CFCI Study Guide PDF

Summary

This document is a study guide for Certified Financial Counselor (CFCI) professionals. It provides information about financial fraud, its types, examples, prevention, and detection methods. The document covers various fraud topics.

Full Transcript

CFCI Study Guide – Updated with
Certified Solutions
Financial Management
The American College of Financial Services
51 pag.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
 CFCI Study Guide – Updated with
Certified Solutions
Fraud ✔✔"Any illegal acts characterized by deceit, concealment, or violation of trust. These acts

are not dependent upon the perpetrated by individuals and organizations to obtain money,

property, or services; to avoid payment or loss of services; or to secure personal or business ad-

vantage."

Main types of fraud ✔✔Internal Fraud and External Fraud

Internal Fraud ✔✔Activities that may be criminal, committed within an organization, typically

by the employee against the employer.

External Fraud ✔✔Deceptive conduct by non-employees that

deprives the organization of value, and/or is undertaken for financial gain.

Embezzlement ✔✔The theft of money, property, or other assets of the employer.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Larceny ✔✔The taking away of the property of another, with the intent to convert it to his/her

own use.

Financial Fraud ✔✔"Cooking the books." This type of fraud generally refers to falsely

representing the financial condition of the company, so as to inflate the value of stock,

fraudulently boost executive bonuses, or otherwise mislead shareholders, lenders, employees,

investment analysts, or other users of the information.

Skimming (cash larceny) ✔✔Accounts receivable fraud, this involves simply stealing cash

before it enters the organization's accounting system.

Billing Schemes ✔✔Using false documentation to cause a targeted organization to issue a

payment for false services and/or purchases.

Check Tampering ✔✔Common method (Taking advantage of employee access to blank

company checks, using a password to

steal computer-generated checks or producing counterfeit checks).

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Employee reimbursement scheme ✔✔Making false claims for reimbursement or inflating or

creating fictitious business expenses. (Travel /meal reimbursement.

Corruption ✔✔Bribery, illegal gratuities, and/or extortion.

Bribery ✔✔When something of value is offered or given to influence a business decision.

Illegal Gratuities ✔✔When something of value is given to an employee to reward a business

decision.

Extortion ✔✔When a person demands payment or seeks to influence a business decision by

threat of harm through loss of business or personal injury.

Kickback Schemes ✔✔Forms of corruption involving employees and vendors, often using

inflated billing or invoices for which the employee is paid a portion of the inflated or fictitious

invoice.

Credit Card Fraud ✔✔The creation, sale, or use of a counterfeit credit card, or the use of a stolen

credit or debit card.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
C.N.P ✔✔Card not present transactions

Identity Theft ✔✔The fraudulent acquisition or stealing of confidential personal information

through social engineering.

Identity Fraud ✔✔Involves the unauthorized use of another person's personal data for illegal

financial benefit. Involves abusing the stolen information to transact personal business in the

victim's name.

Wildcat Banking ✔✔An extreme form of what was called free banking. "A bank that issued

notes without adequate security in the period before the establishment of the national banking

system in 1864".

2 categories that encompass Fraud ✔✔Theft (stealing money, ID, or assets) and deception

(cooking the books, lying to shareholders, employees or partners)

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Savings and Loan Crisis ✔✔The failure of about 1000 savings and loan banks as a result of risky

business practices. The roots of the S&L crisis lay in excessive lending, speculation, and risk-

taking driven by the moral hazard created by deregulation and taxpayer bailout guarantees.

Myth #1 of the Financial Services ✔✔"We have very little fraud here" ex: subprime mortgage

fraud

Myth #2 of Financial Services ✔✔"Ethics and training compliance has us covered" Fraud is not

always covered in ethics policy or training.

Myth #3 of Financial Services ✔✔"Fraud is an unavoidable cost of doing business" Fraud is

usually not serious enough to destroy a financial service firm, it is much more than necessary

cost of doing business.

Chapter 1 review points ✔✔ Statistical picture of fraud. The numbers do not lie: Fraud is a huge

worldwide problem—for all organizations.

Financial services fraud. Seventy-four percent of financial institutions experienced attempted

payment fraud (check fraud, ACH fraud, or credit card fraud in 2020).

Definitions of fraud. The broad definition of fraud is illegal activity representing either theft or

deception, or a combination of both.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
 Myths about fraud. It is easy to become complacent about fraud but doing so can be very

costly. Fraud does occur in every organization and is potentially serious enough to cause major

long-term damage.

Main types of fraud. Countless varieties of fraud threaten financial institutions. Fraudsters are

constantly thinking up new ways to target financial services institutions.

20-60-20 rule of human component of fraud ✔✔20% of people will never commit fraud

60% are fence sitters and may commit fraud if given the opportunity

20% of people are inherently dishonest

2 types of insider fraud threat ✔✔Employee level fraud and management level fraud

True or False: Managment Level Fraud is committed less frequently than employee level fraud?

✔✔True: Management level fraud is committed less frequently than employee level fraud

however the financial loss is almost always greater.

Fraud Triangle ✔✔Created by leading criminologist Donald Cressey. The three factors that

contribute to fraudulent activity by employees: opportunity, financial pressure, and

rationalization.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Financial pressure ✔✔Financial difficulties, such as large amounts of credit card debt, an

overwhelming burden of unpaid medical bills, large gambling debts, extended unemployment, or

similar financial difficulties.

Opportunity ✔✔Employee identifies a weakness in the organization's anti-fraud controls. For

example, if an employee is able to set up a phony vendor, have fraudulent invoices approved,

and have payment sent to an address that he or she controls.

Rationalization ✔✔Persons who have committed fraud convince themselves that the act is either

not wrong or that even though it may be wrong, it will be corrected because they will eventually

return the money. Another, often more damaging form of rationalization occurs when employees

justify the fraud by taking the attitude that they deserve the stolen money—because the company

unfairly denied them a raise or promotion, or because some other form of mistreatment made

them "victims."

Remember: ✔✔The opportunity element of the Fraud Triangle helps to explain the ways in

which many frauds are committed by employees, middle managers, and executives of financial

services organizations.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
What caused the Fraud Triangle to morph into the Fraud Diamond? ✔✔A reevaluation for

peoples unadorned lust for money caused personal Greed to become the 4th side, morphing the

triangle into the diamond.

