Professional Documents
Culture Documents
A significant employee fraud took place shortly after an internal auditing engagement. The internal auditor may not
have properly fulfilled the responsibility for the deterrence of fraud by failing to note and report that
A. Policies, practices, and procedures to monitor activities and safeguard assets were less extensive in low-risk
areas than in high-risk areas.
B. There were no written policies describing prohibited activities and the action required whenever violations are
discovered.
C. A system of control that depended upon separation of duties could be circumvented by collusion among three
employees.
D. Divisional employees had not been properly trained to distinguish between bona fide signatures and cleverly
forged ones on authorization forms.
An audit of an international non-profit organization established to finance medical research revealed the following
amounts (in millions):
Current Year Past Year
Revenue $500 $425
Investments (average balances) $210 $185
Medical research grants made $418 $325
Investment income $16 $20
Administrative expense $10 $8
Before an audit report is issued, a front-page article appears in a newspaper alleging that the president has been
using the organization's funds for personal purposes. The auditor has enough information to confirm the allegations
made in the newspaper article. The auditor is contacted by a reporter for the newspaper to confirm the facts. Which
of the following would be the best response by the auditor?
A. Respond truthfully and fully since the auditor is able to confirm the facts concerning the president, not the
organization.
B. Respond that the investigation is not complete.
C. Provide information "off the record" so that the article does not state who gave the information.
D. Direct the inquiry to the audit committee or the board of directors.
When comparing perpetrators who have embezzled an organization's funds with perpetrators of financial statement
fraud (falsified financial statements), those who have falsified financial statements are less likely to
Which of the following best describes an auditor’s responsibility after noting some indicators of fraud?
A. Consult with external legal counsel to determine the course of action to be taken, including the approval of the
proposed audit program to make sure it is acceptable on legal grounds.
B. Report the possibility of fraud to top management and ask them how they would like to proceed.
Bank management suspects that a bank loan officer frequently made loans to fictitious entities, disbursed loan
proceeds to personally established accounts, and then let the loans go into default. Some pertinent facts about the
loan officer include:
A high standard of living, explained as the result of sound investments and not taking vacations,
An expensive personal car obtained through business contacts,
Gasoline and repair bills submitted for a car assigned by the bank that are higher than the organization's
average (mileage logs were submitted on a quarterly basis), and
Marked annoyance with questions from internal auditors.
The extent of loans made to fictitious borrowers by the loan officer could best be determined by
An internal auditor is conducting interviews of three employees who had access to a valuable asset that has
disappeared. In conducting the interviews the internal auditor should
An internal auditor suspects that a mailroom clerk is embezzling funds. In exercising due professional care, the
internal auditor should
Even though the chief audit executive (CAE) referred a case of potential fraud to the security department, the
suspected perpetrator continued to defraud the organization until discovered by a line manager two years later.
What should the CAE have done?
A. The CAE should have periodically checked the status of the case with the security department.
B. The CAE should have conducted a fraud investigation.
C. The CAE's actions were correct.
D. The CAE should have discharged the perpetrator.
Which of the following gives the internal auditor the authority to investigate fraud?
A. Management.
B. The Institute of Internal Auditors Code of Ethics.
C. The Standards.
D. Common law.
Internal auditors have a responsibility for helping to deter fraud. Which of the following best describes how this
responsibility is usually met?
A chief audit executive (CAE) obtains factual documentation of unethical business dealings by the vice president in
charge of internal auditing. The CAE should
During an engagement at a bank, the internal auditors discover that one loan officer had approved loans to a
number of related but separate organizations, in violation of regulatory policies. The loan officer indicated that it
was an oversight and it would not happen again. However, the internal auditors believe it may have been intentional
because the officer is related to one of the primary owners of the group that controls the related organizations. The
internal auditors should
A. Inform management of the conflict of interest and the violation of the regulatory requirements and suggest
further investigation.
B. Not report the violation if the loan officer agrees to take corrective action.
C. Report the violation to the regulatory agency because it constitutes a significant breakdown of the bank's
controls.
D. Expand the engagement procedures to determine if there may be fraudulent activity on the part of the loan
officer and communicate the observations to management when the follow-up investigation is complete.
A. Perform its investigation independent of lawyers, security personnel, and specialists from outside the
organization who are involved in the investigation.
B. Assign personnel to the investigation in accordance with the engagement schedule established at the beginning
of the fiscal year.
C. Assess the probable level of, and the extent of complicity in, the fraud within the organization.
D. Clearly indicate the extent of the internal auditors' knowledge of the fraud when questioning suspects.
A. Informing the appropriate authorities within the organization and recommending whatever investigation is
considered necessary in the circumstances when wrongdoing is suspected.
B. Examining and evaluating the adequacy and the effectiveness of control, commensurate with the extent of the
potential exposure or risk in the various segments of the organization's operations.
C. Determining whether operating standards are acceptable and are being met.
D. Establishing the organization's governance, operations, and information systems concerning compliance with
laws, regulations, and contracts.
Which of the following statements is (are) true regarding the deterrence of fraud?
