DOES FRAUD TRAINING HELP

AUDITORS IDENTIFY FRAUD

RISK FACTORS?

James Lloyd Bierstaker, James E. Hunton

and Jay C. Thibodeau

ABSTRACT

The current study examines the effect of fraud training on auditors’

ability to identify fraud risk factors. This is important because most
auditors have little or no direct experience with fraud; thus, research that
investigates the potential effect of indirect experience through training
is vitally important to fraud detection and audit quality. A total of
369 experienced auditors completed a complex audit simulation task
that involved 15 seeded fraud risk red flags. A total of 143 auditors
participated in a 30-minute training session focused specifically on fraud
risk, while the remaining 226 auditors learned about general internal
control risk during this time block. The results indicate that auditors with
fraud training identified significantly more red flags and obtained greater
knowledge about fraud risk than auditors who did not receive the training.
Considering that the fraud training consumed only 30 minutes out of a
64-hour training session, the findings suggest that even modest exposure
to fraud training is quite effective.

Advances in Accounting Behavioral Research, Volume 15, 85–100

Copyright r 2012 by Emerald Group Publishing Limited
All rights of reproduction in any form reserved
ISSN: 1475-1488/doi:10.1108/S1475-1488(2012)0000015008
85
86 JAMES LLOYD BIERSTAKER ET AL.

INTRODUCTION

Although the frequency of financial statement fraud is low when compared

to the total number of public company filings, the impact on shareholders
and audit firms is often significant when fraud does occur. The most recent
Committee of Sponsoring Organizations [COSO] (2010) report analyzed
incidences of financial statement fraud reported by the Securities and
Exchange Commission (SEC) from 1998 to 2007, and found that the
average monetary loss reported per incident increased dramatically to nearly
$400 million per incident, relative to $25 million per incident in the previous
decade. Given the potential for significant monetary loss, it is essential
that auditors are able to identify fraud risk factors during the audit process.
SAS No. 99 (American Institute of Certified Public Accountants [AICPA],
2002) requires that auditors plan and perform every audit to obtain reason-
able assurance that the financial statements are free of material misstatement
due to error or fraud. To meet this requirement, auditors must absorb a
significant amount of relevant information about the entity, its strategy, and
its industry. When evaluating such information, the auditor needs to use
professional judgment to determine whether fraud risk factors are present.
While these are critically important tasks that must be completed on each
audit, evidence from Public Accounting Oversight Board [PCAOB] (2007)
inspections and Hammersley, Johnstone, and Kadous (2011) suggest that
auditors need improvement in this area.
One reason the auditors likely experience difficulty identifying fraud risk
factors is that they rarely experience actual material financial statement
fraud (Hammersley, 2011). Given the lack of opportunity for auditors to
acquire fraud knowledge through direct experience, it is critical that fraud
training be designed to compensate for this deficiency. Fraud training
potentially offers an effective way to simulate direct fraud experience, and
thereby increase auditors’ performance on fraud-related judgments. Accord-
ingly, the objective of this research is to investigate whether fraud training
improves auditors’ ability to identify fraud risk factors.
A sample of 369 experienced auditors completed a complex, case-based
audit simulation task that involved the identification of fraud risk factors.
Analysis of the participants’ background information validates the infre-
quency of auditors’ actual fraud experience. The experimental findings
indicate that fraud-specific training significantly improved auditors’ ability to
identify fraud risk factors, relative to the control group. A post-experiment
test of general fraud knowledge indicates that auditors who participated
in fraud training were more knowledgeable about fraud risk factors than
Does Fraud Training Help Auditors Identify Fraud Risk Factors? 87

the control group, which helps to explain why they identified more fraud risk
factors in the experiment. The current study contributes to extant literature
seeking to improve audit quality, particularly in the area of fraud risk
identification, which is an area about which the PCAOB has expressed serious
concern (PCAOB, 2007). The next section develops the research hypothesis.
The third section presents the research method, the fourth section analyzes
the results, and the final section offers our conclusion.

