Fraud Prevention and Deterrence
According to the social control theory, an individual considering criminal behavior will likely ask themselves which of the following questions?
"What would my family think if they find out?"
Define and give examples of the following: 1. Positive Reinforcement 2. Negative reinforcement 3. Punishment
1. A positive reinforcement presents a positive stimulus in exchange for the desired response. For example, a parent might say to a child, "You've cleaned your room. Good. Here's the key to the car." The behavior (cleaning) is reinforced by the awarding of the positive stimulus (the car key). 2.negative reinforcement withdraws a negative stimulus in exchange for the desired response. Continuing the example, the parent might say, "I'll stop hassling you if you clean this room." The negative stimulus (hassling) is withdrawn when the appropriate behavior is performed. 3. Punishment involves withdrawing a positive stimulus or applying a negative stimulus in response to an undesired behavior. For example, faced with an undesired behavior, the punisher applies a negative stimulus. A father, hearing his son use profanity, puts a bar of soap into the boy's mouth. Punishment may also be administered by withdrawing a positive stimulus, such as, "Your room is still filthy, so you can't use the car."
COSO, the risk assessment involves the following principles:
1.The organization sets sufficiently clear objectives to enable the identification and assessment of risks relating to the objectives. 2.The organization identifies risks to the achievement of its objectives across the entity and analyzes these risks as a basis for determining how the risks should be managed. 3.The organization considers the potential for fraud in assessing risks to the achievement of objectives. 4.The organization identifies and assesses changes that could significantly impact the system of internal control.
According to the 2018 Report to the Nations, which of the three major categories of occupational fraud is the most common?
Asset misappropriation
Which of the following is true according to the differential reinforcement theory?
Behavior is reinforced when rewards are gained.
As a strategy to control crime, _________ is designed to achieve conformity to the law by providing economic incentives for voluntary adherence to the law and using administrative efforts to control violations before they occur.
Compliance As a strategy to control crime, compliance is designed to achieve conformity to the law without having to detect, process, or penalize violators. Compliance systems provide economic incentives for voluntary compliance to the laws and use administrative efforts to control violations before they occur. However, compliance strategies have been criticized by some criminologists. These experts believe that such strategies have little effect, as sanctions are imposed after the infraction occurs. Since economic penalties are common punishments for violators, these penalties are of little consequence in the case of large, wealthy corporations.
Edward Gross and other criminologists have asserted that organizations are inherently:
Criminogenic sociologist Edward Gross has asserted that all organizations are inherently "criminogenic" (i.e., prone to committing crime), but they are not necessarily criminal. Without necessarily meaning to, organizations can invite fraud as a means of obtaining goals. Gross makes this assertion because of the reliance on "the bottom line."
In the area of criminological theory, ____________ is the theory that tries to prevent crime by using the threat of criminal sanctions.
Deterrence As a strategy to control crime, deterrence is designed to detect law violations, determine who is responsible, and penalize offenders to deter future violations. Deterrence systems try to control the immediate behavior of individuals, not the long-term behaviors targeted by compliance systems. Deterrence theory assumes that humans are rational in their behavioral patterns. Humans seek profit and pleasure while they try to avoid pain. Deterrence assumes that an individual's propensity toward lawbreaking is in inverse proportion to the perceived probability of negative consequences.
The purpose of corporate governance is to:
Encourage the efficient use of resources and require accountability for the stewardship of those resources. The aim is to align as nearly as possible the interests of individuals, corporations, and society."
According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), _________ is the culture, capabilities, and practices, integrated with strategy-setting and its performance, that organizations rely on to manage risk in creating, preserving, and realizing value.
Enterprise risk management
True/False According to Public Company Accounting Oversight Board Auditing Standard 2201 (PCAOB AS 2201), an auditor should implement a bottom-up approach when auditing an entity's internal controls over financial reporting.
False According to Public Company Accounting Oversight Board Auditing Standard 2201 (PCAOB AS 2201), auditors should implement a top-down approach in performing an audit of internal controls over financial reporting (ICOFR). As stated in Paragraph 21, a top-down approach "begins at the financial statement level and with the auditor's understanding of the overall risks to internal control over financial reporting. The auditor then focuses on entity-level controls and works down to significant accounts and disclosures and their relevant assertions." This approach focuses auditors on those accounts, disclosures, and assertions that are most likely to result in material misstatement of the company's financial statements. The standard makes explicit mention, however, that this approach describes the auditor's thought process when identifying risks and the controls to test, rather than the order in which the auditor should perform the audit procedures.
