FRAUD RISK MANAGEMENT DECEMBER 2023 PAST PAPER

MONDAY: 4 December 2023. Afternoon Paper. Time Allowed: 3 hours.

Answer ALL questions by indicating the letter (A, B, C or D) that represents the correct answer. This paper is made up of one hundred (100) Multiple Choice Questions. Each question is allocated one (1) mark.

1. Culture Quotient fraud index is a macro assessment of how an the organisation and its people behave.

Which of the following is NOT an element of quotient fraud index?

A. Fraud tolerance risk index
B. Entitlement risk index
C. Notification risk index
D. Prevent and detect risk index (1 mark)

2. Which of the following statements in regard to culture quotient is NOT accurate?

A. Fraud tolerance risk index should be low
B. Entitlement risk index should be low
C. Notification risk index should be high
D. None of the above (1 mark)

3. Which of the following is NOT an area, factor or consideration related to fraud risk governance principle?

A. Organisational commitment to fraud risk governance
B. Fraud risk governance support by the board of directors
C. Designing and implementing a comprehensive fraud risk policy
D. None of the above (1 mark)

4. Which of the following is NOT an area, factor or consideration related to fraud risk assessment principle?

A. Involving appropriate levels of management in the fraud risk assessment
B. Analysing internal and external factors
C. Identifying management override of controls as a risk
D. Organisational commitment to fraud risk governance (1 mark)

5. Which of the following is NOT accurate in regard to a fraud risk assessment process?

A. The assessment team must be perceived as independent and subjective by the organisation for the process to be effective
B. Management and auditors should share ownership of the process and accountability for its success
C. Conducting an effective fraud risk assessment requires thinking like a fraudster
D. All of the above (1 mark)

6. Which of the following statements is ACCURATE?

A. The auditor should incorporate the results of a fraud risk assessment into the annual audit plan
B. The auditor should conduct an independent risk assessment and incorporate his own results in the audit plan
C. The auditor should conduct a comprehensive fraud risk assessment before conducting an audit
D. None of the above (1 mark)

7. A well-designed and effective system of internal controls can:

A. Reduce the risk of fraud
B. Mitigate risks of fraud to a zero level
C. Eliminate fraud
D. All the above (1 mark)

8. Which of the following statements is ACCURATE in regard to Fraud Risk Assessment Frameworks?

A. Fraud risk assessment frameworks are valuable because they have been developed to fit any organisation
B. Fraud risk assessment frameworks are not valuable because they cannot fit every organisation
C. Fraud risk assessment frameworks can either be simple frameworks or macro assessment frameworks
D. None of the above (1 mark)

9. The fraud risk assessment team should NOT consider which of the following fraud risks in addition to the specific risks related to each of the three categories of occupational fraud?

A. Reputation risk
B. Law and regulatory risk
C. Information and technology risk
D. None of the above (1 mark)

10. Fraudulent customer payments, corporate espionage and hacking schemes are all fraud risks pertaining to which of the following categories?

A. External Fraud risk
B. Internal fraud
C. Information technology
D. None of the above (1 mark)

11. A fraud risk assessment report should reflect the assessment team’s opinion formed during the assessment engagement. Which one is it?

A. Professional subjective opinion
B. Expert opinion
C. Qualified opinion
D. None of the above (1 mark)

12. An assessment team can evaluate an area as high risk only if the assessment has found which of the following?

A. Fraud has previously occurred in that area
B. Employees in the area are very corrupt
C. Red flags have been identified in the area
D. None of the above (1 mark)

13. Which of the following is NOT accurate about an effective internal control system?

A. It can be effective in mitigation of fraud risks
B. It increases the perception of detection
C. It balances preventive and detective controls
D. None of the above (1 mark)

14. If management chooses to accept a risk, rather than mitigate it, this response is known as:

A. Mitigating the risk
B. Transferring the risk
C. Avoiding the risk
D. None of the above (1 mark)

15. If management decides to implement appropriate prevention and detection controls to treat an identified fraud risk, this response is known as:

A. Transferring the risk
B. Mitigating the risk
C. Assuming the risk
D. None of the above (1 mark)

16. There are various factors that influence the level of fraud risk faced by an organisation. Which of the following is NOT one of them?

