- What is occupational fraud?
- The use of one's occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization's resources or assets. The ACFE defines and studies it in the Report to the Nations.
- What are the three primary categories of the ACFE Fraud Tree?
- Asset misappropriation, corruption, and financial statement fraud. They are the three top branches of occupational fraud.
- Which Fraud Tree category is most common but causes the smallest median loss?
- Asset misappropriation — it occurs in the large majority of cases but typically has the lowest median loss of the three categories.
- Which Fraud Tree category is least common but causes the largest median loss?
- Financial statement fraud — it is the rarest of the three categories but produces by far the highest median loss.
- What are the two main subcategories of asset misappropriation?
- Cash schemes and noncash (inventory and other assets) schemes. Cash schemes are further divided into fraudulent disbursements, skimming, and larceny.
- What is skimming?
- The theft of cash before it is recorded in the accounting system — an 'off-book' fraud. Because the receipt is never entered, it is harder to detect than larceny.
- What is cash larceny?
- The theft of cash after it has already been recorded in the accounting system — an 'on-book' fraud, which leaves a record that can reveal the imbalance.
- What is the difference between skimming and cash larceny?
- Skimming steals cash before it is recorded (off-book); larceny steals cash already recorded on the books (on-book). Skimming leaves no direct entry; larceny creates a detectable discrepancy.
- What are the three types of fraudulent disbursement schemes most associated with billing?
- Billing schemes, check tampering, and expense reimbursement schemes. Billing schemes (shell company, nonaccomplice vendor, personal purchases) are typically the most costly disbursement type.
- What is a shell company scheme?
- A billing scheme in which a fraudster sets up a fictitious entity with no real operations to submit invoices for goods or services never provided, then approves and pays them.
- What is a pass-through (nonaccomplice vendor) billing scheme?
- A scheme where an employee buys goods through a shell company at the real cost, then resells them to the employer at an inflated price, pocketing the markup.
- What is check tampering?
- A fraudulent disbursement in which the perpetrator prepares or alters a check drawn on the employer's account — by forging the maker's signature, altering the payee, or forging an endorsement.
- What is the difference between a forged-maker and an altered-payee check scheme?
- A forged-maker scheme fakes the authorized signer's signature on a check; an altered-payee scheme changes the payee on an otherwise legitimately signed check.
- What is an expense reimbursement scheme?
- An employee fraudulently claims reimbursement — through mischaracterized, overstated, fictitious, or multiple (duplicate) expenses — for costs the organization should not bear.
- What is a register disbursement scheme?
- A fraud at the point of sale using false refunds or false voids to remove cash from a register and conceal the theft in the records.
- What is payroll fraud?
- A fraudulent disbursement scheme in which a perpetrator causes the employer to issue payments by submitting false claims — ghost employees, falsified hours/salary, or commission schemes.
- What is a ghost employee?
- Someone on the payroll who does not actually work for the company (a fictitious person or a real person who does not work there). Wages are issued and intercepted by the fraudster.
- What is corruption in the ACFE Fraud Tree?
- The wrongful use of influence in a business transaction to gain a benefit contrary to one's duty. Its subtypes are bribery, conflicts of interest, illegal gratuities, and economic extortion.
- What is a bribe?
- The offering, giving, receiving, or soliciting of anything of value to influence an official act or business decision. Bribery is a core corruption scheme.
- What is a kickback?
- A form of bribery in which a vendor gives a portion of an overbilled or steered payment back to an employee who helped direct business to that vendor.
- What is bid rigging?
- A corruption scheme in which the normally competitive bidding process is manipulated — through bid suppression, complementary bidding, bid rotation, or market division — to favor a chosen vendor.
- What is a conflict of interest in a fraud context?
- When an employee has an undisclosed economic or personal interest in a transaction that harms the employer — for example, secretly owning a vendor the employee approves payments to.
- What is an illegal gratuity?
- Giving something of value to reward a decision already made, rather than to influence one in advance (as a bribe does). It still corrupts the relationship.
- What is economic extortion?
- The flip side of bribery: an employee demands payment from a vendor as a condition of making a decision in the vendor's favor (pay or lose the business).
- What is financial statement fraud?
- The deliberate misrepresentation of an organization's financial condition through intentional misstatement or omission of amounts or disclosures to deceive financial statement users.
- What are the five common methods of financial statement fraud?
- Fictitious (overstated) revenues, timing differences (improper revenue/expense recognition), concealed liabilities and expenses, improper disclosures, and improper asset valuation.
- What is fictitious revenue?
- Recording sales of goods or services that did not occur — e.g., to fake customers or via fake invoices — to inflate reported revenue and earnings.
- What is channel stuffing?
- Inducing customers to buy more product than they need (often near period-end with generous return rights) to inflate current-period revenue; a timing/improper-recognition scheme.
- What is a Ponzi scheme?
- An investment fraud that pays earlier investors with money from new investors rather than from real profits. It collapses when new money slows or redemptions surge.
