5.1 Fraud

An upcoming internal audit engagement involves the possibility of fraud. The Standards require the internal auditors to possess which of the following skills?

A.To possess technical expertise in a particular area of fraud examination, such as computer hacking.

B.To hold a current Certified Internal Auditor certification.

C.To hold a current Certified Fraud Examiner certification.

D.To be able to identify indicators that fraud may have been committed.

D.To be able to identify indicators that fraud may have been committed.

Answer D is correct. An internal auditor's responsibilities for the detection of fraud include (1) having sufficient knowledge to identify indicators that fraud may have been committed, (2) being alert to opportunities that could allow fraud (e.g., control weaknesses), and (3) being able to evaluate the indicators of fraud sufficiently to determine whether a fraud investigation should be conducted.

In an audit engagement focusing on payroll processes, which factors should lead an internal auditor to assess fraud risks in detail?

Answers

A.When payroll is processed off site and human resources has high turnover.

B.When the payroll system is completely integrated with human resources, relying primarily on automated controls.

C.When regular independent reviews indicate that journal entries are made relating to vacation time and employee departures.

D.When anomalies such as ghost employees, irregular payroll adjustments, and weak approval processes signal potential fraud.

D.When anomalies such as ghost employees, irregular payroll adjustments, and weak approval processes signal potential fraud.

Answer D is correct. Fraud risks must be considered in every engagement, but certain indicators require detailed assessment. Anomalies such as ghost employees, irregular payroll adjustments, and weak approval processes are red flags that signal a higher potential for fraud in payroll processes. These conditions indicate opportunities for manipulation or misstatement, prompting the internal auditor to perform specific procedures to evaluate the risk of material fraud.

When assessing procurement processes, which indicators should most prompt special fraud risk evaluation?

Answers

A.When procurement processes consistently do not follow policies or competitive bidding.

B.When historical records indicate spending fluctuations and increased procurement turnover.

C.When the process involves informal or sole-source vendor selection.

D.When there is a lack of competitive bidding, inadequate segregation of duties, and frequent control overrides, indicating increased fraud risk.

D.When there is a lack of competitive bidding, inadequate segregation of duties, and frequent control overrides, indicating increased fraud risk.

Answer D is correct. Procurement processes are particularly susceptible to fraud when key controls are weak or absent, such as a lack of competitive bidding, which can enable collusion or kickbacks; inadequate segregation of duties, which allows individuals to both approve and execute transactions; and frequent control overrides, which bypass established safeguards. These indicators collectively signal a high risk of fraudulent activities such as bid rigging or fictitious vendors, prompting internal auditors to conduct special fraud risk evaluations to mitigate potential losses. According to fraud risk assessment principles, such red flags warrant heightened scrutiny to ensure organizational assets are protected.

Which of the following is considered a fraudulent activity?

Answers

A.A mistake in the application of accounting principles relating to amount, classification, manner of presentation, or disclosure.

B.An incorrect accounting estimate arising from oversight or misinterpretation of facts.

C.Misappropriation of assets.

D.A mistake in gathering or processing accounting data from which financial statements are prepared.

C.Misappropriation of assets.

Answer C is correct. Fraud is an intentional act involving the use of deception that results in misstatement of the financial statements. Two types of fraud that are relevant to the auditor are (1) misstatements arising from fraudulent financial reporting and (2) misstatements arising from misappropriation of assets.

An internal auditor who suspects fraud should

Answers

A.Determine that a loss has been incurred.

B.Interview those who have been involved in the control of assets.

C.Recommend an investigation if appropriate.

D.Identify the employees who could be implicated in the case.

C.Recommend an investigation if appropriate.

Answer C is correct. An internal auditor's responsibilities for detecting fraud include evaluating fraud indicators and deciding whether any additional action is necessary or whether an investigation should be recommended.

Which of the following circumstances would an auditor most likely consider a risk factor relating to misstatements arising from fraudulent financial reporting?

Answers

A.Management is interested in maintaining the entity's earnings trend by using aggressive accounting practices.