A. The effectiveness of its internal controls
B. The nature of the business
C. The ethics of its leadership team
D. None of the above (1 mark)

17. Fraud risks that exist before management has put in place fraud-related controls are referred to as:

A. Residual risks
B. Fraud risks
C. Material risks
D. None of the above (1 mark)

18. Fraud risks that remain after management has put in place fraud-related controls are referred to as:

A. Inherent risk
B. Residual risks
C. Material risks
D. None of the above (1 mark)

19. In identifying fraud risks that pertain to an organisation, the fraud risk assessment team should specifically NOT discuss which of the following as potential fraud risks?

A. Management override of controls
B. Collusion
C. Low perception of detection
D. Employees’ override of controls (1 mark)

20. Which of the following is NOT accurate in regard to ensuring the objectivity of the fraud risk assessment team?

A. The assessment should be conducted by a consultant
B. The assessment should be conducted by management with the assistance of a consultant
C. The assessment should be conducted by the risk department
D. None of the above (1 mark)

21. Controls that are designed to stop fraud before it occurs and to detect it when it has already occurred, are referred to as which of the following respectively?

A. Detective, investigative controls
B. Hard, soft controls
C. Investigative, deterrent controls
D. None of the above (1 mark)

22. Which of the following individuals would generally be the most appropriate sponsor of a fraud risk assessment?

A. An Auditor
B. The CFO
C. The chair of the audit committee
D. None of the above (1 mark)

23. Detective anti-fraud controls include all of the following EXCEPT:

A. Hiring policies and procedures
B. Proactive data analysis techniques
C. Hotline
D. Physical inspections (1 mark)

24. Which of the following is NOT accurate regarding the communication of the fraud risk assessment process?

A. The communications should be in the form of a message from the risk assessment sponsor who must be a senior person who can command authority
B. The communication should not be personalised, to enable all members of staff to embrace the process to make it more effective
C. The communication should be openly made throughout the business
D. All the above (1 mark)

25. What is the objective of a fraud risk assessment?

A. To assess the guilt or innocence of an employee suspected of committing fraud
B. To evaluate the design and effectiveness of an organisation’s internal controls
C. To help an organisation identify what makes it most vulnerable to fraud
D. To estimate an organisation’s fraud losses (1 mark)

26. After the conclusion of the fraud risk assessment process, which of the following is NOT accurate in regard to how management should use the results?

A. Use the results to promote awareness and education to employees only
B. Evaluate progress against agreed action plans
C. Use the assessment results to monitor the performance of key internal controls
D. All of the above (1 mark)

27. Which of the following techniques of gathering information during a fraud risk assessment enable the fraud risk assessor to observe the interactions among several employees as they collectively discuss a question or issue?

A. Interviews
B. Survey
C. Focus group
D. None of the above (1 mark)

28. Which of the following is NOT accurate about the fraud risk assessment team?

A. Team members should have a good understanding of fraud, diverse knowledge, and skills in risk assessment
B. Team members should have advanced education in risk management
C. Team members should be individuals with experience and good skills for gathering and eliciting
information
D. None of the above (1 mark)

29. Which of the following is NOT accurate regarding fraud risks?

A. Risks that are present before mitigation are described as inherent risks
B. The objective of anti-fraud controls is to make the residual fraud risk significantly smaller than the inherent fraud risk
C. The objective of anti-fraud controls is to mitigate the inherent fraud risks
D. The objective of anti-fraud controls is to make the inherent fraud risk significantly smaller than the residual fraud risk (1 mark)

30. Which of the following is NOT an appropriate member of the fraud risk assessment team?

A. The general counsel
B. External consultants
C. Accounting and internal audit personnel
D. External auditors (1 mark)

31. During a fraud risk assessment, the assessment team should NOT consider which of the following?

A. Possibility for collusion
B. The inherent limitations of internal controls
C. Internal controls that might have been eliminated due to restructuring or expansion efforts
D. None of the above (1 mark)

32. All the following are accurate in regard to fraud risk assessment EXCEPT ___________________.

A. The results should be used to develop plans to mitigate fraud risk
B. It can help management identify individuals and departments which put the organisation at the greatest risk of fraud
C. It can help management eliminate fraud risks
D. None of the above (1 mark)

33. Which of the following is NOT a fraud risk?

A. Management’s leadership style
B. Management’s behaviour
C. Unhappy employees
D. None of the above (1 mark)

34. If an area is assessed as having a high fraud risk, which of the following procedures should management NOT conduct?

A. Put specific detective measures to increase the perception of detection
B. Conduct a fraud detection audit
C. Conduct a forensic audit
D. None of the above (1 mark)

35. The fraud risk assessment process should be conducted through which of the following methods?

A. Surveillance
B. Overt
C. Open
D. None of the above (1 mark)

36. In response to a risk identified during a fraud risk assessment, if management decides to eliminate an activity or a product because the control measures required to mitigate the risk are too costly, this is referred to as which one of the following?

