MONDAY: 21 August 2023. Afternoon Paper. Time Allowed: 3 hours.
Answer ALL questions by indicating the letter (A, B, C or D) that represents the correct answer. This paper is made up of one hundred (100) Multiple Choice Questions. Each question is allocated one (1) mark.
1. Which of the following statements is NOT accurate in regards to fraudulent financial reporting of the financial performance of an organisation?
A. Failure to write off bad debts would inflate both the profits and the current ratio
B. Failure to accrue expenses would inflate both the profits and the current ratio
C. Failure to write off bad debts would inflate the profits but not the current ratio
D. None of the above (1 mark)
2. Which of the following is NOT an objective of a risk assessment process related to computers and computer systems?
A. Detect the risks that make an organisation vulnerable to fraud
B. Quantify the impact if the risk materialised
C. Establish an economic balance between the impact if the risk materialized and the cost of the resources required
D. None of the above (1 mark)
3. Which of the following statements is ACCURATE in regard to fraudulent financial reporting?
A. Failure to write off bad debts would cause understatement of receivables
B. Failure to write off bad debts would cause understatement of the current ratio
C. Failure to accrual expenses would cause overstatement of liabilities (1 mark)
D. None of the above
4. Which of the following methods of bribery payment, BEST describe how large amounts of bribes are disbursed and are hard to detect?
A. Entertainment
B. Expensive vacations
C. Interest in a business
D. None of the above (1 mark)
5. Healthcare providers defraud insurance companies and government health programs through intentional charging of one procedure as two separate ones. Which of the following BEST describes the healthcare providers’ fraud scheme?
A. Up-coding scheme
B. Fictitious services
C. Unbundling
D. None of the above (1 mark)
6. There are several financial statement fraud schemes that are perpetrated by management to inflate the organisation’s liquidity ratio. Which of the following BEST describes the fraud scheme?
A. Overstatement of current liabilities
B. Understatement of liabilities
C. Overstatement of current assets
D. Understatement of non-current assets (1 mark)
7. Which of the following would result in an improper valuation of inventory?
A. Writing off obsolete inventory
B. Recording perpetual inventory balance which is higher than the physical balance
C. Recording physical inventory balance which is lower than the perpetual inventory
D. All the above (1 mark)
8. Which of the following statements is NOT accurate in regard to steps of risk assessment related to computers and computer systems?
A. Identifying the risks and threats of each asset and calculating the probability of each risk materialising, is the first step of a risk assessment
B. Determining the value of each asset of a risk assessment related to computers and computer systems is the second step
C. Recommending the counter-measures and other remedial activities is the fifth step of a risk assessment related
to computers and computer systems
D. Calculating the loss per risk is the fourth step of the risk assessment related to computers and computer systems (1 mark)
9. Which of the following statements is ACCURATE in regard to theft of data and intellectual property of organisations?
A. A new employee from a competitor can expose the new employer to vicarious liability by using or disclosing secrets obtained from his previous employer in the course of his employment
B. An organisation can only be vicariously liable for misappropriation of proprietary information of another organisation, only if they were aware of its employee’s misconduct
C. A new employee cannot expose their employer to vicarious liability by using or disclosing secrets obtained
from his previous employer in the course of his employment
D. None of the above (1 mark)
10. Which of the following is NOT a red flag of financial statement fraud?
A. Unusual revenue and profits rapid growth
B. Unrealistic targets
C. Negative cash flow balances while reporting profits
D. None of the above (1 mark)
11. John Omwange received a voice mail saying that somebody is trying to use his account fraudulently through Internet banking. Which of the following BEST describes this social engineering scheme?
A. Phishing
B. Vishing
C. Smishing
D. Pharming (1 mark)
12. Which of the following BEST describes a social phishing scheme in which an internet user is fooled into entering sensitive data into a malicious website that impersonates a legitimate website?
A. Spear Phishing
B. Rock phishing
C. Pharming
D. None of the above (1 mark)
13. Which of the following identity theft schemes BEST describes stealing of a credit card and using it to make personal payments from a victim’s account?
