What’s your fraud IQ?

Test your knowledge of ethics standards and how to properly administer and enforce ethics polices within an organization to promote ethical decision-making.

By Laura Harris and Andi McNeal, CPA

July 1, 2023

IMAGE BY AITOR DIAGO/GETTY IMAGES

July 28, 2025

Dealing with natural disasters: How to avoid fraudulent activities

July 16, 2025

Mitigate or exacerbate fraud risk? Culture’s critical role

July 14, 2025

A&A Focus recap: New fraud exposure draft, building AI trust, and a not-for-profit update

Test your knowledge of ethics standards and how to properly administer and enforce ethics polices within an organization to promote ethical decision-making.

While the ethical choice between right and wrong can seem clear, it can become complicated when applying policies and standards to people or situations in business. Knowing the applicable codes of professional conduct, as well as ethics and compliance program standards, can help CPAs perform more efficiently while also learning the proper course of action in case of any missteps along the way.

1. Spring Co. is undergoing a financial audit and has decided to conduct an ethical audit in tandem. Which of the following actions would most benefit the audit of Spring Co.’s compliance with its own ethical standards?

a. Forming an ethical audit team composed solely of internal staff members from the human resources, compliance, legal, and executive functions of the organization.

b. Analyzing the frequency, significance, and trends in unknown misconduct.

c. Observing processes for adherence to all organizational policies and procedures.

d. Interviewing employees about the company’s culture and commitment to ethics.

2. Which of the following statements is true regarding the Joint Ethics Enforcement Program (JEEP)?

a. The JEEP manual should be followed when presenting cases before the tribunal trial board, which consists of the AICPA, the state CPA society involved, and the perpetrator’s representative organization.

b. The purpose of the JEEP agreement between the AICPA and a state CPA society is to permit a single investigation of a joint member to enforce the respective codes and, if warranted, have a single settlement agreement or joint trial board hearing.

c. An individual’s AICPA membership will be suspended without a hearing if the member is convicted for the unwitting aiding in the preparation and presentation of a false and fraudulent income tax return of a client.

d. JEEP does not allow the AICPA to investigate state CPA society members who are not also AICPA members.

3. The purpose of the AICPA’s ethics investigation process is to do which of the following?

a. Protect the public.

b. Settle claims between parties or organizations involved.

c. Declare and uphold ethical standards in the organization.

d. Decide on litigation that has not been adjudicated by a court of law.

4. Julian is a CPA and works at Bramble Inc. One day he receives a letter from his state CPA society stating that a complaint has been filed against him, alleging a possible violation of the AICPA Code of Professional Conduct and asking him to respond to several questions. Julian is unsure what could have caused the allegation but knows he has done nothing wrong. What should Julian do next?

a. Wait until he receives another communication from the organization.

b. Ignore the letter and allegation.

c. Respond to the letter, noting that the allegations are false and refusing to provide answers to the questions.

d. Call the case investigator directly to refute the allegation.

5. Management at Mortar Corp. wants to promote an ethical culture, so it is reviewing the organization’s compliance and ethics program. Which of the following elements needs improvement to contribute to the program’s effectiveness?

a. Mortar uses employee incentives for compliance and appropriate disciplinary measures for violations.

b. Mortar encourages employees to raise any concerns and has a third-party hotline and website available.

c. Mortar formed a compliance committee that has operational responsibility, autonomy, and authority.

d. Mortar’s compliance and ethics training consists of telling all new employees about the standards of conduct, policies, and procedures on the first day of employment.

6. Malcolm is a manager at Weatherhold and is responsible for developing the ethics program. Weatherhold has a strong mission statement that communicates the core values of the company, determines the organizational purpose, and guides the company’s strategy. However, Malcolm wants to include another written policy to help strengthen the ethical climate. Which of the following policies or standards should Malcolm include to build an effective program?

a. Technology policy.

b. Retention policy.

c. Executive-specific policy.

d. Employment classification policy.

