MONDAY: 21August 2023. Afternoon Paper. Time Allowed: 3 hours.
Answer ALL questions by indicating the letter (A, B, C or D) that represents the correct answer. This paper is made up of one hundred (100) Multiple Choice Questions. Each question is allocated one (1) mark.
1. Which term BEST describes oversight responsibilities of different parties for an organisation’s direction, operations, and performance.
A. Management oversight
B. Corporate oversight
C. Corporate governance
D. None of the above (1 mark)
2. Which of the following is NOT an area, factor or consideration related to fraud risk governance scorecard?
A. Organisational commitment to fraud risk governance
B. Fraud risk governance support by the board of directors
C. Designing and implementing a comprehensive fraud risk policy
D. None of the above (1 mark)
3. Which of the following is NOT an area, factor or consideration related to fraud risk assessment principle?
A. Involving appropriate levels of management in the fraud risk assessment
B. Analysing internal and external factors
C. Identifying management override of controls as a risk
D. None of the above (1 mark)
4. Which of the following statements is ACCURATE in regard to a fraud risk assessment report?
A. The report should contain a detailed, comprehensive list of the assessment findings
B. The report should contain a detailed, comprehensive list of the information gathered
C. The results of the risk assessment should be reported in a complex framework
D. None of the above (1 mark)
5. Which of the following is NOT an area, factor or consideration related to fraud investigation and corrective principle?
A. Establishing fraud investigation and response plan and protocols
B. Conducting investigations
C. Communicating investigation results
D. Considering internal and external factors (1 mark)
6. Which of the following is NOT accurate in regard to a fraud risk assessment process?
A. The assessment team must be perceived as independent and objective by the organisation for the process to be effective
B. Management and auditors should share ownership of the process and accountability for its success
C. Conducting an effective fraud risk assessment requires the team to discuss risk factors only with risk and audit functions
D. None of the above (1 mark)
7. Which of the following statements is ACCURATE in regard to fraud risk assessment?
A. The auditor should incorporate the results of a fraud risk assessment into the annual audit plan
B. The auditor should ignore the results of a fraud risk assessment and conduct an independent fraud risk assessment
C. The auditor should conduct a comprehensive fraud risk assessment before conducting an audit
D. None of the above (1 mark)
8. Which of the following statements is ACCURATE in regard to a well-designed and effective system of internal controls?
A. A well-designed and effective system of internal controls can eliminate fraud risks
B. A well-designed and effective system of internal controls can eliminate fraud
C. A well-designed and effective system of internal controls cannot eliminate fraud risks
D. None of the above (1 mark)
9. Which of the following statements is NOT accurate in regard to fraud risk assessment reporting frameworks?
A. The ACFE and other fraud risk assessment frameworks are used as a guide to customise an organisation fraud risk assessment framework
B. Fraud risk assessment results be can reported in a micro framework
C. Fraud risk assessment results be can reported in a macro framework
D. None of the above (1 mark)
10. The fraud risk assessment team should consider which of the following fraud risks in addition to the specific risks related to each of the three categories of occupational fraud?
A. Fraudulent financial reporting risk
B. Investment risks
C. Management override of controls
D. None of the above (1 mark)
11. Corporate espionage and hacking schemes are all fraud risks pertaining to which of the following fraud categories?
A. Occupational fraud
B. Information technology
C. Internal fraud
D. None of the above (1 mark)
12. A fraud risk assessment report should reflect which of the following assessment team’s opinion formed during the assessment engagement?
A. Professional subjective opinion
B. Unqualified opinion
C. Qualified opinion
D. None of the above (1 mark)
13. Which of the following statements describes BEST practice of responding to high risk of fraud?
A. Organisations should respond to high risks of fraud through mitigation, fraud audit and transferring the risk
B. Organisations should respond to high risks of fraud through mitigation
C. Organisations should respond to high risks of fraud through transferring the risk
D. All the above (1 mark)
14. Which of the following is NOT accurate in regard to effective fraud controls?
A. They increase the perception of detection
B. They eliminate fraud risks
C. They balance preventive and detective controls
D. None of the above (1 mark)
15. Which of the following BEST describes management decision to accept a risk, rather than mitigate the risk?
A. Mitigating the risk
B. Assuming the risk
C. Avoiding the risk
D. None of the above (1 mark)
16. If management finds that a risk, even when mitigated is still high and it is not absolutely necessary to take the risk, which of the following BEST describes how management should respond to that risk?
