CERTIFIED FORENSIC FRAUD EXAMINER (CFFE) MODULE THREE
FRAUD PREVENTION AND DETECTION
MONDAY: 1 December 2025. Morning Paper. Time Allowed: 3 hours.
This paper has two sections. SECTION I consists of fifty (50) Multiple Choice Questions carrying fifty (50) marks. SECTION II has four (4) structured questions carrying fifty (50) marks. Answer ALL questions. Marks allocated to each question are indicated at the end of the question.
SECTION I (50 MARKS)
1. Which one of the following methods is NOT a challenge in fraud prevention?
A. Denial of existence of fraud
B. Lack of capacity in fraud prevention
C. Lack of resources
D. Lack of internal audit function (1 mark)
2. Which one of the following statements is NOT part of management’s responsibilities for the anti-fraud program?
A. Evaluating the effectiveness of the internal controls
B. Setting the tone at the top
C. Consistent response to incidences of fraud
D. Creating a culture of ethics that supports the anti-fraud initiatives (1 mark)
3. Which one of the following statements BEST explains rationalisation according to Donald R. Cressey?
A. I can borrow and return the money before it is detected.
B. I need to pay for my loan balance that is three months in arrears
C. I need to compensate myself for the extra hours worked with no pay
D. My friends are going for a lavish vacation. I need to take my employers cash sales money so as a pay for the contributions required for the vacation (1 mark)
4. Which one of the following parties has the PRIMARY responsibility for designing, implementing, monitoring and improving the fraud risk management programme?
A. The audit committee
B. Senior management
C. Risk and control personnel
D. Board of directors (1 mark)
5. Which one of the following terms is NOT a white-collar crime?
A. Conflict of interest
B. Abuse of office
C. Corruption
D. Embezzlement (1 mark)
6. Which one of the following statements is ACCURATE with regard to communication of the anti-fraud policy?
A. The policy should not be communicated to outside parties
B. The policy should be presented through a formal training
C. The policy should be communicated verbally
D. The policy should only be issued to employees (1 mark)
7. Which one of the following statements is ACCURATE with regard to conducting background checks?
A. Before hiring, management should conduct background checks where and to the extent permitted law
B. Background checks are not necessary for existing employees being promoted
C. Drug screening is necessary to only potentially drug addicted personnel
D. Criminal background checks can only be on court order (1 mark)
8. Which one of the following components is NOT a component of an anti-fraud policy?
A. Policy statement
B. Fraud risk assessment
C. What constitutes fraud
D. Responsibility for fraud prevention (1 mark)
9. Which one of the following statements is ACCURATE with regard to International Professional Practice Framework (IPPF) for internal auditors’ fraud responsibilities?
A. Internal auditors must have sufficient knowledge to evaluate risk of fraud
B. Due professional care imply infallibility in regards to internal auditor’s professional audit execution
C. Assurance procedures internal auditors guarantee that all significant risks were identified and reported
D. Internal auditors must have sufficient knowledge to detect risk of fraud (1 mark)
10. Which one of the following statements BEST describes cascading training in fraud prevention?
A. Progressive training to ensure consistency
B. Employees training from their supervisors
C. Employees training conducted consultants
D. Formal training conducted across the organisation (1 mark)
11. Which one of the following responsibilities is NOT an internal auditor’s responsibility for fraud risk management? Internal auditors should .
A. identify and assess fraud risks
B. should support the fraud risk assessment process
C. evaluate the effectiveness of the internal controls
D. design and implement controls to mitigate fraud risks (1 mark)
12. Which one of the following statements is NOT ACCURATE in regard to fraud risk assessment in relation to fraud prevention? Fraud risk assessment provides .
A. preventive measures
B. detective measures
C. for informed communication for fraud risks
D. for strong internal controls (1 mark)
13. Which one of the following statements is ACCURATE in regard to professional ethics for fraud examiners?
A. A fraud examiner may express an opinion on the guilt or innocence of a suspect based on the evidence gathered
B. A fraud examiner shall not knowingly violate the law
C. A fraud examiner shall not violate the law
D. Fraud examiners must occasionally improve their competence through formal training (1 mark)
14. Which one of the following statements is NOT accurate in regard to factors that influence fraud risk?
A. Technical skills and knowledge
B. The nature of business
C. Fraudulent organisational culture
D. The effectiveness of the internal controls (1 mark)
15. Which one of the following statements is ACCURATE in regard to auditors’ responsibilities relating to fraud in an audit of financial statements according to International Standards on Auditing (ISA) 240?
