Fraud Risk Management

Question 1

Which of the following types of customer due diligence (CDD) procedures should an organization engage in when determining whether to conduct business with a higher-risk customer who wants to pay on credit?

A. Standard CDD
B. International CDD
C. Simplified CDD
D. Enhanced CDD

Answer 1

D. Enhanced CDD

Question 2

An organization’s fraud risk management program should include which of the following components?

A. Whistleblower protection policies
B. A way to disclose conflicts of interest
C. Quality assurance activities
D. All of the above

Answer 2

D. All of the above

Question 3

A fraud risk management program must include systems specifically designed to monitor, identify, and address breaches in compliance.

A. True
B. False

Answer 3

True

Question 4

As part of its vendor due diligence procedures, an organization should avoid revealing that it is seeking information about potential vendors prior to starting a relationship with them.

A. True
B. False

Answer 4

False

Question 5

According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), _________ is the culture, capabilities, and practices, integrated with strategy-setting and its performance, that organizations rely on to manage risk in creating, preserving, and realizing value.

A. Fraud prevention
B. Internal control
C. Corporate governance
D. Enterprise risk management

Answer 5

D. Enterprise risk management

Question 6

When a customer presents a higher risk for engaging in illegal activity, which of the following customer due diligence (CDD) activities would be MOST APPROPRIATE for an organization to engage in?

A. Scrutinizing the customer’s method of payment
B. Analyzing the customer’s overall net worth
C. Quantifying the customer’s expected purchasing pattern
D. All of the above

Answer 6

D. All of the above

Question 7

Fraud risk management programs should focus on activities that:

A. Prevent fraud by proactively identifying, assessing, and addressing fraud risks
B. Respond to identified fraud by investigating the incident and taking remedial action
C. Detect fraud by identifying occurrences as soon as possible after they begin
D. All of the above

Answer 7

D. All of the above

Question 8

According to the Fraud Risk Management Guide, a joint publication by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the ACFE, who has responsibility for managing fraud risk?

A. Executive management
B. Personnel at all levels of the organization
C. The board of directors
D. Internal audit

Answer 8

B. Personnel at all levels of the organization

Question 9

potential customer has little opportunity to commit fraud and therefore presents a minimal risk of engaging in illegal activity?

A. Identifying the customer
B. Analyzing the customer’s net worth
C. Verifying the customer’s identity
D. Contacting the customer’s bank

Answer 9

A. Identifying the customer

Question 10

Which of the following is one of the eight principles for risk management provided by International Organization for Standardization (ISO) 31000:2018?

A. The risk management program is structured and comprehensive
B. The risk management program facilitates continuous improvement
C. The risk management program is integrated into all organizational activities
D. All of the above

Answer 10

D. All of the above

Question 11

In defining the objectives of the fraud risk management program, management should express risk appetite in a manner that is appropriate for the organization’s culture and operations.

A. True
B. False

Answer 11

True

Question 12

As part of an organization’s fraud risk management program, employees at all levels should:

A. Understand how noncompliance might create an opportunity for fraud to occur
B. Cooperate in investigations into suspected or alleged fraud incidents
C. Provide input into the design and implementation of fraud control activities when requested by management
D. All of the above

Answer 12

D. All of the above

Question 13

Which of the following is NOT one of the components of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Enterprise Risk Management—Integrating with Strategy and Performance?

A. Information, communication, and reporting
B. Risk tolerance
C. Strategy and objective-setting
D. Review and revision

Answer 13

B. Risk tolerance

Question 14

Before agreeing to do business with a new vendor, it is recommended that an organization’s management inquire about the vendor’s internal audit department and the types of audits the vendor is subject to.

A. True
B. False

Answer 14

True

Question 15

Management must assign both a quantitative and qualitative measure to its risk appetite so that it can accurately measure the fraud risk management program’s effectiveness.

A. True
B. False

Answer 15

False

Question 16

Risk management includes which of the following activities involving the risks that threaten an organization?