A. Synthetic identity theft
B. Business identity theft
C. Account takeover
D. Traditional identity theft (1 mark)
14. Which of the following is NOT a type of network security defence?
A. Network access controls
B. Firewalls
C. Intrusion prevention system
D. None of the above (1 mark)
15. Separation of duties is fundamental to data security. Which of the following is NOT a recommended practice in relation to separation of duties?
A. Application system users should only be granted access to those functions and data required for their job duties
B. System users should not have direct access to program source code
C. System users can have direct access to program source code
D. None of the above (1 mark)
16. Procurement fraud is perpetrated in the cause of a procurement process. Which of the following is NOT a procurement fraud scheme committed during the submission of bids?
A. Bid rotation
B. Tailoring of bids
C. Complementary bids
D. Bid suppression (1 mark)
17. A government agency planned and budgeted for one hundred vehicles. The procurement department developed the specifications for the vehicles and their accessories, but they were developed as separate specifications and therefore increasing the total cost of the motor vehicles. Which of the following BEST describes this type of procurement fraud scheme?
A. Bid specification scheme
B. Bid manipulation scheme
C. Bid tailoring scheme
D. None of the above (1 mark)
18. Betty Wanjiru, an employee of a person-to-person payment company, has been stealing account numbers and passwords of customer accounts with the intent of fraudulently using them to make online payments. Which of the following describes the fraudulent scheme?
A. Internet fraud
B. Credit card fraud
C. Debit card fraud
D. Accounts take over (1 mark)
19. Which of the following is NOT a safeguard that banks could employ to reduce the risks of unauthorised electronic funds transfers?
A. Ensure that the area or city code in the applicant’s telephone number matches the geographical area for the applicant’s address
B. Always mail PINs separately from other information, such as usernames, with which they are associated
C. Apply single authentication to verify transfers via EBPP or P2P systems
D. None of the above (1 mark)
20. Which of the following statements is NOT a red flag of bid splitting?
A. Similar or identical procurements from the same supplier in amounts just slightly over the competitive bidding limits
B. Consecutive related procurements from several contractors that are within the competitive-bidding or upper- level review limits
C. Justifiable split purchases that fall under the competitive-bidding or upper-level review limits
D. None of the above (1 mark)
21. Which of the following BEST describe a Trojan horse?
A. A self-replicating computer program that penetrates operating systems to spread malicious code to other systems
B. A type of program that monitors and logs the keys pressed on a system’s keyboard
C. A Trojan horse is a type of malicious program
D. None of the above (1 mark)
22. Which of the following statements is ACCURATE in regards to Business email compromise schemes identified by FBI?
A. BEC (Business email compromise) is a type of vishing phishing
B. BEC (Business email compromise) is a type of malware
C. BEC (Business email compromise) is a type of social engineering
D. None of the above (1 mark)
23. Which of the following statements is ACCURATE in regards to red flags of bid tailoring scheme?
A. Explained changes in contract specifications from previous proposals or similar items
B. Good number of competitive bids or awards to several bidders
C. Specifications developed by or in consultation with a contractor who is not permitted to compete in the procurement
D. None of the above (1 mark)
24. Which of the following is a red flag of bid rigging by contractors?
A. Competent bidders refrain from bidding
B. Vendors submit serious bids
C. There is an obvious pattern of winning bids
D. None of the above (1 mark)
25. Defective pricing is one of the procurement fraud schemes perpetrated during the solicitation phase of the procurement process. Which of the following is NOT a scheme related to defective pricing?
A. The use of an outdated pricing list
B. Labor mischarges
C. Material mischarges
D. None of the above (1 mark)
26. Which of the following is NOT a type of administrative security and controls?
A. Security policies and awareness training
B. Incidence response plans
C. Computer security audits and tests
D. None of the above (1 mark)
27. Which of the following techniques, BEST describes an attempt to exploit the system security for purposes of identifying the systems’ vulnerabilities
A. Detection intrusion system
B. Network security system
C. Application security
D. Penetration test (1 mark)
28. Which of the following is NOT a method that can be used to protect personal information from identity theft?
A. Protect computers with strong and regularly updated firewalls and anti-virus software
B. Avoid using public Wi–Fi networks
C. Limit the amount of information shared on social media
D. None of the above (1 mark)
29. Which of the following BEST describes a fraud scheme that involves using an individual’s stolen credit or debit card or credit card number to purchase goods or services?