A. The purpose of ISA 240 is to provide rules on auditor’s responsibility in audit of financial statements
B. The standard requires the auditor to focus on areas where there is risk of material misstatement due to fraud, including management fraud
C. ISA 240 is intended to provide structures that need to be included in the main sections of the overall audit process
D. ISA 240 requires that the auditor ensures there is no unavoidable risk in regard to material misstatements
(1 marks)
16. Which one of the following statements is ACCURATE in regards to procedures for preventing fraud?
A. Control activities are the most effective method of fraud prevention method
B. Segregation of duties is the most effective method of fraud prevention
C. Fraud risk assessment is the most effective method of fraud prevention
D. Fraud awareness training is most effective method of fraud prevention (1 marks)
17. According to B. F. Skinner, which one of the following is the MOST effective way to modifying destructive behavior to productive behavior?
A. Soft controls
B. Punishment
C. Internal controls
D. Hard controls (1 mark)
18. Which one of the following statements BEST describes privileged information held a fraud examiner? Privileged information .
A. is that information that cannot be demanded even court because it is protected
B. can only be requested the court
C. is that which the fraud examiner can only share under duress
D. can only be shared with interested parties (1 mark)
19. Which one of the following measures can help to modify desires and prevent criminal behaviour?
A. Punishment
B. Negative reinforcement
C. Positive reinforcement
D. None of the above (1 mark)
20. Which one of the following statements is NOT accurate in regard fraud examiners professional ethics?
A. Fraud examiners must not use confidential information obtained during the course of professional engagement in a way that conflicts the interests of the client or employer
B. Fraud examiners must be careful in situations where keeping silent could be construed as obstructing justice or engaging in a conspiracy
C. Fraud examiners may only use confidential information in furtherance of their professional responsibilities.
D. Confidentiality relationship runs first with suspect being investigated due to data privacy (1 mark)
21. Which one of the following BEST explains fraud examiners reporting of material matters?
A. In determining materiality, fraud examiners should consider what they themselves think is material and important
B. Fraud examiners should report all material matters discovered during fraud examination which if omitted could distort facts
C. When matters are not clear, the fraud examiners should totally skip that matter to avoid distortion of the facts
D. Material being user-oriented concept, material information is that which if omitted would not change a user’s perceptions and conclusion (1 mark)
22. Which one of the following statements BEST describes corporate governance according to organisation for economic co-operation and developments (OECD)?
A. Procedures and processes to which an organisation is directed and controlled
B. The separation of the executive and none executive boards
C. Proactive measures about strategic management of an organisation board of directors
D. None of the above (1 mark)
23. Which one of the following is NOT one of the three elements of causation of crime according to the Routine Activity Theory?
A. The availability of suitable targets
B. The presence of motivated offenders
C. The absence of capable guardians
D. The presence of opportunity (1 mark)
24. Which one of the following statements is NOT accurate in regard to detective controls? Detective controls
.
A. increase the perception of detection
B. discourages employees from engaging in fraudulent activities
C. are control activities that put controls into action
D. encourages employees not to engaging in fraudulent activities (1 mark)
25. Which one of the following principles is NOT among the principles of corporate governance?
A. Responsibility
B. Fairness
C. Transparency
D. Independence (1 mark)
26. Which one of the following controls is NOT both preventive and detective?
A. Effective reporting program
B. Surprise audits
C. Fraud audits
D. Special audits (1 mark)
27. Which one of the following COSO component provides a foundation for all other controls?
A. Control environment
B. Fraud risk assessment
C. Control activities
D. Information and communication (1 mark)
28. Which one of the following fraud related controls is preventive?
A. Training and awareness
B. Proactive audit procedures
C. Surprise audits
D. Analytical reviews (1 mark)
29. Which one of the following elements facilitates fraud?
A. Low personal integrity
B. Low perception of detection
C. The nature of the business
D. Sense of entitlement (1 mark)
30. Which one of the following is the MOST EFFECTIVE method of enhancing reporting of fraudulent activities?
A. Establishment of an outsourced fraud hotline
B. Training and awareness
C. Establishment of an in-house fraud hotline
D. Whistleblower policy (1 mark)
31. Which one of the following parties are associated with the risk of lack of oversight?
A. Board of directors
B. Management
C. Employees
D. Internal auditors (1 mark)
32. Which one of the following parties have the overall responsibility for monitoring the effectiveness of the internal controls?
A. Board
B. Management
C. Internal auditors
D. Internal auditors and management (1 mark)
33. Which one of the following is NOT an inherent risk of fraud?
A. Low perception of detection
B. Weak controls
C. Rationalisation
D. Low personal integrity (1 mark)
34. Which one of the following BEST describes a situation that encourages employees in engaging in fraudulent activities?
