the birth date of the grandchild's father or a pet's name. -Hang up the phone and contact the grandchild directly. -Contact friends or relatives and ask if they are aware of any issues with the grandchild. Correct Answer: (D) All of the above See pages 1.1315 in the Fraud Examiner's Manual
Loyalty accounts are attractive targets for fraudsters for which of the following reasons? A. Thieves often think of loyalty points in terms of cash B. Consumers tend to monitor loyalty accounts infrequently C. Loyalty accounts often lack fraud prevention mechanisms D. All of the above
Thieves often think of loyalty points in terms of cash and, as such, these programs are increasingly subject to fraud. Loyalty accounts are also attractive fraud targets because they are often less secure than accounts with financial institutions, commonly lacking fraud prevention mechanisms such as multi-factor identification or account activity monitoring. And while consumers regularly check accounts held with financial institutions, rewards accounts tend to be monitored much less frequently. Correct Answer: (D) All of the above See pages 1.1051 in the Fraud Examiner's Manual
In order to understate net income, therefore lowering income tax liability, an accountant could fraudulently expense costs rather than properly capitalizing them to an asset account. A. True B. False
Typically, a fraudster's goal when committing a financial statement fraud scheme is to make the entity look stronger and more profitable. This goal is often achieved by concealing liabilities and/or expenses. To do this, the fraudster might fraudulently understate liabilities or improperly capitalize a cost that should be expensed. Just as capitalizing expenditures that should be expensed is improper, so is expensing costs that should be capitalized. The organization might do this to minimize its net income due to tax considerations. Expensing an item that should be depreciated over a period of time would help accomplish just that—net income is lower and so are taxes. Correct Answer: (A) True See pages 1.229, 1.233 in the Fraud Examiner's Manual
For a financial instrument to be classified as an investment contract, and therefore, a security, under the U.S. Howey test, the instrument must be purchased by investors who display management activity in the instrument's enterprise and have expectations of making profits that are to be derived from their own efforts. a. True b. False
Under U.S. federal law, the default definition of a security is the term investment contract, which was defined in the case of SEC v. Howey Co. In Howey, the U.S. Supreme Court defined an investment contract as "a contract, transaction or scheme whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of" someone other than the investor. Thus, in Howey, the U.S. Supreme Court established a four-factor test, which is known as the Howey test, to determine whether a financial instrument is an investment contract. All four factors must be present for an investment contract to exist.The leading global definition of investment contrac parallels the Howey test established by the U.S. Supreme Court, and it provides that a contract, transaction, or scheme is an investment contract if all of the following four elements are met: - There is an investment of money or other asset. - The investment is in a common enterprise. - The investment was made with expectations of making a profit. - The profits are to come solely from the efforts of people other than the investor. Correct Answer: (B)
James runs an electronics store. One of the main challenges in his business is keeping up with technological advances. Because of this, his auditors want to ensure inventory is not fraudulently overstated on the store's balance sheet. Which of the following actions should the auditors take to ensure inventory is not overstated? A. Ensure that inventory is recorded at the lower of cost or net realizable value B. Ensure that James has written off obsolete inventory C. View the inventory and conduct a physical count D. All of the above
Under many countries' accounting standards, including U.S. generally accepted accounting principles (GAAP) and International Financial Reporting Standards (IFRS), inventory must be recorded at the lower of cost or net realizable value. This means that inventory must be valued at its acquisition cost, except when the cost is determined to be higher than the net realizable value, in which case the difference should be recognized as a loss in earnings in the period it occurs. Failing to write down or write off inventory results in overstated assets and the mismatching of cost of goods sold with revenues. Other methods by which inventory can be improperly stated include manipulation of the physical inventory count, inflation of the unit costs used to price out inventory, and failure to adjust inventory for the costs of goods sold. Fictitious inventory schemes usually involve the creation of fake documents, such as inventory count sheets and receiving reports. In some instances, friendly co-conspirators claim to be holding inventory for companies in question. Other times, companies falsely report large values of inventory in transit, knowing that it would be nearly impossible for the auditors to observe. When possible, fraud examiners should perform a physical inventory count, checking to make sure the inventory exists as described in the records. There have been cases of fraudsters assembling pallets of inventory with hollow centers, placing bricks in sealed boxes instead of high-value products, and shuttling inventory overnight between locations. Correct Answer: (D) All of the above See pages 1.224-1.225 in the Fraud Examiner's Manual
Anna works as a cashier in an antiques store. Since the merchandise lacks barcodes, she has to enter the prices manually. One customer purchased a piece of furniture that cost $250 and paid in cash. Anna recorded the sale at $200 and kept the $50 bill. What type of fraud did Anna commit? A. An unrecorded sales (skimming) scheme B. A cash larceny scheme C. An understated sales (skimming) scheme D. Lapping of receivables
Understated sales schemes are commonly undertaken by employees who work at the cash register. In a typical scheme, an employee enters a sales total that is lower than the amount actually paid by the customer. The employee skims the difference between the actual purchase price of the item and the sales figure recorded on the register. In this case, the item was sold for $250, but Anna rang up the sale of a $200 item and skimmed the excess $50. Rather than reduce the price of an item, an employee might record the sale of fewer items. If one hundred units are sold, for instance, an employee might only record the sale of fifty units and skim the excess receipts. Correct Answer: (C) See pages 1.307 in the Fraud Examiner's Manual
Which of the following is a common method that fraudsters use to conceal liabilities and expenses in order to make a company appear more profitable than it actually is? A. Omitting liabilities or expenses B. Failing to disclose warranty costs and product-return liabilities C. Improperly capitalizing costs rather than expensing them D. All of the above