A. Assuming the risk
B. Mitigating the risk
C. Transferring the risk
D. None of the above (1 mark)

37. Auditors should evaluate whether the organisation is appropriately managing the moderate-to-high fraud risks identified during the fraud risk assessment. Which one of the following evaluation methods can the auditor use?

A. Identifying within the moderate-to-high-risk areas whether there is a moderate-to-high risk of management override of internal controls
B. Designing and performing tests to evaluate whether the identified controls are operating effectively and efficiently
C. Identifying and mapping the existing controls that pertain to the low-to-high fraud risks identified in the fraud risk
D. All of the above (1 mark)

38. Preventive anti-fraud controls include all of the following EXCEPT:

A. Investigative audits
B. Fraud awareness training
C. Segregation of duties
D. Hiring policies and procedures (1 mark)

39. In response to a risk identified during a fraud risk assessment, if management decides to purchase an insurance policy to help protect the company against fraud risk associated with employees embezzlement, which one of the following BEST describes this type of response?

A. Avoiding the risk
B. Mitigating the risk
C. Assuming the risk
D. None of the above (1 mark)

40. Which of the following is ACCURATE in regard to a fraud risk assessment?

A. The fraud risk assessment should include only management’s and auditor’s views to ensure a holistic view of the organisation’s fraud risks
B. Their views of the management and the auditor are sufficient and would also help to maintain independence and objectivity of the assessment process
C. The fraud risk assessment team should apply either qualitative or quantitative factors when assessing the organisation’s fraud risks
D. All the above (1 mark)

41. Payment of bribes to procure business is a fraud risk pertaining to which of the following category of occupational fraud?

A. Kickbacks
B. Economic extortion
C. Corruption
D. None of the above (1 mark)

42. A process aimed at proactively identifying an organisation’s vulnerabilities to both internal and external fraud is referred to as:

A. Fraud risk examination
B. Fraud risk assessment
C. Fraud risk identification
D. Fraud risk response (1 mark)

43. The three elements of the fraud triangle that facilitate fraudulent activities are referred to as:

A. Asset misappropriation risks
B. Corruption risk
C. Fraud risks
D. Environmental risks (1 mark)

44. Theft of competitor trade secrets, anti-competitive practices, environmental violations, and trade and customs regulations related to import and export are all fraud risks BEST described as:

A. External fraud risk
B. Asset misappropriation risk
C. Regulatory and legal misconduct risk
D. Internal fraud risk (1 mark)

45. Which of the following is NOT one of the 11 principles of risk management provided by ISO 31000:2009?

A. The risk management program takes human and cultural factors into account
B. The risk management program is based on transparency and accountability
C. The risk management program is dynamic, iterative, and responsive to change
D. The risk management program explicitly addresses uncertainty (1 mark)

46. The management of XZY company wants to develop a formal risk management program and is using a risk management framework as a guideline. In developing the program, management should tailor the framework to the organisation’s:

A. Market condition
B. Business environment
C. Culture
D. None of the above (1 mark)

47. Weighing an organisation’s strategic, operational, reporting and compliance objectives against the organisation’s risk appetite is BEST described as which one of the following?

A. Risk assessment
B. Risk evaluation
C. Risk treatment
D. None of the above (1 mark)

48. According to the Committee of Sponsoring Organisations of the Treadway Commission (COSO), a process that is designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, in order to provide reasonable assurance regarding the achievement of the entity’s objectives is referred to as:

A. Internal controls
B. Fraud prevention
C. Fraud risk assessment
D. Enterprise risk management (1 mark)

49. Which of the following is NOT accurate with regard to the objective of the fraud risk management program?

A. Management must do a cost-benefit analysis of the anti-fraud controls against the amount of risk it is willing to accept
B. Management should express risk appetite according to the organisation’s culture and operations
C. Management should not consider previous incidences of fraud as an objective of a fraud risk management program
D. All of the above (1 mark)

50. An organisation’s fraud risk management program should include all the following components EXCEPT ________________.

A. How to disclose conflict of interest
B. Quality assurance activities
C. Whistleblower protection policies
D. Corporate governance (1 mark)

51. Which of the following is NOT an objective of a fraud risk management program?

A. Fraud detection
B. Fraud response
C. Fraud prevention
D. None of the above (1 mark)

52. In defining the objectives of the fraud risk management program, management can decide to express its risk appetite using different measurements. Which of the following is NOT one of those measurements?

