Exam 2
Which of the following is not a type of occupational fraud? a. Corruption. b. Asset misappropriation. c. Conflict of interest. d. All of the above are types of occupational fraud.
Conflict of interest
What are matched with identified risks?
Detective controls - can have a preventive effect through deterrence.
IAFIS is an FBI system for looking up ____________. a. DNA. b. Handwriting. c. Fingerprints. d. All of the above.
Fingerprints
Computers store files in disk clusters but generally don't put two files in the same cluster. This leads to ____________. a. Unallocated space. b. Free space. c. Slack space. d. None of the above.
Slack space
What role does FinCEN play in defeating organized crime?
The Financial Crimes Enforcement Network is the primary agency that enforces the Anti-Money Laundering Laws.
Do CPAs performing investigative services need to be independent or not?
Yes, the investigation needs to be objective.
What are the 3 ways a practitioner might seek to limit liability in an engagement letter?
1. A limit liability provision 2. A limit damages provision 3. An indemnification
Describe the six types of bankruptcy proceedings.
1. Chapter 7 - applies to both individuals and businesses. Provides for complete liquidation of all the debtor's assets and the complete elimination of the debtor's obligations. 2. Chapter 9 - applies to municipalities 3. Chapter 11 - business and sometimes individuals. The court focuses on developing a payment plan to satisfy creditors. 4. Chapter 12 - applies to farming and fishing businesses 5. Chapter 13 - applies to individuals with means-tested income large enough to disqualify them from Chapter 7. May discharge some of the debt and will create a payment plan for the rest. 6. Chapter 15 - applies to certain cases in which a party to bankruptcy proceedings outside to the U.S. may obtain access to U.S. courts.
Give three reasons for declining an expert witness engagement
1. Conflict of interest 2. Cost and earning potential 3. How free the attorney is with all relevant information
How do bankruptcy fraud and estate fraud differ?
1. Conflict of interest if the executor or trustee is also a beneficiary 2. No oversight if the estate is administered through a trust 3. The trustee might not be competent to keep good records or implement controls.
How do bankruptcy fraud and divorce fraud differ?
1. Divorce cases are more emotional 2. Divorce attorneys are not very financially sophisticated and not as adept at finding concealed assets 3. There is no trustee or interested creditors to oversee the divorce case 4. There are usually more assets to conceal in divorce cases 5. Divorce cases have more long-term asset concealment
What are the three types of litigation services?
1. Expert witness 2. Litigation consultant 2. Other: mediator, abitrator, bankruptcy trustee
What are the three key elements of fraud risk assessment?
1. Identifying inherent fraud risk. 2. Assessing the likelihood and significance of each inherent fraud risk. 3. Responding to likely and significant inherent risks.
Describe the basic flow of bankruptcy proceedings
1. Initial filing - petitions may initiate voluntary or involuntary bankruptcies under one of the six chapters 2. Appointment of Trustee - appointed by the U.S. Department of Justice or creditors 3. Meeting of the creditors - they may examine the debtor and they will file proof of claim forms 4. Liquidation of debts or payment plan - The creditors may receive distributions subject to fund availability 5. Full or partial discharge of debts - The court may discharge the debts or approve a payment plan.
What are five vectors of attach in electronic systems?
1. Input manipulation 2. direct file alteration 3. program alteration 4. data theft 5. sabotage
What are the elements of the money laundering process?
1. Placement - depositing the illegally obtained funds into a financial institution 2. Layering - moving money so it can't be traced back to the initial deposit. 3. Integration - making the funds available for use by the money lauderer.
What steps are associated with a computer forensics investigation?
1. Sizing up the situation. 2. Securing the evidence. 3. Examining the evidence. 4. Analyzing the evidence. 5. Reporting
What is the order of interviews?
1. non-suspects and those least associated with the primary suspect 2. Other suspects. 3. Primary suspect
What are the penalties for bankruptcy fraud?
5 years in prison, a fine of up to $250,000, or both
Depleted pension funds would most likely be associated with __________ a. A bust-out scheme b. A bleed-out scheme c. A debtor-creditor collusive scheme. d. None of the above
A bleed-out scheme
The non-testifying expert serves as _______ whose work is not subject to discovery a. A discoverable expert b. A consultant c. A witness d. none of the above
A consultant
Secretly transferring assets and selling assets below market value refers to ________` a. A fraudulent conveyance b. A filing scheme c. Undocumented transfers d. None of the above
A fraudulent conveyance
Why might an attorney make a motion in limine to have expert testimony admitted?
A motion in limine is a written motion requesting an order regarding the admissibility of particular evidence at trial.
With respect to an engagement to provide expert testimony, contingency fees are a. Not a problem if disclosed under Rule 26. b. Not a problem if disclosed under FRE 702, 703, 704, 705, or 706. c. A problem even if disclosed. d. Never a problem
A problem even if disclosed
What is meant by the judge's gatekeeper responsibility?
A responsibility to rule as a matter of law as to whether the expert witness is qualified to testify in particular areas.
What is invigilation?
A special observation technique used by investigators that monitors employee's conduct first when they believe they are being observed, and then again when they believe they are not being observed.
Only suspects who show deception are asked______ a. Informational questions b. Assessment questions c. Admission-seeking questions d. None of the above
Admission-seeking questions
The practitioner should a. Destroy all records, except formal reports, at the end of litigation. b. Immediately destroy all records, except formal reports, as they are contained in reports. c. Adopt a formal policy for retaining records. d. None of the above.
