What's your fraud IQ?

By Andi McNeal, CPA

What's your fraud IQ?
Illustrations by mhj/iStock

The groundwork for effective fraud prevention and detection is found in an ethical staff that is expected to make ethical decisions and then is fully supported in doing so. Organizations that enact robust ethics programs send a clear message to their employees about which behaviors are acceptable and which behaviors are prohibited. Do you know the hallmarks of an ethical corporate culture? Are you ready and able to help institute an effective ethics program at your organization? Take this quiz and find out.

1. According to the Ethics Resource Center, what percentage of workers observed ethical misconduct at their workplaces during 2013?

a.      14%.

b.      27%.

c.       41%.

d.      73%.


2. Generally speaking, what is the difference between a code of ethics and a code of conduct?

a.      A code of ethics applies exclusively to members of management, whereas a code of conduct applies to all employees.

b.      A code of ethics describes broad ethical standards, whereas a code of conduct describes acceptable behaviors for specific situations.

c.       A code of ethics instructs employees on how to comply with laws and regulations, whereas a code of conduct comprises the company’s mission statement and core values.

d.      There is no difference—the terms code of ethics and code of conduct are synonymous.


3. As part of its current ethics program evaluation, Maple Inc. management is revisiting the company’s code of conduct. During a discussion about the existing code, a member of the management team suggests that they should enact a specific code for just the company’s executives. Which of the following is one of the goals of an executive-specific code of conduct?

a.      To provide a more stringent set of conduct standards for executives than for the rest of the staff.

b.      To reinforce policies addressing issues faced by all levels of employees.

c.       To establish harsher sanctions than legally required for executives who commit fraud.

d.      To replace the organization’s general code of conduct for executives.


4. Which of the following statements regarding an ethics audit is true?

a.      The objective of an ethics audit is to determine whether the organization’s financial statements were created in accordance with sound ethical principles.

b.      The same audit procedures should be used in each area of the company to ensure a consistent picture of the company’s ethical culture is obtained.

c.       To be effective, ethics audits must be performed by an independent third party.

d.      An ethics audit examines both qualitative and quantitative data to arrive at an assessment of the company’s ethical culture.


5. As part of its new ethics initiative, management at Green Co. is holding an ethics training session during which participants are surveyed regarding the specific character attributes they associate with ethical or unethical behaviors. Which of the following types of ethics workshops is Green Co. holding?

a.      A code of ethics assessment.

b.      A code of conduct violations and outcomes discussion.

c.       A personality analysis.

d.      An application of the ethics decision-making process.


6. Which of the following statements regarding organizations’ cultural systems is true?

a.      A company’s formal cultural system includes the language used to communicate values throughout the organization.

b.      Employees’ perceptions of informal cultural systems influence their ethics-related behavior more than formal systems do.

c.       A company’s informal cultural system includes the organization’s mission and value statements.

d.      All of the above.


7. In the wake of a corporate scandal, XYZ Co. management is expanding the company’s ethics program and has decided to create a new position for a chief ethics officer. To be most effective, the individual in this position should:

a.      Report directly to the company’s legal counsel.

b.      Have direct, unimpeded access to the board of directors.

c.       Be hired directly by the company’s vice president of operations.

d.      Be exempt from performance goals to boost independence.


8. Which of the following is NOT a recommended practice for incentivizing employees’ ethical behavior?

a.      Providing employees with a list of general ethical qualities that they should strive for to be rewarded.

b.      Allowing employees to report instances of or other employees who exhibit exemplary ethical behavior.

c.       Including ethical behavior as a formal part of all performance evaluations.

d.      Empowering managers to reward employees who exhibit a high level of ethics.


1. (c) The most recent National Business Ethics Survey conducted by the Ethics Resource Center (ERC) found that 41% of private-sector employees witnessed misconduct at their organizations during the 12 months preceding the study. This finding is a record low for the ERC’s surveys and reflects some potential good news regarding the effectiveness of many organizations’ ethics programs. Another positive note from the ERC survey is the decline—from 13% in 2011 to 9% in 2013—in the percentage of employees who reported feeling pressure to compromise their ethical standards on the job. However, 60% of the incidents of observed misconduct were perpetrated by supervisors and managers, and 67% of the misconduct involved multiple acts or ongoing unethical behavior, revealing the need for companies to continue taking proactive steps toward building an ethical culture.

2. (b) A code of ethics and a code of conduct are both integral parts of an organization’s ethics program; in many organizations, the two codes are collectively referred to as the ethics policy. Although the two codes work in tandem to provide ethical guidance to all employees, they serve different purposes and contain different information to meet that objective. A code of ethics is a principles-based code that describes broad ethical aspirations, standards, and values that support employees in making judgments about the underlying ethics of varying situations. In contrast, a code of conduct is a rules-based code that describes acceptable and unacceptable behaviors for specific situations that are likely to arise, thereby removing the need for judgment in many circumstances. In essence, the code of conduct gives substance to the code of ethics; consequently, the code of ethics tends to be straightforward and concise, while the code of conduct is usually more detailed and much longer.

