CERTIFIED FORENSIC FRAUD EXAMINER (CFFE) MODULE THREE
FRAUD PREVENTION AND DETECTION PILOT PAPER
MARCH 2025. Time Allowed: 3 hours.
Answer ALL questions. This paper has two Sections. SECTION I consists of fifty (50) Multiple Choice Questions carrying fifty (50) marks. SECTION II has four (4) structured questions carrying fifty (50) marks. Marks allocated to each question are indicated at the end of the question.
SECTION I (50 MARKS)
1. Which one of the following statements is NOT accurate in regard to increasing perception of detection?
A. To increase the perception of detection, parties in the organisation should not be informed beforehand about activities like surprise audits
B. To increase the perception of detection parties in the organisation should be made aware that the organisation could conduct surprise audits
C. A surprise audit is a proactive fraud prevention activity that helps to increase the perception of detection
D. A surprise audit is a positive reinforcement measure, that helps to increase the perception of detection
(1 mark)
ANSWER: A
2. Which one of the following statements BEST describes the component that creates a foundation for the internal control system?
A. Proactive detection
B. Risk ownership
C. Fraud risk tolerance and risk management
D. Control environment (1 mark)
ANSWER: D
3. Which one of the following statements BEST describe positive reinforcement measure?
A. Positive reinforcement measures help to enhance the internal controls
B. Segregation of duties are examples of positive reinforcement measures
B. Positive reinforcement measures are examples of strong controls
C. Positive reinforcement measures are examples of soft controls (1 mark)
ANSWER: D
4. Which one of the following statements is NOT accurate in regard to Certified Fraud Examiners assignments?
A. A Certified Fraud Examiner cannot accept an assignment where he/she has a major interest
B. A Certified Fraud Examiner must be an accountant to conduct a forensic audit assignment
C. A Certified Fraud Examiner can accept an assignment where he/she has a major interest
D. None of the above (1 mark)
ANSWER: A
5. Which one of the following statements is NOT accurate in regard to the external auditor’s responsibility for fraud?
A. International Standard on Auditing (ISA 240) has put express responsibility on the auditor to detect fraud in the course of auditing financial statements
B. Auditors have a responsibility for identify fraud risks in all the processes
C. Auditors have a responsibility for detecting risks and red flags of fraud
D. None of the above (1 mark)
ANSWER: C
6. Which one of the following statements does NOT describe the pressure leg of the fraud triangle?
A. “I am in a financial crisis”
B. “I need money to repay my debts”
C. “Possibility of detection is very high”
D. “I have an emergency; I have no other way to solve the problem” (1 mark)
ANSWER: C
7. According to International Standard on Auditing (ISA 240), the auditor is only concerned with fraud that .
A. is perpetrated management and not employees
B. perpetrated through collusion
C. causes misstatements in the financial statements
D. none of the above (1 mark)
ANSWER: D
8. Which one of the following statements does NOT describe a justification made businesses for their misconduct?
A. The purpose for violations is to secure employees’ jobs
B. Compliance with government regulations is too expensive
C. The damage is shared among a large number of consumers
D. None of the above (1 mark)
ANSWER: D
9. According to COSO, an internal control system should be designed to provide reasonable assurance in the achievement of the organisation’s objectives. Which one of the following is NOT one of the objectives?
A. The effectiveness and efficiency of the organisation’s operations
B. To maximise profits
C. The organisation’s compliance with the laws and regulations.
D. None of the above (1 mark)
ANSWER: B
10. Which one of the following principles is NOT a core principle of sound corporate governance?
A. Responsibility
B. Integrity
C. Accountability
D. None of the above (1 mark)
ANSWER: B
11. Which one of the following parties is responsible for providing oversight over the design and implementation of the organisation’s fraud prevention program?
A. The management
B. Internal auditors
C. External auditors
D. None of the above (1 mark)
ANSWER: D
12. Which one of the following parties has responsibility for the design implementation and monitoring of the effectiveness of the fraud risk management program?