LITERATURE REVIEW

Fraudulent Financial Reporting

The auditing standards characterize fraudulent financial reporting as

misstatements of the underlying economics of a company’s financial results
and position with the intent to deceive financial statement users (AICPA,
2002). Fraudulent financial reporting often arises from the perceived
need by management to get through a difficult period of time (e.g., cash
shortage), or to meet or beat analysts’ expectations. Management often views
these conditions as temporary and believes that the falsification of the
financial statements will help the company get through the difficulties and
expectations (Louwers, Ramsay, Sinason, Strawser, & Thibodeau, 2011).
Management may also benefit from financial statement fraud because of
bonuses or performance-based compensation such as stock options.
In the COSO (2010) report, 89% of reported incidents involved the CEO
and/or the CFO of the company. This implies that the intentional deception
usually starts at the top of an organization. As a result, it is generally the case
that management takes deliberate action to conceal fraudulent activities from
the auditors, making it difficult for auditors to detect fraudulent financial
reporting. Detecting fraud has therefore become very important to the
accounting profession, as failure to detect fraud can be damaging to capital
markets and the reputation of the profession, and is often an area of the audit
process that receives a great deal of external scrutiny (Bonner, Palmrose, &
Young, 1998; Carpenter, Durtschi, & Gaynor, 2011; Elliot, 2002; Palmrose,
1987; PCAOB, 2004, 2007, 2010).
The professional standards require that auditors identify fraud risk factors
and assess the risk of material misstatement due to fraud on every audit
engagement (AICPA, 2002). In addition, auditors must adequately respond to
fraud risk when planning and executing their substantive testing procedures
(AICPA, 2002). However, there is evidence that auditors have difficulty
88 JAMES LLOYD BIERSTAKER ET AL.

identifying fraud risk factors (PCAOB, 2007; Hammersley et al., 2011). Much
of the blame is placed on auditors’ lack of direct experience with fraud; hence,
when they run across fraud risk factors, their declarative and procedural
schema are not sufficiently developed to the point where the fraud risk red
flags are recognized (Albrect & Romney, 1986; Johnson, Grazioli, & Jamal,
1993; Nieschwietz, Schultz, & Zimbelman, 2000).

Importance of Training

Libby and Luft (1993) posit that the relationship between experience and task
performance is indirect, and argue that experience influences task perfor-
mance primarily through knowledge. Since direct and indirect experience
represent only the opportunity to acquire knowledge (Marchant, 1990), it is
important to understand the effectiveness of indirect knowledge acquisition in
a situation where knowledge acquisition through direct experience rarely
occurs. Bonner and Pennington (1991) propose that auditors’ performance
can be improved in areas where they lack direct experience through various
indirect experience channels, such as college coursework, continuing edu-
cation courses, firm audit manuals, professional literature, and firm training.
Recently, Hammersley (2011) developed a model focused on auditor and
fraud risk factor characteristics that influence fraud risk identification. She
asserts that auditors with sufficient knowledge gained from experience are
more likely to detect the presence of fraud risk factors than auditors with
insufficient knowledge. However, in practice, auditors typically lack sufficient
fraud knowledge due to the paucity of direct fraud-related experience (Braun,
2000; Hoffman & Patton, 1997; Jamal, Johnson, & Berryman, 1995; Knapp &
Knapp, 2001; Zimbelman, 1997). Bonner and Walker (1994) and Bonner
(2008) suggest that knowledge in this circumstance needs to be acquired
through indirect means, particularly through training.
Many researchers support the contention that training can help auditors
to improve their ability to identify fraud-related red flags (e.g., Johnson
et al., 1993; Lindberg, 1999; Nieschwietz et al., 2000). Recently, Carpenter
et al. (2011) examined how a course specifically focused on forensic
accounting can improve the ability of students to identify fraud risk factors,
relative to students who did not take the course. They found that students
who took the course were better able to identify fraud risk factors post-
training (the last day of class) than they did pre-training (the first day of
class). Their post-training abilities were not significantly different than a
panel of experts, but were significantly better than students who did not take
Does Fraud Training Help Auditors Identify Fraud Risk Factors? 89

the forensic accounting course. Further, they found that the trained students’
judgments, seven months after completing the course, were equal to their
post-training performance, suggesting the persistent effects of knowledge
acquisition through indirect experience. We suggest that fraud training will
also be effective for experienced auditors. Therefore, the study hypothesis
is as follows:

Hypothesis. Auditors who receive fraud training will identify more fraud
risk factors than auditors who do not receive fraud training.