Adopt a formal policy for retaining records.
For a testifying expert, which communications with retaining counsel are subject to discovery?
All communications may be discoverable, including: · Written reports including drafts · Notes · Verbal discussions · Email correspondance
Red flags indicating fraud should be understood by a. Top management b. Top management and middle management c. All levels of management and staff d. None of the above
All levels of management and staff
Which of the following is not associated with identity theft? a. Hackers. b. Shoulder surfers. c. Street thieves. d. All of the above are associated with identity theft.
All of the above are associated with identity theft.
Which of the following is not an example of an external fraud? a. An outsider giving a kickback to a purchasing officer. b. An offshore hacker stealing customer credit card data. c. A customer opens a credit account under a fake name. d. All of the above are external fraud.
All of the above are external fraud
Which of the following schedules and statements is not typically included with a bankruptcy filing? a. Statement of financial affairs b. Creditors holding standard unsecured claims c. Co-debtor d. All of the above are normally included
All of the above are normally included
Which of the following is not a standard area or type of fraud preventive control? a. Human resources b. Antifraud training c. Authority limits d. All of the above are standard areas or types of fraud preventive controls
All of the above are standard areas or types of fraud preventive controls
Which of the following is not a traditional area of crime for the LCN? a. Loansharking. b. Labor racketeering. c. Gambling. d. All of the above are traditional areas of crime for the LCN.
All of the above are traditional areas of crime for the LCN
Which is not a vector of attack in electronic systems? a. Input manipulation. b. Program alteration. c. Sabotage. d. All of the above are vectors of attack in electronic systems.
All of the above are vectors of attack in electronic systems
Rule 26 of the Federal Rules of Civil Procedure requires that, subject to exemptions (for example, privileged information) all parties to the lawsuit disclose, without a discovery request, all contacts, items, and ______ that may be used to support the disclosing party's claims or defenses. a. Damage computations b. A forfeiture action in rem arising from a federal statute. c. An action to enforce or quash an administrative summons or subpoena. d. None of the above
Damage computations
Repeating an interviewer's questions may be best described as a sign of______ a. Cooperation b. Deception c. Guilt d. None of the above
Deception
Which of the following is not an objective of computer forensics? a. Identifying perpetrators or other individuals of interest. b. Locating and recovering data, files, and e-mail. c. Determining guilt in computer crimes. d. All of the above are objectives of computer forensics.
Determining guilt in computer crimes
Given that the general qualifications are met, the expert may base an opinion on __________ a. Facts or data in the case that the expert has introduced into evidence. b. Facts or data in the case from the percipient witness testimony. c. Facts or data in the case that the expert has been made award of or has personally observed. d. None of the above
Facts or data in the case that the expert has been made aware of or has personally observed
What is the main difference between an expert consultant and an expert witness?
The expert consultant does not testify and is not normally subject to discovery.
When can an expert base his or her opinions on hearsay evidence that is not admissible?
If the evidence is reasonable reliable.
What types of fraud are prevented by a voucher system?
Improper purchase schemes
Why might parties prefer administered arbitration to non-administered arbitration?
In administered, the rules are already defined and both parties must follow them. In non-administered, the parties must agree to the rules, and they've already shown they can't agree.
Mounting a device on a computer running a foreign operating system has the advantage of permitting access to many operating system files that may contain cached or paged data that would normally be ____________ when mounted under their native operating system. a. Garbled. b. Unacceptable evidence. c. Inaccessible. d. None of the above
Inaccessible
Under AICPA Rule 201, what is involved in communication with the client?
Inform the client of: · Conflicts of interest that may occur pursuant to the interpretations under the "Integrity and Objectivity Rule". · Certain significant reservations concerning the scope or benefits of the engagement · Significant engagement findings or events
Which type of question is used to calibrate the subject's response? a. Informational b. Assessment c. Admission seeking d. Introductory
Introductory
Generally speaking, the most likely issue in production fraud is ____________. a. Improper hiring of production employees. b. Inventory losses. c. A lack of adequate supervision. d. None of the above.
Inventory losses
In planing and preparing for engagements, paramount consideration should include a. Understanding the client and the client's needs. b. Establishing a clear understanding regarding the scope and nature of the services to be provided and the responsibilities of both the member and the client. c. Establishing a clear understanding regarding any issues relating to confidentiality of materials and possible conflicts of interest. d. All of the above.
all of the above
Which of the following is not a litigation service? a. Expert witness b. Litigation consulting c. Special master d. All of the above are litigation services
all of the above are litigation services
A scheme in which a vendor seeks to overbill involves ____________. a. Balanced billing. b. Balance billing. c. Invoice billing. d. None of the above.
balance billing
Calculation of judgements would be most applicable to which of the following parts of the litigation process? a. Discovery b. Interrogatories c. Trial d. Post-trial
Post-trial
The first action with respect to a computer device is ____________. a. Clone the storage device (for example, the hard drive). b. Power it down. c. Perform an online lookup of its security features. d. None of the above.
Power it down
Which of the following is not an advantage of alternative dispute resolution over traditional litigation? a. Cost efficient b. Private c. Provides a clear winner d. Tends to build rather than destroy relationships.
Provides a clear winner
What are assessment questions?
Questions to seek to establish the respondent's credibility.
Once the power is off, the computer disk or storage device should be ____________. a. Removed from the computer and then cloned. b. Kept in the computer and cloned. c. Cloned and then removed from the computer. d. None of the above.