Understating liabilities and expenses is one of the ways financial statements can be manipulated to make a company appear more profitable than it actually is. Because pre-tax income will increase by the full amount of the expense or liability not recorded, this financial statement fraud method can significantly affect reported earnings with relatively little effort by the fraudster. There are three common methods for concealing liabilities and expenses: -Omitting liabilities and/or expenses -Improperly capitalizing costs rather than expensing them -Failing to disclose warranty costs and product-return liabilities Correct Answer: (D) All of the above See pages 1.229 in the Fraud Examiner's Manual
In investigating whether financial statements have been manipulated to make a company appear more profitable, a Certified Fraud Examiner (CFE) should look for liabilities that have been overstated. A. True B. False
Understating liabilities and expenses is one of the ways financial statements can be manipulated to make a company appear more profitable. Because pre-tax income will increase by the full amount of the expense or liability not recorded, this financial statement fraud method can significantly affect reported earnings with relatively little effort by the fraudster. There are three common methods for concealing liabilities and expenses: -Omitting liabilities and/or expenses -Improperly capitalizing costs rather than expensing them -Failing to disclose warranty costs and product-return liabilities Correct Answer: (B) False See pages 1.229 in the Fraud Examiner's Manual
Like most other types of fraud, the motivation for financial statement fraud almost always involves personal gain. A. True B. False
Unlike some other types of fraud (such as embezzlement), the motivation for financial statement fraud does not always involve personal gain. Most commonly, financial statement fraud is used to make a company's earnings appear better on paper. Financial statement fraud occurs through a variety of methods, such as valuation judgments and manipulating the timing of transaction recording. These more subtle types of fraud are often dismissed as either mistakes or errors in judgment and estimation. Some of the more common reasons why people commit financial statement fraud include: -To encourage investment through the sale of stock -To demonstrate increased earnings per share or partnership profits interest, thus allowing increased dividend/distribution payouts -To cover inability to generate cash flow -To avoid negative market perceptions -To obtain financing, or to obtain more favorable terms on existing financing -To receive higher purchase prices for acquisitions -To demonstrate compliance with financing covenants -To meet company goals and objectives -To receive performance-related bonuses Correct Answer: (B) False See pages 1.204-1.205 in the Fraud Examiner's Manual
Unscrupulous debt consolidation schemes include each of the following EXCEPT: A. The debt consolidation company guarantees the debtor will receive a loan or credit card regardless of the debtor's credit ratings. B. The debt consolidation company collects payments but does not appropriately forward them. C. The debt consolidation company writes a letter to the debtor's creditors and arranges a payment plan. D. The debt consolidation company charges an upfront processing fee and then disappears.
Unscrupulous debt consolidation schemes often involve the agency collecting the money from the debtor but not forwarding it to the creditors. In some instances, considerable time can pass before the debtor finds out that their money has been misappropriated. Another variation of the debt consolidation scheme occurs when customers are guaranteed that they will receive a loan or a credit card regardless of their credit rating. Typically, the victims have been rejected by legitimate financial institutions because their credit ratings are poor. The victim must pay a processing fee for the application to be accepted. After the victim pays the fee, the con artist disappears. Correct Answer: (C) See pages 1.1302 in the Fraud Examiner's Manual
When a medical provider performs a service for a patient but bills the patient's insurer for a more complex and more expensive service, this practice is called upcoding. A. True B. False
Upcoding occurs when a provider bills for a higher level of service than actually rendered. One common form of upcoding involves generic substitution—filling a prescription with a less expensive drug, while billing for the more expensive form of the drug. Correct Answer: (A) True See pages 1.1238 in the Fraud Examiner's Manual
In response to a risk identified during a fraud risk assessment, management decides to eliminate an asset or discontinue an activity because the control measures required to protect the organization against the identified threat are too expensive. This response is known as: a. Mitigating the risk b. Avoiding the risk c. Assuming the risk d. Transferring the risk
When responding to the organization's residual fraud risks, management may decide to avoid a risk by eliminating an asset or discontinuing an activity if the control measures required to protect the organization against an identified threat are too expensive. This approach requires the fraud risk assessment team to complete a cost-benefit analysis of the value of the asset or activity to the organization compared to the cost of implementing measures to protect the asset or activity. Correct Answer: (B)
Workers' compensation schemes are generally broken into four categories. Which of the following is NOT one of these categories? A. Claimant fraud B. Agent fraud C. Premium fraud D. Double duty fraud
Workers' compensation schemes are generally broken into four categories: premium fraud, agent fraud, claimant fraud, and organized fraud schemes. -Premium fraud involves the misrepresentation of information to the insurer by employers to lower the cost of workers' compensation premiums. For example, an employer might understate the amount of the payroll for higher-risk classifications, thus receiving lower-cost premiums. -Agent fraud schemes consist primarily of pilfering premiums and conspiring to reduce premiums. Underhanded agents sometimes issue certificates of coverage to the ostensibly insured customer while misappropriating the premium rather than forwarding it to the insurance carrier. Agents might also conspire to alter or improperly influence insurance applications to offer lower premiums to their clients. -Claimant fraud involves misrepresenting the circumstances of any injury or fabricating that an injury occurred. -Organized fraud schemes are composed of the united efforts of a lawyer, a capper, a doctor, and the claimant. This type of scheme is used not only in workers' compensation cases but also in other medical frauds, such as automobile injuries. Correct Answer: (D) Double Duty Fraud See pages 1.1114-1.1119 in the Fraud Examiner's Manual