RESEARCH METHOD
Participants

A total of 369 experienced auditors who had been recently hired by a Big
4 CPA firm participated in the experiment. The new hires had gained prior
auditing experience at other Big 4 and regional auditing firms.1 The parti-
cipating auditors held position levels of staff (n ¼ 147), senior (n ¼ 172),
manager (n ¼ 48), and partner (n ¼ 2). The overall mean months of audit
experience was 42.43. On a seven-point scale (where 1 reflects no fraud
experience and 7 reflects extensive fraud experience), the mean level of prior
fraud experience was relatively low at 2.75. Finally, during the past five years,
the mean number of engagements where material fraud was found was
very low at 0.53. Table 1 presents more detailed demographic information.

Experimental Design

The experimental task was administered at six different training sessions

over a seven-month period. Each training session lasted for eight days, eight
hours per day, for a total of 64 hours. At each training session, there were
two or more groups participating in the training session, each in different
rooms. One group from each training session was randomized to receive
fraud training (the treatment). Overall, there were 143 auditors who received
fraud training and 226 who did not receive the training, yielding a total
sample size of 369.
The 30-minute fraud training session took place during Sunday morning.
Content of the training session was based on a fraud white paper developed
90 JAMES LLOYD BIERSTAKER ET AL.

Table 1. Demographic Information.

Control Group Fraud Training Overall

Sample size (n) 226 143 369

Current position level
Partner 2 (0.8%) 0 (0%) 2 (0.6%)
Manager 29 (12.8%) 19 (13.3%) 48 (13.0%)
Senior 113 (50.0%) 59 (41.2%) 172 (46.6%)
Staff 82 (36.3%) 65 (45.4%) 147 (39.8%)
Months (S.D.) audit experience 43.04 (46.40) 39.54 (37.65) 42.43 (43.54)
Fraud experience (S.D.)a 2.82 (1.52) 2.64 (1.51) 2.75 (1.51)
Number (S.D.) of engagements 0.47 (1.18) 0.58 (1.38) 0.53 (1.25)
over the past five years where
material fraud was found
a
Fraud experience was measured on a seven-point scale (1 ¼ no experience, 4 ¼ some experience,
7 ¼ extensive experience).

by the participating firm. The training session focused on key elements of an

effective antifraud program, including the code of conduct, whistleblower
hotline, the audit committee, human resources, investigation, and fraud risk
assessment. While fraud training was taking place, the other groups were
learning about general internal control risks. For the remainder of Sunday
morning and afternoon, as well as Monday morning, all auditors went over
the same internal control training material. On Monday afternoon,
everyone participated in the experimental task, which had been developed
and tested by the participating firm over several years.
The experimental task began with the researcher providing a brief
introduction, which was designed to inform participants that the research
was part of the firm’s effort to continuously improve their audit processes.
An announcement from the firm’s Office of General Council was provided
to alleviate participants’ concern about their responses being used for
evaluative purposes by the firm. Participants were informed that their
responses would be kept anonymous. Finally, participants were instructed
to work alone and not ask any questions to their fellow participants. At each
session, an author observed that participants worked independently and did
not consult with their colleagues during completion of the experiment.
After the introduction, participants were given approximately 15–20
minutes to initially read a set of detailed background information about a
hypothetical audit client. The background information materials were
designed to provide enough detail to allow participants to evaluate
Does Fraud Training Help Auditors Identify Fraud Risk Factors? 91