A. Quantitatively
B. Qualitatively
C. Materiality
D. None of the above (1 mark)

53. The primary responsibility for designing, implementing, monitoring and improving the fraud risk management program rests with:

A. Risk officer
B. Internal auditor
C. The board of directors
D. None of the above (1 mark)

54. Which of the following is NOT one of the board of directors’ responsibilities pertaining to fraud risk management?

A. Providing oversight over the organisation’s fraud risk management activities
B. Setting realistic expectations of management to enforce an anti-fraud culture
C. Designing and implementing fraud-related controls to mitigate fraud risks
D. All of the above (1 mark)

55. According to an organisation’s fraud risk management program, which of the following is NOT accurate in regard to employees at all levels?

A. Be aware how non-compliance might create a risk of fraud
B. Cooperate with investigators in investigations of suspected or alleged fraud incidents, in compliance with anti-fraud policy
C. Only senior managers are expected to assist in the design and implementation of fraud control activities
D. All of the above (1 mark)

56. Various parties in an organisation have different levels of responsibility for fraud. Which of the following parties is responsible for developing a strategy to assess and manage fraud risks to be within the organisation’s risk appetite and strategic plans?

A. The internal audit department
B. The management
C. The risk department
D. None of the above (1 mark)

57. The audit committee has specific responsibilities for fraud risk management. Which of the following is one of those responsibilities?

A. Receiving regular reports on the status of reported or alleged fraud
B. Monitoring and proactively improving the fraud risk management program
C. Performing and regularly updating the fraud risk assessment
D. None of the above (1 mark)

58. Risk management includes a number of activities in respect to risks that threaten an organisation. Which of the following is NOT one of those activities?

A. Monitoring
B. Identification
C. Treatment
D. Evaluation (1 mark)

59. According to the joint IIA, AICPA and ACFE publication ‘Managing the Business Risk of Fraud: A Practical Guide’, who has responsibility for fraud risk?

A. Internal audit
B. The board of directors
C. Employees at all levels
D. Executive management (1 mark)

60. Which of the following is NOT one of the components of COSO’s Enterprise Risk Management-Integrated Framework?

A. Control activity
B. Internal environment
C. Corporate governance
D. Risk assessment (1 mark)

61. The Audit and Risk Committee has oversight responsibilities over which of the following functions?

A. Audit function
B. Accounting function
C. Risk management function
D. All the above (1 mark)

62. Which of the following is NOT accurate in regard to what should be included in a fraud risk management program?

A. On a case basis response plan
B. Measures and procedures to address internal control weaknesses that allowed the fraud to occur
C. Sanctions for fraud perpetrators
D. All the above (1 mark)

63. Which of the following statements is NOT accurate in regard to an organisation’s fraud risk management program?

A. It should have measures and procedures to address failures in the design or operation of anti-fraud controls
B. Unintentional non-compliance must be well-publicised and carried out in a consistent and firm manner
C. There should be a team, committee or an individual held responsible for monitoring compliance and
responding to suspected incidences of non-compliance
D. All of the above (1 mark)

64. All the following are types of detective anti-fraud controls EXCEPT:

A. Continuous audit techniques
B. Fraud awareness training
C. Surprise audits
D. Analytical data review (1 mark)

65. Which of the following is NOT a factor that influences the level of fraud risk faced by an organisation?

A. The absence of internal controls
B. The geographic regions in which it operates
C. The ethics of its leadership team
D. All of the above (1 mark)

66. Communication by board of directors and senior management in regard to their dedication and commitment to the fraud risk management program should be issued through a formal statement. Which of the following is NOT correct regarding the formal statement?

