Fraud Prevention and Detection April 2025

CERTIFIED FORENSIC FRAUD EXAMINER (CFFE) MODULE THREE
FRAUD PREVENTION AND DETECTION
TUESDAY: 22 April 2025. Morning Paper. Time Allowed: 3 hours.

Answer ALL questions. This paper has two sections. SECTION I consists of fifty (50) Multiple Choice Questions carrying fifty (50) marks. SECTION II has four (4) structured questions carrying (50) marks. Marks allocated to each question are indicated at the end of the question.
Click here to Access Answers with explanations to All these CFFE Past Paper Questions(Revision kit)

Click here to Access Answers with explanations to All these CFFE Past Paper Questions(Revision kit)
SECTION I (50 MARKS)

1. Which one of the following factors is NOT a factor of assessing the likelihood of occurrence of a fraud risk?
A. Past instances of a particular fraud in the organisation
B. Prevalence of the particular fraud at the organisation
C. Management support of fraud prevention initiatives
D. None of the above (1 mark)

2. Which one of the following parties is associated with the risk of override of controls?
A. Board of directors
B. Management
C. Employees
D. None of the above (1 mark)

3. Which one of the following parties has the primary responsibility for monitoring the effectiveness of the internal controls?
A. Board
B. Management
C. Internal auditors
D. Internal auditors and management (1 mark)

4. Which one of the following statements BEST describes entitlement fraud risk?
A. We can circumvent the controls to pay ourselves
B. We can override the controls and compensate ourselves adequately
C. Chances of being caught is very low
D. None of the above (1 mark)

5. Which one of the following is NOT a fraud risk?
A. Wrong tone at the top
B. Weak controls
C. Rationalisation
D. Low personal integrity (1 mark)

6. Which one of the following risks BEST describes pressure associated with meeting unrealistic financial targets?
A. Situational pressure
B. Financial pressure
C. Social pressure
D. Regulatory pressure (1 mark)

7. Which one of the following principles of the COSO component is associated with identifying and assessing changes that would significantly impact the system of internal controls?
A. Risk assessment
B. Fraud risk governance
C. Control activity
D. Monitoring (1 mark)

8. Which one of the following COSO components does NOT provide both preventive and detective controls?
A. Control environment
B. Risk assessment
C. Control activities
D. None of the above (1 mark)

9. Which one of the following is NOT an element of the fraud reporting mechanism under the fraud prevention check list?
A. Organisation making clear communication that reports of suspicious fraud will be promptly responded to
B. Employees trained on how to communicate
C. Communication that the organisation has zero tolerance for fraudulent activities
D. Reporting policies shall extend to third parties (1 mark)

10. Which one of the following controls can be designed and implemented to mitigate collusion risk?
A. Adequate oversight
B. Training and awareness
C. Effective reporting programme
D. Comprehensive compliance programme (1 mark)

11. Which one of the following statements is ACCURATE in regard to fraud controls?
A. Fraud controls are hard controls that effectively prevent fraud
B. Fraud controls are basic controls that effectively prevent fraud
C. Fraud control is a process that is aimed at reducing incidences of fraud and also maximising detection
D. Fraud controls are made of policies and control activities that minimise the occurrence of fraud while maximising detection of fraud respectively (1 mark)

12. Which one of the following components is a component of fraud prevention health checkup related to increasing the perception of detection?
A. Fraud risk oversight
B. Proactive detection
C. Fraud risk assessment
D. Control environment (1 mark)

13. Which one of the following parties is responsible for monitoring the effectiveness the compliance programme?
A. Internal auditor
B. Risk officer
C. Management
D. None of the above (1 mark)

14. Which one of the following parties has the primary responsibility for creating a culture of zero tolerance for fraudulent and corrupt activities?
A. Managers and supervisors
B. Internal auditor
C. The board
D. Management (1 mark)

15. Which one of the following statements is ACCURATE in regard to an organisation that has demonstrated zero tolerance for fraud?
A. Management has designed and implemented strong controls
B. Management has designed and implemented a case-to-case basis response
C. Management has designed and implemented preventive controls
D. None of the above (1 mark)

16. Which one of the following situations BEST describes an organisation’s zero tolerance for fraudulent activity?
A. Management has not put strong controls in place
B. Board has developed fraud policy and strategy but is not providing oversight over the design and implementation of the fraud related controls
C. The organisation conducts annual external audits
D. None of the above (1 mark)

17. Which one of the statements is NOT accurate in regard to management’s responsibility for fraud?
A. The primary responsibility for the design and implementation of anti-fraud controls
B. Establishing a culture of integrity and ethics
C. Evaluating the effectiveness of anti-fraud related programmes
D. Monitoring the effectiveness of anti-fraud related programmes (1 mark)

18. Which one of the following statements is NOT accurate in regard to positive reinforcement measures?
A. Detective controls are positive reinforcement measures
B. Detective controls are proactive measures
C. Preventive controls are positive reinforcement measures
D. Detective controls are reactive measures (1 mark)

