CFCI EXAM QUESTIONS AND VERIFIED ANSWERS | 100%
CORRECT | LATEST UPDATE 2026/2027 | GRADED A+ |
GUARANTEED PASS.
What are the three broad categories of detailed fraud auditing
responses?
1. The nature of auditing procedures
2. The timing of substantive tests may need to be modified.
3. The extent of the procedures applied should reflect the assessment of
the risks of material misstatement due to fraud.
Qualitative Standards of CIGIE
1. Planning
2. Executing investigations
3. Reporting
4. Managing investigative findings.
Evidence
Evidence is categorized as
- "real evidence" (any specific physical object such as an invoice); -
"demonstrative evidence" (such as the computerized sketch or drawing
of a loading dock); or
- "testimonial evidence" (such as in the oral form of a witness, or
others testifying in court).
Sometimes evidence may consist of all three—real, demonstrative, and
testimonial
Fraud Risk Assessment includes the following steps 1:
Create an FRA Team
2: Identify the Organization’s Universe of Potential Risks 3:
Analyze the Likelihood of Each Scheme or Scenario Occurring 4:
Assess the Materiality of Risk.
5: Assess Risks Within the Context of Existing Anti-Fraud Controls
There are three main categories of materiality in a FRA
,1. Inconsequential
2. More than inconsequential
3. Material
Ultimate goal of a FRA
The ultimate objective of any FRA is to guide the institution's auditors in
adjusting their audit plans to incorporate specific techniques for
detecting fraud, and to assist management in formulating and/or
adjusting its anti-fraud controls to reduce the risk of fraud.
Approaches to FRAs will differ from organization to organization, but
most FRAs focus on identifying fraud risks in six key categories:
1. Fraudulent financial reporting
2. Misappropriation of assets
3. Expenditures and liabilities for an improper purpose
4. Revenue and assets obtained by fraud
5. Costs and expenses avoided by fraud
6. Financial misconduct by senior management
FRA step 3: Analyze the Likelihood of Each Scheme or Scenario
Occurring
International auditing standards specify four risk levels:
1. Remote
2. More than remote
3. Reasonably possible
4. Probable
FACTA Red Flags List of Suggested Alerts, Notifications or Warnings
from a Consumer Reporting Agency
1. Suspicious Documents
2. Suspicious Personal Identifying Information
3. Unusual Use of, or Suspicious Activity Related to, the Covered
Account
4. Notice from Customers, Victims of Identity Theft, Law Enforcement
Authorities, or Other Persons Regarding Possible Identity Theft in
Connection with Covered Accounts Held by the Financial Institution or
Creditors
The Institute of Internal Auditors (IIA) has endorsed audit standards that
outline the techniques and procedures for conducting an FRA—
specifically, those contained in Statement of Auditing Standards 99 (SAS
99 and AU-C 240)
, Four main federal regulatory bodies watch over U.S. financial services
activities, each with its own voluminous set of banking regulations.
These bodies include
1. Federal Reserve Board (FRB)
2. Federal Deposit Insurance Corporation (FDIC)
3. Office of the Comptroller of the Currency (OCC)
4. National Credit Union Administration (NCUA)
The internal audit manager should be responsible for the following:
• A control risk assessment documenting the internal auditor’s
understanding of significant business activities and associated risks.
These assessments typically analyze the risks inherent in a given
business line, the mitigating control processes, and the resulting residual
risk exposure.
• An internal audit plan responsive to results of the control risk
assessment. This plan typically specifies key internal control summaries
within each business activity, timing and frequency of internal audit work,
and the resource budget.
• An internal audit program that describes audit objectives and
specifies procedures performed during each internal audit review.
• An audit report presenting the purpose, scope, and results of the
audit. Work papers should be maintained to document the work
performed and support audit findings.
The primary role of internal auditing in protecting the organization
against fraud is described in five IIA Standards contained in Internal
Auditing and Fraud
1. Standard 1210.A2 – Internal auditors must have sufficient
knowledge to evaluate the risk of fraud and the manner in which it is
managed by the organization, but are not expected to have the expertise
of a person whose primary responsibility is detecting and investigating
fraud.
2. Standard 1220.A1 – Internal auditors must exercise due
professional care by considering the:
o Extent of work needed to achieve the engagement’s objectives. o
Related complexity, materiality, or significance of matters to which
assurance procedures are applied. o Adequacy and effectiveness of
governance, risk management, and control processes.
o Probability of significant errors, fraud, or noncompliance.