Chapter 2 Review points ✔✔ External fraudsters are a varied and demographically diverse

group, which makes it difficult for fraud fighters to profile these criminals. The best approach to

detecting and preventing external fraud against financial institutions is to understand the red

flags of these crimes.

Internal fraudsters do have common behavioral and personality traits, which helps to detect

suspicious activity before it is too late.

Up to 80 percent of employees are either totally honest or honest to the point that they will not

steal except in situations in which the opportunity to do so presents itself. And even then, these

"fence sitters" may err on the side of honesty. The remaining 20 percent of your organization's

employees are fundamentally dishonest and will go out of their way to commit fraud.

Internal fraud can be divided into two categories: employee level and management level. There

is an inverse ratio between the level of the organization at which fraud is committed and the

amount of financial loss resulting from frauds committed at each level. Thus, while

management-level frauds are committed less frequently than employee-level frauds, the financial

loss resulting from the former is almost always significantly greater than the amount lost from

the latter.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
 The Fraud Triangle (Pressure, Opportunity, and Rationalization) helps fraud fighters identify

and stop potential fraudsters from carrying out crimes that could result in financial losses to the

organization.

The elements of the Fraud Triangle have their own unique meaning in the context of the

financial services industry.

The Fraud Triangle can arguably be reinterpreted as a Fraud Diamond when the element of

greed is included as a key motivator for fraud in the financial services industry.

Loans to phantom borrowers ✔✔Internal fraud where an employee can submit a fictitious loan to

a loan officer of the same company. That loan officer can play as a co-conspirator or as an

unknowing personal.

Loan Lapping ✔✔Oftentimes referred to as "Accounts receivable fraud" the fraudster will make

loan payments from funds received from subsequently closed or older fraudulent loans in a form

of loan lapping scheme.

Nominee or straw borrowers ✔✔"A third-party"or "nominee" loan is a loan in the name of one

party that is intended for use by another. In other words, a persons PII is used with permission to

secure a loan for someone who would not qualify, thus circumventing the system.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Kickback on Illegal loans ✔✔A bank insider is induced to approve a loan to a non-credit worthy

borrower, where the borrowers agrees to give something of value to the banker to approve the

loan.

Reciprocal loans ✔✔A dishonest loan officer or bank manager agrees to authorize loans to one

or more crooked bank colleagues or to dishonest counterparts in other financial institutions made

with the understanding that a comparable, reciprocal loan or favor would be made in return.

Linked financing ✔✔A form of loan fraud in which a large depositor or a deposit broker agrees

to give a bank its business in exchange for a loan that it might otherwise not qualify for or that is

used to perpetrate a real estate fraud.

Working Capital or Asset-based Loan Fraud ✔✔Typically are made by committing the

borrower's receivables, inventory, or other assets as collateral. Also referred to a "Floor-plan"

lending as merchandise is used as collateral for the loan.

Suspense Account fraud ✔✔Bank employees with authority to credit and debit these accounts

would and to move funds held in suspense accounts the fraudster controls, such as a personal

checking account.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Types of mortgage fraud ✔✔1. Application

2. Tax return/financial statement

3. Appraisal

4. Verification of deposit

5. Verification of employment

6. Escrow/closing documents

7. Credit documents

Two key categories of indicators of potential or actual employee

fraud. ✔✔Soft indicators and hard indicators.

Soft indicators ✔✔Are intangible, behavioral signs displayed by dishonest employees or

employees with an intention to commit fraud.

Hard indicators ✔✔Are pieces of evidence that are tangible. Often they are signs represented by

numerical oddities or by physical evidence.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Segregation of Duties (SoD) ✔✔Refers to separating job functions in a way that no single

employee is in a position with sufficient authority to perpetrate a fraud, either single-handedly or

with a collusive vendor, customer, or ex-employee.

The responsibility for record-keeping for an asset should be separate from the physical custody

of that asset.

Delegation of Authority (DoA) ✔✔Refers to having specific levels of authority, indicating who

is permitted to approve particular components of the lending process, performing post funding

review functions and other key credit-related activities.

Chapter 3 review points ✔✔ While fraud was instrumental in bringing about the subprime

mortgage crisis, it is important for anti-fraud professionals to remember that nonmortgage loan

frauds and numerous forms of other internal white-collar crime also can be very costly.

Mortgage fraud, while sometimes perpetrated by dishonest insiders, is primarily an externally

initiated fraud. The criminals typically include dishonest mortgage brokers, appraisers,

borrowers, and builders.

The first step toward preventing employee-level fraud is understanding and detecting the

numerous red flags of such schemes.

With a solid understanding of red flags, an organization can conduct detailed risk assessments

to gather evidence of suspected frauds and put into place effective controls to minimize

vulnerability to most employee-level frauds.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
 A virtually limitless variety of anti-fraud controls can be implemented to minimize the

organization's fraud risk. The choice of which controls to put into place is best determined by

conducting a fraud risk assessment that pinpoints signs of specific fraud vulnerabilities.

2 types of employee level embezzlement ✔✔1. Looting customer accounts such as savings and

checking by teller skimming of bank funds.

2. Exploiting control weakness in the bank's operations such as account payable and

procurement.

Looting crimes ✔✔Making unauthorized withdrawals, by diverting funds of customers to

accounts with false records

Dormant account fraud ✔✔Employees use dormant accounts to transfer money. An account is

considered dormant after more than 12 months of inactivity and/or statements are returned as

undeliverable.

Certificate of Deposit (CD) fraud ✔✔Since the CD is usually not touched by the account holder

until maturity it gives the employee opportunity to not record deposits.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Fraudulent fee reversal ✔✔Bank employees or call center reps would say they returned or

credited a bank fee to a customer when it was really credited to their own or coworkers accounts.

Teller Theft of Skimming ✔✔Simply put, stealing cash from the teller drawer.

Theft of consignment items ✔✔Theft of cashier's checks, money orders, and traveler's checks

Accounts Payable (AP) or Billing Fraud ✔✔Fraud committed by a person responsible for paying

company invoices, thus giving them ample opportunity to send checks to fake invoices or shell

companies.

Shell company and/or phony invoice fraud ✔✔Setting up shell companies and submitting

invoices to be paid, usually a high person who approves third-party payments. The company

appears real and legit.