B.Several members of management have recently purchased additional shares of the entity's stock.

C.The entity distributes financial forecasts to financial analysts that predict conservative operating results.

D.Several members of the board of directors have recently sold shares of the entity's stock.

A.Management is interested in maintaining the entity's earnings trend by using aggressive accounting practices.

Answer A is correct. Fraud risk factors relate to misstatements arising from (1) fraudulent financial reporting and (2) misappropriation of assets. Each of these categories may be further classified according to the three conditions that ordinarily exist when fraud occurs: (1) incentives or pressures, (2) opportunities, and (3) attitudes or rationalizations. For example, excessive pressure may exist to meet the expectations of third parties (e.g., analysts, investors, and creditors) regarding profitability or trends.

Internal auditors should have knowledge about factors (red flags) that have proven to be associated with management fraud. Which of the following factors have generally been associated with management fraud?

Answers

A.A visionary CEO.

B.A management preoccupation with increased financial performance.

C.Regular comparison of actual results with budgets.

D.A salary-based compensation system.

B.A management preoccupation with increased financial performance.

Answer B is correct. A management preoccupation with increased financial performance provides an incentive for managers to distort performance.

A key feature that distinguishes fraud from other types of crime or impropriety is that fraud always involves the

Answers

A.False representation or concealment of a material fact.

B.Deceitful wrongdoing of management-level personnel.

C.Unlawful conversion of property that is lawfully in the custody of the perpetrator.

D.Violent or forceful taking of property.

A.False representation or concealment of a material fact.

Answer A is correct. Fraud is defined in The IIA Glossary as "[a]ny intentional act characterized by deceit, concealment, dishonesty, misappropriation of assets or information, forgery, or violation of trust perpetrated by individuals or organizations to secure unjust or illegal personal or business advantage."

Which of the following best describes an auditor's responsibility after noting some indicators of fraud?

Answers

A.Expand activities to determine whether an investigation is warranted.

B.Report the possibility of fraud to senior management and ask how to proceed.

C.Report the matter to the audit committee and request funding for outside specialists to help investigate the possible fraud.

D.Consult with external legal counsel to determine the course of action to be taken.

A.Expand activities to determine whether an investigation is warranted.

Answer A is correct. An internal auditor's responsibilities for detecting fraud include evaluating fraud indicators and deciding whether any additional action is necessary or whether an investigation should be recommended. For example, the receiving department should not be able to access the purchase order and receiving computer programs. Receiving should record amounts received without knowing the amounts purchased. Such incompatible responsibilities require additional attention by an auditor.

Which type of cybersecurity attack relies on the manipulation of people into divulging confidential information or performing actions that compromise their organization's security?

Answers

A.Social engineering.

B.Phishing.

C.Ransomware.

D.Denial of service (DoS).

A.Social engineering.

Answer A is correct. Social engineering attacks exploit human psychology and trick individuals into providing sensitive information or carrying out certain actions that undermine security measures.

A manufacturing entity, located in a sparsely populated region of the country, has a policy of leaving its raw material inventory warehouse doors open during normal business hours to optimize workflow. The controller for the entity has just noticed that some raw material inventory is missing. Using the Fraud Triangle model, the controller has determined that the entity's policy most likely increases the risk of fraud by

Answers

A.Incentivizing employees to commit the fraud.

B.Increasing the opportunity to commit the fraud.

C.Increasing the ease of rationalization of the fraudulent activity.

D.Assisting employees to perceive a financial need.

B.Increasing the opportunity to commit the fraud.

Answer B is correct. The three elements of the Fraud Triangle are pressure, opportunity, and rationalization. Opportunity is the ability of a person not only to perpetrate but also to conceal fraud and is created by an absence of oversight, inadequate internal controls, or the lack of enforcement of controls. Leaving the warehouse doors open represents an inadequate internal control that increases the opportunity to commit fraud.

When considering the potential for fraud risk, internal auditors

Answers

A.Should exercise due professional care when investigating fraud.

B.Determine whether management has documented the consideration of fraud risks.

C.Should exercise due professional care to detect fraud.