A. Identity theft Scheme
B. Payment fraud
C. Credit card fraud
D. None of the above (1 mark)
30. ABC Computer Company and another four companies agreed to inflate the cost of a bid. The other four companies were each to submit a bid. ABC Computer Company supposedly bid the lowest. In comparison with the market price, the cost of the lowest bid was very high. Which of the following bid-rigging schemes BEST describes the procurement scheme that ABC Computer Company and the other four companies were involved in?
A. Bid suppression
B. Complementary scheme
C. Bid market division
D. Bid rotation (1 mark)
31. Which of the following statements is NOT accurate in regard to social engineering?
A. Phishing is a type of social engineering scheme that involves impersonating a trusted individual or entity and manipulating victims into providing sensitive information.
B. A vishing scheme is generally transmitted as an incoming recorded telephone message
C. Smishing is a hybrid of phishing using text messages for social engineering to steal individual’s personal information
D. None of the above (1 mark)
32. Which of the following is NOT an authenticating process for users of information systems?
A. Authentication process involves – Something the user know
B. Authentication process involves – Something the user has
C. Authentication process involves – Something the user is
D. Authentication process involves – Something the user was (1 mark)
33. Which of the following is a type of network security system that is designed to supplement firewalls and other forms of network security for detecting malicious activity coming across the network?
A. Network access control systems
B. Intrusion detection controls
C. Administrative controls systems
D. None of the above (1 mark)
34. Which of the following is NOT a red flag of a bid specification scheme?
A. Defective pricing
B. Narrow specifications for the type of goods or services being procured
C. Splitting of bids
D. Broad specifications for the type of goods or services being procured (1 mark)
35. Credit card fraud is rampant in the banking industry. Which of the following presents the greatest risk of card fraud?
A. Card at point of sale
B. Card counterfeiting
C. Card fabrication
D. None of the above (1 mark)
36. Which of the following is NOT a red flag of malware infection?
A. The system suddenly, and for no apparent reason, slows down its response time to commands.
B. The computer stops responding or locks up frequently
C. The operating system or other programs and applications behave in a predictable manner
D. None of the above (1 mark)
37. Which of the following is NOT a prevention measure against infection from a malicious program?
A. Use anti-malware software to scan all incoming email messages and files
B. Regularly update the computer with the latest security patches available for the operating system
C. Organisations should develop corporate prevention policies and an employee education program to inform employees of how malware is introduced and what to do when there is suspicion of malware
D. None of the above (1 mark)
38. A government agency received an anonymous tip, informing them that their procurement and stores personnel in collusion with the suppliers have agreed that the supplier delivers merchandise to the procuring entity employees’ warehouse and then invoice the procuring entity. Which of the following BEST describes the fraudulent scheme perpetrated by the supplier?
A. False pretense
B. Request and transfer scheme
C. Purchasing and receiving scheme
D. Conflict of interest (1 mark)
39. Under the IFRS, recognising a long-term project revenue that has not been earned, can BEST be described as which of the following financial statement fraud schemes?
A. Fictitious revenue scheme
B. Revenue scheme
C. Understated receivables scheme
D. None of the above (1 mark)
40. Which of the following is an illegal method of gathering information from competitors?
A. Placing a mole in a company
B. Espionage
C. Competitive Intelligence
D. Human Intelligence (1 mark)
41. Which of the following is NOT a favorite target of intelligence gatherers?
A. Job applications
B. Conferences
C. Marketing and sales information
D. None of the above (1 mark)
42. Which of the following BEST describes the method of spying on another company’s activities by placing a person in that entity to gather information and pass to the party that has retained him
