Fraud happens in companies of all sizes, in all industries, and in all countries. Given enough time, it will almost certainly happen in a company that does not enact proactive fraud prevention measures. Do you know what initiatives are most effective in deterring potential fraudsters? Are your clients among those who are left unguarded? How well-versed are you in protecting organizational resources from the hands of would-be fraudsters? Take this quiz and find out.
1. Generally speaking, what is the primary objective of a fraud risk assessment?
a. To provide an estimate of an organization’s fraud losses.
b. To help an organization’s leadership identify areas most vulnerable to fraud.
c. To establish the guilt or innocence of an employee suspected of committing fraud.
d. To assess the design and effectiveness of internal controls over financial reporting.
2. In May 2013, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released an update to its original Internal Control—Integrated Framework. According to Principle 8 of the new framework, an organization’s management should consider the potential for fraud in assessing risks to the achievement of objectives. Which of the following is NOT one of the specific attributes associated with this principle in the updated COSO framework?
a. Reporting past instances of fraud and identifying the measures implemented to prevent them from happening again.
b. Considering how management might engage in or justify inappropriate actions.
c. Assessing opportunities to commit fraud.
d. Evaluating incentives and pressures to commit fraud.
3. Brooks Co.’s management recently developed an antifraud policy. The goal is to ensure that employees are familiar with the policy and that they understand the red flags of fraud. Management also wants to use the policy to emphasize the company’s commitment to fraud prevention. Brooks Co.’s CEO charged Patrick with developing an antifraud training program to communicate the policy to the company’s staff. Which of the following is a best practice that Patrick should implement when designing an antifraud training program for Brooks Co.?
a. Design the program to cover the antifraud policy in painstaking detail, ensuring every component of the policy is covered during training.
b. Use only online self-study courses for the training, rather than live seminars, so that employees can complete the training at their own pace.
c. Train every employee of the company on the antifraud policy, focusing the training disproportionately on higher-level management.
d. Have a third party conduct the antifraud training to ensure it appears unbiased and not accusatory.
4. Which of the following is a recommended practice for preventing fraud?
a. Reducing the perception of detection.
b. Establishing and adhering to a system of disciplinary actions for rule breakers.
c. Requiring all employees to report any fraud-related concerns to their immediate supervisor.
d. Ensuring autocratic rule by management.
5. Ellen is the hiring manager at Wallace and Co., a public accounting firm. She knows that thoroughly vetting potential employees is essential for the firm’s fraud prevention program, so she carefully screens all résumés before inviting a candidate for an interview. Of the following, which is the most common area of falsification on résumés?
a. Made-up certifications.
b. Bogus college or graduate degrees.
c. Omitting past employment.
d. Exaggerating past employment dates.
6. Establishing an effective system of internal controls aims to reduce which leg of the fraud triangle?
7. Expense reimbursement fraud is a concern at just about every organization. Which of the following controls would be the LEAST effective in preventing this type of occupational fraud?
a. Requiring that expense reports be submitted within two weeks from the date on which the expense was incurred.
b. Requiring electronic copies of receipts for expenses.
c. Requiring review and approval of expense reports by the individual’s supervisor.
d. Requiring that expense reports include original support for all expenses.
8. Kelly was recently hired as an antifraud consultant for Guadalupe Group, a local private company. Guadalupe Group’s management wants to ensure that the company is focusing its fraud prevention and detection efforts in the most strategic and efficient ways, so the management asked Kelly to target those controls that have historically been the most effective. If Kelly bases her suggestions on fraud detection statistics, which of the following detection methods should Kelly emphasize during her engagement?
a. External audits.
b. Internal audits.
c. Hotline/whistleblower mechanism.
d. Management review of financial statements.
9. The purchasing function is one of the highest-risk areas for fraud in a company. Accordingly, proactive efforts should be made to ensure strong antifraud controls are in place for purchasing procedures. All of the following measures are recommended to help mitigate the risk of purchasing fraud EXCEPT:
a. Separate the purchasing function from the payment function.
b. Prohibit competitive bidding in the purchasing process.
c. Use prenumbered purchase requisitions, purchase orders, and receiving reports.
d. Assign identification numbers to approved vendors.
10. Which of the following is an appropriate policy for minimizing employee pressures to commit fraud?
a. Enact rigid work arrangements so that all employees are on the same daily schedule.
b. Provide only minimal information to staff regarding high-level company activities and corporate strategies.
c. Establish harsh disciplinary measures for rule breakers in lieu of incentives for whistleblowers.
d. Provide performance-based compensation rather than profit-based compensation.
