CERTIFIED FORENSIC FRAUD EXAMINER (CFFE) MODULE ONE
FRAUD AND CORRUPTION SCHEMES
MONDAY: 1 December 2025. Afternoon Paper. Time Allowed: 3 hours.
This paper has two Sections. SECTION I consists of fifty (50) Multiple Choice Questions carrying fifty (50) marks. SECTION II has four (4) structured questions carrying fifty (50) marks. Answer ALL questions. Marks allocated to each question are indicated at the end of the question.
SECTION I (50 MARKS)
1. Which one of the following is the first step of conducting a computer security risk assessment?
A. Implement firewalls and encryption
B. Identify and classify information assets
C. Identifying risks
D. Evaluating fraud risks (1 mark)
2. Which one of the following statements is NOT ACCURATE in regard to financial statement fraud?
A. Financial statement fraud is usually perpetrated accountants
B. Financial statement has the highest median loss among occupational fraud categories
C. Financial statement fraud can be perpetrated to obtain new loan covenants
D. Financial statement fraud is the least common type of occupational fraud (1 mark)
3. Which one of the following situations BEST illustrates ‘Opportunity’ element of the Dr. Cressey’s fraud triangle that could lead to financial statement fraud?
A. An organisation experiencing a sudden drop in revenue or market share
B. Management thinking shareholders will not mind if they overstate revenues in a bad year
C. An organisation failure to meet revenue and profit targets
D. Inadequate oversight over the preparation of financial statements (1 mark)
4. Which one of the following accounts are directly affected recording of a fictitious revenue?
A. Cash and revenue
B. Bad debt and revenue accounts
C. Creditors and revenue
D. Revenue and accounts receivables (1 mark)
5. Which one of the following statements is ACCURATE in regard to revenue recognition in long term contracts?
A. Percentage of completion method would represent the correct revenue earned
B. In completed-contract method revenue is recognised at the beginning of the project
C. The percentage of completion recognises revenue when the project is 100% completed
D. In completed contract method revenue is recognised depending on measurable progress of the project
(1 mark)
6. Which one of the following statements is NOT ACCURATE in regards to failure to write off bad debts?
A. Net income would be overstated
B. Current assets would be overstated
C. Current ratio would be overstated
D. Quick ratio will be overstated (1 mark)
7. Which one of the following statements is NOT an example of an improper disclosure? Failure to disclose
.
A. a related party transaction
B. an ongoing criminal proceeding
C. a significant fraud a senior member of management
D. an ongoing civil litigation (1 mark)
8. Which one of the following conditions is generally NOT a red flag of insider cyber fraud?
A. Exception reports are reviewed occasionally
B. Critical business software and systems being run at unusual hours
C. Access logs are reviewed occasionally
D. Access logs are regularly reviewed (1 mark)
9. Which one of the following methods of gaining unauthorised access to computer systems involves a fraudster using a compromised email of an executive to pose as the executive and order an employee to transfer funds to the fraudsters account?
A. Pharming
B. Business email compromise
C. Packet sniffing
D. Scavenging (1 mark)
10. Which one of the following statements is NOT accurate in regards to failure to write off obsolete or damaged inventory?
A. Assets are overstated
B. Current ratio is overstated
C. Cost of goods sold is overstated
D. Profits or net income is overstated (1 mark)
11. Which one of the following statements is NOT ACCURATE about vertical analysis of financial statements?
A. In vertical analysis of the income statement, net sales are typically assigned 100%
B. In vertical analysis of the balance sheet, total assets are assigned 100%
C. Vertical analysis expresses each line item as a percentage of a base figure
D. In vertical analysis of the cash flow statement, net income is always used as the base 100% (1 mark)
12. Which one of the following fraudulent transactions would NOT cause an increase in the quick ratio?
A. Recording fictitious cash deposits
B. Overstating accounts receivable through fictitious sales
C. Overstating inventory value
D. Misclassifying short-term liabilities as long-term liabilities (1 mark)
13. Which one of the following is NOT a red flag of bid rigging in competitive bidding process?
A. Competent contractors fail to bid
B. Defective pricing
C. There is a pattern of winning bids
D. Submission of token bids (1 mark)
14. Which one of the following statements is ACCURATE in regard to bid suppression schemes? Bid suppression schemes .
A. involve competitors submitting token bids
B. involve competitors dividing the market
C. involve competitors colluding with procuring entity’s employees
D. occur when procurement employees advertise bid in obscure publications to favor a particular contractor
(1 mark)
15. Which one of the following statements BEST describes the fraudulent effect of capitalising expenses?
A. Net income is understated
B. Net income is not affected
C. Assets are understated
D. Net income is overstated (1 mark)
16. Which one of the following assets misappropriation fraud schemes is the fraudster likely to keep a separate set of books to keep track of the transactions?