- What is the difference between a Ponzi scheme and a pyramid scheme?
- A Ponzi scheme centers on a single operator paying 'returns' from new investor funds; a pyramid scheme pays participants for recruiting others, with money flowing up through layers of recruits.
- What is a 'red flag' of fraud?
- An indicator or symptom that fraud may be occurring — such as employees living beyond their means, control overrides, missing documents, or unusual financial relationships. Red flags are not proof, but warrant inquiry.
- What are common behavioral red flags of a fraudster?
- Living beyond one's means, financial difficulties, unusually close vendor relationships, control issues / unwillingness to share duties, and recent divorce or family problems — the most common per the Report to the Nations.
- What is the most common behavioral red flag exhibited by occupational fraudsters?
- Living beyond their means, followed by financial difficulties. The ACFE Report to the Nations consistently identifies these as the top behavioral warning signs.
- What is identity theft?
- The fraudulent acquisition and use of another person's identifying information (such as Social Security or account numbers) to commit fraud or other crimes.
- What is a check kiting scheme?
- Exploiting the float between banks by writing checks against accounts with insufficient funds, covering them with other bad checks, to create the illusion of a balance.
- What is securities fraud?
- Deceptive practices in the securities markets — such as insider trading, misrepresentation in offerings, market manipulation, or investment schemes (e.g., Ponzi schemes) — that induce investors to act on false information.
- What is a financial institution fraud?
- Fraud against banks and similar institutions — loan fraud, false statements on applications, mortgage fraud, embezzlement, and check/credit-card fraud.
- What is consumer fraud?
- Deceptive schemes targeting individuals — telemarketing fraud, advance-fee schemes, false advertising, charity fraud, and similar scams.
- What is bankruptcy fraud?
- Concealing assets, making false statements, or filing fraudulent claims in connection with a bankruptcy proceeding to defeat creditors or wrongfully obtain relief.
- What is computer / internet fraud?
- Using computers or networks to commit fraud — phishing, business email compromise, ransomware-enabled extortion, account takeover, and data theft.
- What is business email compromise (BEC)?
- A scheme in which fraudsters impersonate an executive or vendor by email to trick an employee into wiring funds or changing payment details. It is a leading source of fraud loss.
- What is lapping?
- Concealing the theft of one customer's payment by applying a later customer's payment to the first customer's account, continually shifting the shortage forward.
- What is the typical relationship between a fraudster's position and the median loss?
- Higher-authority perpetrators cause larger losses: owners/executives cause the highest median losses, then managers, then employees — because authority enables larger schemes and control override.
- What does the ACFE Report to the Nations measure?
- A biennial global study of occupational fraud cases reported by Certified Fraud Examiners — covering frequency by scheme, median losses, detection methods, perpetrator profiles, and the impact of controls.
- Roughly what percentage of annual revenue do organizations lose to fraud, per the ACFE?
- The ACFE estimates organizations lose about 5% of revenue to fraud each year — a figure drawn from CFE estimates in the Report to the Nations.
- What is money muling?
- Using an individual ('mule') to receive and transfer fraud proceeds — often recruited through scams — to launder funds and distance the fraudster from the money.
- What is a salami (slicing) scheme?
- Stealing tiny, hard-to-notice amounts repeatedly (e.g., fractions of cents in many transactions) so the aggregate theft escapes detection.
- What is invoice 'goods not received' fraud?
- A billing scheme in which a vendor (or an accomplice/shell entity) bills for goods or services that were never delivered, and an employee approves the false invoice for payment.
- What is the purpose of a fraud examination?
- To resolve allegations or signs of fraud from inception to disposition — gathering evidence, taking statements, writing reports, and assisting in detection and prevention — conducted only with predication.
- What is predication in a fraud examination?
- The totality of circumstances that would lead a reasonable, prudent professional to believe a fraud has occurred, is occurring, or will occur. A fraud examination should not begin without predication.
- What is the fraud theory approach?
- A method of building a case: analyze available data, create a hypothesis, test the hypothesis, then refine and amend it as evidence develops — moving from the general to the specific.
- In what order should fraud examination interviews generally be conducted?
- From the least culpable / most neutral to the most culpable — typically neutral third parties first, then corroborative witnesses, then co-conspirators, and the prime suspect last.
- What is an admission-seeking interview?
- An interview conducted only when there is reasonable cause that the subject is culpable, designed to obtain a legally sound confession; it is conducted privately and saved for the suspect last.
- What are the three stages of money laundering?
- Placement (introducing illicit cash into the financial system), layering (separating proceeds from their source through complex transactions), and integration (returning the funds to the launderer as apparently legitimate).
- Which money-laundering stage is generally the easiest to detect?
- Placement — the initial entry of cash into the financial system — because that is when illicit funds are most exposed to controls such as currency-transaction reporting.
- What is layering in money laundering?
- The second stage: conducting complex layers of transactions (transfers, conversions, shell entities) to obscure the audit trail and separate the funds from their criminal origin.