19. Which one of the following statements is ACCURATE in regard to enhancing and enforcing of basic controls?
A. Basic controls are supposed to be enforced to effectively prevent and detect fraud
B. Basic controls are supposed to be enhanced to effectively prevent and detect fraud
C. Basic controls that are well enhanced are effective in preventing and detecting fraud
D. Strong basic controls are those that are well enforced (1 mark)

20. Which one of the following components BEST describe fraud prevention health check-up component that is related to the design and implementation of quality fraud related controls?
A. Control activities
B. Fraud risk tolerance and risk management policy
C. Internal control environment
D. Fraud risk oversight (1 mark)

21. Which one of the following statements is ACCURATE in regard to enhancing and strengthening controls?
A. Enhancing internal controls involves adding more controls while strengthening controls entails enforcing controls
B. Enhancing controls involves integrating the internal controls with preventive and detective controls
C. Enhancing internal controls involves reorganising controls while strengthening controls involve integrating the internal controls with preventive and detective controls
D. None of the above (1 mark)

Click here to Access Answers with explanations to All these CFFE Past Paper Questions(Revision kit)

Click here to Access Answers with explanations to All these CFFE Past Paper Questions(Revision kit)
22. Which one of the following statements BEST describes an effective internal control environment?
A. It is an environment with an internal control system that is integrated with preventive and detective controls
B. It is an environment with strong internal controls
C. It is an environment with enhanced controls
D. It is an environment with an internal control system integrated with preventive controls (1 mark)

23. Which one of the following statements is NOT accurate in regard to the auditors’ responsibility to consider fraud in accordance with International Standard on Auditing (ISA) 240?
A. ISA 240 has put express responsibility on the auditors to detect fraud in the course of auditing financial statements
B. Auditors have responsibility for identifying fraud risks in all the processes
C. Auditors have a responsibility for identifying red flags of fraud in all the processes
D. ISA 240 has put express responsibility on the auditors to investigate any material fraud detected during the audit of financial statements (1 mark)

24. Which one of the following statements is ACCURATE in regard to justification to commit fraud?
A. “Management is engaging in corruption, so it is okay”
B. “I deserve more compensation for the work I am doing”
C. “I can override controls”
D. “I have an emergency; I have to help myself” (1 mark)

25. Which one of the following aspects BEST describes the level of responsibility for evaluating the effectiveness on the internal controls?
A. Primary responsibility
B. Ultimate responsibility
C. Secondary responsibility
D. Overall responsibility (1 mark)

26. Which one of the following statements is NOT accurate in regard to absence of internal controls?
A. Absence of internal controls is not a red flag of fraud
B. Absence of internal controls is a root cause of fraud
C. Absence of internal controls is not a root cause of fraud
D. None of the above (1 mark)

27. Which one of the following steps is NOT a step of ensuring corporate compliance?

A. Monitoring
B. Auditing
C. Periodic evaluation
D. None of the above (1 mark)

28. Which one of the following statements is ACCURATE in regard to fraud prevention health check- up scoring points?
A. Fraud risk oversight components would score 18 out of 20 points if the board has developed fraud policies and strategy for fraud prevention
B. Fraud risk assessment component would score 9 points out of 10 if the organisation has conducted a formal structured risk assessment
C. Proactive detection component would score 8 out of 10 points if most of the detective controls were in place
D. None of the above (1 mark)

29. Which one of the following statements is ACCURATE in regard to weak internal controls?
A. Weak controls are always ineffective
B. Weak controls can be effective if they are enforced with soft controls
C. Weak controls need to be enhanced for them to be effective
D. None of the above (1 mark)

30. Which one of the following statements BEST describes the fraud risk associated with expectations of more compensation?
A. Lack of loyalty
B. Sense of entitlement
C. Lack of ownership
D. Financial pressure (1 mark)

31. Which one of the following statements describes the BEST method of measuring employee’s integrity?
A. Employees integrity is measured testing if they can engage in corrupt or fraudulent activities
B. Employees integrity can be measured evaluating the culture of the organisation
C. Employees integrity can be measured the number of fraud incidences discovered
D. Employees integrity can be measured evaluating incidences of non-compliance (1 mark)

32. Which one of the following aspects BEST describes the fraud risk associated with knowledge and technical skills to perpetrate and conceal fraud?
A. Low personal integrity
B. Rationalisation
C. Opportunity
D. Pressure (1 mark)

33. Which one of the following statements is ACCURATE in regard to forensic audits and fraud prevention?
A. Forensic audit can deter a potential fraudster from engaging in fraud
B. Forensic audit can help to reduce incidences of fraud
C. Forensic audit can help to proactively detect fraud
D. Forensic audit can encourage a potential fraudster not to engage in fraud (1 mark)

34. Which one of the following perceptions would be more ACCURATE in regard to management’s tone at the top?

A. Employee’s perception
B. Board’s perception
C. Internal auditor’s perception
D. External auditor’s perception (1 mark)

35. Which one of the following statements is NOT accurate in regard to integrity in forensic audits or fraud examination?
A. A forensic auditor require independence of mind and avoidance of conflict of interest
B. A forensic auditor should have very high level of moral philosophy
C. A forensic auditor cannot make any ethical decision outside the professional code of ethics
D. A forensic auditor must put the interest of the client before personal desires (1 mark)