A. Register manipulation scheme
B. Lapping of receivables scheme
C. Unrecorded sales scheme
D. Understated sales scheme (1 mark)
17. Which one of the following techniques would be INEFFECTIVE in detecting skimming of revenue within an organisation?
A. Comparing receipts with bank deposits
B. Horizontal analysis
C. Observation
D. Analytical review (1 mark)
18. Which of the following reasons BEST explains why cash theft is usually easier to detect than skimming schemes?
A. Because cash theft involves theft of unrecorded cash, it can be spotted through customer complaints
B. Because theft often involves large amounts it draws more attention from auditors
C. Because cash theft involves theft of cash that has already been recorded, discrepancies can be identified through reconciliations.
D. Because skimming occurs after cash has been deposited it always leaves an audit trail (1 mark)
19. Which one of the following cyber fraud techniques involves stealing small amounts of money over time?
A. Income smoothing
B. Data diddling
C. Buffer overflow exploits
D. Salami technique (1 mark)
20. Which one of the following information security goals in e-commerce is MOST directly achieved through the use of a digital signatures?
A. Integrity
B. Confidentiality
C. Availability
D. Authentication (1 mark)
21. Which one of the following statements is the MOST effective computer physical access control?
A. Having properly trained guards
B. Installing a double door system
C. Biometric systems
D. Installing smoke detectors, motion detectors and CCTV
(1 mark)
22.
Which one of the following groups is responsible for perpetrating consumer fraud against the elderly?
A. Caregivers or family members
B. Professional fraud rings
C. Online strangers
D. Door to door fraudsters
(1 mark)
23.
Which one of the following statements BEST describes competitive intelligence?
A. Illegal and clandestine means to gather information about a competitor
B. The gathering of information from subject matter experts and informed individuals
C. A legitimate process of collecting competitor information, performance and capabilities
D. A government sponsored scheme to collect information about a foreign country
(1 mark)
24.
Which one of the following financial institution fraud is considered as the most significant?
A. New Account fraud
B. Check fraud
C. Loans fraud
D. Payment card fraud
(1 mark)
25. Which one of the following statements is NOT ACCURATE in regards to billing schemes involving shell companies?
A. The identity of owners can be known examining business registration filings
B. Perpetrators of these schemes are usually in a position to approve payments
C. Site visits can help detect these schemes
D. Most schemes in this category target sale of goods rather than services (1 mark
26. Which one of the following preventive measures is the MOST effective method of preventing billing schemes?
A. Implementing objective, performance-based compensation for purchasing staff
B. Education and training of purchasing and accounts payable personnel
C. Establishing segregation of duties between purchasing and payment functions
D. Setting up a whistle-blower hotline (1 mark)
27. Which one of the following statements BEST describes a ‘true name’ identity fraud scheme?
A. Creating a false identity with fictitious personal details
B. Using another person’s real information to open a new account
C. Altering details on an existing account after gaining access
D. Using a stolen medical card to obtain health services (1 mark)
28. Which one of the following measures is the MOST effective in preventing check fraud?
A. Immediately alert law enforcement when check fraud happens
B. Segregation of duties
C. Educating employees to recognise fraudulent checks (1 mark)
D. Job rotation
29. Which of the following reasons BEST explains why card-not-present fraudulent transactions still persist despite the introduction of smart cards?
A. Growth in online transactions
B. Smart cards can be easily replicated
C. Absence of encryption in smart card technology
D. Use of software engineers organised criminal groups (1 mark)
30. Which one of the following statements is NOT a red flag associated with improper receivables valuation schemes in financial statement fraud?
A. Unexplained increases in reported profits despite stagnant or declining sales
B. Inability to generate cash flow from operations yet reporting earnings
C. Decrease in current ratio
D. Increase in days in receivables ratio (1 mark)
31. Which one of the following statements is NOT ACCURATE in regard to quick ratio?
A. Liability concealment will cause it to increase
B. A fictitious receivables scheme would cause it to increase
C. Embezzlement schemes will cause the ratio to decrease
D. Overstating inventory will cause the ratio to increase (1 mark)
32. Which one of the following statements BEST describes a procurement fraud scheme where an employee drafts broad, vague or narrow specifications to favor a particular bidder?
A. Bid rotation
B. Bid specification scheme
C. Bid suppression
D. Bid manipulation (1 mark)
33. Which one of the following financial analysis ratio can be used to measure an organisation’s effectiveness in extending credit and collecting receivables?
A. Receivables turnover ratio
B. Debt to equity ratio
C. Inventory turnover ratio
D. Quick ratio (1 mark)
34. Which one of the following terms BEST refers to an employee who is recruited a competitor to secretly supply insider information?