A. Overt operations
B. Surveillance
C. Covert operations
D. None of the above (1 mark)
43. Which of the following is NOT a best practice for non-disclosure and non-competition agreement?
A. Employees should sign the non-disclosure and a non-competition agreement only at the beginning of an employment contract
B. The organisation should clearly communicate to employees what is considered confidential information upon hiring and on regular basis
C. At the exit interview an employee should not be made to sign a statement acknowledging that he is aware of the terms and conditions of the non-competition and non-disclosure agreements
D. None of the above (1 mark)
44. Which of the following statements is ACCURATE in regards to contract performance mischarges?
A. Material mischarges are more susceptible than labor mischarges
B. Accounting mischarges are more susceptible than labor mischarges
C. Labor and material mischarges are equally susceptible to mischarges
D. None of the above (1 mark)
45. Which of the following statements is NOT correct in relation to bank reconciliations statement?
A. Bank reconciliation statement can help to detect cash misappropriation
B. Bank reconciliation statement can help to detect skimming
C. A manipulated bank reconciliation is both a red flag and a risk of asset misappropriation
D. None of the above (1 mark)
46. Which of the following statements is ACCURATE in regards to the effects on financial statements attributed to capitalisation of expenses?
A. Capitalising expenses will misrepresent expenses because expenses will be understated and therefore inflate the profits
B. Capitalising expenses will misrepresent assets because the assets will be understated
C. Capitalising expenses will misrepresent the expenses because, the expenses will be overstated and therefore understate profits
D. None of the above (1 mark)
47. Which of the following procurement fraud schemes involve a procurement employee engaging in the early opening of bids and unjustifiable delay of opening the bids?
A. Bid rigging
B. Bid rotation
C. Bid manipulation
D. None of the above (1 mark)
48. An analysis of a company’s revenue and cost of revenue revealed that the cost of revenue had increased by 70% the previous year. Revenue only increased by 20 %. This scenario is a red flag of which of the following?
A. The number of purchases was lower than the previous year.
B. Sales were low in the current year compared to the previous year
C. A poor marketing strategy
D. Theft of inventory (1 mark)
49. Which of the following is a method that a fraudster might use to conceal inventory theft?
A. Failure to write off stolen inventory as scrap
B. Increasing the perpetual inventory balance
C. Altering the perpetual inventory records to increase the balances
D. None of the above (1 mark)
50. Which of the following BEST describe a malicious software used to simplify or automate online criminal activities?
A. Ransomware
B. Spyware
C. Adware
D. Crime ware (1 mark)
51. The type of fraud that targets groups of people who have some social connection, such as neighborhood, professional association of racial minorities or immigrant groups, is referred to as:
A. Consumer fraud
B. Ponzi scheme
C. Charity schemes
D. Affinity (1 mark)
52. Which of the following statements is ACCURATE in regards to business email compromise?
A. Attackers target payable accountants in the organisation who are responsible of making payments
B. Attackers target corporate executives
C. Business compromise is a type of technical surveillance attack
D. None of the above (1 mark)
53. A non- performing bank loan is a red flag of fraud. Which of the following BEST describe the fraud scheme that is often associated with a nonperforming loan?
A. Draw request
B. Construction overheads
C. Fraudulent appraisals
D. None of the above (1 mark)
54. Which of the following methods might be used to conceal a sham loan in which the loan officer receives part of the loan proceeds