I. The primary means of deterring fraud is through an effective control system initiated by senior management.
II. Internal auditors are responsible for assisting in the deterrence of fraud by examining and evaluating the
adequacy of the internal control system.
III. Internal auditors should determine whether communication channels provide management with adequate and
reliable information regarding the effectiveness of the control system and the occurrence of unusual transactions.
A. II only.
B. I, II, and III.
C. I and II only.
D. I only.
Which of the following policies is most likely to result in an environment conducive to the occurrence of fraud?
When an internal auditor identifies multiple factors that have been linked with possible fraudulent conditions, and
suspects that fraud has taken place, the auditor should
A disgruntled former employee calls the chief audit executive (CAE) to report misappropriations of funds by the
supervisor of cash operations. Engagement tests subsequently verify the allegations. The CAE should proceed
with which of the following actions based upon the above information?
A. Inform the treasurer and chief financial officer of the suspected fraud.
B. Notify the bonding agency.
C. Notify local law enforcement authorities.
D. Confront the supervisor of cash operations with the allegations.
The internal audit activity (IAA) has concluded a fraud investigation that revealed a previously undiscovered
materially adverse impact on the financial position and results of operations for 2 years on which financial
statements have already been issued. The chief audit executive (CAE) should immediately inform
A. The external auditing firm responsible for the financial statements affected by the discovery.
B. Senior management and the board.
C. The internal accounting function ultimately responsible for making corrective journal entries.
D. The appropriate governmental or regulatory agency.
Prior to issuing a final communication on a fraud investigation, the internal auditor should submit a proposed draft
for review by the
Bank management suspects that a bank loan officer frequently made loans to fictitious entities, disbursed loan
proceeds to personally established accounts, and then let the loans go into default. Some pertinent facts about the
loan officer include:
A high standard of living, explained as the result of sound investments and not taking vacations,
An expensive personal car obtained through business contacts,
Gasoline and repair bills submitted for a car assigned by the bank that are higher than the organization's
Red flags are conditions that indicate a higher likelihood of fraud. Which of the following is not considered a red
flag?
A. An individual handling marketable securities is responsible for making the purchases, recording the purchases,
and reporting any discrepancies and gains/losses to senior management.
B. The assignment of responsibility and accountability in the accounts receivable department is not clear.
C. Management has delegated the authority to make purchases under a certain value to subordinates.
D. An individual has held the same cash-handling job for an extended period without any rotation of duties.
The chief audit executive (CAE) uncovers a significant fraudulent activity that appears to involve the executive vice
president to whom the CAE reports. Which of the following best describes how the CAE should proceed?
A. Report the facts to the chief executive officer and the audit committee.
B. Conduct an investigation to ascertain whether the executive vice president is involved in the fraudulent activity.
C. Notify regulatory authorities and police.
D. Interview the executive vice president to obtain essential evidence.
One factor that distinguishes fraud from other employee crimes is that fraud involves
A. Intentional deception.
B. Collusion with a party outside the organization.
C. Malicious motives.
D. Personal gain for the perpetrator.
If there is fraud in the marketing department, which of the following is beyond the scope of the internal auditor's
responsibility?
An audit of an international non-profit organization established to finance medical research revealed the following
amounts (in millions):
Current Year Past Year
Revenue $500 $425
Investments (average balances) $210 $185
Medical research grants made $418 $325
Investment income $16 $20
Administrative expense $10 $8
Which of the following possible frauds or misuses of organization assets should be considered the area of greatest
risk if controls are only marginal?
A. A senior manager using company travel and entertainment funds for activities that might be unauthorized.
B. Supplies purchased from fictitious vendors.
C. A payroll clerk adding fictitious employees.
D. Grants made to organizations that might be associated with the president or not for purposes dictated in the
organization's charter.
The legislative auditing bureau of a country is required to perform compliance auditing of companies that are
issued defense contracts on a cost-plus basis. Contracts are clearly written, defining acceptable costs, including
developmental research cost and appropriate overhead rates. During the past year, the government has engaged
in extensive outsourcing of its activities. The outsourcing included contracts to run cafeterias, provide janitorial
services, manage computer operations and systems development, and provide engineering of construction
projects. The contracts were modeled after those which had been used for years in the defense industry. The
legislative auditors are being called upon to expand their audit effort to include compliance audits of these contracts.
Upon initial investigation of these outsourced areas, the auditor found many areas in which the outsourced
management has apparently expanded its authority and responsibility. For example, the contractor that manages
computer operations has developed a highly sophisticated security program which may represent the most
advanced information security in the industry. The auditor reviews the contract and sees reference only to providing
appropriate levels of computing security. The auditor suspects that the governmental agency may be incurring
developmental costs that the outsourcer may use for competitive advantage in marketing services to other
organizations.
Assume the auditor investigates and finds that the company providing the computing services is clearly performing
research and development activities and charging the governmental entity for those activities because it is
experimenting with implementing the security techniques on the governmental entity. Which of the following
statements are correct?