A. Transferring the risk
B. Put preventive and detective controls
C. Avoid the risk
D. None of the above (1 mark)
17. There are various factors that influence the level of fraud risk faced by an organisation. Which of the following is NOT one of them?
A. Absence of internal controls
B. The culture of the organisation
C. The ethics of its leadership team
D. All the above (1 mark)
18. The first step of a fraud risk assessment is identifying fraud risks. Which of the following BEST describes the identified risks?
A. External risks
B. Inherent risks
C. Internal risks
D. None of the above (1 mark)
19. Fraud risks that remain after management has put in place fraud-related controls are referred to as________________.
A. Inherent risk
B. Fraud risks
C. Risk appetite
D. None of the above (1 mark)
20. In identifying fraud risks that pertain to an organisation, the fraud risk assessment team should specifically NOT discuss which of the following as potential fraud risks?
A. Information and technology risks
B. Reputation risks
C. High perception of detection
D. None of the above (1 mark)
21. Which of the following statements is NOT accurate in regard to ensuring that the fraud risk assessment is objective?
A. The assessment should incorporate risk owners and employees
B. The assessment should be conducted by the organisation with the assistance of a consultant
C. The assessment should be conducted by the internal audit and risk functions only because they have the knowledge and skills in risks
D. None of the above (1 mark)
22. Fraud related controls, that are designed to stop fraud before it occurs and to detect when fraud has already occurred, are referred to as which of the following respectively?
A. Detective, investigative controls
B. Detective and administration controls
C. Investigative, deterrent controls
D. None of the above (1 mark)
23. Which of the following parties would be the MOST appropriate sponsor for a fraud risk assessment?
A. Management
B. The Board
C. The risk manager/director
D. None of the above (1 mark)
24. Which of the following is NOT a type of fraud detective control?
A. Independent reconciliations
B. Physical inspections and counts
C. Fraud policies and procedures
D. Continuous audit techniques (1 mark)
25. Which of the following statements is NOT accurate regarding the communication of the fraud risk assessment process?
A. The communication should be in the form of a message from the risk assessment chair of the audit and risk committee, to command authority and support of the process.
B. The communication should be personalised, to enable all members of staff to embrace the process to make it more effective
C. The communication should be openly made throughout the business
D. The communication should be generalised, to enable all employees embrace the process. (1 mark)
26. Which of the following statements is NOT accurate in regard to how management should use the results of a fraud risk assessment?
A. To promote awareness and education of the fraud risks, across the organisation
B. Hold action holders accountable for response
C. To promote awareness and education of fraud that pertains to the organisation.
D. None of the above (1 mark)
27. Which of the following techniques of gathering information during a fraud risk assessment enables the fraud risk assessor to observe the interactions among several employees as they collectively discuss a question asked by the assessor?
A. Interviews
B. Survey
C. Hotline
D. None of the above (1 mark)
28. Which of the following is NOT accurate about the fraud risk assessment team?
A. All team members should have a good knowledge of fraud risks and skills in risk assessment
B. Team members should have good skills for gathering and eliciting information
C. Team members should be objective
D. None of the above (1 mark)
29. Which of the following is NOT accurate in regard to anti – fraud controls and fraud risks?
A. Risks that are present before mitigation are described as inherent risks
B. The objective of anti-fraud controls is to mitigate the inherent risks
C. The objective of anti-fraud controls is to make the residual fraud risk significantly smaller than the inherent fraud risk
D. The objective of anti-fraud controls is to make the inherent fraud risk significantly smaller than the residual fraud risk (1 mark)