D.Evaluate whether control deficiencies are sufficiently corrected.

Answer D is correct. Internal auditors should evaluate whether (1) management is actively overseeing the fraud risk management programs, (2) timely and sufficient corrective measures have been taken with respect to any noted control deficiencies, and (3) the plan for monitoring the program is adequate.

Check kiting

Answers

A.Is by electronic means facilitated by the potential hacking of networked computer systems.

B.Can proceed in a circle of accounts at any number of banks.

C.Exploits the lack of float time between the deposit of the check and the check clearing the bank.

D.Is theft of a customer's payment by a person with access to the customer's payments and accounts receivable records.

B.Can proceed in a circle of accounts at any number of banks.

Answer B is correct. A check kiting scheme requires two accounts and usually involves several accounts at several banks. The nonexistent cash is constantly moved from one bank to another, rotating in a circular fashion. Check kiting exploits the delay between depositing a check in one bank account and clearing the check through the bank on which it was drawn. The kiter writes an insufficient funds check payable by the first bank and deposits the check in a second bank. The second bank immediately credits the account for some or all of the amount of the check, enabling the kiter to write other checks or withdraw cash on the nonexistent balance.

An internal auditor suspects that a mailroom clerk is embezzling funds. In exercising due professional care, the internal auditor should

Answers

A.Confront the clerk with the auditor's suspicions.

B.Institute stricter controls over mailroom operations.

C.Reassign the clerk to another department.

D.Evaluate fraud indicators and decide whether further action is necessary.

D.Evaluate fraud indicators and decide whether further action is necessary.

Answer D is correct. An internal auditor's responsibilities for detecting fraud include evaluating fraud indicators and deciding whether any additional action is necessary or whether an investigation should be recommended.

A medium-sized regional firm distributes packaged snack foods to convenience stores. A routine inventory has revealed significant amounts of inventory missing from the delivery trucks. Which of the following suggests a control weakness that may provide an opportunity for fraud?

Answers

A.Careful counts are made as inventory is loaded on the trucks.

B.The policy and procedure manual clearly defines allowed and prohibited actions.

C.Access to the warehouse is restricted to a few trusted employees.

D.Truck drivers are allowed to use the trucks for personal reasons, including taking them home at night, as a benefit of employment.

D.Truck drivers are allowed to use the trucks for personal reasons, including taking them home at night, as a benefit of employment.

Answer D is correct. Unrestricted access to the trucks creates opportunities for theft of merchandise by the drivers.

When auditing the award of a major contract, which of the following should an internal auditor suspect as a red flag for a bidding fraud scheme?

Answers

A.A high percentage of employees are charged to indirect accounts.

B.Material contract requirements are different on the actual contract than on the request for bids.

C.Losing bidders are not given feedback.

D.Subsequent change orders increase requirements for low-bid items.

B.Material contract requirements are different on the actual contract than on the request for bids.

Answer B is correct. The internal audit function must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk. According to The IIA Glossary, fraud is any illegal act characterized by deceit, concealment, or violation of trust. It is fraudulent for the material contract requirements on the request for bids to differ from the actual contract. This type of fraud inflates bid amounts by having more bidder-friendly requirements on the request for bids than on the actual contract.

In the treasury/financing cycle, why is segregation of duties between accounting for transactions and custody of assets necessary?

Answers

A.To increase efficiency in processing financial transactions by reducing the number of involved parties.

B.To ensure that all financial transactions are directly managed and supervised by a single department head.

C.To prevent conflicts of interest by having separate departments handle financing and investment decisions.

D.To reduce the risk of errors or fraud by making different individuals or departments responsible for different aspects of transactions and custody.

D.To reduce the risk of errors or fraud by making different individuals or departments responsible for different aspects of transactions and custody.

Answer D is correct. Segregation of duties is an internal control designed to reduce the risk of errors or fraud by making different individuals or departments responsible for different aspects of transactions and custody of assets, thus ensuring that no single individual has control over all parts of any financial transaction.

Which of the following would indicate that fraud may be taking place in a marketing department?

