CFCI UPDATED
ACTUAL Questions
and CORRECT
Answers
1. The nature of auditing procedures
What are the three broad
2. The timing of substantive tests may need to be modified.
categories of detailed fraud
3. The extent of the procedures applied should reflect the
auditing responses?
assessment of the risks of material misstatement due to fraud.
1. Planning
2. Executing investigations
Qualitative Standards of CIGIE
3. Reporting
4. Managing investigative findings.
Evidence is categorized as
- "real evidence" (any specific physical object such as an invoice);
- "demonstrative evidence" (such as the computerized sketch or
drawing of a loading dock); or
Evidence - "testimonial evidence" (such as in the oral form of a witness, or
others testifying in court).
Sometimes evidence may consist of all three—real,
demonstrative, and testimonial
1: Create an FRA Team
2: Identify the Organization’s Universe of Potential Risks
3: Analyze the Likelihood of Each Scheme or Scenario
Fraud Risk Assessment includes
Occurring
the following steps
4: Assess the Materiality of Risk.
5: Assess Risks Within the Context of Existing Anti-Fraud
Controls
1. Inconsequential
There are three main categories
2. More than inconsequential
of materiality in a FRA
3. Material
The ultimate objective of any FRA is to guide the institution's
auditors in adjusting their audit plans to incorporate specific
Ultimate goal of a FRA techniques for detecting fraud, and to assist management in
formulating and/or adjusting its anti-fraud controls to reduce the
risk of fraud.
, 1. Fraudulent financial reporting
Approaches to FRAs will differ
2. Misappropriation of assets
from organization to
3. Expenditures and liabilities for an improper purpose
organization, but most FRAs
4. Revenue and assets obtained by fraud
focus on identifying fraud risks
5. Costs and expenses avoided by fraud
in six key categories:
6. Financial misconduct by senior management
FRA step 3: Analyze the 1. Remote
Likelihood of Each Scheme or 2. More than remote
Scenario Occurring 3. Reasonably possible
International auditing standards 4. Probable
specify four risk levels:
1. Suspicious Documents
2. Suspicious Personal Identifying Information
FACTA Red Flags List of 3. Unusual Use of, or Suspicious Activity Related to, the Covered
Suggested Alerts, Notifications Account
or Warnings from a Consumer 4. Notice from Customers, Victims of Identity Theft, Law
Reporting Agency Enforcement Authorities, or Other Persons Regarding Possible
Identity Theft in Connection with Covered Accounts Held by the
Financial Institution or Creditors
The Institute of Internal Auditors FRA is meant to assist auditors and/or fraud examiners in
(IIA) has endorsed audit adjusting their audit and investigation plans, and testing to focus
standards that outline the on gathering evidence of red flags for fraud schemes and
techniques and procedures for scenarios that the FRA identifies
conducting an FRA—specifically,
those contained in Statement of
Auditing Standards 99 (SAS 99
and AU-C 240)
• Performing procedures at physical locations on a surprise or
unannounced basis by,
• Requesting that financial performance data be screened for
According to AU-C 240 (and
fraud at the end of the reporting
implied by the revised 2013
period,
Framework), regardless of who
• Making oral inquiries of major customers and vendors about
conducts the FRA, responding
suspicious requests or communication from banking staff, in
to its findings requires the
addition to sending written confirmations or sending
auditor to adjust the timing,
confirmation requests to a specific party within an organization.
nature, and extent of testing, in
• Performing proactive analytical procedures using
such ways as:
disaggregated data by, for example, comparing gross profit or
operating margins by branch, type of service, line of business, or
month, to auditor-developed expectations
Four main federal regulatory 1. Federal Reserve Board (FRB)
bodies watch over U.S. financial 2. Federal Deposit Insurance Corporation (FDIC)
services activities, each with its 3. Office of the Comptroller of the Currency (OCC)
own voluminous set of banking 4. National Credit Union Administration (NCUA)
regulations. These bodies
include
ACTUAL Questions
and CORRECT
Answers
1. The nature of auditing procedures
What are the three broad
2. The timing of substantive tests may need to be modified.
categories of detailed fraud
3. The extent of the procedures applied should reflect the
auditing responses?
assessment of the risks of material misstatement due to fraud.