30. Which of the following members are NOT appropriate fraud risk assessment team members?
A. The risk officers
B. The risk owners
C. Internal auditors
D. None of the above (1 mark)
31. During a fraud risk assessment, the assessment team should NOT consider which of the following?
A. Impossibility for management overriding controls
B. The inherent limitations of internal controls
C. Internal controls that might have been eliminated due to restructuring or expansion
D. None of the above (1 mark)
32. All the following are true in regard to fraud risk assessment EXCEPT?
A. The results should be used to effectively respond to fraud risk
B. It can help management look for fraud in residual high risk areas
C. It can help management significantly reduce fraud risks
D. None of the above (1 mark)
33. Which of the following is NOT a fraud risk?
A. Low personal integrity
B. Low perception of detection
C. Culture of the organisation
D. None of the above (1 mark)
34. If an area is assessed as having a high fraud risk, which of the following procedures should management conduct?
A. Put specific detective measures to increase the perception of detection
B. Conduct a fraud identification procedure
C. Conduct a fraud audit
D. Conduct a special audit (1 mark)
35. Which of the following is NOT a recommended method of conducting a risk assessment?
A. Undercover
B. Survey
C. Reporting hotlines
D. Focus group (1 mark)
36. Fraud risk index is a macro fraud risk assessment. Which of the following is NOT a component of fraud risk index?
A. Environmental risk index
B. Culture Quotient risk index
C. Prevent and Detect index
D. Leadership index (1 mark)
37. Which of the following is NOT a preventive anti-fraud control?
A. Fraud awareness training
B. Segregation of duties
C. Continuous audit techniques
D. Hiring policies and procedures (1 mark)
38. Culture Quotient fraud index is an assessment of how the organisation and its people behave. Which of the following is NOT an element of quotient fraud index?
A. A fraud tolerance index
B. Entitlement fraud index
C. Notification index
D. None of the above (1 mark)
39. Which of the following is ACCURATE in regard to a fraud risk assessment?
A. The fraud risk assessment should include only auditor’s views to ensure a holistic view of the organisation’s fraud risks
B. Management and the auditor’s views are sufficient and would also help to maintain independence and
objectivity of the assessment process
C. The fraud risk assessment team can apply qualitative or quantitative measures when assessing the
organisation’s fraud risks
D. None of the above (1 mark)
40. Bribery to procure business is a fraud risk pertaining to which of the following category of occupational fraud?
A. Kickbacks
B. Economic extortion
C. Asset misappropriation
D. None of the above (1 mark)
41. A process aimed at proactively identifying an organisation’s vulnerabilities to both internal and external fraud is referred to as _____________________.
A. A fraud risk examination
B. Fraud risk identification
C. Fraud risk assessment
D. None of the above (1 mark)
42. The fraud triangle has three elements that explain the root causes of fraud. Which of the following is NOT a root cause?
A. Opportunity
B. Rationalisation
C. Situational pressure
D. None of the above (1 mark)
43. Theft of competitor trade secrets, anti-competitive practices, environmental violations and trade and customs regulations related to import and export are all fraud risks BEST described as:
A. External fraud risks
B. Law and regulatory risks
C. Internal fraud risk
D. None of the above (1 mark)
44. The management of ABC company wants to develop a formal risk management program using a risk management framework as a guideline. In developing the program, management should tailor the framework to the organisation’s needs. Which of the following is NOT an element that should be considered?
A. Industry condition
B. Financial condition
C. Organisation culture
D. None of the above (1 mark)
45. Weighing an organisation’s strategic, operational, reporting and compliance objectives against the organisation’s risk appetite is BEST described as which one of the following?
A. Risk assessment
B. Risk tolerance
C. Risk apetite
D. None of the above (1 mark)
46. According to COSO, a process that is designed to identify potential events that may affect the entity and manage risk to be within its risk appetite, in order to provide reasonable assurance regarding the achievement of the entity’s objectives is referred to as ________________________.
A. Fraud risk assessment
B. Internal controls
C. Fraud risk management
D. None of the above (1 mark)
47. Which of the following is NOT accurate with regard to the objective of the fraud risk management program?
A. Management must mitigate the risks regardless of the cost, because the risks must be within acceptable level.
B. Management should express their risk tolerance according to the organisation’s culture and operations
C. Management should consider previous incidences of fraud as an objective of a fraud risk management
program
D. None of the above (1 mark)
48. Which of the following is NOT an objective of a fraud risk management program?
A. Fraud risk assessment
B. Fraud response
C. Fraud prevention
D. None of the above (1 mark)
49. In defining the objectives of the fraud risk management program, management can decide to express its risk appetite using different measurements. Which of the following is NOT one of those measurements?
A. Quantitatively
B. Qualitatively
C. Comparability
D. None of the above (1 mark)
50. The primary responsibility for designing, implementing, monitoring and improving the fraud risk management program rests with which party?
A. Risk officer
B. Internal auditor
C. The board of directors
D. None of the above (1 mark)
51. Which of the following is NOT one of the responsibilities pertaining to fraud risk management?
A. Providing oversight over the organisation’s fraud risk management activities
B. Setting realistic expectations of management to enforce an anti-fraud culture
C. Evaluating the effectiveness of the internal control
D. None of the above (1 mark)
52. According to an organisation’s fraud risk management program, which of the following statements is NOT accurate in regard to employees’ responsibility?