A. Letting the loan go into arrears
B. Leaving the bad loan in the books
C. Forwarding the loan over to a collections agency
D. Writing off the loan (1 mark)
55. Which of the following statements is ACCURATE in regards to pyramids and Ponzi schemes?
A. A pyramid scheme promotes itself as a pyramid, whereas a Ponzi scheme promotes itself as an investment opportunity
B. Some Ponzi schemes are legal but Ponzi schemes are are illegal
C. All pyramid schemes are legal, whereas all Ponzi schemes are illegal
D. In a pyramid scheme, old investors are paid with money from new investor (1 mark)
56. Which of the following is the MOST common scheme perpetrated by suppliers of reusable medical equipment?
A. Providing substandard equipment and charging for quality equipment
B. Falsifying prescription for medical equipment
C. Billing after the equipment is returned
D. None of the above (1 mark)
57. Which of the following is NOT considered to be a red flag of a Ponzi scheme?
A. An investment with normal returns responding to financial markets
B. A financial manager who manages, administers and retains custody of the investment funds
C. A financial manager who puts an unusual amount of pressure on investors to act immediately
D. An investment that promises extremely high or short-term returns with very low risk (1 mark)
58. Which of the following BEST describes the most common real estate loan fraud scheme?
A. Overhead requests
B. Hold back disbursements
C. Fraudulent appraisals
D. Draw request (1 mark)
59. High percentages of returns, missing compliance certificates, and evidence of falsified inspection test results, are red flags of which stage of the procurement fraud process?
A. Solicitation phase
B. Pre-solicitation phase
C. Award and evaluation phase
D. None of the above (1 mark)
60. Which of the following can BEST describe fraud perpetrated by medical providers, medical equipment suppliers or medical facilities or health care programs to increase their own income through fraudulent schemes
A. Fictitious services fraud
B. Up- coding
C. Provider fraud
D. Unbundling (1 mark)
61. Which of the following statements in regards to financial statement fraud is ACCURATE?
A. Fictitious revenue scheme would lead to understated receivable
B. Concealed expenses scheme would lead to understated profits
C. Capitalisation of expenditure would lead to understated profits
D. None of the above (1 mark)
62. Which of the following statements in regards to the effect of fraudulent transactions on the current ratio is NOT accurate?
A. Overstated receivables will result to an inflated current ratio
B. Understated current liabilities will result to an inflated current ratio
C. Overvaluation of inventory will result to an inflated current ratio
D. None of the above (1 mark)
63. Susan works for Riverside commercial bank at the back office. Susan has been monitoring an elderly woman’s account for some time and noted that the account has been dormant for about seven years. She then debits the woman’s account and credit an account controlled by herself. Which of the following BEST describes the bank employee’s scheme?
A. False accounting
B. Unauthorised withdrawal
C. Embezzlement of customers’ funds
D. None of the above (1 mark)
64. Henry is a receivables accountant at Maji State Corporation. Henry conspired with customers with substantial outstanding bills to write them off in the books in the computer system. The customers gave Henry cash as a reward for writing off the big debts. Which of the following BEST describe Henry’s fraudulent and corrupt schemes?
A. Conflict of interest, asset misappropriation and computer fraud
B. False accounting, bribery and computer forgery and false pretense
C. Conspiracy, bribery, asset misappropriation and computer forgery
D. Collusion, bribery, asset misappropriation and computer fraud (1 mark)
65. Jeremmy is a payable accountant at Mwangaza State Corporation. Jeremmy conspired with 50 major vendors to make overpayments by altering the payment vouchers when entering them in the payment system by adding a zero and sometime paying an invoice twice. The vendors shared the proceeds with Jeremmy. Which of the following BEST describes Jeremmy’s fraudulent and corrupt schemes?
A. Collusion, bribery, asset misappropriation
B. False accounting, Bribery and computer forgery
C. Bribery, misappropriation and computer forgery
D. None of the above (1 mark)
66. Which of the following is NOT a best practice of safeguarding proprietary information?
A. Developing and implementing a risk-based information security
B. Implementation of data minimisation
C. Implementation of data classification
D. Implementing information security (1 mark)
67. Which of the following statements is NOT accurate in regard to the methods used to make corrupt payments?
A. Bribe payers often make corrupt payments by giving an interest in a business
B. Bribe payers often make corrupt payments by taking a credit card on behalf of the recipient and make monthly payments for amount spent
C. Bribe payments can be made in form of a loan, guaranteed by the contractor but paid by the recipient
D. None of the above (1 mark)
68. Which of the following is a type of a skimming scheme?
A. Fictitious revenue
B. Unrecorded revenue
C. Concealed expenses
D. None of the above (1 mark)
69. Which of the following detection methods can help to detect the skimming scheme?
A. Analysing receipts
B. Preparing a bank reconciliation statement
C. Comparing the receipts with the bank deposits
D. Data analysis and observation (1 mark)
70. Vicky Lamenya, is an accountant of Black Company Ltd. Vicky realised that the travel and accommodation account had over spent the budget amount that was caused by misappropriation. Vicky wants to conceal the misappropriation.