A. Risk officer
B. External audit
C. Compliance officer
D. None of the above (1 mark)
ANSWER: D
13. Which one of the following statements is ACCURATE in regard to internal control system?
A. An effective internal control system can mitigate fraud risks to a tolerance level
B. Absence of internal controls is the major root cause of fraud
C. Red flags and risks of fraud are evidence of fraud
D. None of the above (1 mark)
ANSWER: A
14. Which one of the following statements is NOT accurate in regard to white collar offenders?
A. White collar defendants are less likely to plead guilty
B. White collar defendants are more likely to plead guilty
C. White collar defendants are more likely to be jailed
D. None of the above (1 mark)
ANSWER: B
15. Which one of the following theories BEST describes the use of threat of criminal sanctions?
A. Prevention
B. Deterrence
C. Compliance
D. None of the above (1 mark)
ANSWER: B
16. Which one of the following parties in an organisation has responsibility for providing the first line of defense against fraud and corruption?
A. Internal auditor
B. Risk manager
C. Compliance manager
D. Heads of departments (1 mark)
ANSWER: D
17. Organisations should make efforts to control corporate crime. Which one of the following is an example of an approach that they should include?
A. Internal audit
B. Fraud hotlines
C. Voluntary changes in corporate attitudes
D. All of the above (1 mark)
ANSWER: C
18. Which one of the following statements BEST describes the category of crime perpetrated the directors and senior management?
A. Organisational crime
B. Occupational crime
C. Economic crime
D. None of the above (1 mark)
ANSWER: A
19. Which one of the following statements is NOT accurate in regard to the COSO control environment of an organisation?
A. It provides a foundation for all other controls
B. Sets the moral and ethical tone of the organisation
C. It sets clear organisational objectives to enable assessment of risk associated with the achievement of the objectives
D. None of the above (1 mark)
ANSWER: C
20. Which one of the following statements is ACCURATE in regard to white-collar crime?
A. In white-collar crime cases like corruption, the higher the offender’s status, the more likely the individual will not be incarcerated
B. In white-collar crime cases, the higher an offender’s status, the more likely the individual will be convicted
C. In white-collar crime cases, the higher an offender’s status, the more likely the individual will not be found guilty
D. None of the above
ANSWER: C
21. The evaluation and communication of internal control deficiencies in a timely manner to those parties responsible for taking corrective action is a principle related to which component of COSO’s Internal Control-Integrated Framework?
A. Control Environment
B. Control activities
C. Information and communication
D. Monitoring
ANSWER: D
22. Which one of the following aspects is NOT accurate in regard to a corporation’s board of directors?
A. The director’s responsibility is to represent shareholders only
B. The directors are generally elected the company stakeholders
C. The directors provide management responsibility for business operations assessing the strategy and underlying purpose of management’s decisions and actions
D. None of the above (1 mark)
ANSWER: D
23. According to the 2024 ACFE Report to the Nations, which one of the following methods is the second common fraud detection method?
A. Internal audit
B. External audit
C. Management review
D. None of the above (1 mark)
ANSWER: A
24. Which one of the following statements is NOT a measure that can be used to evaluate an organisation’s corporate culture effectively?
A. Statementss from the board and management in regard to their zero tolerance for fraud
B. The tone at the top
C. Management’s inconsistent disciplinary measures
D. Management’s response to fraudulent activities (1 mark)
ANSWER: C
25. Which one of the following statements is NOT accurate in regard to OECD principles of Corporate Governance?
A. The OECD Principles of Corporate Governance support establishing equal protection for foreign shareholders than domestic shareholders
B. The OECD Principles of Corporate Governance support establishing equal protection for domestic shareholders than foreign shareholders
C. The OECD Principles of Corporate Governance support equitable treatment for all shareholders
D. The OECD Principles of Corporate Governance support establishing stronger protection for minority shareholders, because they are more vulnerable (1 mark)
ANSWER: D
26. According to the OECD principles of corporate governance, which one of the following statements is NOT
accurate in regard to an entity’s corporate governance framework?