A. Employees must be aware of how non-compliance might create a risk of fraud
B. Employees must cooperate with investigators during investigations of suspected or alleged fraud incidents, in compliance with anti-fraud policy
C. Employees are not expected to assist in the design and implementation of fraud control activities, because it is the responsibility of management
D. None of the above (1 mark)
53. Different parties in an organisation have different levels of responsibility for fraud. Which of the following parties is responsible for developing policies for fraud risk management?
A. The Internal Audit department
B. The Management
C. The risk department
D. None of the above (1 mark)
54. The audit committee has specific responsibilities for fraud risk management. Which of the following is one such responsibility?
A. Receiving regular reports on the status of reported or alleged fraud
B. Monitoring and proactively improving the fraud risk management program
C. Performing and regularly updating the fraud risk management program
D. None of the above (1 mark)
55. Risk management includes a number of activities in respect to risks that threaten an organisation. Which of the following is NOT one of those activities?
A. Monitoring
B. Identification
C. Treatment
D. None of the above (1 mark)
56. According to the joint IIA, AICPA, and ACFE publication ‘Managing the Business Risk of Fraud: A Practical Guide’, who has the ultimate responsibility for fraud risk?
A. Internal Audit
B. The Board of Directors
C. Employees at all levels
D. None of the above (1 mark)
57. Which of the following is NOT a component of COSO’s Enterprise Risk Management—Integrated Framework?
A. Control activity
B. Internal environment
C. Objective settings
D. Fraud risk oversight (1 mark)
58. Which of the following is a function where the audit committee has an oversight responsibility?
A. Procurement function
B. Operations function
C. Risk management
D. None of the above (1 mark)
59. Which of the following statements is NOT accurate in regard to what should be included in a fraud risk management program?
A. A response plan for incidences of fraud
B. Measures and procedures to address internal control weaknesses that allowed the fraud to occur
C. Sanctions for fraud perpetrators
D. None of the above (1 mark)
60. Which of the following statements is NOT accurate in regard to an organisation’s fraud risk management program?
A. It should have measures and procedures to address failures in the design or operation of anti-fraud controls
B. Intentional non-compliance must be well-publicised and carried out in a consistent and firm manner
C. There should be a team, committee or an individual held responsible for monitoring compliance and
responding to suspected incidences of non-compliance
D. None of the above (1 mark)
61. All the following are types of detective anti-fraud controls EXCEPT:
A. Fraud awareness and education
B. Reporting programs
C. Surprise audits
D. Analytical data review (1 mark)
62. According to Dr. Steve Albretch, which of the following is NOT a root cause of fraud?
A. Perceived opportunity
B. Rationalisation
C. Perceived situational pressure
D. None of the above (1 mark)
63. Communication by board of directors and senior management in regard to their dedication and commitment to the fraud risk management program should be issued through a formal statement. Which of the following statement is NOT accurate?
A. The statement should be provided to all employees
B. The statement should be provided to vendors, customers and consultants
C. The statement should acknowledge the organisation’s vulnerability to fraud
D. None of the above (1 mark)
64. Which of the following statements is NOT accurate in regard to fraud risk assessment process?
A. The assessment team is not expected to express a personal opinion based on results the exercise
B. The assessment team is expected to make an objective judgement in regard to the residual risk
C. Fraud risk assessment team should ensure that they will be perceived as objective
D. None of the above (1 mark)
65. According to the COSO, which of the following is NOT a principle involved in the risk assessment process?
A. Identification of potential fraud
B. Assessing changes that could significantly impact the internal control system
C. Detection of fraud risks
D. None of the above (1 mark)
66. The fraud risk assessment team should identify specific fraud risks related to each of the three categories of fraud and also identify other fraud risks. Which of the following is NOT one of those fraud risks?
A. Justification for engaging in fraud
B. Low perception of detection
C. Perceived situational pressure
D. Absence of internal controls (1 mark)
67. Which of the following statements is NOT a component of the ERM Framework?
A. Governance and culture
B. Strategy and objective setting
C. Performance
D. None of the above (1 mark)
68. Which of the following statements is NOT accurate according to the joint COSO/ACFE Fraud Risk Management Guide and Managing the Business Risk of Fraud in regard to employees and management?