Removed from the computer and then cloned
The professional is _______ personally direct and supervise the work performed in support of his or her expert opinions. a. Required by law to b. Required by AICPA authoritative standards to c. Is not required to d. Is required in criminal cases only to
Required by AICPA authoritative standards to
The process of evidence collection must proceed according to a correct sequence. Which of the following is a correct sequence? a. Review documents and other relevant information and then conduct interviews. b. Conduct interviews and then review documents and other relevant information c. Conduct interviews while reviewing documents and other relevant information. d. None of the above
Review documents and other relevant information and then conduct interviews
POS schemes are a form of ____________. a. Sales skimming schemes. b. Corruption schemes. c. Lapping schemes. d. None of the above.
Sales skimming schemes
With respect to computer forensic investigations and including opinions and conclusions in the practitioner'sreport, the practitioner ____________. a. Should carefully detail all opinions and conclusions. b. Should carefully detail only conclusions. c. Should not detail opinions and conclusions. d. Should only detail those opinions and conclusions that are clearly consistent with the evidence gathered by the practitioner.
Should only detail those opinions and conclusions that are clearly consistent with the evidence gathered by the practitioner.
Which money-laundering technique involves making many small deposits in different locations? a. Currency structuring. b. Smurfing. c. The use of a financial intermediary. d. None of the above.
Smurfing
Wear leveling applies to ____________. a. Hard drives. b. Solid state drives. c. Both hard drives and solid state drives. d. Neither hard drives nor solid state drives.
Solid state drives
What is smurfing?
Splitting large amounts of money into individual deposits less than $10,000 each.
The computer forensics examiner may remove an entire computer from a crime scene and take it to a forensics lab. This approach involves ____________. a. Live acquisition. b. Static acquisition. c. Network acquisition. d. None of the above.
Static acquisition
An expert witness who is scheduled to testify in a federal court and who represents directly to an attorney is __________ before the trial starts. a. Subject to discovery b. Not subject to discovery c. Subject to discovery in criminal, but not civil cases. d. Subject to discovery in civil, but not criminal cases.
Subject to discovery
What does AU-C section 240 require with respect to fraud?
That financial statement auditors conduct their audits in such a way so as to have a reasonable possibility of detecting any fraud that may materially impact the financial statements.
What does the 2018 Report to the Nations tell us about fraud prevention?
That if controls are in place to prevent fraud, the cost of the fraud is less and the fraud is detected more quickly.
Where should you seek more information about fraud prevention?
The Association of Certified Fraud Examiners
____________ provides an exemption for workplace investigations for suspected misconduct relating to employment, a suspected violation of state or federal laws, or a violation of a preexisting written company policy. a. The Internet False Identification Prevention Act. b. The Fair Credit Reporting Act. c. The Fair and Accurate Credit Transaction Act (FACTA). d. None of the above.
The Fair Credit Reporting Act
What is the main legal tool for fighting organized crime in the United States?
The Racketeer Influenced Corrupt Organizations (RICO) Act permits the FBI to intervene even if evidence is only at a state level.
Why do cross-examination attorneys generally avoid open-ended questions?
The attorney will generally not give the expert an opportunity to opine.
In an effective corporate governance structure, ______ should be responsible for implementing an effective business ethics system a. The CEO b. The CFO or controller c. The board of directors d. None of the above
The board of directors
Debtor-creditor schemes are most likely to occur in cases of_____ a. The debtor having been barred from filing for bankruptcy b. The creditor having recently acquired a new company c. The debtor having recently acquired a new company d. None of the above
The debtor having been barred from filing for bankruptcy.
What is a fraud scheme?
The who, what, when, where, how, and why of the potential or perpetrated fraud.
Which of the following situations does not involve concealed-assed frauds? a. Divorces b. Partnership dissolutions c. Estates d. All of the above involved concealed-asset frauds.
All of the above involved concealed-assets frauds
Which of the following is not required to accompany an expert witness's written reports? a. A statement of compensation in the case. b. Data relied upon and exhibits. c. His or her qualifications, including 10 years of publications. d. All of the above must be submitted with written reports from expert witnesses.
All of the above must be submitted with written reports from expert witnesses.
VS section 100, Valuation of a Business, Business Ownership Interest, Security, or Intangible Asset in AICPA Professional Standards does not apply _____________. a. To cases in which the value of a subject interest is provided to the member by the client or a third party, and the member does not apply valuation approaches and methods, as defined by VS section 100. b. To cases of internal-use assignments from employers to employee members not in the practice of public accounting. c. When it is not practical or reasonable to obtain or use relevant information, and as a result the member is unable to apply valuation approaches and methods that are described in VS section 100. d. All of the above situations.
All of the above situations
In planning and preparing for engagements, paramount considerations include ___________ a. Understanding the client and the client's needs. b. Establishing a clear understanding regarding the scope and nature of the services to be provided and the responsibilities of both. c. Establishing a clear understanding regarding any issues relating to confidentiality of materials and possible conflicts of interest. d. All of the above
All the above
The U.S. Supreme Court provided standards for what constitutes reliable principles and methods. Which of the following is not one of these standards? a. The technique or theory has been subjected to scientific testing b. The technique or theory has been published in peer-reviewed scientific journals c. the error rate for the technique is reasonably estimated or known d. All of the above are standards provided by the U.S. Supreme Court..
All the above are standards provided by the U.S. Supreme Court
What is an ISMS?