- What is integration in money laundering?
- The final stage: reintroducing laundered funds into the economy as seemingly legitimate income or assets, making them available to the launderer without obvious links to crime.
- What is the Bank Secrecy Act (BSA)?
- A primary U.S. anti-money-laundering law requiring financial institutions to keep records and file reports (such as currency transaction reports and suspicious activity reports) that help detect and prevent money laundering.
- What is a Suspicious Activity Report (SAR)?
- A report financial institutions must file with regulators (FinCEN in the U.S.) when they detect transactions that may signal money laundering, fraud, or other crimes.
- What is a Currency Transaction Report (CTR)?
- A report U.S. financial institutions must file for cash transactions exceeding a set threshold (over $10,000), designed to detect money laundering and structuring.
- What is structuring (smurfing)?
- Deliberately breaking a large cash transaction into smaller amounts to evade reporting thresholds (such as the CTR threshold). Structuring is itself illegal.
- What is the 'know your customer' (KYC) requirement?
- Anti-money-laundering rules requiring institutions to verify customer identity, understand the nature of the customer's activity, and assess money-laundering risk.
- What is beneficial ownership in AML rules?
- The natural persons who ultimately own or control a legal-entity customer. AML rules require identifying beneficial owners to prevent the use of shell entities to hide illicit funds.
- What is the difference between common law and civil law systems?
- Common law relies heavily on judicial precedent (case law) with judges as neutral referees; civil law relies on comprehensive written codes, with judges taking a more active, investigative role.
- What is the difference between direct and circumstantial evidence?
- Direct evidence proves a fact without inference (e.g., eyewitness testimony); circumstantial evidence requires an inference to connect it to a conclusion (e.g., a document edited after the period in question).
- What is the best evidence rule?
- To prove the contents of a writing, recording, or photograph, a party generally must produce the original document when available, rather than a copy or oral description.
- What is the difference between testimonial, documentary, and physical (real) evidence?
- Testimonial evidence is given by a witness under oath; documentary evidence consists of writings and records; physical (real) evidence is tangible objects. Fraud cases rely heavily on documentary evidence.
- What is the chain of custody?
- The chronological documentation showing the seizure, control, transfer, and analysis of evidence. An unbroken chain is essential to admit evidence and prove it was not altered.
- Why must a fraud examiner preserve original documents and metadata?
- To maintain the integrity and admissibility of evidence; metadata and system logs can establish when a file was created or altered, and altering or losing originals can render evidence inadmissible.
- What is the difference between an expert witness and a lay (fact) witness?
- A lay witness testifies only to facts personally observed; an expert witness, qualified by knowledge or experience, may offer opinions to help the trier of fact understand specialized evidence.
- What is the role of a fraud examiner as an expert witness?
- To provide objective, competent opinion testimony within the examiner's expertise — clearly, without advocacy or overstatement — and to remain credible under cross-examination.
- What is the difference between civil and criminal fraud cases?
- Criminal cases are brought by the government, must prove guilt 'beyond a reasonable doubt,' and can result in incarceration; civil cases are brought by private parties, use a lower 'preponderance of the evidence' standard, and seek monetary or equitable remedies.
- What is 'beyond a reasonable doubt'?
- The high burden of proof in criminal cases: the evidence must leave the trier of fact firmly convinced of guilt. It is stricter than the civil 'preponderance of the evidence' standard.
- What is 'preponderance of the evidence'?
- The civil standard of proof — the proposition is more likely true than not (greater than 50%). It is lower than the criminal 'beyond a reasonable doubt' standard.
- What is the difference between fraud and negligence?
- Fraud requires intent to deceive (a knowing misrepresentation); negligence is a failure to exercise reasonable care without intent to deceive. Intent is the key distinguishing element of fraud.
- What are the legal elements of fraud?
- Generally: a material false statement, knowledge of its falsity (scienter), reliance by the victim, and resulting damages. Proving intent (scienter) is often the central challenge.
- What is Benford's Law?
- A principle that in many naturally occurring datasets, the leading digit is more likely to be small (1 appears as the first digit about 30% of the time). Deviations can flag possibly fabricated numbers.
- When does Benford's Law NOT apply as a fraud test?
- When numbers are assigned or constrained — e.g., ZIP codes, sequential invoice numbers, or values with built-in minimums/maximums — because they do not follow a natural first-digit distribution.
- What is data analysis (data mining) in fraud detection?
- Using software to test large datasets for anomalies — duplicate payments, gaps in sequences, round numbers, Benford's analysis, and outliers — to identify transactions warranting investigation.
- What is a forensic (fraud) audit versus a financial statement audit?
- A financial statement audit gives reasonable assurance the statements are free of material misstatement; a forensic/fraud examination targets specific allegations or anomalies, gathering evidence to a legal standard.
- What is source-and-application-of-funds analysis?
- A circumstantial method to prove illicit income by comparing a subject's known sources of funds to their expenditures and asset accumulation; an unexplained excess suggests hidden income.