Vendor Master File (VMF) manipulation ✔✔Employees with access to VMF can generate

phony invoices, enter bogus vendors, and obtain approval of fraudulent transactions.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Collusion with Vendors ✔✔Dishonest vendors typically involve a bribery or kickback scheme

jointly perpetrated by a bank employee and a crooked supplier.

Three-stages of collusion with vendors ✔✔pre-solicitation, solicitation, and submission.

What happens during the Pre-solicitation phase? ✔✔1. Purchase of Unnecessary good.

Dishonest insiders accept bribes or kickbacks from a specific vendor in exchange for recognizing

the need for the vendor's product or services by his or her organization.

2. Specification schemes. Vendors pay corrupt bank employees to write contract specifications

that favor their particular goods or services.

3. Bid Splitting. This fraud occurs when competitive bidding is required only for contracts or

purchases over a minimum amount., a corrupt procurement employee may accept a bribe from a

vendor to split the contracts so that each of the two amounts falls below the competitive bidding

threshold.

What happens during the Solicitation phase? ✔✔1. Creating phony suppliers. A dishonest

procurement employee may be paid off to permit a collusive vendor to create nonexistent

"competitors" and submit phony bids in their names, with pricing that ensures that the actual

vendor wins the business.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
2. Pay-per-view schemes. A dishonest purchasing employee may accept a corrupt vendor's offer

for payment in exchange for advance access to the contract specifications. The crooked vendor

obtains a competitive (and illegal) advantage over rival bidders and essentially is guaranteed to

win the business.

3. Early-start schemes. A dishonest buyer accepts something of value from a crooked vendor in

exchange for receiving advance access to the contract specifications. The preferred vendor gains

extra time to prepare its bid, thereby putting the competition at a disadvantage.

What happens during the Submission Phase? ✔✔Providing a preferred (i.e., bribe-paying)

vendor with the details of already-submitted bids, in order to give the corrupt vendor a leg up in

tailoring a bid in a way that ensures he or she will win the business.

Bid pooling. ✔✔A process by which several bidders conspire to split contracts, thereby ensuring

that each gets a certain amount of work, which does not require collusion with an insider.

Travel and Entertainment fraud (T&E) ✔✔Employees using traveling and entertainment

expenses as a way to defraud the company.

Making multiple reimbursement claim submissions. ✔✔When two or more employees dine

together while on the road, each may submit a forged claim for reimbursement for his or her own

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
meal even though a single member of the group paid the entire bill. Similar practices often occur

with shared

taxis, airport shuttle services, and other expenses. (T&E Fraud)

Falsifying receipts. ✔✔Receipts for transportation, hotel, restaurant, and other business travel

expenses are easily obtained and "recycled" by employees either by forgery or by alteration. It is

all too easy, for example, to alter the date or amount on a receipt before it is submitted. (T&E

Fraud).

Claiming expenses just below the minimum documentation requirement. ✔✔If receipts are

required for all expenses over $25 for meals, an employee may fraudulently submit

undocumented claims for amounts of $24.99 or $24.95. (T&E Fraud)

Claiming for "out-of-policy" expenses. ✔✔A dishonest employee may test your organization's

anti-fraud controls by submitting a receipt for a personal expense incurred during a business trip.

If the form is complicated the processor may just approve payment (T&E Fraud)

Purchasing Card Fraud (P-Card) ✔✔Corporate card used by legitimate holders who charge non-

business expenses to the employer and falsely document them as legitimate job-related

purchases.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Who conducts the majority of P-Card fraud? ✔✔The majority of payments fraud activity is

conducted outside the legitimate card holder via forged checks or stolen credit card data.

Automated Clearing House (ACH) ✔✔An electronic network for financial transactions in the

U.S. The network processes batches of debits and credits to various financial institutions

allowing for fast, safe and efficient transfer of funds.

Forged Check ✔✔A check signed by someone else other than who is specified on the check

without that person's permission.

Theft and Forgery of stolen check ✔✔An employee stealing blank checks ad making them out to

him or herself or cash, and forges the name of the authorized person to sign checks.

Check interception and forgery of endorsement ✔✔Perpetrator steals checks made out to

legitimate payee and are signed. The perpetrator whites out the payee, alters or changes the

payee information to themselves or others.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Electronic Payee Alteration ✔✔Where an insider in AP, modifies the Vendor Master File

changes the name of a legitimate business to a name that is similar enough that it wont be

noticed. The perpetrator simply changes the information back after the execution of the fraud.

Check alteration by inserting numbers ✔✔Changing the amount of the check by changing one or

more number.

Check alteration by inserting letters ✔✔Changing or washing the check to change the name of

the payee by adding letters or words.

Hidden check fraud ✔✔A dishonest employee puts an unauthorized check in a pile of authorized

checks, betting on the odds that the signer will not check each check and just sign the

unauthorized one.

Check fraud intimiation ✔✔A bank employee using fear or intimidation on a person responsible

for issuing the checks (such as AP) to write a check without proper invoices, documentation or

signatures etc.

ACH fraud ✔✔A perpetrator provides the routing number and the account number of the

victim's account to the receiving company (utility, car loans, etc) to make the required payments.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Types of Payroll Fraud ✔✔1. Creation of ghost-employees (most common)

2. Altering hourly rate of pay or commission details

3. Altering employee status so the company does not have to pay taxes and/or benefits.

4. Timecard alterations, claiming time not really worked, forged supervisor signatures.

Theft of confidential information ✔✔Perpetrators (possible employees) steal PII of customers

and use the information to commit identity frauds such as unauthorized loans, credit accounts.

(Many successful breaches result from employee error).

Insider abuse of Computer Systems ✔✔Insiders pose a substantial threat by virtue of their

knowledge of and access to their employers' systems and/or databases, and their ability to bypass

existing physical and electronic security measures through legitimate means.

Chapter 4 Review points ✔✔ Financial institutions are vulnerable to a wide range of internal

frauds. These range from accounts payable fraud, check theft and tampering, theft of cash,

looting of customer accounts, payroll fraud, and so on. Minimizing risk of these crimes requires

implementation of carefully designed controls and deterrents.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
 Financial institutions are especially vulnerable to attempts at theft of confidential information

and abuse of secure data. Identity thieves, embezzlers, and confidential information traffickers

are among the greatest insider threats in these areas. The first step toward preventing employee-

level fraud is understanding and detecting the numerous red flags of such schemes.