A. Ensure proportionate treatment according to shareholding
B. Encourage active cooperation between corporations and stakeholders in creating wealth and jobs
C. Ensure the timely and accurate disclosure of all material matters regarding the corporation
D. None of the above (1 mark)
ANSWER: A
27. Which one of the following parties is responsible for holding the board of directors accountable for the company’s resources?
A. The stakeholders
B. The regulatory authority
C. Executive board
D. Shareholders (1 mark)
ANSWER: D
28. Which one of the following recommendations is NOT a recommendation of the Treadway Commission to the audit committee to prevent financial statements fraud?
A. To be informed and vigilant
B. To have adequate resources and authority
C. To provide oversight over management
D. To have a written charter (1 mark)
ANSWER: C
29. Which one of the following parties is responsible for providing oversight over employees?
A. Managers and supervisors
B. External auditors
C. The board of directors
D. Management (1 mark)
ANSWER: D
30. Which one of the following entities is an example of an organisation that must have effective corporate governance?
A. A limited company
B. A sole proprietor enterprise
C. A public limited company
D. A limited partnership enterprise (1 mark)
ANSWER: C
31. Which one of the following parties BEST describes oversight responsibilities of different parties for an organisation’s direction, operations and performance?
A. Management
B. Audit committee
C. Corporate compliance
D. None of the above (1 mark)
32. Which one of the following principles BEST describes the principle related to clarity, accuracy, completeness and timeliness of the financial statements and other information provided management to shareholders?
A. Fairness
B. Accountability
C. Transparency
D. Responsibility
ANSWER: C
33. Which one of the following methods is the MOST effective method of fraud prevention?
A. Designing and implementing detective controls
B. Designing and implementing preventive controls
C. Designing and implementing strong controls
D. Enhancing the internal controls (1 mark)
ANSWER: A
34. Which one of the following statements BEST describes reengineering of controls?
A. Reengineering of controls involve enhancing the controls
B. Reengineering of controls involve enforcing the controls
C. Reengineering of controls is a science of reorganising the existing controls
D. Reengineering of controls is an art of reorganising the existing controls (1 mark)
ANSWER: D
35. Which one of the following is NOT a control environment principle of the COSO, that supports the design and implementation of an effective control environment?
A. Personnel at all levels demonstrate commitment to integrity and ethical values
B. Board should be independent of management and oversee the design and implementation of the internal control
C. Organisation holds internal auditors accountable for the effectiveness of the internal controls
D. None of the above (1 mark)
ANSWER: C
36. Which one of the following is NOT a fraud risk assessment principle of the COSO?
A. The organisation sets clear objectives to enable the identification and assessment of risks relating to the objectives
B. The organisation identify and detect the risks associated with the achievement of the objectives
C. The organisation identify changes that would significantly impact the system of internal controls
D. None of the above (1 mark)
ANSWER: B
37. Which one of the following is among the board’s responsibilities for fraud risk management?
A. Design and implementation of controls to mitigate the risks
B. Monitoring and proactively improving the fraud risk management programme
C. Performing and regularly updating the fraud risk assessment (1 mark)
D. None of the above
ANSWER: D
38. Which one of the following topics should NOT be covered in employee anti-fraud training?
A. A statement that management is going to respond to fraud allegation in a certain and swift manner
B. A statements that management has no appetite for fraudulent activities
C. An explanation of the exact methods that management is going to use in conducting fraud detection activities
D. None of the above (1 mark)
ANSWER: C
39. Lack of effective oversight over management and an ineffective internal control system are examples of which type of fraud risk associated with financial statements fraud?