1. (b) One of the first steps in preventing fraud is conducting an assessment of what fraud risks are present at an organization. A fraud risk assessment is a process aimed at proactively identifying and addressing what makes an organization most vulnerable to both internal and external fraud. By conducting this assessment, management can identify where fraud is most likely to happen, enabling proactive measures to be considered and implemented to reduce the chance that it will occur.
2. (a) On May 14, 2013, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued an updated Internal Control—Integrated Framework. COSO’s original internal control framework, issued in 1992, is considered the leading guidance for designing a system of internal controls. The updated framework is merely an enhancement, intended to maintain the original framework’s relevance in light of the many changes in business, operating environments, legislation, and technology that have occurred since its inception. According to the AICPA white paper COSO 2012—Updated, Principles-Based, and More Guidance, one of the most significant changes in the updated framework is the requirement of “a specific risk assessment principle related to fraud risk.” Principle 8 of the framework reads:
The organization considers the potential for fraud in assessing risks to the achievement of objectives. The attributes include:
- Considers various ways that fraud can occur—The assessment of fraud considers possible loss of assets, fraudulent reporting, and corruption resulting from the various ways that fraud and misconduct can occur.
- Considers risk factors—An entity’s assessment considers factors that influence the significance of the loss of assets and the related impact on operations, reporting, and compliance activities.
- Assesses incentive and pressures—The assessment of fraud risk considers incentives and pressures.
- Assesses opportunities—The assessment of fraud risk considers opportunities for unauthorized acquisition, use, or disposal of assets, altering of the entity’s reporting records, or committing other inappropriate acts.
- Assesses attitudes and rationalizations—The assessment of fraud risk considers how management and other personnel might engage in or justify inappropriate actions.
3. (c) An antifraud policy is an integral component of a comprehensive fraud prevention program, but such a policy does no good if it simply sits on a shelf. Training programs are necessary to communicate the antifraud policy to all employees. Because those in positions of power have the ability to commit the most devastating frauds and because employees look up to management for guidance on how to behave, ethics training should be disproportionately focused on management. Additionally, those conducting the training should avoid drowning employees in the details of the ethics policy. While the written policy should be detailed and thorough, the training is meant to serve as a concise overview that provides employees with the most important points they need to know to help protect the organization from fraud. While live seminars are the preferred training delivery method, a variety of media types may be used—webinars, online self-studies, workbooks, and so on. In the event of a live seminar, the instructors should be people internal to the company who truly understand the organization’s ethical climate and culture.
4. (b) Fraud prevention efforts are greatly enhanced when employees are subject to a system of disciplinary measures for rule breakers and incentives for those who demonstrate good behavior. Employees must know that if they violate the organization’s policy, they will be punished. This is important because the opportunity to commit fraud is psychologically more acceptable to employees who believe fraud normally goes undetected and unprosecuted. A system of discipline and incentives must be consistently applied across the entire organization in a fair, balanced, and incremental manner to be effective.
5. (d) The importance of conducting thorough background checks, including painstaking fact-checking of candidate résumés, cannot be overstated. Hiring an unethical person can lead to myriad problems at any company, especially a public accounting firm. Independence and integrity make up the backbone of the profession, and without these qualities CPAs’ work is worthless. The consequences of hiring dishonest employees might include lost productivity, low-quality work, negative publicity, unhappy clients, and costly litigation. These problems can be prevented by performing due diligence during the recruiting process. According to security consulting firm Marquet International, the most common type of dishonesty on job applicants’ résumés is exaggerated past employment dates. In addition to scrutinizing this aspect of applicants’ résumés, Ellen should also watch for other common lies found on résumés, such as fabricated degrees and certifications, enhanced job titles and responsibilities, and fraudulent references.
6. (a) The fraud triangle, developed by criminologist Donald Cressey, is a model for explaining the factors that cause someone to commit occupational fraud. According to Cressey, three factors must be present at the same time for an ordinary person to commit fraud: pressure, opportunity, and rationalization. Establishing an effective system of internal controls aims to reduce the opportunity to commit fraud. Because no organization is immune to fraud, it is critical that management institute both organizationwide fraud prevention controls and controls designed to prevent specific fraud schemes.
7. (b) Since travel costs are highly variable and some employees are constantly on the road, it can be difficult to ensure the legitimacy of all claimed expenses. Accordingly, strict controls need to be in place to prevent employees from perpetrating expense reimbursement fraud. When possible, employees should be required to submit original, paper receipts. Given the amount of electronic and internet commerce that most businesses conduct, this is not always possible. However, electronic copies of receipts are often much easier to forge and doctor than paper receipts. Consequently, special attention should be paid to any receipts that come via email or email attachment. Additional verification procedures, such as corroborating prices on internet receipts with those found on the vendor’s website, can assist in uncovering electronic receipts that have been falsified.