True/false Under the ACFE Code of Professional Ethics, fraud examiners are strictly prohibited from accepting assignments to uncover fraud in a company in which they have a major interest. A. TrueINCORRECT B. FalseCORRECT
False Article II of the ACFE Code of Professional Ethics states: "An ACFE Member shall not engage in any illegal or unethical conduct, or any activity which would constitute a conflict of interest that has not been properly disclosed to the appropriate parties." However, a fraud examiner does not have the same responsibilities as a chartered accountant (CA) or certified public accountant (CPA). For example, a CA or CPA generally would not be able to express an audit opinion on a company in which they held a major financial interest. In the case of the fraud examiner, they would be able to accept such an assignment under most conditions, since the goal of the fraud examiner is to gather facts regarding a potential fraud, not to express an opinion. The fraud examiner should, however, make appropriate disclosures regarding their ownership.
True/False The Sarbanes-Oxley Act (SOX) requires all public U.S. companies to adopt a code of ethics for senior financial officers.
False As required by the Sarbanes-Oxley Act (SOX), public U.S. companies must disclose in their annual report whether they have adopted a code of ethics for senior financial officers, and, if they have not, they must explain their reasoning. The U.S. Securities and Exchange Commission (SEC) believes that the establishment of the detailed provisions of the code of ethics is best left to the discretion of the company. Therefore, the rules do not specify any detailed requirements, particular language, compliance procedures, or sanctions for violations that must be included in the code of ethics. The SEC, however, does encourage the adoption of codes that are broader and more comprehensive than necessary to meet the disclosure requirements.
true false A fraud risk assessment report should reflect the assessment team's subjective perspective and opinions that were formed during the assessment engagement.
False Much instinct and judgment go into performing the fraud risk assessment. When reporting the results of the assessment, however, the team must report only the facts and keep all opinions and biases out of the report. A report that is interspersed with the assessment team's subjective perspective will dilute and potentially undermine the results of the work.
True/false The Government Accountability Office's (GAO) Yellow Book standards apply to performance audits conducted at private companies and nonprofit organizations.
False The Government Accountability Office's (GAO) Yellow Book provides a framework of guidance for auditors of government entities and entities that receive government awards. Yellow Book standards cover ethics, independence, professional judgment and competence, quality control, audit performance, and reporting. The Yellow Book describes and promulgates standards for financial audits and performance audits of government organizations. It also contains standards covering attestation engagements, such as examinations and reviews, and other non-audit services performed on government organizations and programs.
According to The Institute of Internal Auditors' (IIA) International Standards for the Professional Practice of Internal Auditing, due professional care implies infallibility.
False The Institute of Internal Auditors' (IIA) Standard 1220 states that internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor. The Standard also states, however, that due professional care does not imply infallibility.
The fraud risk assessment process should be conducted covertly so that assessment team members can get an accurate picture of what actually occurs in the business.
False The fraud risk assessment process should be visible and communicated throughout the business. Employees will be more inclined to participate in the process if they understand why it is being done and what the expected outcomes will be. To that end, sponsors should be strongly encouraged to openly promote the process. The more personalized the communication from the sponsor, the more effective it will be in encouraging employees to participate in the process. Whether it is a video, town hall meeting, or company-wide email, the communication should be aimed at eliminating any reluctance employees have about participating in the fraud risk assessment process.
True/false Under the Sarbanes-Oxley Act (SOX), members of the audit committee can be paid for consulting work done for the company but only if the transaction is documented and conducted at arm's length.
False Under the restrictions imposed by the Sarbanes-Oxley Act (SOX), all audit committee members must be members of the board of directors and must be independent, meaning they receive compensation only for their service on the board. They cannot be paid by the company, or any of its subsidiaries, for any other consulting or advisory work, including indirect payments made by the company to a party related to the committee member.
True/False Fraud risks that remain after the effect of internal controls are considered inherent risks.
False When considering the fraud risks faced by an organization, it is helpful to analyze how significant a risk is before and after risk response. Risks that are present before the effect of internal controls are described as inherent risks. The risks that remain after the effect of internal controls are described as residual risks. For example, there is an inherent risk that the employee in charge of receiving customer payments at a small company might embezzle incoming cash. Controls, such as separation of duties and oversight from the company owner, can be implemented to help mitigate this risk; however, even with such controls in place, some residual risk will likely remain in that the bookkeeper might still manage to embezzle funds. The objective of the controls is to make the residual risk significantly smaller than the inherent risk.
The risk that an organization might be victimized by an individual who is able to combine the three elements of the Fraud Triangle is called _______________.
Fraud risk
The term occupational crime covers which of the following types of white-collar offenses?
Gary Green, in honing the white-collar crime concept, uses the term occupational crime, which he defines as "any act punishable by law which is committed through opportunity created in the course of an occupation which is legal." Green further delineates occupational crime into four categories: Crimes for the benefit of an employing organization (organizational occupational crime) Crimes by officials through exercise of their government-based authority (government authority occupational crime) Crimes by professionals in their capacity as professionals (professional occupational crime) Crimes by individuals as individuals
which is the most effective method of preventing fraud?