An Information Security Management System is a system that focuses on protecting information confidentiality, integrity, and availability.
Network forensics is ____________. a. An area within digital forensics. b. An area within computer forensics. c. An area outside of both digital forensics and computer forensics. d. None of the above.
An area within digital forensics
Rule 2004 of the Federal Bankruptcy Code permits _______ to obtain a court order to examine any entity involved with the case. a. The trustee only b. Creditors only c. The court only d. Any party in interest
Any party in interest
If a consumer debtor's current median income (adjusted for certain IRS-allowed deductions) exceeds specific maximum-income thresholds, ______ may request that the case be dismissed. a. Only the trustee b. Only the creditors c. Only the court d. Any party of interest
Any party of interest
What is evidence?
Anything that may clarify the truthfulness or falsity of any assertion that may be relevant to the case at hand.
Subjects who show deception________ a. Are asked concluding or closing questions after admission-seeking questions b. Are asked concluding or closing questions after assessment questions c. Are asked concluding or closing questions depending on the results of the admission-seeking questions. d. None of the above
Are asked concluding questions or closing questions after admission-seeking questions.
In business bankruptcies, audited financial reports ___________ a. Are reliable sources of information in identifying assets subject to bankruptcy proceedings. b. Are not reliable sources of information in identifying assets subject bankruptcy proceedings c. Are reliable sources of information in identifying assets subject to bankruptcy proceedings, if such reports are available for the three-year period leading up to bankruptcy. d. Are a reliable source of information in identifying assets subject to bankruptcy proceedings, except in involuntary filings.
Are not reliable sources of information in identifying assets subject to bankruptcy proceedings
Which type of question seeks to assess the interviewee's honesty? a. Informational b. Assessment c. Admission-seeking d. Introductory
Assessment
Which type of question seeks to assess the interviewee's honesty? a. Informational. b. Assessment. c. Admission-seeking. d. Introductory.
Assessment
The bankruptcy law requires _______ to investigate the client's filings a. Practitioners b. Attorneys c. The bankruptcy magistrate d. None of the above
Attorneys
In contrast to expert testimony in which the witness is permitted to form conclusions and give opinions, non-expert testimony is subject to the personal knowledge rule. This rule limits the non-expert's testimony to matters rationally ______________. a. Based on the witness's perceptions. b. Based on verifiable beliefs c. Based on justifiable conclusions. d. Based on scientific or technical knowledge.
Based on the witness's perceptions
Describe the difference between basic and advance digital forensic skills.
Basic digital forensics involves collecting data from computers and electronic devices and uses special tools to recover deleted files, crack passwords, acquire log files, discover files and messages, and examine metadata. Advanced involves that and acquiring data from complex accounting systems, examination, analysis, and reporting.
When estimating significance of a given fraud risk, the team should consider a. The significance to the organization's operations, brand value, and reputation. b. Legal liability (criminal, civil, and regulatory) c. Both (a) and (b) d. None of the above
Both (a) and (b)
Which of the following is not an option for management in dealing with residual fraud risk? a. Simply accept a given risk b. Increase the level of control to compensate for a given risk c. Both (a) and (b) are options for management. d. None of the above.
Both (a) and (b) are options for management
Which of the following may not be an element of spoliation? a. Accidental destruction of evidence b. Intentional destruction of evidence c. Both (a) and (b) may be elements of spoliation d. Neither (a) nor (b) may be elements of spoliation.
Both (a) and (b) may be elements of spoliation
Terrorism represents ____________. a. A special type of organized crime. b. An organization that engages in reverse money laundering. c. Both a and b. d. Neither a nor b.
Both a and b
What is the relationship between COBIT and ISO27K?
Both are sets of standards for ISMS development. They deal with issues ranging from best practices to risk management and network security.
Fraud detection is furthered by process controls. Such controls are designed to detect _________ a. Fraud only b. Errors only c. Both fraud and errors d. None of the above
Both fraud and errors
FINCEN is useful in ____________ investigations. a. Terrorist. b. Money laundering. c. Both terrorist and money laundering. d. None of the above.
Both terrorist and money laundering
Fraud auditors are likely to use ____________. a. CATS. b. CAATs. c. CASTS. d. None of the above.
CAATs
Generally speaking, if the practitioner provides bankruptcy services in some other role besides that of a consultant, a. CS section 100 applies b. CS section 100 applies to roles other than trustee c. CS section 100 never applies d. CS section 100 applies is some districts
CS section 100 applies
For CPAs, which forensic accounting services are subject to the Consulting Services (CS) section 100, Definitions and Standards
CS100 applies to all forensic accounting services
Individual debtors who cannot pass a means test must file under a. Chapter 13 instead of Chapter 7 b. Chapter 7 instead of Chapter 11 c. Chapter 13 instead of Chapter 11 d. None of the above
Chapter 13 instead of Chapter 7
Which of the following is not a general standard that applies to CPA client services? a. Client interest b. Due professional care c. Professional competence d. All of the above are general standards applicable to CPA client services.
Client interest
The expert witness should understand that his or her _____ may be subject to cross-examination by opposing counsel a. Conclusions and judgements b. Conclusions and judgements, but not other testimony c. Conclusions, but not professional judgements d. None of the above
Conclusions and judgements
The absence of a voucher package would most likely be associated with a(n) ____________ fraud scheme. a. Sales skimming. b. Corruption. c. Expenditure cycle. d. None of the above.
Corruption
What are questioned documents?
Documents in which the authorship or authenticity is in question.