- What is the net-worth method?
- An indirect method of proving unreported income by measuring the increase in a subject's net worth over a period plus living expenses, less known legitimate income.
- What is a covert (surveillance) operation in a fraud investigation?
- Observing a subject's activities without their knowledge to gather evidence; it must comply with privacy laws and organizational policy to remain lawful and admissible.
- What is the purpose of a written fraud examination report?
- To document the evidence, findings, and basis for conclusions clearly and objectively. It may be scrutinized in litigation, so it must use precise terms and avoid inflammatory or conclusory language.
- What should a fraud examiner avoid stating in a report?
- Opinions on the ultimate legal question of guilt, inflammatory or biased language, and conclusions unsupported by evidence. The report states facts and findings, leaving guilt to the trier of fact.
- What is interviewing's 'calibration' or norming?
- Establishing a subject's normal verbal and nonverbal behavior with non-threatening questions before asking sensitive ones, so the examiner can notice meaningful changes in behavior.
- What are the categories of interview questions?
- Introductory, informational, assessment, closing, and (only when warranted) admission-seeking questions — generally moving from non-threatening to more pointed.
- What is an information barrier ('firewall') in handling sensitive information?
- A control separating people or departments to prevent the misuse or flow of confidential or material nonpublic information — relevant to insider-trading and conflict-of-interest controls.
- What privacy and legal limits constrain fraud investigations?
- Examiners must respect search-and-seizure, privacy, employment, and data-protection laws; obtaining evidence unlawfully can make it inadmissible and expose the examiner and employer to liability.
- What is the difference between a public and nonpublic source of information?
- Public sources are openly available (court filings, websites, public records); nonpublic sources require authorization or legal process (a target's confidential bank or account records).
- What is digital forensics in a fraud case?
- The lawful identification, preservation, and analysis of electronic evidence — files, metadata, logs, and devices — using sound methods that preserve integrity and chain of custody.
- What is the difference between embezzlement and larceny?
- Embezzlement is the fraudulent conversion of property by someone to whom it was lawfully entrusted; larceny is the wrongful taking of property the perpetrator did not have lawful possession of.
- What is whistleblower protection?
- Legal safeguards (such as those under Sarbanes-Oxley and Dodd-Frank in the U.S.) that protect employees who report fraud or violations from retaliation, encouraging the reporting of misconduct.
- Why are tips and hotlines so important to detecting fraud?
- Because tips are consistently the most common way occupational fraud is detected, and organizations with reporting hotlines detect fraud sooner and suffer smaller losses.
- What is the role of confidentiality in a fraud investigation?
- Investigations should be conducted discreetly to protect reputations, preserve evidence, comply with the presumption of innocence, and reduce legal exposure for defamation or wrongful accusation.
- What is the Fraud Triangle?
- A model of the three conditions generally present when occupational fraud occurs: pressure (a perceived non-shareable financial need), opportunity, and rationalization. Developed from criminologist Donald Cressey's research.
- Who developed the concept behind the Fraud Triangle?
- Criminologist Donald Cressey, from his study of embezzlers ('trust violators'). His findings on pressure, opportunity, and rationalization underpin the Fraud Triangle.
- What is 'pressure' in the Fraud Triangle?
- A perceived non-shareable financial problem or motivation — debts, addictions, lifestyle, or performance targets — that drives an individual toward committing fraud.
- What is 'opportunity' in the Fraud Triangle?
- The perceived ability to commit and conceal the fraud without being caught — typically created by weak internal controls. It is the leg most directly within an organization's control.
- What is 'rationalization' in the Fraud Triangle?
- The fraudster's justification of the act as acceptable — 'I'll pay it back,' 'I'm underpaid,' 'the company can afford it' — allowing them to reconcile the crime with their self-image.
- Why is the word 'perceived' important in the Fraud Triangle?
- Because fraud is driven by the offender's perception — a perceived (not necessarily real) non-shareable pressure and a perceived opportunity. The fraudster acts on belief, not objective reality.
- Which leg of the Fraud Triangle can an organization most directly control?
- Opportunity — through strong internal controls, segregation of duties, oversight, and monitoring. Pressure and rationalization are largely internal to the individual.
- What is the Fraud Diamond?
- An extension of the Fraud Triangle that adds a fourth element — capability (the personal traits and position that enable a person to actually carry out the fraud) — to pressure, opportunity, and rationalization.
- What is the most common way occupational fraud is detected?
- Tips — by a wide margin, per the ACFE Report to the Nations — followed by internal audit and management review. Most tips come from employees.
- What is 'tone at the top'?
- The ethical example and message set by senior management and the board. A strong, honest tone discourages fraud; a poor tone or a dominant CEO who overrides controls elevates fraud risk.
- What is the COSO Internal Control–Integrated Framework?
- A widely used model defining internal control through five components: control environment, risk assessment, control activities, information and communication, and monitoring activities.