With a solid understanding of red flags, an organization can conduct detailed audits or pre-

investigations to gather tangible evidence of suspected frauds and put into place effective

controls to minimize its vulnerability to most employee-level frauds.

A virtually limitless variety of anti-fraud controls can be implemented to minimize the

organization's fraud risk. Determine which controls to put into place by conducting a fraud risk

assessment that pinpoints signs of specific fraud vulnerabilities.

Remember: ✔✔Many types of fraud committed at the employee level also occur at top

management levels. The only difference is that due to their greater authority, broader executive

privileges, and costlier lifestyles, senior managers who commit crimes such as embezzlement,

travel and entertainment (T&E) fraud, and billing schemes that are common at lower levels (as

detailed in Chapter Three) cause substantially greater losses than their criminal counterparts in

subordinate positions.

Management-Level self dealing ✔✔Self-dealing is approving loans to oneself.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Bank executives with the poor judgment to authorize a loan to themselves run the risk of being

terminated and charged through legal proceedings with breach of fiduciary duty, which can result

in significant financial penalties.

Foreign Corrupt Practices Act (FCPA) ✔✔A law enacted in 1977 that prohibits U.S.

corporations from making illegal payments to public officials of foreign governments to obtain

business rights or to enhance their business dealings in those countries

Remember: ✔✔The U.S. federal government has substantially enhanced its monitoring and

enforcement activities with respect to the Foreign Corrupt Practices Act. While the temptation to

offer bribes to overseas officials to obtain government or business contracts may be hard to

resist, the danger of discovery and subsequent penalties indicate that the risk is usually too high.

What are ways that banks can fraudulently report things? ✔✔1. Making inaccurate accounting

estimates

2. Inaccurate or misleading disclosure

3. Misclassification of financial information

4. Lack of detailed transaction records

5. Unsupported accounting entries

6. Fictitious Documentation

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Recording false revenues ✔✔Misrepresenting financial performance involves recording

nonexistent revenue or misrepresenting the period in which the revenue was received.

Fraudulent revenue recognition ✔✔Involves recording revenue—typically loan interest income

and interest from investments and related revenue—from a future reporting period in the current

period, or understating amounts set aside for loan losses.

Manipulating liabilities ✔✔Neglecting to record expenses and burying vendor invoices,

management can make it appear as if expenses for a particular reporting period are lower than

they actually are, thereby making earnings appear greater than they are.

Overstating Assets ✔✔Failure to mark investments to market when the securities markets

decline, overstating the amount of cash, or recording the value of an outstanding loan as being

greater than its estimated market value.

Manipulating interest rates ✔✔Libor (London Inter-Bank Offered Rate) is an average interest

rate calculated through submissions of interest rates by major banks across the world. The

scandal arose when it was discovered that banks were falsely inflating or deflating their rates so

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
as to profit from trades, or to give the impression that they were more creditworthy than they

were.

Remember: ✔✔Being able to detect management-level fraud at your organization depends on

your ability to recognize the numerous red flags of the many types of fraud. These red flags can

be complicated and unclear, especially as they apply to potential senior management misconduct.

Thus, reviewing them from time to time will help you to focus on the evidence of potential fraud.

Remember: ✔✔Financial statement frauds are among the least frequently committed frauds in

most organizations. However, they are by far the costliest. Implementing effective internal

controls for this type of fraud is usually challenging but imperative.

Chapter 5 review points ✔✔ ACFE Chairman Joe Wells explains executive-level check fraud

this way:

In most situations, check signers are owners, officers, or otherwise high-ranking employees,

and thus have or can obtain access to all the blank checks they need. Even if company policy

prohibits check signers from handling blank checks, normally the perpetrator can use her

influence to overcome this impediment.

Conflict of interest is one of the four types of fraud comprising the ACFE's definition of

corruption, together with bribery, illegal gratuities, and economic extortion.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
 Although the temptation to offer bribes to overseas officials to obtain government or corporate

contracts sometimes may be tough to resist, the risk of discovery and subsequent penalties

indicate that the risk is usually extremely high.

The sanctioning by Wall Street bosses of rampant derivatives development and marketing

cannot technically be defined as fraudulent. However, the courts are still working through cases

whose outcome may produce new definitions of legal and illegal conduct in the C suites of major

financial institutions.

The most common motives driving dishonest financial services executives to falsify financial

records and statements are to boost share price, increase executive bonuses, conceal illegal

financial transactions, and secure financing.

The three rating agencies—Moody's, Standard & Poor's, and Fitch—have been criticized by

financial thought leaders and politicians for acting without objectivity in rating certain mortgage-

backed securities.

Buying and selling stocks on the strength of information available only to company or

investment firm insiders and not to the investing public has been against the law since enactment

of the Securities Exchange Act of 1934.

Rules governing the trading conduct of empl

Tool Theft ✔✔Fraudster who removes tools from a job site and then sells them and keeps the

proceeds but reports the tools as lost.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Materials Waste ✔✔Fraudster orders more material than necessary on an existing purchase order

and reports the excess waste or scrap and sells it.

Product Substitution ✔✔One grade of material is specified, submitted, approved, an billed but a

lower grade is delivered.

Duplicate payments ✔✔Duplicate payments are issued for legitimate vendors for legitimate

invoices. One check goes to the vendor and one goes to the fraudster but shows the check as

voided or canceled.

Employee ghosting ✔✔Basically time card fraud, where employees clock in for other employees

or create a fictitious employee and collect their pay.

Vehicle maintenance scheme ✔✔Fraudster agrees to send construction company-owned or

leased vehicles to a service provider for what is described as regular maintenance. However,

either the pricing for the actual services rendered is greater than the market price, or the services

documented are not actually rendered. In either case, the service provider gives a kickback to the

company employee.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Bid-Rigging Schemes or collusion ✔✔Collusive fraud wherein an employee helps a vendor

illegally obtain a contract that was supposed to involve competitive bidding, by the employee

getting a kickback.

Asset-based or working capital loan fraud ✔✔Business borrowers create false invoices to

document bogus receivables, or otherwise cook the books to appear financially sound to a

lending institution.

External mortgage fraud ✔✔Hiding critical information about the loan, or falsifying employment

history, and indicating the property would be a primary residence when it was purchase for

investment.