A. It is provided to all employees
B. It should not be provided to vendors, customers and consultants
C. It acknowledges the organisation’s vulnerability to fraud
D. It is in writing (1 mark)

67. Which of the following is NOT accurate in regard to the fraud risk assessment process?

A. The assessment team is expected to express a personal opinion at the end of the exercise
B. The assessment team is expected to make a subjective judgement in evaluation of the assessed risks
C. The fraud risk assessment team should not conduct a risk assessment in areas where they are biased
because of previous engagement
D. All the above (1 mark)

68. Which of the following is NOT one of the eight principles of risk management provided by ISO 31000:2018?

A. The risk management program is based on the effectiveness of the internal controls
B. The risk management program is structured and comprehensive
C. The risk management program takes human and cultural factors into account
D. The risk management program is dynamic and responsive to change (1 mark)

69. According to the COSO, which of the following is NOT one of the principles involved in the risk assessment process?

A. Identification of potential fraud
B. Assessing changes that could significantly impact the internal control system
C. Conducting and occasional monitoring of the risk management strategy
D. All the above (1 mark)

70. The fraud risk assessment team should identify specific fraud risks related to each of the three categories of fraud, and also identify other fraud risks. Which of the following is NOT one of those fraud risks?

A. Ability to rationalise engaging in fraud
B. Low personal integrity
C. Perceived situational pressure
D. High perception of detection (1 mark)

71. Which of the following is NOT one of the five components of the ERM Framework?

A. Governance and culture
B. Strategy and objective setting
C. Performance
D. None of the above (1 mark)

72. Which of the following is NOT accurate according to the joint COSO/ACFE Fraud Risk Management Guide and Managing the Business Risk of Fraud in regard to employees and management?

A. All must understand the organisation’s ethical culture and the organisation’s commitment to that culture
B. All must have a basic understanding of fraud and be aware of the red flags
C. All must understand their individual roles within the organisation’s fraud risk management framework
D. None of the above (1 mark)

73. All the following are part of the five broad principles of fraud risk management. Which one is NOT?

A. Risk governance
B. Fraud risk assessment
C. Control environment
D. All the above (1 mark)

74. Which of the following is NOT accurate in regard to fraud risk management?

A. Risk management involves the identification of risks
B. Risk management involves prioritisation and treatment of risks
C. Risk management involves monitoring of risks that threaten an organisation’s ability to provide value to its stakeholders
D. None of the above (1 mark)

75. Which of the following statements is NOT accurate?

A. “Identification” and “detection of fraud” can be used interchangeably
B. “Identification” and “detection of fraud” are not the same
C. Identification of fraud refers to red flags risks and risks of fraud
D. None of the above (1 mark)

76. The fraud risk assessment team should identify fraud risks on their:

A. Residual basis
B. Both inherent and residual basis
C. Impact basis
D. None of the above (1 mark)

77. Which of the following statements is NOT accurate?

A. “Risk tolerance” and “fraud risk appetite” can be used interchangeably
B. The management and board should have zero tolerance for fraud
C. The management and board should have low risk appetite for fraud
D. None of the above (1 mark)

78. Which of the following statements is NOT accurate in regard to a fraud risk register?

A. A risk register is a document used as a risk management tool
B. A risk register can also be used to fulfill regulatory compliance
C. A risk register is a repository for all risks identified
D. None of the above (1 mark)

79. Fraud risks are assessed based on several criteria. Which of the following is NOT one of them?

A. The likelihood that the risk will be exploited
B. The people
C. The effectiveness of the fraud related controls
D. None of the above (1 mark)

80. Which one of the following defines treatment for residual risks that require designing and implementing more fraud related controls?

A. Mitigation
B. Avoid the risk
C. Assume the risk
D. None of the above (1 mark)

81. The board of directors’ responsibility for; risk oversight, establishing operating structures and defining the desired culture are examples of which of the following principles of COSO ERM 2017?

A. Governance and culture
B. Review and revision
C. Information and communication
D. All the above (1 mark)

82. An effective fraud risk management program should NOT have which of the following characteristics?

A. Informs the organisation that management will proactively conduct fraud detection activities
B. Enhances the organisation’s positive public image and reputation
C. Promotes goodwill with other organisations and the general public
D. None of the above (1 mark)

83. The Fraud Risk Management (FRM 2016) Principle related to the organisation establishing and communicating a fraud risk management program that demonstrates the expectations of the board of directors and senior management and their commitment to high integrity is related to which one of the following IC 2013 Components?

A. Risk assessment
B. Control activities
C. Information and communication
D. None of the above (1 mark)

84. The fraud risk management (FRM 2016) Principle related to organisation, selecting, developing and deploying preventive and detective fraud controls is related to which one of the following IC 2013 Component?