CORRECT | LATEST UPDATE 2026/2027 | GRADED A+ |
GUARANTEED PASS.
What are the three broad categories of detailed fraud auditing
responses?
1. The nature of auditing procedures
2. The timing of substantive tests may need to be modified.
3. The extent of the procedures applied should reflect the assessment of
the risks of material misstatement due to fraud.
Qualitative Standards of CIGIE
1. Planning
2. Executing investigations
3. Reporting
4. Managing investigative findings.
Evidence
Evidence is categorized as
- "real evidence" (any specific physical object such as an invoice); -
"demonstrative evidence" (such as the computerized sketch or drawing
of a loading dock); or
- "testimonial evidence" (such as in the oral form of a witness, or
others testifying in court).
Sometimes evidence may consist of all three—real, demonstrative, and
testimonial
Fraud Risk Assessment includes the following steps 1:
Create an FRA Team
2: Identify the Organization’s Universe of Potential Risks 3:
Analyze the Likelihood of Each Scheme or Scenario Occurring 4:
Assess the Materiality of Risk.
5: Assess Risks Within the Context of Existing Anti-Fraud Controls
There are three main categories of materiality in a FRA
,1. Inconsequential
2. More than inconsequential
3. Material
Ultimate goal of a FRA
The ultimate objective of any FRA is to guide the institution's auditors in
adjusting their audit plans to incorporate specific techniques for
detecting fraud, and to assist management in formulating and/or
adjusting its anti-fraud controls to reduce the risk of fraud.
Approaches to FRAs will differ from organization to organization, but
most FRAs focus on identifying fraud risks in six key categories:
1. Fraudulent financial reporting
2. Misappropriation of assets
3. Expenditures and liabilities for an improper purpose
4. Revenue and assets obtained by fraud
5. Costs and expenses avoided by fraud
6. Financial misconduct by senior management
FRA step 3: Analyze the Likelihood of Each Scheme or Scenario
Occurring
International auditing standards specify four risk levels:
1. Remote
2. More than remote
3. Reasonably possible
4. Probable
FACTA Red Flags List of Suggested Alerts, Notifications or Warnings
from a Consumer Reporting Agency
1. Suspicious Documents
2. Suspicious Personal Identifying Information
3. Unusual Use of, or Suspicious Activity Related to, the Covered
Account
4. Notice from Customers, Victims of Identity Theft, Law Enforcement
Authorities, or Other Persons Regarding Possible Identity Theft in
Connection with Covered Accounts Held by the Financial Institution or
Creditors
The Institute of Internal Auditors (IIA) has endorsed audit standards that
outline the techniques and procedures for conducting an FRA—
specifically, those contained in Statement of Auditing Standards 99 (SAS
99 and AU-C 240)
, Four main federal regulatory bodies watch over U.S. financial services
activities, each with its own voluminous set of banking regulations.
These bodies include
1. Federal Reserve Board (FRB)
2. Federal Deposit Insurance Corporation (FDIC)
3. Office of the Comptroller of the Currency (OCC)
4. National Credit Union Administration (NCUA)
The internal audit manager should be responsible for the following:
• A control risk assessment documenting the internal auditor’s
understanding of significant business activities and associated risks.
These assessments typically analyze the risks inherent in a given
business line, the mitigating control processes, and the resulting residual
risk exposure.
• An internal audit plan responsive to results of the control risk
assessment. This plan typically specifies key internal control summaries
within each business activity, timing and frequency of internal audit work,
and the resource budget.
• An internal audit program that describes audit objectives and
specifies procedures performed during each internal audit review.
• An audit report presenting the purpose, scope, and results of the
audit. Work papers should be maintained to document the work
performed and support audit findings.
The primary role of internal auditing in protecting the organization
against fraud is described in five IIA Standards contained in Internal
Auditing and Fraud
1. Standard 1210.A2 – Internal auditors must have sufficient
knowledge to evaluate the risk of fraud and the manner in which it is
managed by the organization, but are not expected to have the expertise
of a person whose primary responsibility is detecting and investigating
fraud.
2. Standard 1220.A1 – Internal auditors must exercise due
professional care by considering the:
o Extent of work needed to achieve the engagement’s objectives. o
Related complexity, materiality, or significance of matters to which
assurance procedures are applied. o Adequacy and effectiveness of
governance, risk management, and control processes.
o Probability of significant errors, fraud, or noncompliance.