A. All employees must understand the organisation’s ethical culture and the organisation’s commitment to that culture.
B. Only risk function and auditors should have good knowledge of fraud risks and red flags
C. All employees must understand their individual roles within the organisation’s fraud risk management framework
D. None of the above (1 mark)
69. Which of the following is NOT one of the five broad principles of fraud risk management?
A. Risk governance
B. Fraud risk assessment
C. Control environment
D. Monitoring of fraud risk management program (1 mark)
70. Which of the following is NOT accurate in regard to fraud risk management?
A. Risk management involves the deterrence of risks
B. Risk management involves prioritization and treatment of risks
C. Risk management involves monitoring of risks that threaten an organisation’s ability to provide value to its stakeholders
D. None of the above (1 mark)
71. Which of the following statements in relation to fraud identification and detection is ACCURATE?
A. Identification and deterrence of fraud terms can be used interchangeably
B. Identification and detection of fraud terms can be used interchangeably
C. Identification of fraud is the same as auditing for fraud
D. Identification and detection of fraud terms cannot be used interchangeably (1 mark)
72. The fraud risk assessment team should identify fraud risks on what basis?
A. Residual basis
B. Both inherent and residual basis
C. Inherent basis
D. None of the above (1 mark)
73. Which of the following statements is ACCURATE in regard to fraud risk appetite?
A. High tolerance for fraud and risk appetite terms can be used interchangeably
B. The management and board should have Zero tolerance for fraud and fraud risk
C. The management and board should not have Zero fraud risk appetite
D. None of the above (1 mark)
74. Which of the following statements is NOT accurate in regard to a fraud risk register?
A. A risk register is the same as risk assessment framework
B. A risk register can also be used to fulfill regulatory compliance
C. A risk register is a repository for all risks identified
D. None of the above (1 mark)
75. Fraud risks are assessed based on several criteria. Which of the following is NOT one of them?
A. The likelihood that the risk will materialize
B. The impact if the risk materialized
C. The effectiveness of the fraud related controls
D. The enhancement of the internal controls (1 mark)
76. Which of the following defines treatment for residual risks that require designing and implementing more preventive and detective controls?
A. Transferring the risk
B. Avoid the risk
C. Mitigation of risks
D. None of the above (1 mark)
77. Which of the following is NOT a principle of COSO ERM 2017?
A. Strategy and objective setting
B. Review and revision
C. Information and communication
D. None of the above (1 mark)
78. An effective fraud risk management program does NOT have which of the following components?
A. Informs the organisation that management will proactively conduct fraud detection activities
B. Enhances the organisation’s positive public image and reputation
C. Promotes goodwill with other organisations and the general public
D. None of the above (1 mark)
79. The Fraud Risk Management Principle related to organisation establishing and communicating a fraud risk management program that demonstrates the expectations of the board of directors and senior management and their commitment to high integrity is related to which of the following COSO integrated control framework components?
A. Fraud risk assessment
B. Control activities
C. Information and communication
D. None of the above (1 mark)
80. The Fraud Risk Management Principle related to organisation, selecting, developing and deploying preventive and detective fraud controls is related to which of the following COSO integrated control framework?
A. Control environment
B. Risk assessment
C. Control activities principle
D. None of the above (1 mark)
81. Which of the following statements BEST describes a fraud risk register?
A. Is a tool that documents the detected frauds
B. Is a tool that is used to list detected risks
C. It is a tool that is used to document red flags identified
D. None of the above (1 mark)
82. Which of the following is NOT accurate in regard to a fraud risk assessment framework?
A. It is a comprehensive report of the assessment team’s findings
B. It is a report that is used to document response plan
C. It is a report that is used to document individuals responsible for action
D. None of the above (1 mark)
83. All parties in an organisation have some responsibility in fraud risk management. However, the level of responsibility differs. Which one of the following parties has the responsibility for evaluating the effectiveness of the fraud risk management program?
A. Ethics and compliance officer
B. Management
C. Internal auditors
D. None of the above (1 mark)
84. Embezzlement or theft of inventory is a fraud risk pertaining to which of the following categories of occupational fraud?
A. Kickbacks
B. Economic extortion
C. Corruption
D. Asset misappropriation (1 mark)
85. When conducting risk identification, the fraud risk assessment team should specifically NOT discuss which of the following fraud risks?