A common issue for the practitioner is locating the origin of an individual or device that has communicated in some way over the Internet. This is normally accomplished by identifying the location of the Internet protocol (IP) address that is hidden inside each ____________ on the Internet. a. Web page. b. E-mail message sent. c. Web page and e-mail message. d. None of the above.
E-mail message sent
Denial of service attacks may be against ____________. a. Individual websites. b. Domain name servers. c. Either a or b. d. None of the above.
Either a or b
From an organizational standpoint, fraud is managed as part of the _______ a. Enterprise risk management strategy b. Audit and review process c. CFOs and CFE's explicit obligation under SOX d. None of the above
Enterprise risk management strategy
In mediation, the mediator's role may be a. Evaluative b. Facilitative c. Evaluative or facilitative d. None of the above
Evaluation and/or facilitative
Examples of Health Care Fraud and red flags
Examples: · Collect premiums and default on coverage · Sham programs Red flags: · Investigations by regulators · Numerous complaints or bad press · Failure to remit payments to insurance carriers
Examples of Straw buyer and fictitious bidder schemes and red flags
Examples: · Kickbacks · Straw sales Red flags · Evidence that a sale of assets is rigged to favor a single buyer or bidder · Evidence of an undisclosed relationship between the debtor and the buyer · A "need" to rapidly sell an asset because of an emergency
Examples of investor fraud and red flags
Examples: · Ponzi scheme · Religious and charitable organizations · Loan-fee scheme Red flags: · Lack of documents for investment, charitable, or lending plan · Large numbers of inquires or claims from many individuals regarding the case in bankruptcy. · Lulling letters to investors
Examples of Debtor-creditor collusive schemes and red flags
Examples: · Real estate foreclosure scheme · Fractional real estate interest scheme Red flags · Both the debtor and creditor have the same attorney · The debtor and creditor are former business associates · An insider within the debtor's or creditor's organization has a history of previous filings · Creditors have acquired a claim after the bankruptcy is filed.
The concept of career risk is most applicable to a. Expert consulting services b. Expert testimony services c. Investigative services d. All of the above
Expert testimony services
The U.S. National Institute of Standards and Technology Special Publication 800-86 defines ____________ phases for the forensic process. a. Two. b. Three. c. Four. d. None of the above.
Four
Withholding documents related to the debtor's property or financial affairs from the standing trustee or other officer of the court is an example of _______ a. A discovery violation b. A violation of the Sarbanes-Oxley Act of 2002 c. Fraud d. None of the above
Fraud
Why is fraud prevention as important as fraud detection and correction?
Fraud prevention is the cheaper alternative. While money will have to be spend to put the controls in place, the potential fraud is more expensive and the cost will most likely not be recovered.
Given a strong governance structure, the focus should be on effective processes for _______ (which, in turn must be followed by a focus on fraud prevention, fraud detection, and fraud investigation). a. Enterprise risk management b. Fraud auditing c. Fraud risk assessment d. None of the above
Fraud risk assessment
What are the general elements of bust-out schemes?
Fraudsters set up a company, collect money from customers, not pay vendors, and then file bankruptcy
What are the general elements of bleed-out schemes?
Fraudsters set up a company, collect money from customers, not pay vendors, then file bankruptcy. The general premise of the bust-out schemes but they happen over a prolonged period of time.
In _________, the U.S. Supreme Court first provided standards for what constitute reliable principles and methods a. Kumho Tire case b. Daubert case c. Frye case d. None of the above
Frye Case
Prior to the Daubert decision, courts generally applied the ________ test for the admissibility of expert testimony. a. Kumho Tire b. Kelly c. Frye standard d. None of the above
Frye Standard
Basically speaking, the Frye standard is a much more lenient test than that required by the Daubert and mainly requires that the methods used by the expert to form conclusions are __________ a. Subject to an error rate that is reasonably estimated or known. b. Generally acceptable in the scientific community c. Subject to court approval. d. None of the above.
Generally acceptable in the scientific community
Binding arbitration is a. Generally enforceable in the courts. b. Never enforceable in the courts. c. Enforceable in the courts if the arbitrator is a licensed attorney or CPA and not enforceable otherwise. d. None of the above
Generally enforceable in the courts
What factors require a unique approach to investigating business bankruptcies?
Hidden assets: · The normal financial statements are of limited help · Accounting records may be incomplete or incorrect.
Generally speaking, which of the following is most likely to detect fraud? a. Internal audits b. External audits c. Hotlines d. None of the above
Hotlines
A VPN may be used to hide a person's ____________. a. IP address. b. Web address. c. E-mail address. d. None of the above.
IP address
Describe the process of risk assessment.
Identify and inventory threats, vulnerabilities, and related loss exposure. Threats are potential vectors of attack on the system. Vulnerabilities are weaknesses that expose the system to threats. Loss exposure represent potential losses from threats acting on vulnerabilities.
Check washing is most likely to associated with ____________. a. A payroll fraud scheme. b. Identity theft. c. Fake credit accounts. d. None of the above.
Identity theft
Why is corruption fraud often so hard to prove?
If internal controls are weak, it will be hard to identify the perpetrator and possibly even to tell fraud has been committed.
When the target is a sophisticated user, IP tracing ____________. a. Is a sure fire way to trace the person's Internet communications. b. Is a possible way to trace the person's Internet communications. c. Is not applicable to tracing communications over the Internet. d. None of the above are correct statements.