II. Determining whether this is a violation of contract terms is a legal function, not an audit function.
III. It would be fraud only if the outsourcer had implemented similar security measures at other entities.
A. II only.
B. I and II only.
C. I, II, and III.
D. I only.
An audit of an international non-profit organization established to finance medical research revealed the following
amounts (in millions):
Current Year Past Year
Revenue $500 $425
Investments (average balances) $210 $185
Medical research grants made $418 $325
Investment income $16 $20
Administrative expense $10 $8
An examination of grants awarded revealed a number of grants approved and documented by the president rather
than by the grant authorization committee as required by the organization’s charter. If the grant authorization
committee meets and retroactively approves the grants before the audit report is issued, the auditor should
Which of the following circumstances most likely heighten an auditor’s concern about the risk of material
misstatements due to fraud in an entity's financial statements?
The internal auditors' responsibility for the prevention of fraud includes all of the following except
Internal auditors are responsible for reporting fraud to senior management and the board when
During an engagement involving a purchasing department, an internal auditor discovered that many purchases
were made (at normal prices) from an office supplier whose owner was the brother of the director of purchasing.
Controls were in place to restrict such purchases and no fraud appears to have been committed. In this case, the
internal auditor should recommend
To minimize the risk that agents in the purchasing department will use their positions for personal gain, the
organization should
A. Direct the purchasing department to maintain records on purchase prices paid, with review of such being
required each 6 months.
B. Request internal auditors to confirm selected purchases and accounts payable.
C. Rotate purchasing agent assignments periodically.
D. Specify that all items purchased must pass value-per-unit-of-cost reviews.
Which of the following statements correctly characterizes the "red flags" literature that has recently developed in
the auditing profession?
I. Red flags are items or actions that have been associated with fraudulent conduct.
II. The auditor should document all red flags that may have been noted on an audit engagement.
III. Many red flags are "subjective" in nature and might not come to the auditor's attention during the course of an
audit that is properly planned and conducted in accordance with the Standards.
A. I and II.
B. I and III.
C. II and III.
D. III only.
Bank management suspects that a bank loan officer frequently made loans to fictitious entities, disbursed loan
proceeds to personally established accounts, and then let the loans go into default. Some pertinent facts about the
The extent of loans made to fictitious borrowers by the loan officer is least likely to be discovered by
Internal auditors must exercise due professional care if they are to meet their responsibilities for fraud detection.
Thus, the existence of certain conditions should raise "red flags" and arouse internal auditors' professional
skepticism concerning possible fraud. Which of the following is most likely to be considered an indication of
possible fraud?
Internal auditors are more likely to detect fraud if they develop and strengthen their ability to
In the course of their work, internal auditors must be alert for fraud and other forms of white-collar crime. The
important characteristic that distinguishes fraud from other varieties of white-collar crime is that
A. Fraud encompasses an array of irregularities and illegal acts that involve intentional deception.
B. White-collar crime is usually perpetrated for the benefit of an organization, whereas fraud benefits an individual.
C. White-collar crime is usually perpetrated by outsiders to the detriment of an organization, whereas fraud is
perpetrated by insiders to benefit the organization.
D. Unlike other white-collar crimes, fraud is always perpetrated against an outside party.
In an organization with a separate division that is primarily responsible for fraud deterrence, the internal audit
activity (IAA) is responsible for
Which of the following describes one of the responsibilities of the internal auditor for the deterrence of fraud in an
organization?
Bank management suspects that a bank loan officer frequently made loans to fictitious entities, disbursed loan
proceeds to personally established accounts, and then let the loans go into default. Some pertinent facts about the
loan officer include:
A high standard of living, explained as the result of sound investments and not taking vacations,
An expensive personal car obtained through business contacts,
Gasoline and repair bills submitted for a car assigned by the bank that are higher than the organization's
average (mileage logs were submitted on a quarterly basis), and
Marked annoyance with questions from internal auditors.
In this situation, typical indicators of the suspected fraud (red flags) include all of the following except
A. Harassment.
B. Assault.
C. Libel.
D. Embezzlement.
An internal auditor has detected probable employee fraud and is preparing a preliminary report for management.
This report should include
A. A statement that an internal audit conducted with due professional care cannot provide absolute assurance that
irregularities have not occurred.
B. A list of proposed audit tests to help disclose the existence of similar frauds in the future.
C. The auditor's conclusion as to whether sufficient information exists to conduct an investigation.
D. The results of a polygraph test administered to the suspected perpetrator(s) of the fraud.
A preliminary report (oral or written) is issued following the detection phase of a fraud investigation. Such a report
should
Internal auditors have been advised to consider red flags to determine whether management is involved in a fraud.
Which of the following does not represent a difficulty in using the red flags as fraud indicators?
A. Issuing a written report at the conclusion of the investigation and not sooner.
B. Providing a draft of the report only to senior management.
C. Notifying management if fraud has been established to a reasonable certainty.
D. Notifying management of fraud when the internal auditor has exhaustively reviewed all the data related to the
fraud.