management’s antifraud programs and related controls. The materials

described the control environment at the company, including the company’s
efforts at establishing controls at both the company-wide level and the
detailed business process level. Specifically, the materials included a detailed
set of information about the company’s (1) business processes, including
receiving, production, shipping, and the data-recording processes; (2) man-
agement team; (3) internal audit function; (4) audit committee; and (5) human
resources department and procedures.
Once initial reading of the materials was complete, participants were
shown three separate video clips depicting an auditor’s interview sessions
with the company’s (1) CEO, (2) internal auditor, and (3) machine operator.
The materials and videos purposely included 15 fraud-related red flags
suggesting that fraud might be occurring at the company (see Appendix A
for a summary of the red flags). The video portion of the experiment took
approximately 45–50 minutes.
Management’s description of its antifraud programs and controls was
intended to initially lead an auditor to conclude that the control system was
well designed; however, after obtaining additional information and viewing
the video clips of the interviews, it should have become clear that there were
serious internal control problems, the combination of which suggested the
possibility of financial misstatement and fraud. Afterward, participants were
asked to list any fraud risk factors that came to their attention while reading
the background information and listening to the video clips.

Dependent Variable
In total, there were 15 risk factors identified by the Big 4 firm’s training
function as the model (normative) answer. Importantly, the list of risk
factors was validated by firm professionals who initially designed the
materials and validated by use of the task in firm-wide training for several
years. The dependent variable for this study reflects the number of fraud risk
factors, from the set of 15, identified by the participating auditors.

RESULTS

Descriptive Statistics

We asked two questions to gain insight into auditors’ fraud-related

experience. On a scale from 1 (no experience) to 7 (extensive experience),
auditors’ mean (standard deviation) fraud experience rating was 2.77 (1.52).
92 JAMES LLOYD BIERSTAKER ET AL.

In addition, auditors indicated that over the last five years they had parti-
cipated on a mean (standard deviation) of 0.53 (1.25) engagements where
material fraud was found, and over two-thirds of them (including managers)
indicated they had never been on an engagement over the past five years
where material fraud was found. The means were not significantly different
between treatment conditions (pW.10). Overall, these findings suggest that
the auditors who participated in the current study had a relatively low level
of direct fraud experience, which is consistent with prior anecdotal evidence
and empirical research.

Control Variables

We ran two analysis of covariance (ANCOVA) models to test for possible

covariates. The first model included the number of fraud risk factors
identified as the dependent variable; the second model included the results of
a post-experiment fraud knowledge test as the dependent variable. For both
models, the auditor’s months of audit experience, position level, fraud
detection experience, number of engagements where material fraud was
found, and training session number (1 through 6) were not significant
(pW0.10).2 Thus, we did not consider these covariates in the upcoming tests.

Hypothesis Test

The study hypothesis predicts that auditors who receive specific fraud training
will identify more fraud risk factors than those who do not receive training.
The mean (standard deviation) number of fraud risk factors identified by
the training and control groups were 8.22 (4.05) and 4.11 (2.39), respectively.
Results from a t-test (t ¼ 10.78, po.01) indicate that the mean number of
fraud risk factors identified in the fraud training condition is significantly
greater than the control condition, thereby supporting the study hypothesis.
Hence, it appears as though the fraud training was effective.

Post-experiment Fraud Knowledge Test

After completion of the task, we asked 10 multiple choice questions to assess

the participants’ general fraud knowledge. The fraud knowledge test was
initially designed by the researchers, and refined, tested, and validated by
Does Fraud Training Help Auditors Identify Fraud Risk Factors? 93

experienced auditors who work for the participating CPA firm. The questions
and answers are shown in Appendix B. The mean (standard deviation)
number of correct answers by treatment condition are 5.45 (1.16) for the
fraud training group and 5.16 (1.271) for the control group. The means are
significantly different (t ¼ 2.10, p ¼ .045), indicating that improved fraud
knowledge contributed to greater recognition of fraud-related red flags in the
experiment.