Is a possible way to trace the person's Internet communications
Regarding expert testimony, which of the following is not required by Rule 702? a. It must help the trier of fact to understand the evidence or not to determine a fact in issue. b. It must be based on sufficient facts or data. c. It must be a product of reliable principles and methods. d. It must reliably apply training and expert opinion to the facts of the case.
It must reliably apply training and expert opinion to the facts of the case
Describe digital forensics
It uses computer science investigation and analysis techniques to discover and preserve evidence in computers and networks. It helps achieve the following objectives: · Identifying perpetrators or other individuals of interest. · Locating and recovering data, files, and email · Reconstructing damaged databases and files · Identifying causes of disasters
The primary person the audit committee should consult when fraud is suspected is a. The external auditor b. Legal counsel c. The controller d. None of the above
Legal counsel
Alternative dispute resolution methods do not include a. Negotiation and arbitration b. mediation and arbitration c. negotiation mediation d. arbitration, litigation)
Litigation
What are litigation services?
Litigation services recognize the role of the member as an expert or consultant and consist of providing assistance for actual or potential legal or regulatory proceedings before a trier of fact in connection with the resolution of disputes between parties.
Who is responsible for designing and implementing the fraud risk management program?
Management
What is the most difficult problem in catching identity thieves?
Many identity thieves are offshore and use techniques that make it impossible to trace their internet activities.
Deleted files may be made unrecoverable by overwriting them with data by anti-forensic programs that are used to securely wipe files and storage devices. Such programs can securely wipe files by overwriting free storage space ____________ with zeroes and ones. a. Once. b. Two times. c. Three times. d. Many times.
Many times
Encrypted data on a hard drive ____________. a. Can always be decrypted by using a commercial-grade forensic tool kit. b. May be permanently out of reach for the practitioner. c. May be unlocked by contacting the vendor of the encrypting software. d. None of the above.
May be permanently out of reach for the practitioner
In alternative dispute resolutions, negotiation a. Leads to a binding agreement b. May lead to a binding agreement c. Leads to binding arbitration d. None of the above.
May lead to a binding agreement
An expert witness can base opinion testimony on _________ a. Only facts that might be admissible into evidence. b. Only on facts admitted into evidence c. Both (a) and (b) are correct. d. Neither (a) nor (b) is correct.
Neither (a) nor (b) is correct.
What should an expert witness do when a cross-examining attorney intentionally distorts his or her testimony?
Never argue - trust the retaining attorney to clean up any distortions on redirect examination.
What does the CFE ethics code say about expressing opinions about guilt/ innocence?
No opinion shallowing be expressed regarding the guild or innocence of any person or party.
Conflicting out an expert means : a. Firing an expert due to a conflict of interest b. court removal of an expert for a conflict of interest c. loss of an expert due to a failure to consider conflicts of interest in the engagement letter. d. none of the above
None of the above
Fraud auditors are concerned with ____________ a. Inquiry instead of interviewing. b. Confirmation instead of alternative sources. c. Observation versus surveillance. d. None of the above.
None of the above
Generally speaking, reports written by the CPA as part of a forensic accounting engagement are________ a. Protected by the work-product doctrine b. protected by the accountant-client privilege c. Protected by both d. None of the above
None of the above
Putting together pieces of deleted files is called ____________. a. Registry filtering. b. Registry extraction. c. Registry assembly. d. None of the above.
None of the above
The first line of defense in minimizing fraud risk is a. Fraud detection b. Fraud investigation c. Fraud correction d. None of the above
None of the above
The profile of the typical fraudster in the organizations suggests ____________. a. A criminal background. b. A dysfunctional psychological background. c. Antisocial tendencies. d. None of the above
None of the above
Verbal reports from a testifying expert to retaining counsel are a. Exempt from discovery under a work-product doctrine. b. Exempt from discovery under the work-product privilege c. Exempt form discovery under attorney-client privilege d. None of the above
None of the above
All violations of the organization's code of conduct should be reported and dealt with in a timely manner. Appropriate punishment should be applied a. To all violators, except for the CEO b. To all violators, except for the internal auditor c. To all violators, except the CFO d. None of the above are correct.
None of the above are correct
Investigations should always end with a report of the investigation. If a suspect has confessed to a fraud, it would________ a. Be appropriate to indicate the suspect's guilt in the report. b. Be appropriate to indicate the suspect's guilt in the report if the suspect has freely signed a written confession that is absolutely clear, properly drawn, and witnessed. c. Not be appropriate to indicate the suspect's guilt in the report. d. None of the above.
Not be appropriate to indicate the suspect's guilt in the report.
When working with a cloned copy of a hard drive, the practitioner should ____________. a. Not boot the cloned copy because booting it can cause changes to its data. b. Boot the cloned copy. c. Not transport the cloned copy without securing its chain of custody. d. None of the above.
Not boot the cloned copy because booting it can cause changes to its data.
Expert consultants in legal cases are typically _______ a. Subject to discovery b. Subject to discovery once the trial begins c. Subject to depositions, but not document requests. d. Not subject to discovery
Not subject to discovery
How might an expert deal with harassment at depositions?
Note the behavior on record, ask that it be rectified, and indicate that if the act continues, the expert will terminate the deposition and discuss with the retaining attorney a motion for sanctions or a protective order against the abusing attorney.
How is optimal fraud detection developed in terms of false negatives and false positives?
Optimal fraud detection requires balancing false positives and false negatives.
Describe the modus operand exception. How might it be abused?