- What are the five components of the COSO internal control framework?
- Control environment, risk assessment, control activities, information and communication, and monitoring activities — together they support reliable reporting, operations, and compliance.
- What is the 'control environment' in COSO?
- The foundation of internal control: the integrity, ethical values, governance, and tone set by the organization that influence the control consciousness of its people.
- How does 'information and communication' (COSO) support anti-fraud efforts?
- By ensuring relevant information — including how to report concerns — flows to the right people throughout the organization so issues are identified and acted on.
- What is the difference between preventive and detective controls?
- Preventive controls stop fraud before it happens (segregation of duties, approvals, positive pay); detective controls find it after the fact (reconciliations, audits, data analysis, hotlines). A program needs both.
- What is segregation of duties?
- Dividing key tasks — authorization, custody, recording, and reconciliation — among different people so no single person can both commit and conceal fraud. A foundational preventive control.
- What is a fraud risk assessment?
- An ongoing, periodically updated process that identifies the organization's fraud risks, evaluates whether existing controls adequately mitigate each one, and prioritizes the gaps for action.
- Why must a fraud risk assessment be ongoing?
- Because the business, its people, systems, and external risks change continually; a one-time assessment quickly becomes stale and misses newly emerging fraud schemes.
- How does a fraud risk assessment treat existing controls?
- It evaluates whether current controls adequately mitigate each identified fraud risk and identifies residual risks that need additional or stronger controls.
- What is a fraud risk management program?
- A structured, organization-wide approach to fraud risk governance, assessment, prevention, detection, and response — aligned with overall governance and enterprise risk management.
- What are the key principles of effective fraud risk management?
- Establish a fraud risk governance policy, perform fraud risk assessments, design prevention and detection controls, conduct investigations and corrective action, and monitor the program — per the ACFE/COSO fraud risk guidance.
- What is the ACFE Code of Professional Ethics?
- The ethical rules binding Certified Fraud Examiners — including integrity, objectivity, professional competence, confidentiality, and a prohibition on knowingly making material misrepresentations or committing illegal or unethical acts.
- Under the ACFE Code, what must a CFE not knowingly do?
- Make a material misrepresentation, or commit any illegal or unethical act. CFEs must also act with integrity, exhibit professional competence, and maintain confidentiality.
- Must a CFE express an opinion on the legal guilt or innocence of a person?
- No. Under the ACFE Code of Professional Ethics, a CFE shall not express an opinion regarding the guilt or innocence of any person or party — that is for the trier of fact.
- What is white-collar crime?
- Financially motivated, nonviolent crime committed by individuals or organizations, typically involving deceit and abuse of trust — a term coined by sociologist Edwin Sutherland.
- What is organizational (corporate) crime?
- White-collar crime committed by a business for the entity's benefit — for example, systematically falsifying emissions or financial data to gain a competitive advantage.
- What is an anti-fraud (ethics) training program?
- Education that teaches employees what fraud is, how to recognize it, the organization's policies and consequences, and how to report concerns — reinforcing prevention and deterrence.
- What is a fraud (whistleblower) hotline?
- A confidential channel — often third-party operated and available 24/7 — for employees, vendors, and customers to report suspected fraud. Hotlines significantly improve detection and reduce losses.
- What is deterrence in fraud prevention?
- Discouraging potential fraudsters by increasing the perceived likelihood of detection and punishment — through visible controls, audits, enforcement, and a strong ethical culture.
- What is the role of internal audit in fraud prevention?
- To independently evaluate controls and risk management, test for fraud indicators, and recommend improvements. Internal audit is a leading detective control after tips.
- What is enterprise risk management (ERM)?
- An organization-wide process for identifying, assessing, and managing risks — including fraud risk — aligned with strategy and governance. COSO publishes a widely used ERM framework.
- Why should anti-fraud activities align with governance and ERM?
- So fraud risk is managed consistently with the organization's other risks and overseen by the board and management, rather than handled in isolation.
- What is a code of conduct?
- A formal statement of an organization's ethical principles and expected behavior. A clear, enforced code supports the control environment and deters fraud.
- What is the 'perception of detection'?
- The belief among employees that fraud will be caught. Increasing this perception — through visible auditing, monitoring, and enforcement — is one of the strongest deterrents to fraud.
- What is proactive fraud detection?
- Actively searching for fraud before it surfaces — through data analytics, continuous monitoring, surprise audits, and targeted reviews — rather than waiting for it to be reported.
- What is a surprise audit and why is it effective?
- An unannounced examination of records or operations. Because employees cannot prepare for it, it both detects fraud and deters it by raising the perceived chance of being caught.
- What is mandatory job rotation / vacation as a control?
- Requiring employees in sensitive roles to take time off or rotate duties, so ongoing schemes that require constant concealment are more likely to surface.
- How do internal controls reduce fraud opportunity?
- By limiting access, requiring authorizations, segregating duties, and creating records and reviews — they remove the opening in the Fraud Triangle that lets a person commit and hide a scheme.