CONCLUSION

This study has three main findings. First, the results provide evidence that
validate the infrequency of auditors’ actual fraud experiences. Second, the
experimental findings indicate that fraud-specific training improved auditors’
ability to identify fraud risk red flags, relative to a control group of auditors
who did not receive such training. Third, participants who received fraud
training scored higher on a post-experiment fraud knowledge test than the
control group. Overall, the current study suggest that fraud-specific training
can improve auditors’ ability to identify fraud risk factors, which is an
important component of the audit process and one where potential
improvements are needed (Hammersley et al., 2011; PCAOB, 2007).
This study responds to calls from researchers and standard setters for
training methods to improve auditors’ identification of fraud risk factors (e.g.,
AICPA, 2003; Carmichael, 2004; Rezaee, 2004). From a practical perspective,
the Public Oversight Board (POB) reported that auditors often overlook
important fraud risk factors (POB, 2000) and the PCAOB has expressed
concerns about auditors’ approaches to finding fraud (PCAOB, 2007). The
cost for practitioners, investors, and society of overlooking fraud can be huge.
Based on our findings, audit firms should invest in training programs aimed at
improving auditors’ performance when they search for fraud.
Audit firms might also consider working with educators in developing
effective fraud cases based on real-life fraud experiences. As indicated by
Carpenter et al. (2011), additional research is needed to examine what types
of training methods and feedback are the most productive for improving
auditors’ fraud detection performance. For example, Carpenter et al. (2011)
suggest that a problem-based learning approach can be effective for
enhancing students’ fraud knowledge acquisition.
As with any study, this research is subject to certain limitations. First, the
auditors in this study might not be representative of all auditors. However,
since they were newly hired experienced auditors who previously worked for
94 JAMES LLOYD BIERSTAKER ET AL.

many different firms, they likely brought with them many different firm
cultures, which help to ward-off the validity threat of representativeness.
Second, in the current experiment, fraud training and the experimental task
were separated by a day and one-half. Although the separation period was
filled with intense education in other areas, we do not know the longitudinal
period of time over which the fraud training effect would persist. Third,
auditors in this study were not subject to efficiency pressures that are
common in actual audit settings. Future research could extend this study by
examining whether the positive effects of fraud training are diminished when
auditors are subject to efficiency pressures. Finally, auditors performed the
task individually, wherein reality auditors often work in teams. Therefore,
future research is needed to examine auditors’ fraud detection performance
when working in teams, as well as exploring the most effective means of
training to maximize the team performance.
Other avenues for future research include examining the effectiveness of
requiring auditors to experience a forensic audit rotation. Since auditors
seldom find fraud in practice (Hammersley, 2011), a required forensic
rotation would provide auditors with relevant and rich direct experience to
aid them when they are attempting to comply with professional auditing
standards (AICPA, 2002). Perhaps experience of this nature will help
auditors transition from an implemental ‘‘check the box’’ mentality (a
concern that has been expressed by the PCAOB) to a more thoughtful and
deliberative mindset.

NOTES
1. Due to confidentiality concerns, we were not able to collect data on which CPA
firms the participants were employed prior to being hired at the current firm.
2. Most participants indicated no prior fraud experience and zero number of
engagements where material fraud was found; hence, these covariates likely were
nonsignificant in either ANCOVA model due to low power.

REFERENCES
Albrect, W. S., & Romney, M. B. (1986). Red-flagging management fraud: A validation.
Advances in Accounting, 3, 323–334.
American Institute of Certified Public Accountants. (2002). Consideration of fraud in a financial
statement audit. Statement on auditing standards No. 99 (October 15). New York, NY:
AICPA.
Does Fraud Training Help Auditors Identify Fraud Risk Factors? 95