The expert explains factual patterns as opposed to instructing the jury as to the legal definition of the related scheme. But, an expert describing how something was done may be explained in a way that leads the jury to believe it was committed by a particular person.
What would be an appropriate action for the practitioner in the case of reaching a conclusion that is in disagreement with those of the client?
The expert must immediately notify the client of a change. If the expert has maintained due professional care, no breach of contract should result as the expert is independent.
_________ must prepare and make available a written report to the court and the opposing side. a. The expert witness b. The expert consultant c. Both the expert witness and expert consultant d. None of the above
The expert witness
What does FRE 702 mean by sufficient "knowledge, skill, experience, training, or education?"
The expert's qualifications may arise from any one of these five areas, and only one area alone can be sufficient depending on the facts of the particular case.
The Federal Rues of Evidence determine ________ that courts may rely on in rendering verdicts a. The facts b. The opinions c. The facts and opinions d. None of the above
The facts and opinions
_________ should provide assurances to the board (via the audit committee) that fraud controls are sufficient for the risks and are functioning effectively a. The CEO b. The CFO or controller c. The internal auditor d. None of the above
The internal auditor
What is the significance of a typographical error in the curriculum vitae of a testifying expert.
The jury may lack confidence in the expert's work
Explain why terrorism involves money laundering in reverse.
The money is moved from legal sources to fund illegal activities
Explain the predication principle
The need to justify launching and continuing an investigation. Without some reasonable basis to believe that a crime has been committed, law enforcement policies generally prohibit investigations. For forensic accountants, economic, ethical, contractual, and legal considerations constrain them from investigating without sufficient predication.
Management should appoint a risk assessment team to include accounting and finance personnel, legal counsel, risk management personnel, internal audit staff, and, in general, anyone who may be helpful. The team should brainstorm to identify fraud risks. In order to accomplish this task, the team must understand__________ a. The likelihood of each relevant fraud. b. The population of fraud risks c. A reasonable sample of fraud risks d. None of the above
The population of fraud risks
In a computer forensics investigation, chain of custody is the responsibility of ____________. a. The practitioner. b. The attorney. c. Employees of the client whose interest the practitioner serves. d. None of the above
The practitioner
In which of the following roles is the practitioner not permitted to serve in bankruptcy proceedings? a. Consultant b. Trustee c. Examiner d. The practitioner is permitted to serve in all of the above roles
The practitioner is permitted to serve in all of the above roles.
The practitioner should closely supervise staff and be ready to testify that the work, exhibits, analyses, and other items were prepared under_____ a. The direct control of the attorney b. The practitioner's direct control c. The client's direct control. d. None of the above
The practitioner's direct control
In preparing expert reports, which of the following is an item that the professional may not rely on? a. financial statements b. simulations involving hypothetical data c. cash flow analysis d. The professional may rely on all of the above
The professional may rely on all of the above
Generally speaking, testifying experts may be liable to a. The retaining party b. The opposing party c. The opposing attorney d. None of the above
The retaining party
What are the consequences of accidental spoliation by an expert witness?
The retaining party may lose the case.
In the area of expert consulting, what does career risk mean?
The risk of ending one's career by making a mistake
How should seating be arranged in an interview room?
The suspect should not be behind a table or a desk. If there is a second investigator, they should sit off to one side.
Explain the theory of observing eye movements as a means of detecting dishonest answers?
The theory is that individuals move their eyes in one direction when they honestly recall answers to questions from memory, and in a different direction when they deceptively construct answers that do not exist in memory.
Regarding expert testimony, Rule 702 (Testimony by Experts) of the Federal Rules of Evidence states that if scientific, technical, or other specialized knowledge will assist the trier of fact to understand the evidence or to determine a fact in issue, a witness qualified as an expert by knowledge, skill, experience, training, or education may testify thereto in the form of an opinion or otherwise, if the testimony is based upon sufficient facts or data, that the testimony is the product of reliable principles and methods, and ____________. a. The witness has applied the principles and assumptions reliably to the facts of the case. b. The witness has applied the principles and assumptions reliably to the conclusions of the case. c. The witness has applied the principles and methods reliably to the facts of the case. d. None of the above.
The witness has applied the principles and assumptions reliably to the facts of the case.
Generally speaking, non-expert witnesses are permitted to testify based on a. Their opinions in conclusory terms. b. Their personal knowledge c. Their opinions in conclusory terms that are based on their personal knowledge. All of the above
Their personal knowledge
How might a bench trial versus a jury trial affect a judge's decision to admit expert testimony?
There is no danger of misleading a jury in a bench trial, so the judge may be more liberal when deciding if an expert's testimony is admissible.
On what basis can attorneys raise objections in depositions?
They may object to the form of improperly worded questions.
Normally, it is adequate to assign _____ likelihoods to each identified inherent risk: remote, reasonable possible, or probable. a. Two b. Three c. Four d. Many
Three
Why are information security assurances needed?
To help management ascertain how effective their fraud assessment systems are.
The board of directors typically delegates its risk management responsibilities to whom?
To the audit committee
Means testing individuals is a central part of the most recent reforms in bankruptcy laws and has made it more difficult for individuals to have their debts________ a. Totally dismissed b. Subjected to a payment plan c. Exempt from an IRS review d. None of the above
Totally dismissed
What does a bankruptcy trustee do?