36. Which one of the following statements is NOT accurate according to The Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing?
A. Internal auditor should assess the risks of fraud
B. Internal auditor should audit for fraud
C. Internal auditor should evaluate the effectiveness of the fraud risk management programme
D. Internal auditor should continuously monitor the effectiveness of the fraud risk management programme
(1 mark)

37. Which one of the following statements is NOT accurate in regard to rationalisation to commit fraud?
A. Rationalisation to commit fraud is a root cause of fraud
B. Rationalisation to commit fraud is a risk of fraud
C. Rationalisation to commit fraud can be mitigated a comprehensive code of ethics
D. Rationalisation to commit fraud can be mitigated fraud audits (1 mark)

38. Which one of the following statements is NOT accurate in regard to low perception of detection in relation to fraud prevention?
A. Low perception of detection is a motivating factor for fraudulent activity
B. Low perception of detection risk can be mitigated detective controls
C. Low perception of detection risk can be mitigated preventive controls
D. Low perception of detection is a root cause of fraudulent activities (1 mark)

39. Which one of the following aspects BEST describes an area related to situational pressure?
A. Financial reporting
B. Asset misappropriation
C. Corruption
D. Disbursements (1 mark)

40. Which one of the following aspects BEST describes deciding on what is wrong and right and what to do under the circumstances?
A. Ethical decision
B. Moral principles
C. Ethical values
D. None of the above (1 mark)

41. Which one of the following controls could help in enforcing controls to effectively reduce incidences of fraud?
A. Fraud risk assessment
B. Analytical data review

C. Proactive forensic audits
D. Surprise audits (1 mark)

42. Which one of the following statements is ACCURATE in regard to surprise audits?
A. Surprise audit is a reactive measure aimed at detecting any fraudulent activities
B. Surprise audits should be part of the fraud prevention policy
C. Surprise audit should be conducted when there is suspicion of fraud
D. An organisation should not inform employees about surprise audits but rather take them surprise
(1 mark)

43. Which one of the following statements is NOT accurate according to the U.S Corporate Sentencing Guidelines that are required for a corporate compliance programme to be effective?
A. Established standards and procedures to prevent criminal conduct
B. Proper assignment of responsibility and oversight for the compliance programme
C. Promotion and consistent enforcement of the programme through appropriate incentives for compliance and appropriate disciplinary measures for violations
D. Promotion and consistent enforcement of the programme through appropriate incentives for compliance and appropriate disciplinary measures for violations (1 mark)

44. Which one of the following statements is NOT accurate in regard to the factors that lead to fraudulent activities, according to Dr. Steve Albretch?
A. Putting too much trust in key employees
B. Trusting key employees
C. Lack of clear lines of authority
D. None of the above (1 mark)

45. Which one of the following controls is ACCURATE in regard to the most common type of anti-fraud controls according to the 2024 report to the nations?
A. Code of ethics
B. Internal audit
C. Separation of duties
D. Management review (1 mark)

46. Which one of the following aspects is an example of management review anti-fraud controls?
A. Independent analytical reviews
B. Internal audit
C. External audit
D. Reporting hotlines (1 mark)

47. According to the 2024 report to the nations, which one of the methods ranked third in fraud detection?
A. Tips
B. Internal audit
C. Management review
D. External audit (1 mark)

48. Which one of the following statements is NOT accurate in regard to fraud perpetrators according to 2024 report to the nations?
A. Fraud perpetrated executives or owners was seven times of those perpetrated employees

B. Larger percentage of the frauds in the case study were perpetrated employees
C. In more than 80% of the cases the perpetrators had shown red flags
D. The highest fraud median loss was caused employees with one-year experience (1 mark)

49. Which one of the following statements is ACCURATE in regard to monitoring the effectiveness of the internal controls?
A. Monitoring the effectiveness of the internal controls involves implementing control activities and procedures
B. Monitoring the effectiveness of the internal controls involves checking if the five COSO components are place
C. Monitoring the effectiveness of the internal controls involves testing if the controls are working
D. Montoring the effectiveness of the internal controls involves checking if fraud has occurred (1 mark)

50. Which one of the following aspects is an example of board oversight over anti-fraud control?
A. Independent analytical reviews
B. Independent evaluations of anti-fraud programmes
C. Forensic audits
D. Reporting programmes (1 mark)

SECTION II (50 MARKS)

51. Evaluate FIVE fraud risk principles of each of the COSO components that support the design and implementation of the COSO components. (Total: 20 marks)

52. Discuss FIVE preventive and detective controls that could be integrated into the internal control system to enforce the basic internal controls. (Total: 15 marks)
53. Describe FIVE differences between “internal controls” and “fraud prevention controls”. (Total: 10 marks)

54. Explain FIVE fraud related controls that are both preventive and detective. (Total: 5 marks)
………………………………………………………………………..
Click here to Access Answers with explanations to All these CFFE Past Paper Questions(Revision kit)

Click here to Access Answers with explanations to All these CFFE Past Paper Questions(Revision kit)