American Institute of Certified Public Accountants. (2003). AICPA practice aid series, fraud
detection in a GAAS audit. SAS No. 99 Implementation Guide. New York, NY: AICPA.
Bonner, S. E. (2008). Judgment and decision making in accounting. Upper Saddle River, NJ:
Prentice-Hall.
Bonner, S. E., Palmrose, Z., & Young, S. (1998). Fraud type and auditor litigation: An
analysis of SEC accounting and auditing enforcement releases. The Accounting Review,
73, 503–532.
Bonner, S. E., & Pennington, N. (1991). Cognitive processes and knowledge as determinants of
auditor expertise. Journal of Accounting Literature, 10, 1–50.
Bonner, S. E., & Walker, P. L. (1994). The effects of instruction and experience on the
acquisition of auditing knowledge. The Accounting Review, 69(1), 157–178.
Braun, R. L. (2000). The effect of time pressure on auditor attention to qualitative aspects of
misstatements indicative of potential fraudulent financial reporting. Accounting,
Organizations and Society, 25, 243–259.
Carmichael, D. R. (2004). The PCAOB and the social responsibility of the independent auditor.
Accounting Horizons, 18, 127–133.
Carpenter, T., Durtschi, C., & Gaynor, L. (2011). The incremental benefits of a forensic
accounting course on skepticism and fraud-related judgments. Issues in Accounting
Education, 26(1), 1–21.
Committee of Sponsoring Organizations. (2010). Fraudulent financial reporting 1998–2007: An
analysis of U.S. public companies. New York, NY: AICPA.
Elliot, R. (2002). Twenty-first century assurance. Auditing: A Journal of Practice & Theory,
21(1), 139–146.
Hammersley, J. S. (2011). A review and model of auditor judgments in fraud-related planning
tasks. Auditing: A Journal of Practice & Theory, 30(4), 101–128.
Hammersley, J. S., Johnstone, K. M., & Kadous, K. (2011). How do audit seniors respond to
heightened fraud risk? Auditing: A Journal of Practice & Theory, 30(3), 81–101.
Hoffman, V. S., & Patton, J. M. (1997). Accountability, the dilution effect, and conservatism in
auditors’ fraud judgments. Journal of Accounting Research, 35, 227–237.
Jamal, K., Johnson, P., & Berryman, R. (1995). Detecting framing effects in financial
statements. Contemporary Accounting Research, 12, 85–105.
Johnson, P. E., Grazioli, S., & Jamal, K. (1993). Fraud detection: Intentionality and deception
in cognition. Accounting, Organizations and Society, 18, 467–488.
Knapp, C., & Knapp, M. (2001). The effects of experience and explicit fraud risk assessment in
detecting fraud with analytical procedures. Accounting, Organizations and Society, 26,
25–37.
Libby, R., & Luft, J. (1993). Determinants of judgment performance in accounting settings:
Ability, knowledge, motivation and performance. Accounting, Organizations and Society,
18(6), 559–575.
Lindberg, D. L. (1999). Instructional case: Lakeview Lumber, Inc.: A study of auditing issues
related fraud, materiality and professional judgment. Issues in Accounting Education,
14(3), 497–515.
Louwers, T. J., Ramsay, R. J., Sinason, D. H., Strawser, J. R., & Thibodeau, J. C. (2011).
Auditing & assurance services (4th ed.). New York, NY: McGraw-Hill/Irwin.
Marchant, G. (1990). Discussion of determinants of auditor expertise. Journal of Accounting
Research, 28(Suppl.), 20–28.
96 JAMES LLOYD BIERSTAKER ET AL.

Nieschwietz, R. J., Schultz, J. J., & Zimbelman, M. F. (2000). Empirical research on external
auditors’ detection of financial statement fraud. Journal of Accounting Literature, 19,
190–246.
Palmrose, Z. (1987). Litigation and independent auditors: The role of business failures and
management fraud. Auditing: A Journal of Practice & Theory, 6, 90–103.
Public Accounting Oversight Board. (2004). Standing advisory group meeting: Financial fraud,
September 8–9. Retrieved from http://www.pcaob.org. Accessed on April 16, 2012.
Public Accounting Oversight Board. (2007). Observations of auditors’ implementation of
PCAOB standards relating to auditors’ responsibilities with respect to fraud. Release No.
2007-01. Washington, DC: PCAOB.
Public Accounting Oversight Board. (2010). Identifying and assessing risks of material
misstatement. Auditing Standard No. 12. Washington, DC: PCAOB.
Public Oversight Board. (2000). The panel on audit effectiveness: Report and recommendations.
Stamford, CT: POB.
Rezaee, Z. (2004). Restoring public trust in the accounting profession by developing anti-fraud
education, programs, and auditing. Managerial Auditing Journal, 19, 134–148.
Zimbelman, M. F. (1997). The effects of SAS No. 82 on auditors’ attention to fraud risk factors
and audit planning decisions. Journal of Accounting Research, 35, 75–97.
Does Fraud Training Help Auditors Identify Fraud Risk Factors? 97

APPENDIX A: SEEDED FRAUD RISK RED FLAGS

EMBEDDED IN THE TASK

(1) The company’s fraud whistleblower program is controlled by the CEO.