- What is the relationship between controls and fraud loss, per the ACFE?
- Organizations with anti-fraud controls (hotlines, training, surprise audits, etc.) detect fraud faster and suffer significantly lower median losses than those without them.
- What is the difference between fraud prevention and fraud deterrence?
- Prevention stops fraud through controls that remove opportunity; deterrence discourages it by raising the perceived risk of getting caught and punished. Effective programs do both.
- What is corrective action in a fraud program?
- The organization's response after fraud is found — discipline, recovery, control improvements, and reporting — to remediate harm and prevent recurrence.
- What is positive pay?
- A bank control in which the company sends a list of issued checks; the bank pays only matching checks, blocking altered or counterfeit checks — a preventive control against check tampering.
- What is dual control (dual approval)?
- Requiring two people to complete a sensitive transaction (such as a large wire), so collusion would be needed to commit fraud — a preventive control.
- What is vendor verification (vendor master controls)?
- Validating new vendors and changes to vendor banking details before payment, to block shell-company and business-email-compromise schemes — a preventive control.
- What is the deterrent effect of prosecution?
- Visibly investigating, prosecuting, and disciplining fraud signals that the organization will not tolerate it, raising the perceived cost of fraud and discouraging would-be offenders.
- What is a conflict of interest scheme in procurement?
- When an employee with an undisclosed interest in a vendor steers business to that vendor, harming the employer. It is a corruption subtype that the employee must disclose.
- What are the pre-award phases of procurement fraud?
- Schemes that occur before a contract is awarded — need recognition fraud, bid tailoring, bid manipulation, and collusion among bidders or between a bidder and an employee.
- What is bid rotation?
- A collusive bid-rigging scheme in which conspiring vendors take turns winning contracts, submitting intentionally high 'complementary' bids when it is not their turn.
- What is complementary (cover) bidding?
- A bid-rigging tactic where conspirators submit bids that are intentionally too high or contain unacceptable terms, creating the appearance of competition while a chosen vendor wins.
- What is a post-award procurement scheme?
- Fraud after the contract is awarded — change-order/modification abuse, cost mischarging, and delivering non-conforming goods or services.
- What is insurance premium fraud versus claim fraud?
- Premium fraud manipulates the basis for premiums (e.g., understating payroll or risk); claim fraud submits false or inflated claims for benefits not owed.
- What is workers' compensation fraud?
- A benefit-fraud scheme — for example, a claimant faking or exaggerating an injury, or a provider billing for treatment never given — within insurance fraud.
- What are the main types of health care fraud?
- Fraud by service providers (billing for services not rendered, upcoding, unbundling), by patients (false claims, identity misuse), and by insurers or plans.
- What is upcoding in health care fraud?
- Billing for a more expensive service or procedure than the one actually provided, to obtain a higher reimbursement.
- What is the difference between tax evasion and tax avoidance?
- Tax evasion is the illegal nonpayment or underpayment of tax through deception; tax avoidance is the legal arrangement of affairs to minimize tax. Only evasion is fraud.
- What are common tax fraud schemes?
- Failure to declare income, falsified or inflated deductions, use of stolen taxpayer identities, and abusive use of tax havens or shelters.
- What is concealment of assets in bankruptcy fraud?
- Hiding or failing to disclose assets in a bankruptcy proceeding to keep them from creditors — a core bankruptcy fraud scheme along with fraudulent conveyances and planned bankruptcies.
- What is a fraudulent conveyance?
- Transferring assets to another party for little or no value to put them beyond the reach of creditors, often before or during a bankruptcy.
- What is insider trading?
- Buying or selling securities based on material nonpublic information in breach of a duty — a securities fraud scheme regulated by the SEC.
- What is a pump-and-dump scheme?
- A securities fraud in which promoters inflate a stock's price with false or misleading positive statements, then sell their shares at the peak, leaving other investors with losses.
- What is account takeover fraud?
- A payment/identity fraud in which a criminal gains control of a victim's existing account — via stolen credentials or social engineering — to make unauthorized transactions.
- What is card skimming versus shimming?
- Skimming captures magnetic-stripe data with a hidden reader; shimming captures chip-card data with a thin device inserted in the card slot. Both enable counterfeit payment cards.
- What is phishing?
- A social-engineering attack using fraudulent emails, texts, or sites that impersonate a trusted source to trick victims into revealing credentials or sending money.
- What is ransomware?
- Malware that encrypts a victim's data and demands payment for the decryption key, often combined with extortion threats to leak stolen data.
- What is a deepfake in the context of fraud?
- AI-generated synthetic audio, video, or images impersonating a real person — used to enhance social-engineering schemes such as business email compromise.
- What is intellectual property theft?
- Stealing trade secrets, research, or proprietary data — through insider threats, cyberattacks, or social engineering — distinct from lawful competitive intelligence.
- What is corporate espionage?
- The illegal or unethical acquisition of a competitor's confidential information, as opposed to competitive intelligence gathered from public sources.