A. Identification
B. Treatment
C. Monitoring
D. All of the above

Answer 16

D. All of the above

Question 17

Which of the following is NOT one of the eight principles for risk management provided by International Organization for Standardization (ISO) 31000:2018?

A. The risk management program is dynamic and responsive to change.
B. The risk management program takes human and cultural factors into account.
C. The risk management program is based on effective leadership and commitment.
D. The risk management program is customized and proportionate to the organization’s operations and objectives

Answer 17

C. The risk management program is based on effective leadership and commitment.

Question 18

The performance component of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Enterprise Risk Management—Integrating with Strategy and Performance can BEST be described as:

A. The formal process of setting strategy and defining business objectives
B. The review of how well the enterprise risk management capabilities and practices have increased value over time and how they will continue to drive value for the organization
C. A continual, iterative process of obtaining information and sharing it throughout the entity
D. The identification and assessment of risks that might affect the organization’s ability to meet its strategic and business objectives and the prioritization and response to those risks

Answer 18

D. The identification and assessment of risks that might affect the organization’s ability to meet its strategic and business objectives and the prioritization and response to those risks

Question 19

Which of the following statements regarding recommended vendor due diligence procedures is LEAST ACCURATE?

A. An organization should alert the vendor that they will be liable for any unethical conduct that occurs during the business arrangement before agreeing to do business with them.
B. An organization should include a clause in the contract requiring the vendor to report any instances of misconduct before entering into an agreement with them.
C. An organization should request that new vendors complete a questionnaire about their background immediately after signing a contract with them.
D. An organization should ensure that vendors have their own ethics and compliance program before engaging in any transactions with them.

Answer 19

C. An organization should request that new vendors complete a questionnaire about their background immediately after signing a contract with them.

Question 20

The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Enterprise Risk Management—Integrating with Strategy and Performance is composed of a set of principles organized into five interrelated components. Which of the following is NOT one of the principles pertaining to the review and revision component?

A. The organization assesses substantial changes that might affect its strategy and objectives.
B. The organization pursues improvement in enterprise risk management.
C. The organization identifies risk that impacts its performance and ability to meet objectives.
D. The organization reviews its risk and performance.

Answer 20

C. The organization identifies risk that impacts its performance and ability to meet objectives.

Question 21

The governance and culture component of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Enterprise Risk Management—Integrating with Strategy and Performance involves the formal process of setting strategy and defining business objectives.

A. True
B. False

Answer 21

False

Question 22

The board of directors holds the primary responsibility for designing, implementing, monitoring, and improving the fraud risk management program, as well as punishing perpetrators of fraud appropriately.

A. True
B. False

Answer 22

False

Question 23

The fraud risk management program should include the formal procedures that management takes in response to a fraud, such as punishing the perpetrator, remediating the control weaknesses that allowed the fraud to occur, and rebuilding stakeholders’ confidence in the organization.

A. True
B. False

Answer 23

True

Question 24

Which of the following is one of the five fraud risk management principles described in the Fraud Risk Management Guide, a joint publication by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the ACFE?

A. Fraud investigation and corrective action
B. Fraud risk management monitoring activities
C. Fraud risk assessment
D. All of the above

Answer 24

D. All of the above

Question 25

To communicate their dedication to the fraud risk management program, the board of directors and senior management should provide a formal statement of commitment that: A. Is in writing B. Is provided to all employees, vendors, and customers C. Acknowledges the organization’s vulnerability to fraud D. All of the above

Answer 25

D. All of the above

Question 26

If an organization determines that one of its potential customers presents a risk of engaging in illegal activity, but it concludes that the risk is unlikely to manifest, then the only recommended customer due diligence (CDD) procedure would be to identify the customer. A. True B. False

Answer 26

False

Question 27

Of the following parties, who is responsible for the oversight of the organization’s financial, accounting, and audit matters? A. The external auditors B. The chief financial officer C. The internal auditors D. The audit committee

Answer 27

D. The audit committee

Question 28

Which of the following is a factor that might prompt an organization to undertake enhanced due diligence procedures for a new customer? A. The customer makes a very large purchase. B. The customer has business dealings in a country known for corruption. C. The customer is a high-profile client. D. All of the above are factors that might prompt enhanced procedures.