A key feature that distinguishes fraud from other types of crime or impropriety is that fraud always involves the
A. Takes all his/her vacations and has refused promotion to vice president of finance.
B. Takes no vacations and has refused promotion to vice president of finance.
C. Takes no vacations and has just accepted a promotion to vice president of finance.
D. Takes all his/her vacations and has just accepted a promotion to vice president of finance.
Which of the following would be considered part of the fraud area that the internal auditor needs to be alert to?
A. Duplication of payments.
B. Examine the approval process.
C. Regular independent checks.
D. Backup facilities.
A production manager for a moderate-sized manufacturer began ordering excessive raw materials and had them
delivered to a wholesaler he runs as a side business. He falsified receiving documents and approved the invoices
for payment. Which of the following engagement procedures most likely will detect this fraud?
A. Take a sample and confirm the amount purchased, purchase price, and date of shipment with the vendors.
B. Observe the receiving dock and count materials received; compare your counts to receiving reports completed
by receiving personnel.
C. Take a sample of cash disbursements; compare purchase orders, receiving reports, invoices, and check copies.
D. Prepare analytical tests comparing production, materials purchased, and raw materials inventory levels and
investigate differences.
A. Single manager.
B. Single employee.
C. Group of managers in collusion.
D. Group of employees in collusion.
An internal auditor’s field work uncovers a series of transactions that indicate a possible embezzlement. Which of
the following actions should the chief audit executive (CAE) take?
A. Confront the suspected embezzler to determine that the facts are correct.
B. Consult with security personnel.
C. Discuss the case with the board.
D. Review the finding with the suspect's fellow workers to see whether they can furnish additional evidence.
A. Because of cost-benefit reasons, policies, practices, and procedures to monitor activities will be more extensive
in the high-risk areas.
B. Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it
is managed by the organization, but are not expected to have the expertise of a person whose primary
responsibility is detecting and investigating fraud (Standard 1210.A2). The internal auditor can assist in
the deterrence of fraud by examining and evaluating the adequacy and the effectiveness of the system of
internal control, commensurate with the extent of the potential exposure/risk in the various segments of
the organization's operations.
A. The board of directors and audit committee are responsible for the oversight function and are the appropriate
authorities to respond to press inquiries.
B. Even if the investigation was not complete, the auditor should direct the inquiry to the audit committee or the
board of directors.
C. The proper response should come from the oversight function in the organization.
D. The board of directors and audit committee are responsible for the oversight function and are the
appropriate authorities to respond to press inquiries.
A. Living beyond one's means is an example of where a person has embezzled organization's funds.
C. Autocratic management style provides manager with a motive to distort financial statements.
A.
The auditor should first expand work to determine the existence of fraud before reporting the matter to top
management. At this point, the auditor only has suspicions of fraud, given the red flags. More work should be
performed before consulting with management, external legal counsel, or the audit committee.
B.
The auditor should first expand work to determine the existence of fraud before reporting the matter to top
management. At this point, the auditor only has suspicions of fraud, given the red flags. More work should be
performed before consulting with management, external legal counsel, or the audit committee.
C.
In conducting audit assignments, the internal auditor should have sufficient knowledge of fraud to identify
red flags indicating fraud may have been committed. If fraud is indicated then the internal auditor should
expand activities to determine whether an investigation is warranted.
D.
The auditor should first expand work to determine the existence of fraud before reporting the matter to top
management. At this point, the auditor only has suspicions of fraud, given the red flags. More work should be
performed before consulting with management, external legal counsel, or the audit committee.
A. Comparing current loan approval balances with those of prior years is an indication of lending activity, not an
indication of fraudulent activity.
B. Reviewing a sample of loan documents, such as loan agreements, credit approvals and approval of
secured collateral could determine the presence of fraudulent loans. For example, it is unlikely that a
fraudulent loan would have secured collateral.
C. Reviewing compliance with bank policies and procedures would not indicate that loans were made to fictitious
borrowers
D. The loan officer could easily make positive confirmations for the bogus loans.
C. An internal auditor should not allow a suspect to return to work, because doing so could give the suspect an
opportunity to destroy evidence. A suspect should be suspended pending further investigation.
D. An internal auditor should not indicate that management will forgo prosecution if restitution is made.
A. The internal auditor does not have the operating authority or responsibility to institute stricter controls over
mailroom operations.
B. The internal auditor does not have the operating authority or responsibility to reassign the clerk.
C. The responsibility of the internal auditor is to inform the appropriate authorities within the organization
of the wrongdoing. The internal auditor should also recommend any necessary investigation, and follow
up to make sure that the internal audit activity's responsibilities have been met.
D. The internal auditor should not confront the clerk until the proper authorities within the organization have been
informed.
A. When an internal auditor suspects wrongdoing, the appropriate authorities within the organization
should be informed. The internal auditor may recommend whatever investigation is considered necessary
in the circumstances. Thereafter, the auditor should follow up to see that the internal auditing
department's responsibilities have been met.
B. A security department would generally have more expertise in the investigation of a fraud.
C. According to the Standards, the CAE should have ensured that the internal auditing department's responsibilities
were met.