Answers

A.A manager appears to be living a lifestyle that is in excess of what could be provided by a marketing manager's salary.

B.There is no documentation for some fairly large expenditures made to a new vendor.

C.The control environment can best be described as "very loose." However, this attitude is justified by management on the grounds that it is needed for creativity.

D.All of the answers are correct.

D.All of the answers are correct.

Answer D is correct. An internal auditor's responsibilities for the detection of fraud include having sufficient knowledge to identify indicators that fraud may have been committed; being alert to opportunities, such as control weaknesses, that could allow fraud to occur; and evaluating the indicators of fraud sufficiently to determine whether any further action is needed or whether a fraud investigation should be recommended. Among the many such indicators are lack of timely and appropriate documentation (including information about authorization) for material transactions, suspicious lifestyle characteristics of employees in a position to commit fraud, and management's failure to display and communicate an appropriate attitude toward internal control.

The fraud risk factor that may be mitigated by internal controls is

Answers

A.Motive.

B.Rationalization.

C.Opportunity.

D.Pressure.

C.Opportunity.

Answer C is correct. The opportunity for individuals to perpetrate a fraud can be mitigated by proper controls. Examples are appropriate oversight, segregation of duties, and the audit process itself.

When comparing perpetrators who have embezzled an organization's funds with perpetrators of financial statement fraud (falsified financial statements), those who have falsified financial statements are less likely to

Answers

A.Be living beyond their obvious means of support.

B.Use organizational expectations as justification for the act.

C.Have experienced an autocratic management style.

D.Rationalize the fraudulent behavior.

A.Be living beyond their obvious means of support.

Answer A is correct. Living beyond one's means has been linked to employee fraud (embezzlement), not to financial statement fraud. Fraud perpetrated for the benefit of the organization ordinarily benefits the wrongdoer indirectly, whereas fraud that is detrimental to the organization provides immediate, direct benefits to the employee.

The chief of an organization's security received an anonymous call accusing a marketing manager of taking kickbacks from a media outlet. Thus, the marketing department is on the list of possible engagement clients for the coming year. The internal audit function is assigned responsibility for investigating fraud by its charter. If obtaining access to outside media outlet records and personnel is not possible, the best action an internal auditor could take to investigate the allegation of marketing kickbacks is to

Answers

A.Search for unrecorded liabilities from media outlets.

B.Obtain a list of approved media outlets.

C.Develop a financial and behavioral profile of the suspect.

D.Vouch any material past charge-offs of receivables.

C.Develop a financial and behavioral profile of the suspect.

Answer C is correct. A common indicator of fraud by an employee is an unexplained change in his or her financial status. A standard of living not commensurate with the employee's income may signify wrongdoing. The employee's behavior may also be suspicious (for example, constant association with, and entertainment by, a member of the media outlet's staff). The profile may help to corroborate illegal income and thereby provide a basis for tracing illegal payments to the employee.

Internal auditors are more likely to detect fraud by developing/strengthening their ability to

Answers

A.Recognize and question changes that occur in organizations.

B.Interrogate fraud perpetrators to discover why the fraud was committed.

C.Document computerized operating system programs.

D.Develop internal controls to prevent the occurrence of fraud.

A.Recognize and question changes that occur in organizations.

Answer A is correct. An internal auditor's responsibilities for detecting fraud include evaluating fraud indicators and deciding whether any additional action is necessary or whether an investigation should be recommended.

One factor that distinguishes fraud from other employee crimes is that fraud involves

Answers

A.Personal gain for the perpetrator.

B.Intentional deception.

C.Collusion with a party outside the organization.

D.Malicious motives.

B.Intentional deception.

Answer B is correct. Fraud is defined in The IIA Glossary as "[a]ny intentional act characterized by deceit, concealment, dishonesty, misappropriation of assets or information, forgery, or violation of trust perpetrated by individuals or organizations to secure unjust or illegal personal or business advantage."

Which of the following is most likely to be considered an indication of possible fraud?

Answers

A.The replacement of the management team after a hostile takeover.

B.A government audit of the organization's tax returns.