Remember: ✔✔The boom in subprime mortgage lending accounted for a substantial portion of

total mortgage lending in the 1990s and early 2000s. A solid majority of subprime mortgage

applications contained at least some element of deception, misrepresentation, or outright fraud.

Mortgage Fraud Modus Operandi ✔✔Fraud for profit-dishonest outsiders falsifying mortgage

applications so a normally unapproved loan would be approved.

Fraud for property-defraud borrowers through the real estate system.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Builder Bailout Scheme ✔✔Straw buyers or legitimate buyers who are led to believe that they

are getting a good deal in buying a new home such as incentives or loan for down payments.

Chunking ✔✔Fraudster recruits a gullible investor into purchasing either a rundown over valued

home, or no home at all and the investor finances the home, with the promise of tenants or rent

payment that never get paid.

Equity Skimming ✔✔Buying a property to collect rent while mortgage payments are never paid.

Identity fraud to obtain mortgage ✔✔Fraudster files a bogus deed or title or steals a legitimate

title, then obtains a loan on the property and takes the money and defaults on the loan leaving the

victim of identity fraud with the outstanding debt.

Overstating Appraisal Values to sell a property multiple times ✔✔A home is purchased on an

original loan then an unscrupulous appraiser fraudulently appraises the property at a much higher

price. The owner then quickly resells the home.

Remember: ✔✔Dishonest outsiders typically perpetrate fraud-for-profit mortgage schemes, such

as brokers, investors, or buyers who have no intention of living in the property. Instead, they

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
design their schemes to defraud banks or unwitting buyers, in order to make a quick, illegal

profit.

Remember: ✔✔Mortgage fraud has become an immensely costly drain on the U.S. economy in

recent years. This is partly due to loopholes in regulatory systems that enable dishonest mortgage

brokers, appraisers, and lenders to perpetrate lending schemes that victimize mortgage banks,

unwitting borrowers, or both. The debate over mortgage fraud shifted into high gear as the so-

called subprime mortgage business collapsed in the 2007-2008 period. However, it is important

to remember that mortgage fraud did not begin with the subprime crisis. It has been around since

the early decades of American history and is still very much a threat today.

Social Engineering ✔✔A scam that preys upon our acceptance of authority and willingness to

cooperate with others. The social engineer's objective is to extract sensitive information such as

your social, bank information, login/password information, etc.

Phishing Scam ✔✔Spoofed email and website in order to trick a person into providing private

information.

Business Email Compromise (BEC) ✔✔These scams often begin with a phishing email that

gives a fraudster access to an executive's Email account. Typically, the fraudster will then send

an Email purporting to be from the CEO requesting a wire transfer of a specified amount to a

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
specified bank account. The trusting treasury or finance employee never thinks to question its

legitimacy.

FACTA - Fair & Accurate Credit Transactions Act ✔✔Requires financial institutions to have an

identity theft prevention program in place and identifying potential signs of identity theft.

Carding ✔✔An offense in which the Internet is used to traffic in and exploit the stolen credit

card, bank account, and other personal identification information of hundreds of thousands of

victims globally.

EMV acronym ✔✔Europay, MasterCard, Visa the three companies that originally created the

standard for card security.

EMV chip technology ✔✔Global technology that includes imbedded microchips. The chip

creates a unique one-time code that cannot be reused.

Forged on-us Checks ✔✔Checks that are negotiated at the same bank on which it was drawn.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Cashier check fraud ✔✔Suspect agrees to purchase an item from a victim and sends a check for

more than the agreed upon price. The victim is instructed to send the difference. Check bounces

victim is out.

Bank employee Collusion with outsiders ✔✔Organized crime rings recruit individuals who

apply for bank jobs and over time steal the PII of customers and give it to their handlers.

Check Kiting ✔✔The crime of depositing a legitimate check in an account at one bank, writing a

bad check for much more than the initial deposit and depositing it into an account at a second

bank, and then withdrawing the majority of the funds in cash from the second account before the

bad check bounces. Sometimes these frauds can go on for months before being detected.

New Account Fraud ✔✔Fraud that occurs on an account within the first 90 days that it is open;

often, accounts are opened with the sole intent to commit fraud.

Money Laundering ✔✔When illegally obtained money is put into the banking system then using

the banking system for the money to appear legitimate.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
How is money laundered? ✔✔1) Placement. This is where the perpetrator physically hands over

cash to a legitimate business, such as a bank, a casino, or other legitimate business where

acceptance of large sums of cash is not unusual, such as a high-volume restaurant.

2) Layering. This involves converting the ill-gotten cash into another form and executing

numerous transactions—often internationally—to obscure the illegal possession of the cash.

Examples include purchasing stocks and bonds, investing in real estate, moving funds from one

bank to another, etc.

3) Integration. This typically involves entering into financial arrangements that appear legitimate

on the surface, such as real estate development or purchasing luxury items such as artwork,

jewelry and luxury automobiles. At this stage, it is extremely difficult for most financial crime

experts to discern between legitimate and crime-based financial activities.

Bank Secrecy Act (BSA) ✔✔The BSA was the first anti-money-laundering law passed by the

federal government. It was initially designed to deter the use of secret foreign bank accounts and

to establish a mandatory audit trail for law enforcement by establishing regulatory reporting and

recordkeeping requirements to help the government track the movement of cash and other

monetary instruments into and out of the country through the use of financial institutions.

USA Patriot Act ✔✔The USA PATRIOT Act was signed into law shortly after the September

11, 2001, attack on the World Trade Center. It substantially broadened the definition of

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
"financial institution" and implemented other regulations specifically designed to thwart terrorist

financing.

Four pillars of AML compliance ✔✔*A system of internal controls to ensure ongoing

compliance.

*Designated AML Compliance Officer.

*AML training

*Independent Audit.

CTR (Currency Transaction Report) ✔✔A report that U.S. financial institutions are required to

file with FinCEN for each deposit, withdrawal, exchange of currency, or other payment or

transfer, by, though, or to the financial institution which involves a transaction in currency of

more than $10,000.

AML Investigation Techniques ✔✔1. Evidence Collection

2. Subject Profiling

3. Covert Evidence Gathering

4. Semi-overt Evidence Gathering

5. Overt Evidence Gathering

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Chapter 6 Review Points ✔✔ Construction fraud makes up a significant portion of nonmortgage

loan fraud. Approximately 10 percent of total construction expenditures is lost to fraud every

year.