3. (a) A company’s executives face different—and often more serious—ethical dilemmas than the rest of the staff. And the choices executives make typically have a much greater impact on the organization. Since 24% of misconduct and 19% of frauds involve organizations’ senior leaders, specific ethical guidance for company executives sends a clear message about expected ethical conduct from the top down. An executive-specific code of conduct should be in addition to—not in place of—the general code of conduct, and should address issues that are specifically applicable to management, such as conflicts of interest and relationship issues, protection of confidential information, financial reporting and disclosure issues, influence on independent auditors, and requirements for reporting to the board of directors and audit committee. Creating a separate code of conduct for executives also demonstrates to other staff members and outside parties the higher standards to which management is held. Further, because senior leaders are the ones setting the standard for acceptable behavior within the company, enacting more stringent ethical requirements for those individuals supports and emphasizes a strong tone at the top.

4. (d) According to the Society for Human Resource Management, an ethics audit is “a comparison between actual employee behavior and the guidance for employee behavior provided in policies and procedures.” By its nature, this type of assessment relies heavily on qualitative or subjective information; however, the ethics audit team should also consider use of quantitative, measurable data—such as employee performance review scores and helpline metrics—wherever possible. Additionally, while an ethics audit conducted by an independent third party will yield more objective results, ethics audits are often conducted by the organization itself. If the audit is conducted by an internal team, the team should consist of staff members from various functions such as HR, compliance, legal, and internal audit.

Procedures performed as part of an ethics audit typically include:

  • Reviewing the company’s ethics-related policies and procedures against best practices, expected and actual outcomes, and benchmarking data.
  • Interviewing employees about the company’s culture and commitment to ethics.
  • Observing processes for adherence to ethics-related policies and procedures.
  • Analyzing the frequency, significance, and trends in known misconduct.
  • Analyzing trends in reports of wrongdoing by employees and others.
  • Examining how previous ethical breaches were handled.
  • Asking management what the company has done to prevent repeat occurrences of past breaches.

The audit team’s selection and application of such procedures should be based on the specific relevant ethics risks in each area (e.g., conflicts of interest in sales, falsifying company financial data in accounting, and bribery in geographic regions where such practices are common). Using this risk-based approach, the goal of the ethics audit should be to identify gaps in the company’s policies and practices where additional guidance or requirements would better serve employees in making ethical decisions.

5. (c) If conducted effectively, ethics training can foster a culture of trust. While there is no single best way to train employees in ethics, training sessions are typically most effective when they are conducted live, led by managers, and held in small groups. Ethics workshops provide a more interactive and personal—and, thus, a better retained—training experience than online or lecture-style programs. Workshops can be conducted using a variety of approaches, but the goal is to provide discussion-driven, applicable, and actionable learning to all employees. Examples of some forms of ethics workshops include the following:

  • Personality analysis, in which employees participate in surveys that measure the character attributes associated with ethical or unethical behavior (e.g., conscientiousness, organizational citizenship, social dominance, and individualism/collectivism).
  • Code of ethics assessment, in which employees review the ethics code, assess how well the organization is living up to it, note areas of strength, develop strategies to improve weaker areas, and discuss whether any provisions of the code should be added, removed, or revised.
  • Code of conduct violations and outcomes discussion, in which actual cases of code of conduct violations and the resulting punishments are discussed.
  • Application of the ethics decision-making process, in which employees are walked through the ethical decision-making process using real-life situations and collaborating to derive moral solutions.
  • Application of the ethics code to a specific situation, in which employees are provided with several real-life situations and asked to determine whether specific behavior complies with or violates the ethics code.
  • Ideal employee assessment, in which a profile of an ideal ethical employee is developed and employees assess themselves against this ideal to analyze their strong points and shortcomings and then develop strategies for transforming their weaknesses into strengths.

6. (b) In any organization, two ethical cultural systems are at play: the formal system and the informal system. The formal cultural system is composed of the policies and programs that are formally established and adhered to in an effort to build and boost the company’s ethical culture. Elements of a formal cultural system include the organization’s mission statements, core value statements, ethics policies, hiring processes, orientation and training programs, and performance-management systems.

In contrast, the informal cultural system involves those symbolic traits that influence employees in a more subconscious way, such as company leaders’ responses to crises, the issues and situations that leaders systematically pay attention to, the behavior that is celebrated as part of company rituals (e.g., community service days, awards to top salespersons), and the language used to communicate values throughout the organization. Employees’ perceptions of informal cultural systems tend to influence their ethics-related behavior more than the formal systems, so attention to and proactive management of these systems is especially crucial.