Which of the following transactions can help to conceal the misappropriation?
A. Credit travel and accommodation account and debit another expense account
B. Credit travel and accommodation account and credit an asset account
C. Debit travel and accommodation account and credit repairs and maintenance account
D. None of the above (1 mark)
71. Which of the following statements is ACCURATE in regard to the types of workers’ compensation fraud schemes?
A. The agents collect premium and submit all the premiums to the insurance company
B. A lawyer, doctor and a claimant cannot collude to defraud an insurance company
C. In premium fraud, an employer understates the amount of payroll under high risk classifications to get a lower-cost premium
D. None of the above (1 mark)
72. Which of the following is NOT a solicitation phase – procurement fraud scheme involved in competitive bidding process?
A. Bid rigging
B. Defective pricing
C. Bid manipulation
D. None of the above (1 mark)
73. Which of the following is NOT a method that is used to manipulate and destroy data?
A. Malware
B. Overflow exploits
C. Privilege escalation
D. None of the above (1 mark)
74. Which of the following is ACCURATE in regards to cybercrime?
A. Entering an altered or falsified data in the computer by an authorised employee, is a type of cybercrime
B. Modification of data by an authorised employee is a type of cybercrime
C. Unauthorised modification of data through use of internet is a cybercrime
D. All the above (1 mark)
75. Which of the following is NOT a method used to destroy and manipulate data?
A. Launching a buffer overflow exploits
B. Entering false information into a computer system
C. Transmitting data to unauthorised destination
D. None of the above (1 mark)
76. Which of the following is ACCURATE in regards to internet of things technology?
A. IOT technology tends to focus on innovation design rather than privacy or security
B. IOT technology tends to focus on privacy or security rather than innovative design
C. IOT devices commonly connect to networks using inadequate security
D. All the above (1 mark)
77. Which of the following describes the method used to gain unauthorised access through the use of a secret point into the program?
A. Trojan horse code
B. Back door
C. Salami techniques
D. Trap door (1 mark)
78. Which of the following is NOT a type of administrative security control?
A. Security policies and procedures
B. Security awareness and education
C. Security reviews and audit
D. None of the above (1 mark)
79. Both ABC and XYZ companies are major players in the construction industry. ABC Company paid XYZ Company an inducement to refrain from bidding for a contract tender issued by a government entity. Which of the following BEST describes the procurement scheme perpetrated by ABC and XYZ companies?
A. Both ABC and XYZ engaged in bid rotation
B. Both ABC and XYZ engaged in bid rigging
C. Both ABC XYZ engaged in market division
D. None of the above (1 mark)
80. Which of the following financial statement fraud schemes is NOT associated with financial performance fraudulent reporting?
A. Overstatement of revenues
B. Concealment of expenditure
C. Improper disclosure
D. Improper valuation of receivable (1 mark)
81. Which of the following is a financial statement fraud scheme that is NOT associated with fraudulent reporting of the financial position?
A. Improper non -assets valuation
B. Improper current assets valuation
C. Concealed liabilities
D. None of the above (1 mark)
82. Which of the following BEST describes the form of corruption where a public official receives money and use his position to influence a decision or an act?
A. Bribery
B. Commercial Bribery
C. Reward or advantage
D. None of the above (1 mark)
83. Which of the following BEST describes a healthcare fraud scheme in which a provider bills for a higher level of service than they actually provided
A. Unbundling
B. Overutilisation
C. Fictitious billing
D. None of the above (1 mark)
84. Which of the following statements BEST describes a bid rotation procurement scheme?
A. Competitive bidders refrain from bidding
B. Bidders issue token bids
C. Bidders divide the market
D. None of the above (1 mark)
85. Betty is an employee in the procurement department of company XYZ. Betty creates a shell company by the name of Business Solutions Ltd. She purchases goods and then sell them to his employer through the shell company at an exorbitant price. This type of fraudulent scheme perpetrated by Betty can BEST be described as which of the following scheme?