Additional forms of nonmortgage loan fraud include bid-rigging schemes, asset-based or

working capital scams, floorplan/dealer frauds, and asset-shifting schemes.

Mortgage fraud breaks down into two main categories: fraud for property and fraud for profit.

Fraud for property typically is committed by prospective homeowners who falsify loan

documents because they do not meet bank underwriting standards. Fraud for profit is committed

by outsiders, such as mortgage brokers, appraisers, attorneys, and builders, to fraudulently obtain

bank financing to perpetrate illegal property purchases and sales.

Social engineering is technically not a type of fraud. Rather it is a psychological tactic aimed at

obtaining information needed to commit fraud.

Phishing is an Internet-based—or cyber—version of conventional social engineering, using

email to harvest victims' confidential personal data, which subsequently are used to commit

identity theft and fraud.

Unlike phishing attacks, information security breaches target the secure networks of financial

institutions and other organizations, such as national retail chains, to steal very large volumes of

customer data.

Online account takeover often is performed by organized fraudsters (from virtually anywhere in

the world).

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
 Many, if not most, instances of external fraud against financial institutions involve some form

of identity theft or fraud. Credit and debit card fraud, check fraud, ACH fraud, social

engineering, and so on, typically are perpetrated with theft of individuals' identities or creation of

fictitious identities.

Purchasing card (P-card) fraud hurts financial insti

FRA -Fraud Risk assessment ✔✔Analysis of an organization's risks of being victimized by

specific types of fraud.

Remember: ✔✔Fraud risk assessments are not meant to prevent fraud directly. They are

exercises for identifying specific fraud schemes and scenarios for which the organization is most

vulnerable. That information is used in turn to conduct fraud audit exercises that pinpoint actual

frauds that have occurred or could occur, so that the necessary controls can be put into place to

prevent the at-risk illegal activity.

Procedures for conducting an FRA ✔✔Although conducting an FRA is not terribly difficult, it

does require careful planning and methodical execution. The structure and culture of the

organization dictate how the FRA is formulated. In general, however, there is a mainstream form

of FRA on which the audit and fraud prevention communities have agreed.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Step 1: Create an FRA Team ✔✔The FRA team should include a senior internal auditor (or the

chief internal auditor, if feasible), and/ or an experienced outside certified fraud examiner with

substantial experience in conducting FRAs for organizations in the financial services industry.

Step 2: Identify the Organization's Universe of Potential Risks ✔✔The FRA team's starting point

is to determine which fraud schemes and scenarios typically affect financial services companies

in general. Next, the team must assess the potential for these schemes and scenarios in the

organization itself, based on past incidents of fraud, the culture of the organization, and its

current framework of internal controls.

Step 3: Analyze the Likelihood of Each Scheme or Scenario Occurring ✔✔Fraud risk

assessments also must consider the likelihood that a particular fraud will occur. This measure is

taken based on frequency of occurrence in the organization itself, as well as in the industry in

general. Other factors, including the complexity of the risk, may also be considered, depending

on the individual organization. International auditing standards specify four risk levels:

1. Remote

2. More than remote

3. Reasonably possible

4. Probable

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Step 4: Assess the Materiality of Risk ✔✔In this step, according to Frank, the FRA team must

identify fraud risks that could have an important financial impact on the organization's

shareholders, lenders, or other users of its financial reports. There are three main categories of

materiality:

1. Inconsequential

2. More than inconsequential

3. Material

Any risks that are more than inconsequential should be addressed by investigators, auditors or

compliance staff to gather detailed evidence of potentially fraudulent activity.

Step 5: Assess Risks Within the Context of Existing Anti-Fraud Controls ✔✔The organization's

FRA team should identify the control protocols and activities for those fraud risks that have a

more-than-remote likelihood of occurring, and that could result in a substantial (or "material")

loss to the organization.

How this process works. Assess specific controls in place for preventing the occurrence of the

various fraud scenarios. Doing so enables auditors to determine how likely (or unlikely) it is—on

a scale of 1 to 3— that such a scenario actually will occur based on the controls in place, with 1

representing the most effective possible risk mitigation.

For example:

1. Control design optimally minimizes the occurrence of the fraud risk and minimizes control

failures.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
2. Control design reasonably minimizes the occurrence of the fraud risk.

3. Control design does not minimize the occurrence of the fraud risk.

Remember: ✔✔In effective FRAs, the FRA team and the organization's internal audit

department must consider whether and how anti-fraud controls can be circumvented or

overridden by management and others. They also should analyze both internal and external

threats to confidential electronic data, and computer and network security.

Chapter 7 review ✔✔ A fraud risk assessment is an analysis of an organization's risks of being

victimized by specific types of fraud.

Approaches to FRAs will differ from organization to organization, but most FRAs focus on

identifying fraud risks in six key categories:

1. Fraudulent financial reporting

2. Misappropriation of assets

3. Expenditures and liabilities for an improper purpose

4. Revenue and assets obtained by fraud

5. Costs and expenses avoided by fraud

6. Financial misconduct by senior management

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
 A properly conducted FRA guides auditors in adjusting their audit plans and testing, to focus

specifically on identifying red flags of possible fraud.

Being able to conduct an FRA is essential to effective assessment of the viability of existing

anti-fraud controls, and to strengthening the organization's inadequate controls, as identified by

the results of the FRA.

In addition to assessing the types of fraud for which the organization is at risk, the FRA

assesses the likelihood that each of those frauds might occur.

After the FRA and subsequent fraud auditing work is completed, the FRA team should have a

good idea of the specific controls needed to minimize the organization's vulnerability to fraud.

Auditing for fraud is a critical next step after assessing fraud risks; auditing is required for

gathering evidence of frauds that may exist according to the red flags turned up by your FRA.

Approximately how many primary federal laws and regulations are there that affect banking

operation? ✔✔50

Regulation Z ✔✔Also known as the "Truth in Lending Act" is a provision which protects

consumers from being overcharged for finance charges.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Sarbanes-Oxley Act ✔✔An act passed into law by Congress in 2002 to establish strict

accounting and reporting rules in order to make senior managers more accountable and to

improve and maintain investor confidence.