8. (c) The initial detection of a fraud scheme is probably the most important moment in the fraud examination process. Early detection can result in decreased losses and salvaged corporate reputation. A fraudster’s misdeeds can come to light in many ways. According to the 2012 Report to the Nations on Occupational Fraud and Abuse from the Association of Certified Fraud Examiners (ACFE), tips have been the most common fraud detection method since the ACFE began tracking this data in 2002. More than 43% of frauds were detected by tip in the 2012 study, and more than 50% of these tips came from employees of the victim organizations. Accordingly, as part of her antifraud consulting engagement, Kelly should make sure Guadalupe Group’s hotline adheres to best practices for reporting mechanisms. She should emphasize the importance of a well-publicized and widely supported hotline, because such a mechanism can have a preventive effect. According to the ACFE report, organizations with some form of hotline in place were much more likely to detect fraud with the help of a tip than organizations that did not have such a hotline. By giving all employees a clear and secure way to report suspected wrongdoing, a reporting mechanism can increase the perception of detection and deter a potential fraudster from committing a harmful act.
9. (b) A false-billing scheme involves manipulating the purchasing process to make a fraudulent claim for payment upon a victim organization. Such schemes include submitting invoices from shell companies, manipulating payments to existing vendors, and paying personal expenses through the purchasing system. Because most businesses’ disbursements are made in the purchasing cycle, false-billing schemes can hide larger thefts than other kinds of fraudulent disbursements, such as payroll fraud and expense reimbursement fraud. The prospect of large rewards, along with the fact that this type of fraud can be committed without the perpetrator actually having to handle the misappropriated cash or checks while at work, makes billing schemes particularly appealing to fraudsters. To help guard against false-billing schemes, whenever possible, companies should enforce competitive bidding practices. Competitive bidding is a transparent procurement method in which bids from competing contractors, suppliers, or vendors are invited by openly publicizing the scope, specifications, and terms and conditions of the proposed contract, as well as the criteria by which the bids will be evaluated. The aim of competitive bidding is to obtain goods and services at the lowest prices by stimulating competition and preventing bias and fraud.
Segregation of duties is also particularly important when it comes to preventing false-billing schemes. For enhanced effectiveness and accountability, companies that are sufficient in size should have a separate purchasing department. Regardless of a company’s size, the purchasing function should be separate from the payment function. Certain preventive controls mitigate the risk of purchasing fraud as well, such as the use of prenumbered purchase requisitions, purchase orders, and receiving reports. Additionally, all vendors should be approved and assigned a unique vendor ID before being issued any payments.
10. (d) Pressure is one of the key factors that drives employees to commit fraud, and it can come from many places: family needs, a desire to keep up with a friend’s lifestyle, personal debt, or simple greed. Often, the pressure to commit fraud stems from how employees are treated by their employers. Fraud occurs less frequently when individuals feel positively about their employers than when they feel abused, threatened, or ignored. Negative workplace environments diminish morale, and employees who consider themselves to be unfairly treated are more prone to commit fraud. Accordingly, proactive efforts to increase employee morale can provide an effective fraud prevention mechanism. Some ways to increase employee morale include offering flexible work schedules, providing incentives to whistleblowers, keeping staff well-informed of the organization’s strategic plans and activities, and providing competitive compensation.
Additionally, reducing the pressures on employees to “make the numbers at any cost” can reduce the likelihood of fraud. One way to reduce pressures is to provide performance-based compensation, rather than profit-based or revenue-based compensation. When compared to profit- or revenue-based compensation, performance-based compensation—such as bonuses calculated as a function of clearly set performance indicators—can reduce the motivation to cut corners, cheat, or fraudulently make the numbers. In some industries and for some positions, compensation is most effective when it is tied to sales or profits. When this is done, it is important to monitor the staff’s performance closely and ensure all efforts are made to prevent employees from overstating revenues or other key metrics.
If you answered nine or 10 questions correctly, congratulations. Your arsenal of antifraud knowledge is well-armed and ready to aid in the fight against fraudulent conduct. Keep up the good work.
If you answered seven or eight questions correctly, you’re on the right track. Continue to build on your knowledge of fraud prevention.
If you answered fewer than seven questions correctly, you might want to brush up on your antifraud knowledge. Enhancing your understanding of fraud prevention concepts will help ensure that you have what it takes to keep your assets protected from would-be fraudsters.
Catherine Lofland (firstname.lastname@example.org) provides content for the research department, and Andi McNeal (email@example.com) is director of research, both for the Association of Certified Fraud Examiners.
To comment on this article or to suggest an idea for another article, contact Jeff Drew, senior editor, at firstname.lastname@example.org or 919-402-4056.