CIA Exam Part 1 Study Guide - Fraud Risks Exam
Question and Answers
Define Fraud Risk - ✔✔Fraud risk is the probability that fraud will occur and the potential
consequences to the organization when it occurs.
The IPPF glossary defines fraud as: - ✔✔Any illegal act characterized by deceit, concealment, or
violation of trust. These acts are not dependent upon the application of threat of violence or of
physical force. Frauds are perpetrated by parties and organizations to obtain money, property,
or services; to avoid payment or loss of services; or to secure personal or business advantage.
What is the fraud triangle? - ✔✔The fraud triangle is a set of three conditions that, if present in
the right proportions, suggest the possibility of fraud: opportunity, motive, and rationalization.
Opportunity can be described as... - ✔✔A process may be designed properly for typical
conditions. However, a window of opportunity may arise for something to go wrong or that
creates circumstances for the control to fail.
- An opportunity for fraud may exist due to poor control design or lack of controls. For example,
a system can be developed that appears to protect assets but missing an important control.
Anyone aware of the gap may be able to take advantage of it without much effort.
- Persons in positions of authority can create opportunities to override existing controls (i.e.,
management override) because subordinates or weak controls allow them to circumvent the
rules.
Motive (also called incentive or pressure) can be described as... - ✔✔While people can
rationalize their acts, there needs to be an incentive that entices them to behave that way.
- A key motivator is the gratification of a desire, such as greed, or an addiction.
- Power is a great motivator. Power can be career-related or simply gaining esteem in the eyes of
family or coworkers. For instance, some computer frauds are done just to show that the hacker
has the power to do it.
,- A third motivator is pressure, from either unrealistic job requirements, physical stresses, or
outside parties.
Rationalization can be described as... - ✔✔Fraud perpetrators must be able to justify their
actions to themselves as a psychological coping mechanism, allowing them to believe that they
have done nothing wrong and are "normal people." For example, these individuals might
consider that they were entitled to the stolen item or that if executives break the rules, it must
be right for others to do so as well.
- Some people will do things that are defined as unacceptable behavior by the organization yet
are commonplace in their culture (e.g., bribery) or were accepted by previous employers. As a
result, these individuals will not comply with rules that don't make sense to them.
- Some people may have periods of financial difficulty in their lives, have succumbed to a costly
addiction, or are facing other pressures. Consequently, they will rationalize that they are just
borrowing the money and, when their lives improve, they will pay it back.
- Others may feel that stealing from a company is not bad, thereby depersonalizing the act.
Red flags are... - ✔✔signs that indicate both the adequacy of controls in place to deter fraud
and the possibility that some perpetrator has overcome weak or absent controls to commit
fraud. Fraud red flags may surface at any stage of the internal audit. Red flags are only warning
signs; they are not proof that fraud has been committed.
Red flags may relate to time, frequency, place, amount, or personality. They include items such
as: - ✔✔- Overrides of controls by management or offices
- Lack of separation of duties
- Irregular or poorly explained management activities.
- Constantly exceeding goals/objectives regardless of business conditions or competition.
- Too many nonroutine transactions or journal entries.
- Problems or delays in providing requested information
- Significant or unusual changes in customers or suppliers
- Transactions that lack documentation or normal approval
, - Employees or management hand-delivering checks.
- Customer complaints about delivery
- Employees exhibiting significant behavioral changes
- Poor IT access controls.
What are some examples of macro-level red flags? - ✔✔- Stiff competition, unfair trade
practices, or economic downturns that create pressure to perform or lead to layoffs that place
economic pressures on individuals. These conditions may generate the motive to commit fraud.
- Recently deregulated or poorly regulated industries in which absence or laxity of controls
creates opportunity for fraud, for example, the ease of accessing cash in the business or the
complexity and opacity of transactions.
- An industry or cultural trend toward dishonesty and disregard of law and regulation (e.g., a
history of corrupt practices by certain types of government contractors, a pattern of bribe taking
by government officials). Perpetrators may point to a history or climate of acceptance as
rationalization for fraud.
What are some examples of red flags on the micro or organizational level? - ✔✔- Financial
motive from the loss of a lucrative contract, the pressure to improve financial performance to
obtain a loan or before issuing stock, or a research and development failure that threatens the
organization's product pipeline.
- Reorganizations that disrupt control policies and create fraud opportunity. Failure to screen
may lead to hiring with the motive to commit fraud (e.g., hiring supervisors who fail to
implement, enforce, and monitor control policies).
- Failure to train all personnel in the organization's ethical code. This can contribute to a culture
that easily rationalizes small and large acts of fraud, including theft, bid rigging, kickbacks, and
conflicts of interest.
What two types of micro environments in particular offer special opportunities for fraud and
challenges for internal auditing? - ✔✔International organizations and organizations that rely
heavily on technology.