A. Control environment
B. Risk assessment
C. Control activities
D. All the above (1 mark)

85. Which of the following is NOT accurate about a fraud risk register?

A. It is a tool that documents the detected frauds
B. It is a tool that is used to analyse the identified risks
C. It is a tool that is used to evaluate/score the risk
D. All the above (1 mark)

86. Which of the following is NOT accurate in regard to a fraud risk assessment framework?

A. It is a report that is used to document the opinion of the fraud risk assessment
B. It is a report that is used to document the response plan
C. It is a report that is used to document individuals responsible for action
D. All the above (1 mark)

87. All parties in an organisation have some responsibility in fraud risk management. However, the level of responsibility differs. Which one of the following parties has the responsibility of evaluating the effectiveness of the fraud risk management program?

A. Internal and external auditor
B. Ethics and compliance officer
C. Management
D. Board of directors (1 mark)

88. Skimming of cash or theft of inventory is a fraud risk pertaining to which of the following categories of occupational fraud?

A. Kickbacks
B. Economic extortion
C. Asset misappropriation
D. None of the above (1 mark)

89. Which of the following is NOT one of the five broad principles of fraud risk management?

A. Risk governance
B. Fraud risk assessment
C. Governance and culture
D. None of the above (1 mark)

90. Which of the following is one of the five broad principles of fraud risk management?

A. Fraud investigation and corrective action
B. Control environment
C. Information and communication
D. All the above (1 mark)

91. Which of the following principles relates to the organisation establishing and communicating a fraud risk management program that demonstrates the expectations of the board of directors and senior management and their commitment to high integrity and ethical values regarding managing fraud risk?

A. Fraud Risk Governance Principle
B. Fraud Risk Assessment Principle
C. Fraud Control Activities
D. None of the above (1 mark)

92. Which of the following principles is related to the organisation performing comprehensive fraud risk assessments to identify specific fraud schemes and assess their likelihood and significance, evaluate existing fraud control activities, and implement actions to mitigate residual fraud risks?

A. Fraud Risk Governance Principle
B. Fraud Control Activities
C. Fraud Investigation and Correction Action
D. None of the above (1 mark)

93. Which of the following principles relates to the organisation selecting, developing and deploying preventive and detective fraud control activities to mitigate the risk of fraud events occurring or not being detected in a timely manner?

A. Fraud Risk Governance Principle
B. Fraud Investigation and Correction Action
C. Fraud Risk Management Monitoring Activities Principle
D. None of the above (1 mark)

94. Which of the following principles relates to the organisation establishing a communication process to obtain information about potential fraud and deploys a coordinated approach to investigations and corrective action to address fraud appropriately and in a timely manner?

A. Fraud Risk Governance Principle
B. Fraud Investigation and Correction Action
C. Fraud Prevention Principle
D. None of the above (1 mark)

95. According to the publication “Managing the Business Risk of Fraud: A Practical Guide” by IIA, AICPA and ACFE, which of the following is NOT a type of a fraud risk management component?

A. Affirmation process
B. Process evaluation and improvement (quality assurance)
C. Continuous monitoring
D. None of the above (1 mark)

96. Which of the following is NOT one of the 11 principles of risk management provided by ISO 31000:2018?

A. The risk management program takes human and cultural factors into account
B. The risk management program is dynamic, iterative and responsive to change
C. The risk management program explicitly addresses uncertainty
D. The risk management program is rigid to ensure compliance (1 mark)

97. Which of the following is NOT an area, factor or consideration related to fraud investigation and corrective action principle?

A. Establishing fraud investigation and response plan and protocols
B. Conducting investigations
C. Communicating investigation results
D. Considering internal and external factors (1 mark)

98. The management of ABC company wants to develop a formal risk management program using a risk management framework as a guideline. In developing the program, management should tailor the framework to the organisation’s needs. Which of the following is NOT an element that should be considered?

A. Industry condition
B. Financial condition
C. Organisation culture
D. None of the above (1 mark)

99. Sources of information gathered to assess fraud risks usually do not include:

A. Analytical procedures
B. Inquiries of management
C. Communication among audit team members
D. Review of corporate charter and bylaws (1 mark)

100. According to Dr. Steve Albrecht, which of the following is NOT a root cause of fraud?

A. Perceived opportunity
B. Rationalisation
C. Perceived situational pressure
D. Low personal integrity (1 mark)

(Visited 27 times, 1 visits today)
Share this:

Written by