D. The fraud was only suspected by the CAE. Immediate discharge would have violated the suspect's rights. In
addition, the CAE would not normally have the authority to discharge an employee in an audited area.
A. The internal auditor may recommend whatever investigation is considered necessary in the
circumstances. Thereafter, the auditor should follow up to see that the IAA's responsibilities have been
met. Generally, fraud specialist carries out fraud investigations. Management must authorize any internal
auditor involvement in an investigation.
B. The IIA Code of Ethics does not specifically mention fraud investigation.
A. Assisting in the design of control systems to prevent fraud would impair objectivity.
B. Internal auditors are responsible for assisting in the deterrence of fraud by examining and evaluating
the adequacy and the effectiveness of controls, commensurate with the extent of the potential
exposure/risk in the various segments of the organization's operations.
D. Testing for fraud is done only in cases that fraud is suspected. It is not done in every engagement.
A. The first obligation of the CAE is to notify the appropriate authorities within the organization, not to perform an
engagement to review the involved business function.
B. The first obligation of the CAE is to notify the appropriate authorities within the organization. Under
these circumstances, the CAE should report the facts to the CEO and the audit committee.
C. The CAE should first notify the appropriate authorities within the organization.
D. The CAE should not confront the vice president. Criminal investigations should be done by an external specialist.
A. When an internal auditor suspects wrongdoing, the appropriate authorities within the organization
should be informed. The internal auditor may recommend whatever investigation is considered necessary
in the circumstances. Thereafter, the auditor should follow up to see that the internal auditing activity's
responsibilities have been met.
C. Thee regulatory agency would be notified only after discussion with senior management.
D. All significant findings should be reported immediately to the appropriate authorities in the organization, i.e.,
senior management and the board.
A. It is important that all parties involved in a fraud investigation coordinate their efforts.
B. Fraud investigations are unexpected and therefore cannot be scheduled. When a fraud investigation is
necessary, the personnel assigned should be those most qualified to investigate the particular situation.
C. When conducting fraud investigations, internal auditors should assess the probable level of, and the
extent of complicity in, the fraud within the organization. It is important to know how many people may be
involved and who they are.
D. When interviewing someone who may be involved in fraud, an auditor should not reveal what he or she already
knows. One way of determining whether the interviewee is truthful and wants to cooperate is to ask questions to
which the auditor already knows the answer.
B. The internal audit activity must evaluate the potential for the occurrence of fraud and how the
organization manages fraud risk (Standard 2120.A2). Internal auditors are responsible for assisting
companies prevent fraud by examining and evaluating the adequacy and effectiveness of their internal
controls’ system, commensurate with the extent of a potential exposure within the organization.
C. Determining whether operating standards are acceptable and are being met has to do with the accomplishment
of goals and objectives, not with preventing fraud.
D. Management is responsible for establishing the organization’s governance, operations, and information systems
concerning compliance with laws, regulations, and contracts.
A. Items I and III are also true. Management has a responsibility to establish and maintain an effective control
system. Internal auditors should determine whether communication channels provide management with adequate
and reliable information.
B. All items are true regarding the deterrence of fraud. Internal auditors are responsible for assisting in the
deterrence of fraud by examining and evaluating the adequacy and the effectiveness of the system of
internal control, commensurate with the extent of the potential exposure/risk in the various segments of
the organization's operations.
C. Item III is also true. Internal auditors should determine whether communication channels provide management
with adequate and reliable information.
D. Items II and III are also true. Internal auditors are responsible to assist in the deterrence of fraud by evaluating
the adequacy of the internal control system, and they should determine whether communication channels provide
management with adequate and reliable information.
A. There's more of an incentive to falsify information, etc., if unreasonable sales and production goals are
set.
B. The person who is responsible of meeting the goals should prepare a budget.
C. The hiring process entails many factors, such as the person's experience, skills, education, etc. The rejection of
an adequately trained applicant does not by itself result in an environment conducive to the occurrence of fraud. All
adequately trained applicants are not likely to be hired.
D. Controls are established based on the cost-benefit concept. Thereby, some accounting controls may be applied
on a sample basis.
A. It would be too soon to report the suspected fraud to the board. This is done only when there is reasonable
certainty that significant fraud has occurred.
B. Extended tests are performed only when fraud has been determined to exist, not just suspected.
C. When an internal auditor suspects wrongdoing, the appropriate authorities within the organization
should be informed. The internal auditor may recommend whatever investigation is considered necessary
in the circumstances. Furthermore, only when the incidence of significant fraud has been established to a
reasonable certainty, senior management and the board should be notified immediately.
D. It would be too soon to report the suspected fraud to senior management and the board. This is done only when
there is reasonable certainty that significant fraud has occurred.
A. The CAE has the responsibility to report immediately any incident of significant fraud to senior
management and the board. Thus, the CAE should inform the treasurer and CFO of the suspected fraud.
B. The bonding agency would be notified only after discussion with management, and possibly legal counsel.
C. Local law enforcement authorities would be notified only after discussion with senior management.
D. Confronting the cash operation's supervisor could hinder the investigation and could possibly lead to slander
charges.