- What is pig butchering (in consumer scams)?
- A long-con scam in which a fraudster builds a relationship with a victim, then lures them into a fraudulent (often crypto) investment, draining their funds over time.
- What is elder fraud?
- Scams that specifically target older adults — such as impersonation, romance, or tech-support scams — exploiting trust, isolation, or cognitive decline.
- What is a register disbursement scheme versus skimming at the register?
- A register disbursement scheme removes money already recorded using false refunds or voids (on-book); skimming takes the cash before the sale is recorded (off-book).
- What is lapping in a receivables fraud?
- Concealing the theft of one customer's payment by crediting it with a later customer's payment, continually rolling the shortage forward.
- What is a 'ghost employee' payroll scheme?
- Adding a fictitious or non-working person to payroll and intercepting their wages — a payroll fraud subtype.
- What is the difference between a shell company and a pass-through scheme?
- A shell company bills for goods or services never provided; a pass-through (nonaccomplice vendor) scheme buys real goods through the shell and resells them to the employer at a markup.
- What is e-discovery?
- The identification, preservation, collection, and production of electronically stored information for legal proceedings — distinct from forensic analysis of devices.
- Why is electronic evidence considered volatile?
- Because it can be easily altered, overwritten, or lost (e.g., when a device is used or powered off), so it must be preserved promptly using forensically sound methods.
- What are the phases of a digital investigation?
- Seizure, image acquisition (a forensic copy), analysis, and documenting/reporting — preserving the original and chain of custody throughout.
- What is OSINT?
- Open-source intelligence — information gathered from publicly available sources such as social media, public records, the internet archive, and the deep or dark web.
- What is the difference between public and nonpublic records?
- Public records (court filings, corporate and securities filings) are openly accessible; nonpublic records (credit reports, bank records) require authorization, consent, or legal process.
- What is the attorney-client privilege?
- A legal protection that keeps confidential communications between a client and attorney from disclosure; it can be waived if the communication is shared with third parties.
- What is the work-product doctrine?
- A protection for materials prepared in anticipation of litigation; it shields an attorney's or examiner's mental impressions and analysis from discovery.
- What is a legal hold?
- A directive to preserve all potentially relevant records once litigation is reasonably anticipated; failing to preserve evidence can lead to spoliation sanctions.
- What is spoliation of evidence?
- The destruction, alteration, or failure to preserve evidence relevant to litigation, which can result in sanctions or an adverse inference against the responsible party.
- What is the duty to cooperate (employee)?
- An employee's generally recognized obligation to cooperate with a legitimate internal investigation, balanced against rights such as privacy and protection from self-incrimination.
- What is entrapment?
- Inducing a person to commit a crime they were not otherwise predisposed to commit; it is a legal concern that can arise in covert operations and undercover work.
- What is the role of a confidential informant in an investigation?
- A source who provides information confidentially; examiners must follow procedures and legal limits on using and protecting informants and verifying their information.
- What is the asset method of tracing illicit funds?
- An indirect method that proves hidden income by measuring increases in a subject's assets and net worth over a period, beyond what known legitimate income explains.
- What is the expenditures method of tracing illicit funds?
- An indirect method that proves hidden income by showing a subject's expenditures exceeded their known sources of funds during a period.
- What is mail fraud and wire fraud?
- Federal crimes that punish using the mail (mail fraud) or interstate wire communications (wire fraud) to carry out a scheme to defraud; they are common federal fraud charges.
- What is the Foreign Corrupt Practices Act (FCPA)?
- A U.S. law prohibiting bribery of foreign officials and requiring accurate books and records and internal controls; the UK Bribery Act is a comparable foreign statute.
- What is a deferred prosecution agreement (DPA)?
- An arrangement in which prosecutors agree to suspend charges against an organization if it meets conditions (cooperation, remediation, monitoring) for a set period.
- What are the stages of a criminal prosecution?
- Charging document, first appearance/arraignment, pretrial negotiations, trial, judgment, sentencing, and appeal.
- What is corporate criminal liability?
- The principle that a corporation can be held criminally responsible for crimes committed by its employees or agents acting within the scope of their employment for the company's benefit.
- What are alternatives to litigation in civil fraud matters?
- Mediation, arbitration, and reconciliation — alternative dispute resolution methods that resolve disputes without a full trial.
- What administrative actions can result from fraud?
- Regulatory penalties such as fines, license suspension or revocation, and debarment from government contracting, imposed by agencies rather than courts.
- What is impeachment evidence?
- Evidence used to attack the credibility of a witness — for example, prior inconsistent statements or bias — rather than to prove the underlying facts.
- What is authentication of evidence?
- Showing that evidence is what it claims to be (e.g., via metadata, testimony, or a chain of custody) — a prerequisite for admissibility.
- What is the purpose of establishing a behavioral baseline in an interview?
- To learn a subject's normal verbal and nonverbal behavior with non-threatening questions, so the examiner can notice meaningful changes when sensitive topics arise.