7. FranCo holds an all-employee meeting to discuss the recent fraud that was uncovered in the organization. Management wants to reinforce that upper and middle managers are responsible for displaying ethical behavior and sound judgment and demonstrating in both their words and actions a commitment to the organization’s ethics. Additionally, all employees in the organization play a role when it comes to ethics and compliance. Regarding fraud, all levels of staff, including management, should:

a. Design, implement, and monitor ethics activities in their own business units.

b.. Create and strengthen the internal control environment in their departments.

c. Understand how misconduct affects everyone within the organization.

d. Investigate suspicions or incidences of misconduct.

ANSWERS

1.(d) An ethical audit is an examination of an organization’s ethics that evaluates how employees behave compared to what policies and procedures dictate, industry standards require, and the public expects. When the behaviors that an organization espouses in its codes of conduct and other policies and procedures are not followed, stakeholders lose confidence, and the business could be at risk.

Independent third-party audits will yield more objective results, but the organization itself can lead ethics audits with members from different departments such as human resources, compliance, legal, and internal audit.

Procedures performed as part of an ethics audit typically include:

Reviewing the company’s ethics-related policies and procedures against best practices, expected and actual outcomes, and benchmarking data.
Interviewing employees about the company’s culture and commitment to ethics.
Observing processes for adherence to ethics-related policies and procedures.
Analyzing the frequency, significance, and trends in known misconduct.
Analyzing trends in reports of wrongdoing by employees and others.
Examining how previous ethical breaches were handled.
Asking management what the company has done to prevent repeat occurrences of past breaches.

The audit team should use a risk-based approach and select procedures based on the specific relevant ethics risks in each area (e.g., conflicts of interest in sales, falsifying company financial data in accounting, and bribery in geographic regions where such practices are common). In doing so, they should not observe every organizational process for adherence to all policies and procedures, instead focusing only on those that are ethics-related. The objective of the ethics audit should be to identify any disparities between the company’s policies and practices and where additional guidance or requirements would aid employees in making ethical decisions.

As part of the audit, the team could not have analyzed unknown misconduct because the misconduct has not yet been discovered.

2.(b) The AICPA and each of the state CPA societies have their own codes of professional conduct. Members are obligated to observe the codes as a condition of their membership, which can be revoked if the codes are not followed. The provisions of the codes of many state CPA societies are similar, if not identical, to the provisions of the AICPA Code of Professional Conduct. Additionally, professionals are often members of both the AICPA and one or more state societies. Therefore, the AICPA and the state CPA societies created a collaborative effort, the Joint Ethics Enforcement Program (JEEP), through agreements between the different societies.

The purpose of the JEEP agreement between the AICPA and a state CPA society is to permit a single investigation of a joint member to enforce the respective codes and, if warranted, have a single settlement agreement or joint trial board hearing. JEEP also permits state societies to allow the AICPA to investigate state CPA society members who are not also AICPA members. Additionally, JEEP provides for uniformity in the codes of conduct of the AICPA and state CPA societies, as well as the uniformity in the enforcement and implementation of the codes of conduct of the AICPA and state CPA societies.

The JEEP manual should be used by members of ethics committees and their staff when investigating potential disciplinary matters, entering into settlement agreements, and presenting cases before the joint trial board. An individual’s membership in the AICPA will be suspended without a hearing should there be filed with the secretary of the Institute a judgment of conviction imposed on any member for willfully aiding in the preparation and presentation of a false and fraudulent income tax return of a client.

3. (a) The AICPA has the authority to investigate complaints against its members and those of certain U.S. state CPA societies involving potential violations of the AICPA or state societies’ codes of professional conduct. The purpose of this ethics investigation process is to:

Protect the public;
Maintain confidence in the profession; and
Declare and uphold ethical standards in the profession.

However, the AICPA does not have the authority to:

Resolve fee disputes;
Award damages;
Prosecute in a criminal action;
Settle claims between parties; or
Decide on matters involving litigation that have not been adjudicated by a court of law.

4. (d) An ethics investigation is designed to gather facts and information to assist in determining whether there is evidence to support the allegations of violations of the AICPA Code of Professional Conduct. If there is insufficient evidence to support the allegations, the investigation will be closed. Individuals can review the rules of conduct that are the subject of the investigation, which can be found in the AICPA Code of Professional Conduct. Additionally, the JEEP Manual of Procedures describes the procedures governing an investigation and is available online. The procedures describe members’ rights and obligations and those of the AICPA and state CPA society ethics committees in an investigation.