A. Billing scheme
B. Pay and return scheme
C. Pass through scheme
D. Asset misappropriation (1 mark)
86. Which of the following is NOT a red flag of bid rotation scheme?
A. Bidders bid each time lower
B. A pattern of winning bids
C. Extremely high prices of bids even for the lowest bid
D. None of the above (1 mark)
87. Which of the following is NOT a method that can be used to prevent a computer from being infected by malware softwares?
A. Update the system with any security patches
B. Use anti-malware software
C. Update the operating system regularly
D. None of the above (1 mark)
88. Which of the following is NOT a technical security control for securing computer systems and communication networks?
A. To install operating system security
B. To install network security defenses
C. To encrypt sensitive data files
D. None of the above (1 mark)
89. Which of the following statements is NOT accurate in regard to computer technical security?
A. Technical security can also be referred to as logical control
B. Technical security involves use of safeguards incorporated into computer hardware and software
C. Security policies, procedures and audits technical are not types of technical security
D. None of the above (1 mark)
90. There are several financial statement fraud schemes that are perpetrated by management and directors to misrepresent the financial performance and position of the organisation. Which of the following is NOT one of those schemes?
A. Improper asset valuation
B. Improper disclosures
C. Improper recognition of revenue
D. None of the above (1 mark)
91. Which of the following is NOT a common reason why management of a public company engage in fraudulent financial reporting?
A. To meet compliance requirements
B. Pressure for performance bonuses
C. To conceal inability to generate cash flow
D. To reduce tax liability (1 mark)
92. Which of the following statements is NOT true in regards to the methods used by identity thieves to steal personal and business information?
A. Identity thieves can use phishing to collect personal information
B. Identity thieves often engage in impersonating the victim
C. Identity thieves can use company employees to provide them with customer’s information
D. None of the above (1 mark)
93. Which of the following is a type of financial statement fraud associated with related party- transactions?
A. Inadequate disclosure
B. Timing differences
C. Fraudulent related party transactions
D. Improper asset valuation (1 mark)
94. Which of the following BEST describes preventive measure used by banks to avoid fraudulent withdrawals?
A. Positive pay
B. Payment verification
C. Verification control
D. None of the above (1 mark)
95. Which of the following activities does NOT usually occur during the containment and eradication step of the recommended methodology for responding to cybersecurity incidents?
A. Identifying all breaches that occurred
B. Notifying the appropriate internal personnel
C. Restoring control of the affected systems
D. Limiting the damage caused by the attack (1 mark)
96. Organisations should be in a position to respond to a wide range of cybersecurity incidents, including cyberattacks and data breaches. Which of the following is NOT a method of responding to cybersecurity incidents?
A. Planning
B. Detection and analysis
C. Containment and eradication
D. All the above (1 mark)
97. Which of the following is NOT a recommended separation of duties within the information systems department and between IT and business unit personnel
A. Programmers should not have unsupervised access to production programs or have access to production data sets (data files).
B. IT personnel’s access to production data should be limited.
C. Application system users should be granted access to all applications and systems functions and data required for their job duties.
D. All the above (1 mark)
98. Which of the following BEST describes a software keylogger?
A. A type of software that, while not definitely malicious, has a suspicious or potentially unwanted aspect to it
B. A computer program that replicates itself and penetrates operating systems to spread malicious code to other computers
C. A program or command procedure that appears useful but contains hidden code that causes damage
D. None of the above (1 mark)
99. Which of the following is a type of an administrative security control that an organisation can implement to protect computers and communication networks?
A. Developing an incident response plan
B. Use of smart access cards for employees
C. Installing a firewall for the network
D. Backing up system files regularly (1 mark)
100. Health care providers engage in various provider fraud schemes. Auditors and forensic auditors should be aware of the red flags associated with health care provider fraud. Which of the schemes is NOT one of them?
A. Pressure for rapid processing of claims
B. Unusually high volumes of claims compared to the facility capacity
C. Health provider’s close relationships with the claims department personnel
D. None of the above (1 mark)