A. High perception of detection
B. Financial pressure
C. Sense of entitlement
D. Low perception of detection (1 mark)
35. Which one of the following fraud principles is associated with defining the management’s fraud risk appetite?
A. Risk assessment
B. Fraud risk governance
C. Fraud risk oversight
D. Fraud risk assessment (1 mark)
36. Which one of the following fraud controls CANNOT help in increasing the perception of detection?
A. Proactive fraud audits
B. Training and awareness
C. Surprise audits
D. Reporting programs (1 mark)
37. Which one of the following statements is ACCURATE in regard to fraud related controls?
A. Fraud controls are hard controls that effectively prevent fraud
B. Fraud controls are basic controls that effectively prevent fraud
C. Fraud control is a process that is aimed at reducing incidences of fraud and also maximising detection
D. Fraud controls are made of rules and procedures that minimise the occurrence of fraud while maximising detection of fraud respectively (1 mark)
38. Which one of the following components of fraud prevention health checkup is related to defining fraud risk appetite?
A. Fraud risk management policy
B. Proactive detection
C. Fraud risk assessment
D. Control environment (1 mark)
39. Which one of the following parties have the overall responsibility for monitoring the effectiveness of the compliance programme?
A. Internal auditor
B. Risk officer
C. Management
D. Compliance officer (1 mark)
40. Which one of the following parties have the ultimate responsibility for establishing a culture of zero tolerance for fraud and corruption?
A. Managers and supervisors
B. Risk manager
C. The board
D. Management (1 mark)
41. Which one of the following activities communicates management’s zero tolerance for fraud? Management has
.
A. designed and implemented strong controls
B. designed and implemented a case to case basis response
C. enhanced internal controls
D. put procedures in place discourage employees from engaging in fraud and corruption (1 mark)
42. Which one of the following statements is NOT ACCURATE with regard to employee responsibility for fraud prevention in an organisation? Employees have responsibility for .
A. reporting fraud
B. assisting in creating a culture of integrity
C. assisting in monitoring of risks of fraud
D. designing and implementing preventive controls (1 mark)
43. Which one of the following perceptions would be more reliable with regard to management’s tone at the top?
A. Board’s perception
B. Internal Auditor’s perception
C. External auditor’s perception
D. Employees perception (1 mark)
44. Which one of the following statements is NOT accurate with regard to the internal auditor’s responsibility for fraud risk management program?
A. Internal auditor should identify and assess the risks of fraud
B. Internal auditor should detect fraud in the cause of an audit engagement
C. Internal auditor should evaluate the effectiveness of the fraud risk management program
D. Internal auditor should monitor the effectiveness of the fraud risk management program (1 mark)
45. Which one of the following statements is NOT accurate with regard to reducing the risk of low perception of detection? Low perception of detection .
A. is a motivating factor of fraud
B. can be reduced detective controls
C. can be reduced effectively preventive controls
D. is a root cause of fraudulent activities (1 mark)
46. Which one of the following is associated with situational pressure?
A. Financial reporting
B. Asset misappropriation
C. Corruption
D. Conflict of interest (1 mark)
47. Which one of the following procedures can help in enforcing controls to demotivate employees from engaging in fraud?
A. Fraud risk assessment
B. Code of ethics
C. Training and awareness
D. Proactive fraud audits (1 mark)
48. Which one of the following statements is ACCURATE with regard to reactive audits? Special audits
.
A. are reactive activities that are performed in response to suspicion of fraud
B. should be part of the fraud prevention policy
C. are proactive fraud prevention activities
D. help to increase the perception of detection (1 mark)
49. Which one of the following statements is ACCURATE with regard to one of the main factors that lead to fraudulent activities according to Dr. Steve Albrecht?
A. Putting too much trust in key employees
B. Trusting key employees
C. Lack of clear lines of authority
D. Failure to modify desires (1 mark)
50. According to the 2024 ‘Report To The Nations’, which one of the following fraud detection methods is ranked second?
A. Tips
B. Internal audit
C. Management review
D. External audit (1 mark)
SECTION II
51. Evaluate FIVE types of controls provided the FIVE COSO components of the integrated internal control framework. (Total: 20 marks)
52. Describe FIVE methods of increasing the perception of detection in regard to fraud prevention. (Total: 15 marks)
53. Under fraud detection and prevention:
(a) Define the following terms:
(i) Fraud prevention. (2 marks)
(ii) Internal controls. (2 marks)
(b) Explain what an effective internal control system entails. (2 marks)
(c) Explain the main difference between fraud prevention and fraud detection. (2 marks)
(d) Explain two factors that motivate people in an organisation to engage in fraudulent and corrupt activities.
(2 marks)
(Total: 10 marks)
54. Identify FIVE root causes of fraud. (Total: 5 marks)
………………………………………………………………………..