A. The risk of management overriding controls
B. Reputational risk
C. Information and technology risk
D. None of the above (1 mark)
86. Which of the following is NOT one of the five broad principles of fraud risk management?
A. Risk governance
B. Fraud risk assessment
C. Fraud risk oversight
D. None of the above (1 mark)
87. Which of the following is one of the five broad principles of fraud risk management?
A. Monitoring
B. Control environment
C. Information and communication
D. Correction and investigation (1 mark)
88. Which of the following principles relates to an organisation establishing and communicating a fraud risk management program that demonstrates the expectations of the board of directors and senior management and their commitment to high integrity and ethical values regarding managing fraud risk.
A. Control environment
B. Fraud Risk Assessment Principle
C. Fraud risk governance
D. Fraud Control Activities (1 mark)
89. Which of the following principles is related to the organisation performing comprehensive fraud risk assessments to identify specific fraud schemes and, assess their likelihood and significance, evaluate existing fraud control activities and implement actions to mitigate residual fraud risks.
A. Fraud Risk Governance Principle
B. Fraud Risk Assessment
C. Fraud Investigation and Correction Action
D. None of the above (1 mark)
90. Which of the following principles relate to the organisation selecting, developing and deploying preventive and detective fraud control activities to mitigate the risk of fraud events occurring or not being detected in a timely manner.
A. Fraud Risk Governance Principle
B. Fraud risk assessment
C. Fraud Risk Management Monitoring Activities Principle
D. None of the above (1 mark)
91. Which of the following is a fraud risk management principle related to the organisation establishing a communication process to obtain information about potential fraud and deploys a coordinated approach to investigations and corrective action to address fraud appropriately and in a timely manner?
A. Fraud Risk Governance Principle
B. Correction and investigation
C. Fraud Risk Assessment Principle
D. None of the above (1 mark)
92. According to ‘Managing the Business Risk of Fraud’, which of the following is NOT a type of a fraud risk management component?
A. Affirmation process
B. Process evaluation and improvement (quality assurance)
C. Continuous monitoring
D. The process should be rigid enough to effectively support the program (1 mark)
93. Which of the following is NOT a principle for risk management provided by ISO 31000: 2018?
A. Is integrated into high risk activities
B. Is customized and proportionate to the organisation’s operations and objectives
C. Is inclusive and provides for appropriate and timely consideration of stakeholders’ knowledge, views and perceptions
D. None of the above (1 mark)
94. Which of the following statements is NOT accurate in regard to management’s responsibility for fraud prevention?
A. Management is responsible for the design and implementation of fraud related controls
B. Management is responsible for providing oversight over the design and implementation of fraud related controls
C. Management must set the right tone at the top and monitor the company culture to ensure it appropriately supports the organisation’s fraud prevention
D. None of the above (1 mark)
95. Which of the following statements is NOT accurate in regard to responsibilities for fraud risk management?
A. Management has the primary responsibility for managing fraud risks
B. Board of directors has the primary responsibility for developing strategy and policies for managing fraud risks
C. The risk function has the primary responsibility for managing fraud risks
D. None of the above (1 mark)
96. A Fraud Risk Management Program, like any other program must have objectives, therefore management must balance some factors in determining the program’s objectives: Which of the following is NOT an objective of the fraud risk management program?
A. Management’s risk tolerance
B. The investment in preventive and detective controls
C. Investigations of frauds that are material in nature
D. None of the above (1 mark)
97. Culture Quotient is an assessment of how the organisation and its people behave or are perceived to behave. Which of the following is NOT a component of assessing culture Quotient?
A. Tolerance index
B. Entitlement index
C. Notification index
D. Conflict of interest index (1 mark)
98. Which of the following statements BEST describes the Tolerance index?
A. It is an assessment of an organisation’s tolerance for fraudulent and corrupt behavior
B. It is an assessment of an organisation’s tolerance for fraud risks
C. It is an assessment of an organisation’s effectiveness of anti-fraud controls
D. None of the above (1 mark)
99. Which of the following statements is NOT correct in regard to recommendations for vendor due diligence procedures?
A. An organisation should request that new contractors complete a questionnaire about their backgroundimmediately after signing a contract with them
B. An organisation should include a clause in the contract requiring the contractor to report any instances of misconduct before entering into an agreement with them
C. An organisation should ensure that vendors have their own ethics and compliance program before engaging in any transactions with the contractor
D. An organisation should ensure that it includes reputational risk in its due diligence process. (1 mark)
100. According to rational choice theory, which of the following statements is NOT accurate in regard to fraud deterrence?
A. Reducing opportunities to commit crime
B. Increasing personal risk to the perpetrator
C. Reducing personal risk to the perpetrator
D. All the above (1 mark)