- What are open, closed, and leading questions?
- Open questions invite a narrative; closed questions seek specific facts or yes/no answers; leading questions suggest the answer and are generally avoided except in cross-examination.
- What is jurisdiction (subject matter and venue)?
- Subject-matter jurisdiction is a court's authority to hear a type of case; venue is the proper geographic location for the case to be tried.
- Why must covert recordings comply with the law?
- Because consent and wiretapping laws vary by jurisdiction (one-party vs. all-party consent); an unlawful recording can be inadmissible and expose the examiner to liability.
- What is the role of opportunity in financial crime?
- Opportunity — typically created by weak internal controls and oversight — is the condition organizations can most directly reduce, lowering the chance fraud occurs and goes undetected.
- What is the difference between occupational and organizational crime?
- Occupational crime benefits the individual at the organization's expense; organizational (corporate) crime is committed by the business for the entity's own benefit.
- What is corporate governance?
- The system of rules, practices, and oversight (board, audit committee, controls) that directs and holds an organization accountable, reducing fraud risk when strong.
- What is the role of an audit committee in fraud deterrence?
- An independent audit committee oversees financial reporting, internal control, and the audit function, providing accountability that helps deter and detect fraud.
- What are sources of corporate governance guidance?
- Frameworks and bodies such as the OECD Principles of Corporate Governance, the Treadway Commission/COSO, and sustainability standards setters inform governance practice.
- What is management's responsibility for fraud?
- Management owns the anti-fraud program: setting culture and tone, raising awareness, establishing policies and training, and designing and operating internal controls.
- What is an internal control failure?
- A gap in the design or operating effectiveness of controls that leaves a fraud risk unaddressed — for example, missing segregation of duties or controls that are not actually performed.
- What are the responsibilities of an external auditor regarding fraud?
- To plan and perform the audit to obtain reasonable assurance the financial statements are free of material misstatement, whether caused by error or fraud — not to guarantee fraud is absent.
- How do internal, external, and government auditors differ?
- Internal auditors serve the organization and evaluate controls/risk; external auditors give an independent opinion on the financial statements; government auditors examine public funds and compliance.
- What is materiality in auditing?
- The threshold at which a misstatement could influence the decisions of financial-statement users; auditors design procedures around material amounts.
- What is continuous auditing/monitoring?
- Using automated, ongoing analysis of transactions to detect anomalies in near real time, strengthening both prevention and detection.
- What is behavioral nudging in fraud prevention?
- Designing prompts and reminders (such as honesty declarations placed before, not after, a form) that encourage ethical behavior and reduce fraud.
- What is an effective whistleblower program?
- A confidential, well-publicized reporting channel with anti-retaliation protections; because tips are the top detection method, it is one of the most effective controls.
- What is an anti-fraud culture?
- An environment — driven by tone at the top, structure, and performance management — in which ethical behavior is expected and fraud is not tolerated.
- What is a code of conduct's role in deterrence?
- A formal, enforced statement of ethical expectations sets the standard for behavior, supports the control environment, and signals that fraud will not be tolerated.
- What is inherent fraud risk?
- The fraud risk that exists before considering any controls — the natural exposure of an activity, account, or process.
- What is residual fraud risk?
- The fraud risk that remains after controls are applied; management responds to it by accepting, mitigating, avoiding, or transferring it.
- What are external versus internal fraud risks?
- Internal fraud risks come from employees and insiders; external fraud risks come from outside parties such as vendors, customers, or cybercriminals.
- What is risk appetite?
- The amount and type of risk an organization is willing to accept in pursuit of its objectives; it guides how residual fraud risk is treated.
- What is enterprise risk management (ERM)?
- An organization-wide process for identifying, assessing, and managing risks — including fraud risk — aligned with strategy and governance; COSO and ISO 31000 publish ERM frameworks.
- What is the ACFE/COSO Fraud Risk Management Framework?
- Guidance built on principles for fraud risk governance, assessment, prevention/detection, investigation, and monitoring — the leading framework for managing fraud risk.
- What is third-party fraud risk?
- Fraud risk arising from vendors, agents, contractors, and other outside parties, managed through due diligence, monitoring, and contractual controls.
- What is professional skepticism?
- An attitude of a questioning mind and a critical assessment of evidence; the ACFE Code expects CFEs to maintain it rather than assume honesty or dishonesty.
- Can a CFE guarantee an organization is free of fraud?
- No. Under the ACFE Code of Professional Ethics, a CFE shall not provide assurance that a fraud has not occurred or will not occur — only conclusions supported by the evidence.
- What is a mandatory vacation or job-rotation control?
- Requiring employees in sensitive roles to take time off or rotate duties, so ongoing schemes that depend on constant concealment are more likely to surface.
- What is a surprise audit and why does it deter fraud?
- An unannounced examination employees cannot prepare for; it both detects schemes and deters them by raising the perceived likelihood of being caught.