Answer 28

D. All of the above are factors that might prompt enhanced procedures.

Question 29

Which of the following is among the board of directors’ responsibilities pertaining to fraud risk management? A. Raising awareness of the risks of fraud throughout the organization B. Overseeing the organization’s fraud risk management activities C. Setting realistic expectations of management to enforce an anti-fraud culture D. All of the above

Answer 29

D. All of the above

Question 30

Risk management involves balancing an organization’s strategic, operational, reporting, and compliance objectives with how much risk management is willing to accept. A. True B. False

Answer 30

True

Question 31

Which of the following is TRUE regarding the process of defining the objective of the fraud risk management program? A. Management should incorporate the needs and goals of the organization into the fraud risk management program’s objectives B. Management must balance the investment in anti-fraud controls with the benefit of those controls and the amount of risk it is willing to accept C. Management should examine previous fraud occurrences to determine how the ideal fraud risk management program would have prevented them D. All of the above

Answer 31

D. All of the above

Question 32

Which of the following statements is TRUE regarding an organization’s fraud risk management program? A. Formal sanctions for intentional noncompliance must be well-publicized and carried out in a consistent and firm manner B. A specific team or individual should be assigned responsibility for monitoring compliance and managing suspected instances of noncompliance C. There should be measures in place to address failures in the design or operation of anti-fraud controls, as well as fraud occurrences D. All of the above

Answer 32

D. All of the above

Question 33

As part of its fraud-related responsibilities, the audit committee of an organization’s board of directors should meet regularly with key internal parties, such as the chief audit executive (CAE), to discuss identified fraud risks and the steps being taken to prevent and detect fraud. A. True B. False

Answer 33

True

Question 34

To protect against third-party fraud risks, organizations should perform the same level of due diligence on each potential customer before entering into a transaction with them. A. True B. False

Answer 34

False

Question 35

Of the following parties, who is responsible for developing a strategy to assess and manage fraud risks that aligns with the organization’s risk appetite and strategic plans? A. The audit committee B. The board of directors C. The legal department D. The shareholders

Answer 35

B. The board of directors

Question 36

Under the fraud control activities principle described in the Fraud Risk Management Guide, a joint publication by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the ACFE, organizations should select, develop, and deploy preventive and detective fraud control activities. A. True B. False

Answer 36

True

Question 37

Which of the following is among the audit committee’s responsibilities for fraud risk management? A. Performing and regularly updating the fraud risk assessment B. Monitoring and proactively improving the fraud risk management program C. Receiving regular reports on the status of reported or alleged fraud D. All of the above

Answer 37

C. Receiving regular reports on the status of reported or alleged fraud

Question 38

Which of the following statements is TRUE regarding the five fraud risk management principles described in the Fraud Risk Management Guide, a joint publication by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the ACFE? A. Under the fraud risk governance principle, an organization should communicate the expectations of those overseeing the fraud risk management program B. Under the fraud risk assessment principle, an organization should perform comprehensive fraud risk assessments to identify specific fraud schemes C. Under the fraud risk management monitoring activities principle, an organization should develop ongoing evaluations for each fraud risk management principle D. All of the above

Answer 38

D. All of the above

Question 39

According to Managing the Business Risk of Fraud: A Practical Guide, an organization's anti-fraud policy should include consequences for individuals who condone fraudulent activity. A. True B. False

Answer 39

True

Question 40

The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Enterprise Risk Management—Integrating with Strategy and Performance is composed of a set of principles organized into five interrelated components. Communication, as part of the information, communication, and reporting component, is defined as an organization’s: A. Formal process of setting strategy and defining business objectives B. Continual, iterative process of obtaining information and sharing it throughout the entity C. Ability to assess substantial changes that might affect its strategy and objectives D. Tone that reinforces the importance of risk management and establishes the oversight responsibilities for managing risks

Answer 40

B continual, iterative process of obtaining information and sharing it throughout the entity