C.Rapid turnover of the organization's financial executives.

D.Rapid expansion into new markets.

C.Rapid turnover of the organization's financial executives.

Answer C is correct. Even the most effective internal control can sometimes be circumvented, perhaps by collusion of two or more employees. Thus, an auditor must be sensitive to certain conditions that might indicate the existence of fraud, including high personnel turnover. In the case of financial executives, high turnover may suggest a pattern of inflation of profits to obtain bonuses or other benefits, to secure advantages in the marketplace, or to conceal incompetence or rash actions.

Misappropriation of assets is most often perpetrated by

Answers

A.Customers.

B.Auditors.

C.Suppliers.

D.Employees.

D.Employees.

Answer D is correct. Employees who have fiduciary responsibilities for assets are most likely to steal them.

After noting some red flags, an internal auditor has an increased awareness that fraud may be present. Which of the following best describes the internal auditor's responsibility?

Answers

A.Report the possibility of fraud to senior management and the board and ask them how they would like to proceed.

B.Consult with external legal counsel to determine the course of action to be taken, including the approval of the proposed engagement work program to make sure it is acceptable on legal grounds.

C.Expand activities to determine whether an investigation is warranted.

D.Report the matter to the audit committee and request funding for outside service providers to help investigate the possible fraud.

C.Expand activities to determine whether an investigation is warranted.

Answer C is correct. An internal auditor's responsibilities for detecting fraud include evaluating fraud indicators and deciding whether any additional action is necessary or whether an investigation should be recommended.

When an internal auditor identifies multiple factors that have been linked with possible fraudulent conditions and suspects that fraud has taken place, the auditor should

Answers

A.Immediately report to the board.

B.Immediately report to senior management and the board.

C.Recommend an investigation.

D.Extend tests to determine the extent of the fraud.

C.Recommend an investigation.

Answer C is correct. An internal auditor's responsibilities for detecting fraud include evaluating fraud indicators and deciding whether any additional action is necessary or whether an investigation should be recommended.

In an organization with a separate division that is primarily responsible for the prevention of fraud, the internal audit function is responsible for

Answers

A.Controlling that division's fraud prevention activities.

B.Examining and evaluating the adequacy and effectiveness of that division's actions taken to prevent fraud.

C.Planning that division's fraud prevention activities.

D.Establishing and maintaining that division's system of internal control.

B.Examining and evaluating the adequacy and effectiveness of that division's actions taken to prevent fraud.

Answer B is correct. Control is the principal means of preventing fraud. Management is primarily responsible for the establishment and maintenance of control. Internal auditors must assist the organization by evaluating the effectiveness and efficiency of controls and promoting continuous improvement. Internal auditors should be alert to opportunities that could allow fraud and evaluate the indicators of fraud. For example, internal auditors can evaluate whether management is actively overseeing the fraud risk management programs.

Which of the following policies is most likely to result in an environment conducive to the occurrence of fraud?

Answers

A.The division's hiring process frequently results in the rejection of adequately trained applicants.

B.The application of some accounting controls on a sample basis.

C.Unreasonable sales and production goals.

D.Budget preparation input by the employees who are responsible for meeting the budget.

C.Unreasonable sales and production goals.

Answer C is correct. Unrealistically high sales or production quotas can be an incentive to falsify the records or otherwise take inappropriate action to improve performance measures so that the quotas appear to have been met.

What is the responsibility of the internal auditor with respect to fraud?

Answers

A.An internal auditor's primary role is to detect and investigate fraud.

B.The internal auditor should have sufficient knowledge to identify the indicators of fraud but is not expected to be an expert.

C.An internal auditor should have sufficient knowledge and training so that (s)he is able to detect fraud.

D.The internal auditor should have the same ability to detect fraud as a person whose primary responsibility is detecting and investigating fraud.

C.An internal auditor should have sufficient knowledge and training so that (s)he is able to detect fraud.

Answer C is incorrect because An internal auditor must have sufficient knowledge to identify the indicators of fraud but is not required to have sufficient knowledge and training to be able to detect fraud.