Chapter 2 - Fraud Considerations Flashcards Preview

CITP - Certified Information Technology Professional Exam > Chapter 2 - Fraud Considerations > Flashcards

Flashcards in Chapter 2 - Fraud Considerations Deck (19)
Loading flashcards...

Regarding fraud in the CITP BOK, what is addressed?

This part of the CITP BOK addresses knowledge requirements to issues such as computer forensics, digital evidence, data mining and analysis, security breaches, and relevant regulations (for example, e-Discovery).
Dimension 2, CITP Body of Knowledge


What are the eight (8) learning objectives of Chapter 2?
1 - Fraud
2 - Regulations
3 - Consider risks
4 - Understand how
5 - How to choose
6 - Applicable sources
7 - Understand basics
8 - Understand the importance

1) To understand the basics of fraud and forensics; for example, fraud triangle, fraud tree (schemes and categories of schemes), scope of fraud (that is, professional skepticism) and profile of fraudsters.
2) To have a good understanding of regulations and technical literature, especially Statement of Accounting Standards (SAS) No. 99, Consideration of Fraud in a Financial Statement Audit, and how to apply it.
3) Generally, to be able to consider the risks of material misstatement due to fraud and determine specific techniques to detect fraud.
4) To understand how to use Information Technology (IT) in fraud investigations.
5) To understand how to choose and employ the most appropriate digital acquisition tools and procedures in a fraud investigation.
6) To identify applicable sources of digital evidence in a fraud investigation.
7) To understand the basics of legal rules and procedures regarding digital evidence.
8). to understand the importance of state and federal laws regarding digital evidence.


Does the financial auditor have the responsibility to detect fraud?

The financial auditor has responsibilities to detect frauds when they lead to material misstatements of the financial statements.
In a direct quote of paragraph .02 of AU section 110, Responsibilities and Functions of the Independent Auditor (AICPA, Professional Standards), paragraph .01 of AU section 316 states:

. . . the auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud . . .


What is the most important standard related to fraud?

AU Section 316 - Consideration of Fraud in a Financial Statement Audit

This SAS is the most recent and most important standard related to fraud considerations in a financial statement audit. Fraud considerations, however, obviously also extend into business and industry. those CPAs in key positions in B&I have a role and responsibility related to fraud considerations as well.

The key standard regarding fraud consideration is AU section 316.

Page 2-2


What are the roles and responsibility of the CITP related to fraud considerations?

This dimension of the CITP content focuses on the role and responsibilities of the CITP in fulfilling their responsibility related to fraud considerations as they pertain to the risk of material misstatement (RMM). Those roles and responsibilities will be presented as

1) Preventive and deterrence
2) Digital evidence, and
3) Detection and investigation.


What is the definition of fraud?

What is the source of the definition of fraud that the CITP uses?

The CITP uses the definition of fraud contained in AU section 316 because of the context of the knowledge; that is, assessing the RMM in a financial statement audit related to fraudulent financial reporting.

According to paragraph .05 of AU section 316:

Fraud is an intentional act that results in a material misstatement in financial statements that are the subject of an audit.


CITPs use the definition of fraud contained in AU section 316, but this is not the legal definition of fraud.
What is the legal definition of fraud? Why is knowing the legal definition of fraud helpful?

Because any fraud could end up in court, a legal definition of what the courts deem as fraud is helpful. According the U.S. Supreme Court decision (Southern Development Co. v. Silva), fraud is defined legally as:

- The defendant has made a representation in regard to a material fact

- Such representation is false

- Such representation was not actually believed by the defendant, on reasonable grounds, to be true

- It was made with the intent that it should be acted upon

- In doing so, the complainant was ignorant of its falsity, and reasonably believed it to be true

- That it was acted upon by complainant to his/her damage


What is the fraud tree?

The fraud tree is a framework for categorizing frauds. There are several taxonomies of frauds, but AU section 316 chose to use part of the Fraud Tree described by the Association of Certified Fraud Examiners (ACFE), so that is the framework used by CITPs, per paragraph .06 of AU section 316. The fraud tree classifies frauds, at the top of the tree as a) corruption schemes, b) asset misappropriation schemes and c) fraudulent statement schemes.


What type of fraud is the primary focus of CITPs?

Because CITPs are involved in financial audits and financial reporting, financial statement fraud is the primary focus. Fraudulent statement schemes are more likely to be material than the other two categories of fraud.


Why are corruption and asset misappropriation frauds more important in business and industry?

For B&I, it is likely that Corruption and Asset Misappropriation will be of more importance because of the:
- Correlation of materiality with the three schemes;
- Role of independence with the three schemes; and
- Role of external auditors vs. internal auditors

Because external auditors are unlikely to address these two categories because they are not material, management will need to focus on them, or else they will have little or no attention at all. Although usually small, asset misappropriation schemes can cause material misstatment in the financial statements.


What is the fraud triangle?

The Fraud Triangle is a key framework in risk management. Fraud research shows that all frauds have three things in common regarding the fraudster:
- Pressure / incentive
- Opportunity, and
- Rationalization / attitude


Describe the pressure / incentive aspect of the fraud triangle.

Pressure refers to something personal to the fraudster that motivates that person to commit a fraud. For example, for employees who commit asset misappropriation, it usually is financial pressure.


Describe the opportunity aspect of the fraud triangle.

Opportunity refers to the knowledge and opportunity to commit the fraud. It begins with the fact that the fraudster is in a position of trust. Second, it is related to the tenure of the employee. Usually long time employees have more knowledge to commit fraud. Also, opportunity is about internal controls. Override of internal controls can lead to fraud. The CITP should mentally question whether these three factors of the fraud triangle are present when performing audits.


What were the primary internal control weaknesses observed in the 2010 ACFE RTTN regarding frauds?

The primary internal control weaknesses observed for frauds committed were, in order of frequency:
- Lack of internal controls (37.8 percent),
- Overriding of existing internal controls (19.2 percent), and
- Lack of management review (17.9 percent)


What were the internal controls that were modified or implemented in response to a resolved fraud in the 2010 ACFE RTTN?

Internal controls that were modified or implemented in response to a resolved fraud, in order of magnitude, were:
- Increased segregation of duties (61.2 percent),
- Management review (50.6 percent), and
- Surprise audits (22.5 percent)


What is the optimal response to fraud?

The 2010 ACFE RTTN indicates that the optimal response to a fraud is to increase segregation of duties (SoD).


Describe the Rationalization / Attitude aspect of the fraud triangle.

Rationalization is about the mental process a fraudster goes through to justify why he or she is NOT committing a crime. That is, the fraudster juxtaposes the fraudulent activity with his or her personal code of ethics and comes up with a reason why it is permissible for them, in their circumstances, to commit the fraud.


What does the 2010 ACFE RTTN say about the scope of fraud?

According to the 2010 ACFE RTTN, experts estimate that 5 percent of annual revenues are lost to fraud. Surveys from 1996 - 2010 show the percentage of revenue lost due to fraud has been between 5% (2006, 2010) and 7% (2008) in all years (6 % in 1996, 2002 and 2004).


What is the profile of an executive perpetrator?

The profile of a fraudster can be summarized by this statement: a fraudster (white collar criminal) does NOT look like a crook. When a fraud occurs, it is often said by key stakeholders, "That is the last person I would have suspected!" Fraudsters are in key positons; have earned the trust of management; are fairly educated; are long-time employees; are often religious; and usually have a personal code of ethics. Because fraudsters look more like employees of the year rather than crooks, auditors should maintain professional skepticism when evaluating fraud.