Trustees administer the bankruptcy estate by: · Seeking dismissals for abusive cases · Making referrals for fraudulent cases · Maintaining fair and orderly proceedings · Collecting and reviewing required documentation · Recommending dismissal of the bankruptcy case if the debtor doesn't cooperate
What is the requirement to disclose the expert's compensation to the opposing side?
Under Federal Rule of Procedure 26(a)(2)(B), unless otherwise stipulated or ordered by the court, a report containing the compensation must be disclosed if the witness is one retained or specially employed to provide expert testimony in the case or one whose duties as the party's employee regularly involve giving expert testimony.
How does money flow in the LCN?
Upwards, from the associate and solder to the family boss.
Which approach is recommended when extracting data from an accounting information system? a. Use of client personnel to obtain the needed data. b. Comparing the output of an accounting information system to the expectations of the forensic accountant. c. Use of sampling. d. Use of computer-assisted audit tools and techniques (CAATTs)
Use of computer-assisted tools and techniques (CAATTs)
What is check washing?
Using chemicals to erase date from checks such as the name of the payee, the date, and check amount. Then the blank check is filled in and cashed using a false or stolen identity.
When might evaluative mediation be preferred to facilitative mediation?
When neither side can see the other side's point, the evaluative mediator is allowed to give their view and recommend a settlement.
What does "conflicting out" an expert mean?
When one side seeks to discuss the case with no intention of retaining the expert. The expert would then deny an engagement with the other party due to conflict.
How does balance billing fraud work?
When the vendor bills for the "balance on account", and "accidentally fails to credit a returned shipment, credit a payment, overcharge for an order, etc.
The board typically delegates its fraud risk management responsibilities to the audit committee. The committee should comprise independent board members, with at least one financial expert (preferably an accountant), and should regularly meet________ a. With the internal auditor alone b. With the internal auditor and a designated representative of management c. With the internal auditor and controller or CFO d. With the internal auditor and the controller
With the internal auditor alone
In large law enforcement agencies, the computer forensic examiner is the person who ____________ a. Works hands-on with computer devices and networks to collect digital evidence. b. Organizes and interprets digital evidence, provides reports for attorneys, and testifies in court. c. Supervises the entire investigation. d. None of the above.
Works hands-on with computer devices and networks to collect digital evidence
Describe the major areas of digital forensics
· Computer forensics - focuses on obtaining evidence from computers · Network forensics - focuses on obtaining evidence from computer and storage networks
What are some examples of external frauds?
· Customers opening accounts with false credit information. · Vendors shipping substandard supplies · Business partners leaking secrets · The general public hacking into the organization's computer network.
What types of disputes lend themselves to online dispute resolution?
· Disputes involving consumer to consumer transactions · Internet domain name disputes · Chargebacks
Identify and briefly describe the major crime-related databases used by law enforcement.
· IAFIS - Integrated Automated Fingerprint System. The FBI's fingerprint system. · FinCEN - Financial Crimes Enforcement Network - data is obtained from over 27,000 financial institutions. · NLETS - National Law Enforcement Telecommunications Systems - a private, not-for-profit corporation that facilitates a community exchanging of data among a variety of strategic partners of law enforcement. · NCIC - National Crime Information Center - an FBI searchable index of criminal record history information.
What internal control deficiencies are required for a lapping scheme to work?
· Lack of reconciliations · Lack of segregation of duties
What are some legal rights that must be considered before initiating a fraud investigation?
· Legal rights of employees under investigation · Attorney-client privilege · Justification to fire or change duties of a worker · Rights of the employer to investigate · Government involvement · Reporting obligations
How do bid rigging schemes work?
· Manipulation of the bidding process so that the outcome of the bidding and the related awarding of a purchase or service contract is secretly predetermined. · Bid suppression, complementary bids, or entering bids that result in the organization paying more than it otherwise would.
What knowledge and skills are associated with digital forensics?
· Protecting the crime scene and the evidence from alteration or contamination. · Deciding what evidence to collect. · Storing and cataloging evidence collected. · Maintaining a secure and documented chain of custody for evidence collected · Interacting with other investigators on the scene.
What are the components of a complete fraud detection system?
· Risk analysis · Exploitation of expert knowledge · Knowledge discovery · Scoring and assessment · Implementation
Name several advantages of ADR relative to conventional litigation
· Saves money · Protects privacy · Can build relationships · Tends to be quicker · Works with expert neutrals · Flexible remedies · Fairness
What are the Fourth Amendment issues that are associated with digital forensics?
· Search warrants must clearly and specifically set forth what items are to be seized. Specifity is a problem when dealing with digital forensics, the warrant may be either too broad or too narrow. · If there is no reasonable and legitimate expectation of privacy, a search warrant is not required. With evolving technologies, though, the expectation of privacy can become muddled.
What services are provided by the Regional Computer Forensics Laboratories?
· Seizing and collecting digital evidence at a crime scene. · Conducting an impartial examination of submitted computer evidence. · Testifying as required.
What does computer forensic software do?
· The ability to crack passwords · The ability to recover files that have been permanently deleted. · The ability to recover data from slack space. · The ability to analyze the contents of computer files that are normally hidden and not accessible by normal computer users. · The ability to analyze unallocated storage space on storage devices. · The ability to create exact duplicates of entire computers and files. · The ability to analyze metadata, logs, and email headers. · The ability to systematically organize and categorize images, files, data, and other digital objects · The ability to connect to databases and accounting systems · The ability to log examiner activities and generate reports · The ability to extract data from volatile memory · The ability to acquire data from many different types of devices.