A. Rationalisation
B. Pressure
C. Opportunity
D. Collusion (1 mark)
ANSWER: C
40. Which one of the following parties is responsible for fraud prevention in an organisation?
A. Internal auditors
B. External auditors
C. All employees
D. Board of Directors (1 mark)
ANSWER: C
41. Which one of the following statements is NOT accurate according to the differential reinforcement theory?
A. Behavior is weakened positive stimuli
B. Behavior is weakened when punishment is avoided
C. Behavior is reinforced when punishment is applied
D. None of the above (1 mark)
ANSWER: C
42. Which one of the following methods is NOT an effective method of increasing the perception of detection?
A. Conducting fraud audits
B. Establishing an effective fraud reporting program
C. Conducting proactive forensic audits
D. Conducting forensic audits (1 mark)
ANSWER: D
43. Which one of the following principles is NOT a principle pertaining to the information and communication component of the COSO’s Internal Control Integrated Framework?
A. The organisation communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control internally
B. The organisation implement control activities, to put the other controls into action
C. The organisation obtains and uses relevant, quality information to support the functioning of internal control
D. None of the above (1 mark)
ANSWER: B
44. Which one of the following statements is NOT accurate in regard to the role of human resource in fraud prevention?
A. Human resource has responsibility for assessing and maintaining high level of loyalty, which is a fraud prevention measure
B. Human resource has responsibility for monitoring employee’s lack of morale, which is a fraud risk
C. Human resource can support in conducting fraud risk assessments
D. Human resource function is the employee’s fraud risk owner (1 mark)
ANSWER: D
45. Which one of the following controls is NOT a control that employers can put in place to mitigate fraud risks associated with employees’ “sense of entitlement”?
A. Training and awareness
B. Comprehensive code of ethics
C. Anti- fraud policy
D. Proactive forensic audit (1 mark)
ANSWER: D
46. Fraud prevention health check–up is an inexpensive tool that can be used to evaluate an organisation’s fraud prevention health. Which one of the following BEST describe the component that defines the integrity and culture of the organisation?
A. Process level controls
B. Control activities
C. Fraud Risk tolerance and risk management policy
D. Control environment (1 mark)
ANSWER: D
47. According to B. F. Skinner, positive reinforcement measures are the most effective measures of modifying behavior. Which one of the following BEST describe positive reinforcement measure?
A. Positive reinforcement measures help to enhance the internal controls
B. Segregation of duties are examples of positive reinforcement measures
C. Positive reinforcement measures enforce the internal controls
D. None of the above (1 mark)
ANSWER: C
48. Which one of the following should management NOT do to create an anti-fraud culture?
A. Develop a comprehensive compliance program
B. Demonstrate zero tolerance for fraud and unethical behavior
C. Create an open-door policy environment
D. Define zero appetite for fraud risks (1 mark)
ANSWER: D
49. Which one of the following statements is MOST ACCURATE in regard to an organisation which has a culture of fraudulent and corrupt activities?
A. The employees in the organisation have low personal integrity
B. The organisation does not have strong controls in place
C. The organisation has high tolerance for fraudulent and corrupt activities
D. The organisation has an appetite for fraud and corruption risks (1 mark)
ANSWER: C
50. Which one of the following statements BEST describes the fraud risk, “There is a lot of discrimination in this organisation”?
A. Lack of loyalty
B. Sense of entitlement
C. RationaliSation
D. None of the above (1 mark)
ANSWER: A
SECTION II (50 MARKS)
51. (a) Explain the SEVEN criteria of evaluating the fraud prevention health of an organisation. (14 marks)
(b) Discuss THREE major components of a health prevention check list. (6 marks) (Total: 20 marks)
52. Evaluate FIVE positive reinforcement measures that can be used to prevent fraud. (Total: 15 marks)
53. Propose FIVE soft controls in relation that can help in fraud prevention. (Total: 10 marks)
54. Identify FIVE detective controls that can be designed and implemented to increase the perception of detection in the organisation. (Total: 5 marks)
…….……………………………………………..………………….………..