Gramm-Leach-Bliley Act (GLBA) ✔✔A law passed in 1999 that requires banks and financial

institutions to alert customers of their policies and practices in disclosing customer information.

Best known for its formalization of legal standards for the protection of private customer

information and for rules and requirements of organizations to safeguard the information.

Financial Privacy Rule ✔✔It requires banks to provide consumers with a privacy notice at the

time the consumer relationship is established and every year thereafter. The notice must provide

details collected about the consumer, where that information is shared, how that information is

used, and how it is protected.

Remember: ✔✔The threat of identity theft and fraud resulting from breaches of a financial

institution's information security systems is potentially costly and time consuming. Although the

threat continues to worsen, there are steps that institutions can—and must—take to reduce their

risk of being victimized by the growing populations of both dishonest employees with access to

confidential customer information, and outsider's adept at hacking into bank information systems

and stealing large volumes of such data.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
The Dodd-Frank Act ✔✔Placed major regulations on the financial industry by protecting

consumers with rules to protect borrowers from the abusive lending and mortgage practices of

banks.

What is the Volcker rule? ✔✔The Volcker Rule, named after former Federal Reserve Chairman

Paul Volcker, is part of Dodd-Frank that prohibits banks from owning, investing, or sponsoring

hedge funds, private equity funds, or any proprietary trading operations for their own profit.

How does Dodd-Frank affect derivatives? ✔✔Dodd-Frank requires that the riskiest derivatives—

such as credit default swaps—be regulated by the SEC or the Commodity Futures Trading

Commission (CFTC). To help make them more transparent, a clearinghouse of sorts—similar to

the stock exchange—was set up so these derivative trades could be transacted in public.

How are insurance companies affected by Dodd-Frank? ✔✔The law also created a new Federal

Insurance Office (FIO) under the Treasury Department, which would identify insurance

companies like AIG that create risk to the entire system. As was widely reported, the New York-

based insurance giant was caught in a major liquidity crisis when its credit ratings were

downgraded in September 2008. The U.S. Federal Reserve Bank had to step in and create an $85

billion emergency fund—taxpayer money—to help AIG meet increased financial payouts.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Are credit rating agencies regulated by Dodd-Frank? ✔✔Yes. Dodd-Frank created an Office of

Credit Rating at the Securities and Exchange Commission (SEC), to regulate credit ratings

agencies such as Moody's and Standard & Poor's. The agencies were harshly criticized for

helping to create the 2008 recession, by misleading investors through overrating derivatives and

mortgage-backed securities—and stating that the investment tools were worth more than their

actual value.

How are consumers protected by the Dodd-Frank Act? ✔✔Dodd-Frank created the Consumer

Financial Protection Bureau (CFPB), to protect consumers from unscrupulous business practices

by banks and other lenders. The brainchild of Massachusetts's Senator Elizabeth Warren, the

CFPB consolidated a number of existing consumers protection responsibilities in other

government agencies.

How does the Dodd-Frank whistle blower provision work? ✔✔As CNBC pointed out, to help

fight corruption and insider trading, under the Dodd-Frank Act an individual with information

about securities law violations can report them to the government for a financial reward. There

are conditions, but the provision does give public companies an incentive to keep whistleblowing

activities in-house to avoid unfavorable publicity and stiff fines.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Chapter 8 Review points ✔✔ The financial services industry is the most heavily regulated of all.

However, although many, if not most, of the laws, regulations, and industry standards requiring

financial institution compliance are not related to fraud prevention, plenty are.

U.S. banks bear a regulatory and legal compliance burden unparalleled in any other American

industry. Although many financial institution rules and regulations are unrelated to fraud, many

are designed to minimize banks' vulnerability to fraudsters, information thieves, or money

launderers.

The primary objective of the Sarbanes-Oxley Act is to establish measures to prevent fraudulent

financial reporting in public companies. It requires implementation and monitoring of internal

controls over financial reporting, as well as top executive certification of the accuracy of all

financial reports, including the absence of fraud.

Because many frauds committed against banks today involve the illegal use of stolen customer

or bank data, some of the newest and most important laws and regulations relate to the

safeguarding of confidential customer data. Management must be aware of and comply with

them.

There is no silver bullet for protecting financial organizations against the rising tide of

information security attacks. However, implementing required provisions of federal banking

regulations can at least lower the risk of a costly breach occurring.

In the context of theft of confidential information, "customer information" is defined as "any

record containing nonpublic personal information about an individual who has obtained a

financial product or service from the institution that is to be used primarily for personal, family,

or household purposes and who has an ongoing relationship with the institution."

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
 The Federal Reserve Board's Interagency Guidel

What is an internal audit managers responsibilities? ✔✔ A control risk assessment documenting

the internal auditor's understanding of significant business activities and associated risks. These

assessments typically analyze the risks inherent in a given business line, the mitigating control

processes, and the resulting residual risk exposure.

An internal audit plan responsive to results of the control risk assessment. This plan typically

specifies key internal control summaries within each business activity, timing and frequency of

internal audit work, and the resource budget.

An internal audit program that describes audit objectives and specifies procedures performed

during each internal audit review.

An audit report presenting the purpose, scope, and results of the audit. Work papers should be

maintained to document the work performed and support audit findings.

Remember: ✔✔Internal auditors and financial managers are increasingly expected to detect

fraud. However, it is everyone's responsibility to play a role in preventing, detecting, and

reporting fraud.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
SAS 99 (AU-C 240) (basic FRA) requires the auditor: ✔✔ Performing procedures at physical

locations on a surprise or unannounced basis. For example, observing inventory on unexpected

dates or at unexpected locations, or counting cash on a surprise basis.

Requesting that inventories be counted at the end of the reporting period or on a date closer to

the period's end. This can minimize the risk of balances being manipulated in the period between

the date the count was completed and the end of the reporting period.

Making oral inquiries of major customers and vendors. This is in addition to sending written

confirmations. The auditor can also send confirmation requests to a specific party within an

organization.

Performing substantive analytical procedures using disaggregated data. For example, the

auditor might compare gross profit or operating margins by location, type of service, or month,

to auditor-developed expectations.

Interviewing personnel involved in activities in operational areas where a risk of material

misstatement due to fraud has been identified.