7. (b) As companies embrace the importance of fostering an ethical culture from the top down, many organizations have created a leadership position charged with maintaining, monitoring, and continually improving the ethics program. Whether combined with the duties of the chief compliance officer or divided into a separate chief ethics officer role, a C-level official focused on ethics can serve as an embodiment of the organization’s desired ethical culture. The chief ethics officer role is typically charged with managing the formal and informal components of the entity’s ethics program, as well as leading the response to any potential violations thereof. However, simply appointing a chief ethics officer to the executive team does not ensure that the organization’s ethics program will be effective; the individual must also be provided sufficient authority to carry out these responsibilities. To ensure that the chief ethics officer is positioned to be most successful, he or she should:

  • Be hired (and fired) only by the board of directors.
  • Report directly to the board of directors or CEO.
  • Have direct, unimpeded access to the board for purposes of reporting potential issues in order to mitigate the potential for management interference.
  • Be held to performance goals and metrics set by the board and CEO.
  • Be independent and free from conflicts of interest, influence, and fear of retribution from parties inside and outside the organization.
  • Have the necessary resources to serve as a key member of the leadership team.

8. (a) Most organizations have performance management programs in place to address and discipline ethical breaches. But far fewer entities have implemented measures to formally incentivize desired behavior. In other words, for many companies, the stick is present, but the carrot is missing. To be fully effective, a comprehensive ethics program should include mechanisms to address both angles of encouraging ethical behavior.

Perhaps the most common method of incentivizing ethical behavior is to incorporate ethical considerations into employee performance evaluations. Requiring an assessment of employees’ ethics ensures that management evaluates employees not only on which performance objectives they met, but on how those goals were achieved. To reinforce the importance of these factors, the results should be considered in determining the employees’ bonuses and salary increases. The results should also be a key factor in all promotion decisions. Additionally, this type of assessment should carry as much weight—or even more—in executives’ performance evaluations as they do in staff-level employees’ performance evaluations.

Providing managers with the authority to reward employees who exhibit a high level of ethics, such as with a small gift or bonus, a one-on-one lunch, or some other incentive, is another effective way to incentivize ethical behavior. For example, if a company has a gift card program for rewarding outstanding employee efforts, management should include exemplary ethical behavior as a category of rewardable behavior, just as it would exceptional teamwork, problem-solving, or innovation.

Another mechanism to emphasize the importance of ethics is to provide employees with a means to submit real examples of excellence in ethical decision-making or behavior that they have observed in the organization. Management can publicly acknowledge and praise the examples received, as well as consider providing other rewards to the ethical employee if the situation merits. This form of reverse hotline, in which management seeks to collect reports of positive behavior, rather than just ethical breaches, highlights the importance the company places on detecting misconduct and fostering ethical conduct.

Whatever reward mechanisms management enacts, a large part of successfully incentivizing employees to act ethically is to define specifically what type of behavior company leadership considers ethical. A clear and helpful way to do this is to tie these expectations to the company’s value statements. Examples of such expectations for ethical behavior might be:

  • Displaying integrity in all professional situations.
  • Being truthful in dealing with customers, co-workers, suppliers, partners, and others.
  • Treating all customers, co-workers, suppliers, partners, and other individuals fairly and respectfully.
  • Exhibiting a commitment to serving the community as a whole.

As with any other performance measurement, the examples must be observable behaviors to facilitate witnessing, monitoring, and rewarding—or correcting, reprimanding, and punishing—specific incidents based on the clear criteria provided.


If you answered all eight questions correctly, congratulations. Your thorough knowledge of effective ethics program design will help you effectively in the fight against fraud and misconduct. Keep up the good work.

If you answered six or seven questions correctly, you’re on the right track. Continue to build on your knowledge of ethics and fraud prevention programs.

If you answered fewer than six questions correctly, you may want to brush up on your knowledge. Enhancing your understanding of effective ethics program components will help ensure that you have what it takes to keep your organization protected from fraud.

Andi McNeal (amcneal@acfe.com) is director of research for the Association of Certified Fraud Examiners.

To comment on this article or to suggest an idea for another article, contact Jeff Drew, senior editor, at jdrew@aicpa.org or 919-402-4056.


JofA articles

Where to find February’s flipbook issue

The Journal of Accountancy is now completely digital. 





Get Clients Ready for Tax Season

This comprehensive report looks at the changes to the child tax credit, earned income tax credit, and child and dependent care credit caused by the expiration of provisions in the American Rescue Plan Act; the ability e-file more returns in the Form 1040 series; automobile mileage deductions; the alternative minimum tax; gift tax exemptions; strategies for accelerating or postponing income and deductions; and retirement and estate planning.