Increasing the perception of detection. Increasing the perception of detection might be the most effective fraud prevention method. Controls, for example, do little good in preventing theft and fraud if those at risk do not know of the presence of possible detection. This means letting employees, managers, and executives know that auditors are actively seeking out information concerning internal theft.
COSO's Internal Controls
Integrated Framework. Each principle is then supported by several points of focus. The principles and underlying points of focus combine to create a full framework that can be used to design, implement, and assess an effective fraud risk management program. The following are the five principles provided in Fraud Risk Management Guide: Fraud risk governance Fraud risk assessment Fraud control activities Fraud investigation and corrective action Fraud risk management monitoring activities
Which of the following is regarded as the essential factor that makes a leader's authority effective?
Legitimacy Legitimacy is regarded as the essential ingredient in what gives governments and leaders authority. The idea is that if the authorities have legitimacy, the public will obey the law. Effective authorities recognize that without the goodwill of those they serve, they could not function. Consequently, their aim must be to maximize compliance and minimize hostility toward laws and rules while gaining legitimacy in the eyes of the public. To effectively govern, a leader must be considered legitimate by the public. Otherwise, compliance will not occur.
The reason the ACFE Code of Professional Ethics restricts the types of opinions fraud examiners may express is to protect the fraud examiner from claims of:
Libel Libel and slander can cause personal injury and subject a fraud examiner to a lawsuit for damages. Libel is a written defamation of someone else's character. Slander is a spoken defamation. The content of a libelous or slanderous message must: Contain words that injure another person's character or reputation or expose them to ridicule or contempt Be communicated orally or in writing to other people Cause an actual damage to the person who is the subject of the communication The risks involved in libel and slander are reasons for having the rule in the ACFE Code of Professional Ethics that prohibits expression of opinions on the guilt or innocence of people.
The research of Dr. Steve Albrecht found which of the following personal characteristics to be the top-ranked motivating factor to commit fraud?
Living beyond means
An accounting clerk stealing incoming customer payments is an example of:
Occupational crime
Occupational crime vs Organizational crime
Organizational crime is that which is committed by businesses, particularly corporations, and the government. An antitrust offense, such as bid rigging or price fixing, would be an organizational crime. Organizational crime occurs in the context of complex relationships and expectations among boards of directors, executives, and managers on one hand, and among parent corporations, corporate divisions, and subsidiaries on the other. Occupational crime:involves legal offenses committed by individuals in the course of their occupation. For example, an accounting clerk stealing incoming customer payments would be considered an occupational crime.
According to B. F. Skinner, which of the following is the most effective way to modify a person's behavior?
Positive reinforcement B. F. Skinner concluded that behavior is most effectively modified by managing and modifying desires through reinforcement—that is, by replacing destructive behaviors with productive ones instead of trying to punish an already existing impulse. Further, behavioral studies, such as those conducted by Skinner, show that punishment is the least effective method of changing behavior. According to Skinner, punishment brings a temporary suppression of the behavior but only with constant supervision and application. Punishment fights a losing battle in manipulating behavior because it works by providing negative consequences—administering penalties and taking away desirables.
Which of the following is among the audit committee's responsibilities for fraud risk management?
Receiving regular reports on the status of reported or alleged fraud As a sub-group of the board of directors, the audit committee is often delegated oversight of the organization's financial, accounting, and audit matters. As part of this responsibility, the committee must take an active role in overseeing the assessment and monitoring of the organization's fraud risks. This involves: Receiving regular reports on the status of reported or alleged fraud Meeting regularly with key internal parties (such as the chief audit executive or other senior financial persons) to discuss identified fraud risks and the steps being taken to prevent and detect fraud Understanding how internal and external audit strategies address fraud risk Providing external auditors with evidence that the audit committee is dedicated to effective fraud risk management Engaging in candid and open conversations with external auditors about any known or suspected fraud Monitoring and improving the fraud risk management program and performing and maintaining the fraud risk assessment are both part of management's responsibilities for addressing fraud risk.
What should be covered in employee anti-fraud training?
The content covered by the organization's anti-fraud training should focus on the specific risks faced by the organization to provide employees with practical, implementable knowledge. However, it should not give employees the information they need to circumvent the normal rules by explaining the details of controls and procedures used to detect fraud. In that regard, the following topics form the basis of an effective training program: What fraud is, including examples of what behavior is acceptable and what is not How fraud hurts the organization How fraud hurts employees Common characteristics that lead individuals to commit fraud (i.e., pressure, opportunity, and ability to rationalize the act) How to identify fraud (i.e., specific examples of financial, transactional, behavioral, and other red flags to watch for) How to report fraud The punishment for dishonest acts, including examples of past transgressions and how they were handled
The Sarbanes-Oxley Act (SOX) requires that each member of a company's audit committee be independent with respect to the company. Which of the following is NOT a violation of the independence requirements for audit committee members?