A. It should be management communicating with the external auditors, not the CAE.
B. The CAE is responsible for reporting immediately any incident of significant fraud to senior
management and the board. However, before any fraud reporting is made, a sufficient investigation should
establish with reasonable certainty that a fraud occurred.
C. It should be management communicating with the accounting function, not the CAE.
D. It should be management communicating with the governmental or regulatory agencies, not the CAE.
A. Legal counsel should review the proposed final communication. Review by the engagement client's
management may not be appropriate.
B. The board should receive only the final communications, not the proposed draft.
C. Legal counsel should review the proposed final communication. Publicity of the fraud investigation may not be
appropriate.
D. The IAA must evaluate the potential the potential for the occurrence of fraud and how the organization
manages fraud risk (Standard 2120.A2). It is recommended that a draft of the proposed final
communications on fraud should be submitted to legal counsel for review. When the internal auditor
wants to invoke client privilege, consideration should be given to addressing the report to legal counsel.
A. Trend analysis may indicate higher than normal automobile operating expenses on the part of the loan officer,
but this is not an indication of potential fraud.
B. Trend analysis would not help detect vacation days not taken.
D. A trend analysis could help detect an unexplained increase in loan default caused by bogus loans.
A. These functions need to be segregated. Not segregating these functions would be considered a red flag.
C. Delegating authority to make purchases under a certain value is not considered a red flag.
D. An individual who has access to cash, and has had the job for an extended period without any job rotation is
considered to have a greater opportunity to commit a fraudulent activity.
A. When an internal auditor suspects fraud, he or she should determine the possible effects and discuss
the matter with the appropriate level of management, who should then initiate an investigation.
B. When an internal auditor suspects fraud, he or she should determine the possible effects and discuss the matter
with the appropriate level of management, who should then initiate an investigation.
C. When an internal auditor suspects fraud, he or she should determine the possible effects and discuss the matter
with the appropriate level of management, who should then initiate an investigation.
D. When an internal auditor suspects fraud, he or she should determine the possible effects and discuss the matter
with the appropriate level of management, who should then initiate an investigation.
A. Fraud encompasses a range of irregularities and illegal acts characterized by intentional deception or
misrepresentation, which an individual knows to be false or does not believe to be true. Fraud is
perpetrated by a person knowing that it could result in some unauthorized benefit to him, or her, to the
organization, or to another person, and can be perpetrated by persons outside and inside the organization.
C. This is incorrect because fraud may be perpetrated for the organization’s benefit or for otherwise unselfish
reasons.
D. This is incorrect because fraud may be perpetrated for the organization’s benefit or for otherwise unselfish
reasons.
A. Including the wrongdoing in a report that will go to the audit committee is the responsibility of the internal auditor.
B. Determining the effects of the wrongdoing is the responsibility of the internal auditor.
C. The internal auditor does not have the responsibility or possess the proper authority to inform the
wrongdoer of his or her legal rights.
D. Discussing the wrongdoing with the appropriate level of management is the responsibility of the internal auditor.
A. This is an area that is often misused, but it does not have the dollar amounts associated with it that inappropriate
grants would have, since total administrative costs are only $10 million.
B. This is a possible risk area, but the dollar amounts involved would probably be moderate.
C. Total administrative costs are only $10 million in the current year so payroll fraud would not be the area of
greatest risk.
D. This would be the area of greatest risk because the dollars expended are very large and inadequate
controls could lead to grants used for fraudulent purposes.
B. Fraud encompasses a range of irregularities and illegal acts characterized by intentional deception or
misrepresentation, which an individual knows to be false or does not believe to be true. In this situation,
the use of an expert (in this case a lawyer) would be necessary to determine if the activity is in violation of
the contract. If it is not in violation, then it could not be considered an intentional deception.
C. An intentional deception would not require that the company had actually implemented the security techniques at
other companies.
A. Auditors are required to report the results of their audit work. The results indicate a breakdown in an
important control procedure that should be brought to the attention of senior oversight officials.
B. There is a need to provide detail on the nature of each grant only if the auditor has reason to believe that fraud
may have been suspected. Also, the auditor should inform management if wrongdoing is suspected. Management
decides whether to pursue investigation.
C. The control breakdown should be reported. Even though the grants were approved retroactively, there was a
breakdown in the control procedures that should be brought to the attention of the audit committee.
A. Unbonded employees who are handling cash receipts is a potential control weakness, but is not an indication of
fraud.
C. There are certain risk factors that are related to the fraudulent misstatement of financial reports. These
risk factors include (1) incentives/pressures, (2) opportunities, and (3) attitudes/rationalization. The risks
factors in the incentives/pressures category concerns threats to financial stability or profitability by
economic, industry, or entity operating conditions, such as an industry that is experiencing declining
customer demand.
D. It is not unusual for equipment to be sold at a loss before being fully depreciated.
A. Internal auditors are responsible to evaluate the effectiveness of actions taken by management to deter fraud.
B. The internal auditor's responsibility is to assist in the deterrence of fraud by examining and evaluating
the adequacy and effectiveness of the system of internal control. However, internal auditors cannot ensure
that fraud will not occur.
C. Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is
managed by the organization, but are not expected to have the expertise of a person whose primary responsibility
A. A fraud report is desirable, but not mandatory at the conclusion of the detection phase.
B. A fraud report is desirable, not mandatory at the conclusion of the detection phase.
D. A written report or other formal communication should be issued at the conclusion of the investigation
phase. It should include all observations, conclusions, recommendations, and corrective action taken.
A. Until the irregular transactions have been investigated further, it would not be appropriate to make a report to
management and the board.
B. Reporting to management and the board should occur when the incidence of significant fraud has been
established to a reasonable certainty.
C. Reporting of suspicious acts should alert an auditor to do some preliminary investigating. However, it would not
be appropriate to make a report to management and the board at that stage.
D. When an internal auditor suspects fraud, he or she should determine the possible effects and discuss
the matter with the appropriate level of management, who should then initiate an investigation. However,
the internal auditor should have solid reasons to suspect that fraud has taken place before reporting it to
senior management and the board.
B. The inspection of all receipts by receiving inspectors is an appropriate receiving control, but it would not prevent
a conflict-of-interest.
D. The development of an approved-vendor file initiated by the buyer and approved by the director of purchasing
would not necessarily prevent a conflict-of-interest.
A. Reviewing records on purchase prices paid would not prevent purchasing agents from using their positions for
personal gain.
B. Requesting confirmation by auditors of selected purchases and accounts payable would not prevent purchasing
C. Rotating purchasing agent assignments periodically will limit the risk of agents using their positions for
personal gain, because it will discourage long-term agent relationships with particular vendors.
D. Value-per-unit-of-cost reviews would not prevent purchasing agents from using their positions for personal gain.
A. The auditor should be alert to red flags and should investigate any situations which might include potential fraud.
But, the auditor is not required to document all personal red flags (e.g., excessive gambling debts or excessive
living style). The requirement to document these red flags is pertinent only when the auditor continues a fraud
investigation or when the item is pertinent to a particular audit finding.
B. Red flags are associated with fraudulent conduct. However, many red flags are personal in nature and
would not necessarily come to the attention of the auditor. These would include items such as excessive
living style of a manager or excessive gambling.
B. Reconciling the outstanding loans to the general ledger balance would not indicate fraudulent activity
since the fraudulent loans would be properly accounted for.
C. Analyzing the total dollar volume of loans made by the loan officer could suggest fraudulent activity if the amount
is excessive.
D. Analyzing the number of loans made by each loan officer could suggest fraudulent activity if the amount is
excessive.
A. Unusual expansion, not necessarily rapid expansion would be considered an indication of possible fraud.
B. The tax authorities may have randomly chosen the firm for an audit.
C. A new management team installed, as the result of a takeover is not something unusual, and would not be
considered an indication of fraud.
D. The rapid turnover of financial executives may be considered an indication of possible fraud. It may be
an indication of weak performance and ineffective internal controls.
B. Documenting computerized operating systems will do little to enhance the detection of fraud.
C. The responsibilities of internal auditors for detecting fraud including having sufficient knowledge of
fraud to be able to identify indicators that fraud may have been committed. Negative organizational
changes may be an indication of fraud. Thus, recognizing and questioning changes that occur in the
organization is critical for fraud detection.
A. Fraud can encompass an array of irregularities and illegal acts characterized by intentional deception.
Persons outside as well as inside the organization can perpetrate fraud.
C. Fraud can be perpetrated for the benefit of or to the detriment of the organization and by persons outside as well
as inside the organization.
A. Management has a responsibility to control fraud deterrence activities, not the IAA
B. Management has a responsibility to plan fraud deterrence activities, not the IAA.
C. Internal auditors are responsible for assisting in the deterrence of fraud by examining and evaluating
the adequacy and the effectiveness of the system of internal control, commensurate with the extent of the
potential exposure/risk in the various segments of the organization's operations.
D. Management has a responsibility to establish and maintain an effective control system, not the IAA.
D. The internal audit activity must evaluate the potential for the occurrence of fraud and how the
organization manages fraud risk (Standard 2120.A2). Internal auditors are responsible for assisting
companies prevent fraud by examining and evaluating the adequacy and the effectiveness of their
controls’ system, commensurate with the extent of the potential exposure with the organization.
A. Not taking an annual vacation is an indication that the loan officer fears that his or her wrongdoing will be
discovered in his or her absence.
B. Becoming easily annoyed with the auditor's inquiries may indicate a guilty conscience.
C. Submitting gasoline and repair bills that are higher than company average is not an indication of
fraudulent loans. These are factors that are not entirely controllable by the loan officer. For example, if the
car is older it may require more maintenance repair, etc.
D. A high standard of living may indicate that the loan officer is living beyond his or her income level.
A. This is not unusual and, in and of itself, is not an indication of possible fraud.
C. This is not unusual and, in and of itself, is not an indication of possible fraud.
D. This is not unusual and, in and of itself, is not an indication of possible fraud.
C. Libel is defamation published in a more permanent form, such as newspaper, film, letter, etc. Libel does not
constitute fraud.