Upon receiving a notice of an alleged violation, individuals should provide a substantive response to each question and include any additional information that they believe is relevant to the subject matter of the investigation, as well as any supporting evidence. They may also call the case investigator for clarification on any difficulty or uncertainty regarding specific questions.

If a member is unable to respond to the letter by the requested date (generally, within 30 days of the date of the letter), they should request an extension, as a failure to respond within the required time frame may constitute a failure to cooperate with the investigation — a violation of the AICPA or state CPA society bylaws or codes of professional conduct.

5. (d) The U.S. Sentencing Guidelines (USSG) provide for seven elements of an effective compliance and ethics program. If a convicted organization has an effective compliance program in place at the time of the offense, the sentencing judge considers the organization’s acts of due diligence in trying to prevent the illegality when deciding whether to increase or mitigate the sentence. The guidelines permit judges to give up to a 95% reduction in fines and penalties. The seven elements include:

Standards and procedures;
Governance and oversight;
Education and training;
Monitoring and auditing;
Reporting;
Internal enforcement and discipline; and
Response and prevention.

Standards of conduct, policies, and procedures should be in writing and should form the foundation for the entire compliance and ethics program.

Informing employees about the compliance and ethics program once is not sufficient in educating and conveying the appropriate information; information should be thoroughly documented and easily accessible. Mortar must fix this aspect of its program.

6. (c) Weatherhold’s formal anti-fraud, compliance, and ethics policies should provide guidance to employees in making ethical decisions, as well as communicate what management expects from them. With the anti-fraud, compliance, and ethics program, a priority should be placed on ethical conduct and the requirement that all employees abide by all company policies.

An executive-specific ethics policy should be included because executives can face different, and often more difficult, decisions than other employees. The higher a person rises in the organization, the more critical ethical decision-making becomes. Consequently, executives are frequently in a position where they must follow additional policies. Since the tone at the top must be ethical and begins with the leaders of an organization, executive-specific policies act as a deterrent in that executives are held to a higher standard. If the executive-specific policies outline precise consequences for fraudulent and unethical behaviors, executives might be less likely to perpetrate a fraudulent act.

Additionally, part of developing executive-specific policies involves determining who the executives are within the organization. From there, those charged with writing the policy should tailor it to the roles and responsibilities of these individuals.

While the company should also include policies to address concerns such as technology, retention, and employment classification, they do not specifically contribute to the anti-fraud, compliance, and ethics policies.

7. (c) All levels of employees should understand how misconduct affects everyone within the organization. For example, while the ethical tone at the top is a crucial piece of setting an ethical culture and tone for an organization, so too is the “mood in the middle” and the “buzz at the bottom.” Employees follow the tone set by their direct managers, so even the middle managers must understand and take part in how they influence the ethical behavior of the entire company.

Employees at all levels may be involved in designing, implementing, and/or monitoring ethics activities, but only as required. Some functions do not require employees to participate in such roles. Additionally, creating and strengthening the internal control environment may be a task in which employees assist or not.

All employees are expected to report suspicions or incidences of misconduct but not investigate. Investigating is not a duty of every member of an organization but a specific job function of certain departments and employees.

SCORING KEY

0–3 correct: If you answered fewer than four questions correctly, you may want to visit the AICPA Ethics Library and other sources of ethical guidance.

4–6 correct: If you answered four to six questions correctly, you’re on the right track. Continue building your ethical understanding.

7 correct: If you answered all seven questions correctly, congratulations. Your thorough knowledge of ethics will help you represent the profession accurately. Keep up the good work.

About the authors

Laura Harris, CFE, is a research specialist for the Association of Certified Fraud Examiners (ACFE), where she focuses on writing about and researching accounting fraud. Andi McNeal, CPA, CFE, is vice president of education for the ACFE, where she oversees the development and production of educational materials related to the prevention, detection, and investigation of fraud. To comment on this article or to suggest an idea for another article, contact joaed@aicpa.org.