(2) There are some company employees who are not aware of the
company’s code of conduct.
(3) The company’s audit committee members are not all independent.
(4) The company does not remediate control weaknesses in a timely
manner.
(5) The company does not have a formal fraud risk assessment process in
place.
(6) One of the company’s key employees, who is responsible for several
key controls, is a sibling of the CEO.
(7) The company violated its promotion policy.
(8) The internal audit director is heavily influenced by the CEO and is not
operating in an independent and objective manner.
(9) A key employee is paid based on a metric that provides an incentive for
fraud.
(10) The CEO has overridden findings reported by the internal audit
director.
(11) The company’s antifraud programs and controls are not effective.
(12) A key employee who is responsible for a key control does not possess
the requisite skills to properly execute the control.
(13) The company lacks a key control over a key measure that is reported
on a daily basis to the management.
(14) The company does not always demonstrate understanding of the
difference between the effective design and effective operation of its
internal controls.
(15) The audit committee is ineffective.
98 JAMES LLOYD BIERSTAKER ET AL.

APPENDIX B: POST-EXPERIMENT FRAUD

KNOWLEDGE TEST

(1) At a publicly traded company, the organization’s code of conduct should:

A. Apply to all employees
B. Apply to all third-party providers
C. Be monitored by the board and management
D. A and C only
E. All of the above

Answer: E

(2) Which of the following areas should be evaluated to determine the

operating effectiveness of the organization’s code of conduct?
A. Whether it is communicated effectively throughout the organization
B. Whether it was written in accordance with SEC regulations
C. Whether training is required by management
D. A and C only
E. All of the above

Answer: D

(3) Operating effectiveness, in relation to the ethics hotline/whistleblower

program, can be measured by evaluating:
A. Employee awareness of the hotline
B. Use of the hotline
C. Evidence of audit committee involvement
D. A and B only
E. All of the above

Answer: E

(4) At a publicly traded company, the lack of an ethics hotline/whistleblower

program is indicative of a:
A. Minor deficiency
B. Significant deficiency
C. Material weakness
D. A or C
E. None of the above

Answer: C
Does Fraud Training Help Auditors Identify Fraud Risk Factors? 99

(5) Which of the following is NOT a criterion of design and documen-

tation that is essential to strong standards for employee hiring and
promotion?
A. Sufficient educational background
B. Official college transcript is requested
C. Employment history is documented
D. Criminal record investigation is conducted
E. All of the above are essential to strong standards for employee hiring
and promotion
Answer: B
(6) To be effective, design and documentation of audit committee and board
oversight should involve:
A. Review of significant nonroutine transactions entered into by the
management
B. Review for management’s override of controls
C. Review of the internal audit plan
D. A and B only
E. All of the above
Answer: E
(7) At a publicly traded corporation, the lack of strong policies governing
audit committee and board oversight are indicative of a:
A. Minor deficiency
B. Significant deficiency
C. Material weakness
D. A or C
E. None of the above
Answer: B
(8) At a publicly traded corporation, effective design and documentation of
investigation/remediation should involve:
A. Communication and training of employees to reinforce the controls/
policies
B. Review of accounting principles
C. Effective IT system controls
D. A and B only
E. All of the above
Answer: A
100 JAMES LLOYD BIERSTAKER ET AL.

(9) At a publicly traded corporation, the audit committee discussion on

the assessment of fraud risk should include topics such as:
A. Exposure to risk or misappropriation of assets
B. Risk of override of controls by management
C. Testing of general computer controls
D. A and B only
E. All of the above
Answer: D
(10) At a publicly traded corporation, an effective design and documenta-
tion for the information and communication element of an antifraud
program involves:
A. Collection and sharing of information related to fraud risks
B. Existence of IT security controls to prevent unauthorized access
and intrusion
C. Use of computer-aided auditing techniques to scan for fraud as a
monitoring tool
D. A and B only
E. All of the above
Answer: E