Question and Answers
Define Fraud Risk - ✔✔Fraud risk is the probability that fraud will occur and the potential
consequences to the organization when it occurs.
The IPPF glossary defines fraud as: - ✔✔Any illegal act characterized by deceit, concealment, or
violation of trust. These acts are not dependent upon the application of threat of violence or of
physical force. Frauds are perpetrated by parties and organizations to obtain money, property,
or services; to avoid payment or loss of services; or to secure personal or business advantage.
What is the fraud triangle? - ✔✔The fraud triangle is a set of three conditions that, if present in
the right proportions, suggest the possibility of fraud: opportunity, motive, and rationalization.
Opportunity can be described as... - ✔✔A process may be designed properly for typical
conditions. However, a window of opportunity may arise for something to go wrong or that
creates circumstances for the control to fail.
- An opportunity for fraud may exist due to poor control design or lack of controls. For example,
a system can be developed that appears to protect assets but missing an important control.
Anyone aware of the gap may be able to take advantage of it without much effort.
- Persons in positions of authority can create opportunities to override existing controls (i.e.,
management override) because subordinates or weak controls allow them to circumvent the
rules.
Motive (also called incentive or pressure) can be described as... - ✔✔While people can
rationalize their acts, there needs to be an incentive that entices them to behave that way.
- A key motivator is the gratification of a desire, such as greed, or an addiction.
- Power is a great motivator. Power can be career-related or simply gaining esteem in the eyes of
family or coworkers. For instance, some computer frauds are done just to show that the hacker
has the power to do it.
,- A third motivator is pressure, from either unrealistic job requirements, physical stresses, or
outside parties.
Rationalization can be described as... - ✔✔Fraud perpetrators must be able to justify their
actions to themselves as a psychological coping mechanism, allowing them to believe that they
have done nothing wrong and are "normal people." For example, these individuals might
consider that they were entitled to the stolen item or that if executives break the rules, it must
be right for others to do so as well.
- Some people will do things that are defined as unacceptable behavior by the organization yet
are commonplace in their culture (e.g., bribery) or were accepted by previous employers. As a
result, these individuals will not comply with rules that don't make sense to them.
- Some people may have periods of financial difficulty in their lives, have succumbed to a costly
addiction, or are facing other pressures. Consequently, they will rationalize that they are just
borrowing the money and, when their lives improve, they will pay it back.
- Others may feel that stealing from a company is not bad, thereby depersonalizing the act.
Red flags are... - ✔✔signs that indicate both the adequacy of controls in place to deter fraud
and the possibility that some perpetrator has overcome weak or absent controls to commit
fraud. Fraud red flags may surface at any stage of the internal audit. Red flags are only warning
signs; they are not proof that fraud has been committed.
Red flags may relate to time, frequency, place, amount, or personality. They include items such
as: - ✔✔- Overrides of controls by management or offices
- Lack of separation of duties
- Irregular or poorly explained management activities.
- Constantly exceeding goals/objectives regardless of business conditions or competition.
- Too many nonroutine transactions or journal entries.
- Problems or delays in providing requested information
- Significant or unusual changes in customers or suppliers
- Transactions that lack documentation or normal approval
, - Employees or management hand-delivering checks.
- Customer complaints about delivery
- Employees exhibiting significant behavioral changes
- Poor IT access controls.
What are some examples of macro-level red flags? - ✔✔- Stiff competition, unfair trade
practices, or economic downturns that create pressure to perform or lead to layoffs that place
economic pressures on individuals. These conditions may generate the motive to commit fraud.
- Recently deregulated or poorly regulated industries in which absence or laxity of controls
creates opportunity for fraud, for example, the ease of accessing cash in the business or the
complexity and opacity of transactions.
- An industry or cultural trend toward dishonesty and disregard of law and regulation (e.g., a
history of corrupt practices by certain types of government contractors, a pattern of bribe taking
by government officials). Perpetrators may point to a history or climate of acceptance as
rationalization for fraud.
What are some examples of red flags on the micro or organizational level? - ✔✔- Financial
motive from the loss of a lucrative contract, the pressure to improve financial performance to
obtain a loan or before issuing stock, or a research and development failure that threatens the
organization's product pipeline.
- Reorganizations that disrupt control policies and create fraud opportunity. Failure to screen
may lead to hiring with the motive to commit fraud (e.g., hiring supervisors who fail to
implement, enforce, and monitor control policies).
- Failure to train all personnel in the organization's ethical code. This can contribute to a culture
that easily rationalizes small and large acts of fraud, including theft, bid rigging, kickbacks, and
conflicts of interest.
What two types of micro environments in particular offer special opportunities for fraud and
challenges for internal auditing? - ✔✔International organizations and organizations that rely
heavily on technology.