The receipt of pension benefits from previous employment with the company Audit committee members must be independent of the company with respect to two criteria: fees and affiliation. Audit committee members may only be compensated for their services on the board and any board committee. They cannot be paid by the company, or any of its subsidiaries, for any other consulting or advisory work. However, audit committee members may receive any fixed retirement benefits they are entitled to for prior service with the company, as long as the benefits are not contingent upon the members' continued service. Additionally, audit committee members cannot be affiliated persons of the company or any of its subsidiaries. A safe harbor provision excludes members from being considered an affiliated person as long as they are not an executive officer of the company or any of its subsidiaries and they are not a shareholder of 10% or more of any class of voting stock of the company or any of its subsidiaries.
In response to a risk identified during a fraud risk assessment, management decides to purchase a bond to help protect the company against the associated risk of loss. This response is known as:
Transferring the risk When responding to the organization's residual fraud risks, management may transfer some or all of the risk by purchasing fidelity insurance or a bond. The cost to the organization is the premium paid for the insurance or bond. The covered risk of loss is then transferred to the insurance company.
True/False According to a study conducted by Dr. Steve Albrecht, occupational crime perpetrators who were interested primarily in "beating the system" committed larger frauds than those who believed their pay was not adequate.
True According to Dr. Steve Albrecht, perpetrators who were interested primarily in "beating the system" committed larger frauds. However, perpetrators who believed their pay was not adequate committed primarily small frauds. Lack of segregation of responsibilities, placing undeserved trust in key employees, imposing unrealistic goals, and operating on a crisis basis were all pressures or weaknesses associated with large frauds. College graduates were less likely to spend their illegal income on extravagant vacations, recreational property, extramarital relationships, and expensive automobiles. Finally, those with lower salaries were more likely to have a prior criminal record.
True/false The boards of directors of companies that are listed on the New York Stock Exchange (NYSE) or NASDAQ must be composed of a majority of independent directors.
True Both the NYSE and the NASDAQ rules state that a majority of the directors on a listed company's board must be independent.
True false The National Commission on Fraudulent Financial Reporting (the Treadway Commission) was established with the purpose of defining the responsibility of the auditor in preventing and detecting fraud.
True The National Commission on Fraudulent Financial Reporting (the Treadway Commission) was established in 1985 with the purpose of defining the responsibility of the auditor in preventing and detecting fraud. The Treadway Commission was formed and sponsored by five predominant professional auditing organizations at the time—the American Institute of Certified Public Accountants (AICPA), The Institute of Internal Auditors (IIA), the American Accounting Association (AAA), Financial Executives International (FEI), and the Institute of Management Accountants (IMA).
True/false AU-C Section 240 requires auditors to discuss how management could perpetrate and conceal fraudulent financial reporting.
True AU-C Section 240, Consideration of Fraud in a Financial Statement Audit, requires auditors to hold a brainstorming session to discuss the potential for material misstatements due to fraud. This discussion should cover: How and where the entity's financial statements might be susceptible to fraud How management could perpetrate and conceal fraudulent financial reporting How the entity's assets could be misappropriated
operant conditioning
behavior controlled by stimuli that follow the behavior. Behavior is reinforced when positive rewards are gained (positive reinforcement) or punishment is avoided (negative reinforcement). It is weakened by negative stimuli (punishment) and loss of reward (negative punishment). Whether deviant or criminal behavior begins or persists depends on the degree to which it has been rewarded or punished, as well as the rewards or punishments attached to its alternatives.
Enforcement strategies include two main theories
compliance and deterrence. Compliance is designed to achieve conformity to the law without having to detect, process, or penalize violators. Compliance systems provide economic incentives for voluntary compliance to the laws and use administrative efforts to control violations before they occur. Deterrence is designed to detect law violations, determine who is responsible, and penalize offenders to deter future violations. Deterrence systems try to control the immediate behavior of individuals, not the long-term behaviors targeted by compliance systems.
True/false A behaviorist view of the workplace advocates the use of incentive programs and task-related bonuses as a way to deter employees from ethical and legal violations.
true Emotions, according to behavioral pioneer B. F. Skinner, are a predisposition for people's actions. And since the emotional associations of any event are important factors in conditioning behavior, the associations can be manipulated in conditioning the behavior. The behaviorist view proposes that, when managers are faced with disgruntled employees, they can modify these emotional circumstances with adequate compensation and recognition of workers' accomplishments. Incentive programs and task-related bonuses follow this principle, assuming that employees who feel challenged and rewarded by their jobs will produce more work at a higher quality and are less likely to violate the law.