1. Planning
2. Executing investigations
Qualitative Standards of CIGIE
3. Reporting
4. Managing investigative findings.
Evidence is categorized as
- "real evidence" (any specific physical object such as an invoice);
- "demonstrative evidence" (such as the computerized sketch or
drawing of a loading dock); or
Evidence - "testimonial evidence" (such as in the oral form of a witness, or
others testifying in court).
Sometimes evidence may consist of all three—real,
demonstrative, and testimonial
1: Create an FRA Team
2: Identify the Organization’s Universe of Potential Risks
3: Analyze the Likelihood of Each Scheme or Scenario
Fraud Risk Assessment includes
Occurring
the following steps
4: Assess the Materiality of Risk.
5: Assess Risks Within the Context of Existing Anti-Fraud
Controls
1. Inconsequential
There are three main categories
2. More than inconsequential
of materiality in a FRA
3. Material
The ultimate objective of any FRA is to guide the institution's
auditors in adjusting their audit plans to incorporate specific
Ultimate goal of a FRA techniques for detecting fraud, and to assist management in
formulating and/or adjusting its anti-fraud controls to reduce the
risk of fraud.
, 1. Fraudulent financial reporting
Approaches to FRAs will differ
2. Misappropriation of assets
from organization to
3. Expenditures and liabilities for an improper purpose
organization, but most FRAs
4. Revenue and assets obtained by fraud
focus on identifying fraud risks
5. Costs and expenses avoided by fraud
in six key categories:
6. Financial misconduct by senior management
FRA step 3: Analyze the 1. Remote
Likelihood of Each Scheme or 2. More than remote
Scenario Occurring 3. Reasonably possible
International auditing standards 4. Probable
specify four risk levels:
1. Suspicious Documents
2. Suspicious Personal Identifying Information
FACTA Red Flags List of 3. Unusual Use of, or Suspicious Activity Related to, the Covered
Suggested Alerts, Notifications Account
or Warnings from a Consumer 4. Notice from Customers, Victims of Identity Theft, Law
Reporting Agency Enforcement Authorities, or Other Persons Regarding Possible
Identity Theft in Connection with Covered Accounts Held by the
Financial Institution or Creditors
The Institute of Internal Auditors FRA is meant to assist auditors and/or fraud examiners in
(IIA) has endorsed audit adjusting their audit and investigation plans, and testing to focus
standards that outline the on gathering evidence of red flags for fraud schemes and
techniques and procedures for scenarios that the FRA identifies
conducting an FRA—specifically,
those contained in Statement of
Auditing Standards 99 (SAS 99
and AU-C 240)
• Performing procedures at physical locations on a surprise or
unannounced basis by,
• Requesting that financial performance data be screened for
According to AU-C 240 (and
fraud at the end of the reporting
implied by the revised 2013
period,
Framework), regardless of who
• Making oral inquiries of major customers and vendors about
conducts the FRA, responding
suspicious requests or communication from banking staff, in
to its findings requires the
addition to sending written confirmations or sending
auditor to adjust the timing,
confirmation requests to a specific party within an organization.
nature, and extent of testing, in
• Performing proactive analytical procedures using
such ways as:
disaggregated data by, for example, comparing gross profit or
operating margins by branch, type of service, line of business, or
month, to auditor-developed expectations
Four main federal regulatory 1. Federal Reserve Board (FRB)
bodies watch over U.S. financial 2. Federal Deposit Insurance Corporation (FDIC)
services activities, each with its 3. Office of the Comptroller of the Currency (OCC)
own voluminous set of banking 4. National Credit Union Administration (NCUA)
regulations. These bodies
include