A. A report containing language such as this would be a report reporting that no fraud has been detected.
B. A preliminary audit report detailing probable employee fraud would not contain a list of proposed audit tests to
help disclose the existence of similar frauds in the future.
C. In the event that an internal auditor detects probable employee fraud, the auditor's responsibility is to
immediately report the findings to management and to make a recommendation as to whether sufficient
information exists to conduct an investigation.
D. Results of a polygraph test would be part of the investigation. The investigation would follow the auditor's interim
report of findings, if in fact sufficient information exists to conduct an investigation.
B. Observations should be included in order to serve as the basis for the internal auditor's conclusion.
C. A preliminary or final report may be desirable at the conclusion of the detection phase. The report
should include the internal auditor’s conclusion as to whether sufficient information exists to conduct a
full investigation. It should also summarize observations and recommendations that serve as the basis for
such decision.
A. Red flags are subjective in nature, so it is quite possible that a red flag might not come to the auditor's attention
during the course of a properly planned and conducted audit.
B. Red flags are subjective thereby making some red flags quite difficult to quantify or to evaluate, i.e., the moral
attitude of management, etc.
C. There has been numerous research information published on the subject, so getting information is not
difficult.
D. Red flags are those items or actions that are associated with fraudulent behavior. But, red flags are quite
subjective, and as such, there may be situations in which no fraud exists, but the red flag is present.
A. Fraud reporting consists of the various oral or written, interim or final communications to senior management
and/or the board of directors regarding the status and results of fraud investigations.
B. A draft of the report should also be submitted to legal counsel for review.
C. The role of the internal auditor in fraud detection is to notify the appropriate authorities within the
organization if a determination is made that fraud has occurred to recommend an investigation.
D. The internal auditor should notify management if fraud has been established to reasonable certainty.
A. Fraud is something that is done intentionally. Fraud is committed when there is false representation or
concealment of a material fact.
C. Fraud also involves the misstatement arising from fraudulent financial reporting.
D. Fraud usually does not involve the violent or forceful taking of property.
A. When an internal auditor suspects fraud, it is recommended that he or she should determine the
possible effects and discuss the matter with the appropriate level of management, who should then initiate
an investigation.
B. When an internal auditor suspects fraud, it is recommended that he or she should determine the possible effects
and discuss the matter with the appropriate level of management, who should then initiate an investigation.
C. When an internal auditor suspects fraud, it is recommended that he or she should determine the possible
effects and discuss the matter with the appropriate level of management, who should then initiate an investigation.
D. When an internal auditor suspects fraud, it is recommended that he or she should determine the possible
effects and discuss the matter with the appropriate level of management, who should then initiate an investigation.
A. Taking vacations and refusing a promotion would not be considered unusual behavior.
B. According to Sawyer's Internal Auditing, one of the 20 danger signs of embezzlement is an employee
who refuses to take vacations and shuns promotions for fear of detection.
C. Not taking a vacation, and accepting a promotion would not be considered unusual behavior.
D. Taking vacations and accepting a promotion would not be considered unusual behavior.
A. Duplication of payments is an area of fraud that the internal auditor should be alert to.
B. This would not be considered part of the fraud area that the internal auditor would need to be considered with.
C. This would not be considered part of the fraud area that the internal auditor would need to be considered with.
D. A backup facility is part of the data information security system, not connected with the area of fraud.
A. Matching transactions with the vendor would not be useful, since transaction should match.
B. Observing the receiving dock would not be useful since the reports would appear to be normal.
C. Since documents were falsified all supporting documentation to make payment would match.
D. By conducting an analytical test comparing production, materials purchased, and raw materials
inventory levels the internal auditor would be able to show that there was unexplained increase in material
usage.
A. Managers have the authority to override controls, and so the chances of a fraud being detected are less if it is
perpetrated by a single manager than if perpetrated by a single employee.
B. An adequate system of internal controls is most likely to detect a fraud perpetrated by a single
employee. Because of segregation of duties, one employee acting alone may not have the ability to
commit a fraud; or if one employee were to commit a fraud, the chances would be greater that other
employees would detect it.
C. Managers have the authority to override controls, and so the chances of a fraud being detected are less if it is
perpetrated by a group of managers than if perpetrated by a single employee.
D. A group of employees acting in collusion is more likely to be able to commit a fraud than a single employee
would be.
A. The internal auditor should avoid confronting the suspected embezzler. Employees have certain rights that
should not be infringed upon. Improper infringement could lead to the suspect filing a lawsuit against the
organization.
B. When there is sufficient evidence that fraud has occurred, the internal auditor should notify the
appropriate authorities within the organization, e.g., security, to recommend an investigation.
C. Senior management and the board should be notified immediately when incidents of fraud have been
established to a reasonable certainty.
D. The internal auditor should not review the finding with the suspect’s fellow workers since they may be involved in
the embezzlement.