Five Internal Auditing and Fraud standards: ✔✔ Standard 1210.A2 - Internal auditors must have

sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the

organization, but are not expected to have the expertise of a person whose primary responsibility

is detecting and investigating fraud.

Standard 1220.A1 - Internal auditors must exercise due professional care by considering the:

o Extent of work needed to achieve the engagement's objectives.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
o Related complexity, materiality, or significance of matters to which assurance procedures are

applied.

o Adequacy and effectiveness of governance, risk management, and control processes.

o Probability of significant errors, fraud, or noncompliance.

o Cost of assurance in relation to potential benefits.

Standard 2060: Reporting to Senior Management and the Board. The chief audit executive

(CAE) must report periodically to senior management and the board on the internal audit

activity's purpose, authority, responsibility, and performance relative to its plan. Reporting must

also include significant risk exposures and control issues, including fraud risks.

Standard 2120: Risk Management

o 2120.A2 -The internal audit activity must evaluate the potential for the occurrence of fraud and

how the organization manages fraud risk.

Standard 2210: Engagement Objectives

o 2210.A2 - Internal auditors must consider the probability of significant errors, fraud,

noncompliance, and other exposures when developing the engagement objectives.

Internal Audit activities ✔✔ Auditing management controls over fraud. This includes policies,

awareness practices, tone at the top, board and senior management governance (the control

environment), as well as related practices such as risk assessment, assessing the adequacy of

preventive and detection controls in managing fraud risk within organizational tolerances,

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
incident management, investigations, and recovery practices. Internal auditing should allocate

resources to fraud-related activities in line with the risk of fraud relative to other organizational

risks.

Auditing to detect likely fraud by testing high-risk processes, with the intention of screening for

indicators of fraud within the organization and with external business relationships. For example,

testing payroll for phantom employees, testing vendor invoices for overcharges, 173 matching

vendor addresses with employee addresses to detect fictitious vendors or reviewing databases for

duplicate transactions.

Considering fraud as part of every audit. For example, brainstorming about fraud risk (this is

the IIA's endorsement of—and encouragement of auditors to conduct—Fraud Risk

Assessments). Also consider evaluating fraud controls, designing procedures that consider the

fraud risk, or evaluating errors to determine whether they could be an indication of fraud.

Financial Auditing ✔✔Examination of financial data at prescribed intervals against a

predetermined standard.

General examination of financial data in a Non adversarial manner: audits are done largely based

on standard work programs that outline areas of testing and examination.

Fraud Investigation ✔✔Specific investigation to determine whether fraud occurred and who is

responsible

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Specific investigation into fraud to affix blame

Probable cause or totality of circumstances indicating fraud was committed and who did it.

Remember: ✔✔There are distinct basic fraud detection measures that a financial institution's

internal auditors and financial managers should use to apply the findings of their FRA, in order

to adjust their audit plans and procedures to detect specific red flags of fraud. However, to truly

screen for fraud hidden in the organization's operations, books, and records, management must

adopt rigorous detailed fraud auditing practices and techniques.

Remember: ✔✔SAS 99 was formulated with the aim of detecting fraud that has a direct impact

on "material misstatement." Essentially, this means that anything in the organization's financial

activities that could result in fraud-related misstatements in its financial records should be

audited, using SAS 99 as a guide. SAS 99 breaks down the potential fraudulent causes of

material misstatement into two categories:

1. Misstatement due to fraudulent financial reporting (i.e., "book cooking")

2. Misstatement due to misappropriation of assets (i.e., theft)

CAATs ✔✔computer assisted audit techniques

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Three categories in which such auditing fraud responses fail ✔✔1. The nature of auditing

procedures performed may need to be changed to obtain evidence that is more reliable, or to

obtain additional corroborative information.

2. The timing of substantive tests may need to be modified. The auditor might conclude that

substantive testing should be performed at or near the end of the reporting period, to best address

an identified risk of fraud.

3. The extent of the procedures applied should reflect the assessment of the risks of material

misstatement due to fraud. For example, increasing sample sizes or performing analytical

procedures at a more detailed level may be appropriate.

Prediction ✔✔Predication is a critical concept in any fraud investigation; without it there is no

reason to initiate one. Predication is defined as "the totality of circumstances that would lead a

reasonable, professionally trained, and prudent individual to believe a fraud has occurred, is

occurring, and/ or will occur." In other words, according to the Association of Certified Fraud

Examiners, predication is the basis for undertaking a fraud examination.

Critical ✔✔Metadata must remain unaltered in any computer forensic examination. This and

other technical guidelines for gathering digital evidence make it almost imperative that a highly

trained computer forensic specialist be brought in to handle this segment of the investigation's

evidence-gathering process.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
Remember: ✔✔It is management's job to determine if a fraud investigation is required - not the

auditors, financial managers, or controllers.

Chapter 9 Review Points ✔✔ Although fraud prevention is always more effective and less

costly than fraud detection (and subsequent investigation), prevention is unfortunately not always

possible.

Many of the red flags of fraud mentioned in earlier chapters of this book are readily identifiable

by any employee with a bit of fraud awareness training. Other more financially complex

indicators of fraud must be sought out by trained auditors, using the findings of their FRA as a

guideline.

Once internal auditors and financial managers know what to look for, there is a good chance

that fraud or suspicious activity will be detected—but only if the organization has the proper

monitoring, reporting, and auditing procedures in place.

Conventional audits are not designed to detect fraud in the first place. They are meant only to

ensure compliance with existing laws and regulations. Therefore, many anti-fraud experts

recommend that a fraud risk assessment be conducted annually and that the fraud auditing

procedures designed to detect red flags in the specific high-risk areas identified by the FRA be

incorporated into internal audit plans immediately.

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])
 Whereas a nonbank corporation often can choose not to investigate (or to investigate privately,

without the involvement of public law enforcement agencies) to avoid negative publicity, banks

do not enjoy this option.

Fraud detection depends heavily on specific anti-fraud auditing techniques designed to measure

the organization's specific risks of fraud. These techniques always must be applied with an

attitude of professional skepticism.

With computer technology, storage and management of surveillance footage is more efficient,

convenient, and accessible, allowing for advanced search techniques that help in pinpointing

specific incidents, and identifying suspects with greater

Document shared on https://www.docsity.com/en/docs/cfci-study-guide-updated-with-certified-solutions/12091174/
Downloaded by: hershee-knows ([email protected])