A. An agent
B. A sleeper
C. An operative
D. A mole (1 mark)
35. Which one of the following procurement fraud schemes is NOT associated with the pre-solicitation phase of the procurements process?
A. Bid splitting
B. Bid manipulation
C. Bid tailoring
D. Need recognition (1 mark)
36. Which one of the following statements BEST describes accounting mischarging schemes in procurement fraud?
A. Purchasing excessive materials so that the excess materials can be used in another project
B. Inflating the cost of materials
C. Using outdated salary and wage schedules
D. Charging personal or unrelated costs to a project (1 mark)
37. Which one of the following statements BEST describes health care fraud schemes where healthcare providers charge healthcare programs or insurance for treatment that was not provided?
A. Disparate price schemes
B. Fictitious services scheme
C. Over-utilisation schemes
D. Fictitious provider scheme (1 mark)
38. Which one of the following terms describes a type of insurance fraud where an agent includes additional coverage in an insurance policy without the insured’s knowledge making it more expensive?
A. Churning
B. Ditching
C. Twisting
D. Sliding (1 mark)
39. Which one of the following healthcare fraud schemes is perpetrated patients of a healthcare program?
A. Improper contractual relationship
B. DRG creep scheme
C. False diagnosis scheme
D. Code manipulation scheme (1 mark)
40. Which one of the following is a red flag associated with bid manipulation schemes in procurement fraud?
A. The last bidder wins the bid
B. Too broad, too narrow or vague specifications for required goods or services
C. Assessment of needs is not adequately developed
D. Losing contractors are subcontracted the winning bidder (1 mark)
41. Which one of the following is NOT ACCURATE in regard to rewards offered vendors and contractors?
A. Items of value or money are given to an employee after the decision is made
B. Items of value or money are given to an employee but not for purposes of making any current decision
C. Rewards offered vendors and contractors not to influence a decision is a bribe
D. Rewards offered vendors and contractors not to influence a decision is not a bribe (1 mark)
42. Which one of the following statements is NOT ACCURATE in regards to a fraudulent transaction where an employee makes a fictitious refund and then steals cash equal to the refund from the register?
A. Perpetual inventory record will be overstated
B. Revenue is embezzled
C. Actual inventory is overstated
D. Cost of goods sold is understated (1 mark)
43. Which type of inventory misappropriation scheme occurs when employees take company inventory without making any attempt to conceal it in the accounting records?
A. Inventory theft
B. Inventory shrinkage
C. Inventory padding
D. Inventory concealment (1 mark)
44. Which one of the following security measures is considered as part of ‘Network security’ in preventing intrusion into computer systems?
A. Multifactor Authentication
B. Firewalls
C. Encryption
D. Warning screens (1 mark)
45. Which one of the following statements is NOT accurate in regard to improper disclosures related to contingent liabilities?
A. A company fails to disclose a major pending lawsuit
B. A company fails to disclose reporting changes
C. A company conduct business with a related party
D. Management fails to disclose changes in accounting principles (1 mark)
46. Which one of the following BEST describes the scheme that involve recording expenses as deposits?
A. Omission of expenses
B. Capitalisation of expenses
C. Understatement of expenses
D. Understatement of liabilities (1 mark)
47. Which one of the following is NOT an administrative security control?
A. Computer risk assessments
B. Security audit test
C. Incident response plans
D. Encryption (1 mark)
48. Which one of the following is NOT a component of an effective system to safeguard proprietary information?
A. Task force
B. Security risk assessments
C. Security policies and procedures
D. Internal control (1 mark)
49. A medical provider, performs a procedure that is supposed to be billed as one code. The medical provider intentionally submits two codes for the same procedure. Which one of the following BEST describes the health care provider fraud scheme?
A. Up-coding
B. Unbundling
C. Unnecessary procedure
D. Fictitious services (1 mark)
50. Which one of the following is NOT a financial statement fraud scheme?
A. Failure to write off bad debts
B. Recording prepayments as deposits
C. Capitalising expenses
D. Omitting expenses (1 mark)
SECTION II (50 MARKS)
51. (a) Describe FOUR financial statement fraud schemes in a listed company. (8 marks)
(b) Explain FOUR reasons why management misrepresent an organisation’s financial statements. (8 marks)
(c) State TWO red flags of financial statement fraud. (4 marks)
(Total: 20 marks)
52. Discuss FIVE essential components of an effective system of safeguarding sensitive and proprietary information.
(Total: 15 marks)
53. Explain FIVE methods of making corrupt payments. (Total: 10 marks)
54. Identify FIVE financial statement fraud schemes used to understate expenditure. (Total: 5 marks)
……………………………………………..………………….………….…