This free CFE study guide teaches to the Certified Fraud Examiner Exam administered by the Association of Certified Fraud Examiners (ACFE) — all three exam sections, organized the way the exam is built.[1] The ACFE recently restructured the exam from four sections to three; this guide reflects the current three-section version. It is broad and rigorous, so this guide is deep: real teaching of the schemes, the investigation process, the law, and the controls that decide pass/fail — not a summary.
And it’s interactive, not a wall of text: every section has a built-in checkpoint quiz, hover-able glossary terms, labeled diagrams, and concept questions, so you learn by doing.
Read it section by section, test yourself at each checkpoint, then round out your free CFE study resources with our practice questions and flashcards.
CFE Exam Snapshot
| Detail | CFE Exam (ACFE) |
|---|---|
| Sections | 3 — scheduled and scored independently |
| Questions | 310 total (120 + 120 + 70) |
| Question types | Multiple-choice and true/false |
| Total time | About 6.5 hours (2.5 + 2.5 + 1.5 hours) |
| Passing standard | At least 75% correct on each section |
| Format | Computer-based, closed-book; at-home online proctoring or test center |
| Certifying body | Association of Certified Fraud Examiners (ACFE) |
| Eligibility | ACFE Associate Member; 40 points to sit, 50 to certify; 2 years' experience |
The three sections are weighted by their question counts — Sections 1 and 2 carry 120 questions each, and Section 3 carries 70. Because you must pass each section at 75%, you cannot lean on a strong section to carry a weak one. Spend your time accordingly:[2]
This guide teaches all three official sections as three study modules, each broken into the high-yield topics the ACFE content outline lists. The ACFE does not publish an official pass rate, so be wary of any specific percentage you see quoted elsewhere.[1]
1 · Fraud Schemes & Financial Crimes
120 questions (about 2.5 hours). The largest body of content on the exam: the full catalog of how fraud is committed — from asset theft to financial statement manipulation to money laundering, cyberfraud, and procurement schemes. Know the categories and how to tell similar schemes apart.
Occupational Fraud & the Fraud Tree
is the use of one’s job for personal enrichment by misusing the employer’s resources. The ACFE’s sorts it into three primary categories — and their frequency and cost run in opposite directions:[4]
Occupational fraud splits into three primary categories. Their frequency and median loss run in opposite directions.
The rarer the scheme, the bigger the hit: financial statement fraud is least frequent but most costly.
is the most common but least costly; is the rarest but most costly; sits in between. This frequency-versus-loss relationship is one of the most reliably tested facts on the exam.
Asset Misappropriation
Asset misappropriation divides into cash and noncash schemes. The cash schemes are the most-tested. The first distinction to master is when the theft happens relative to the books:
| Scheme | What it is | Key tell |
|---|---|---|
| Skimming | Theft of cash before it is recorded (off-book) | No accounting entry exists — hard to detect |
| Cash larceny | Theft of cash after it is recorded (on-book) | Leaves a discrepancy in the records |
| Billing scheme | Paying fictitious or inflated invoices (shell company, pass-through vendor) | Most costly disbursement scheme |
| Check tampering | Forging or altering the employer's checks | Forged maker vs. altered payee |
| Payroll fraud | Ghost employees, falsified hours or commissions | Pay issued for work not performed |
| Expense reimbursement | Fictitious, overstated, or duplicate expense claims | Same receipt on multiple reports |
Corruption & Bribery
is the misuse of influence in a transaction. Its four subtypes: (including kickbacks — a vendor returning part of an overbilled payment), (an undisclosed personal stake), illegal gratuities (a reward for a decision already made), and (demanding payment for a favorable decision).
Bid rigging — suppression, complementary bidding, rotation, or market division — is a common procurement corruption scheme. Key statutes include the U.S. Foreign Corrupt Practices Act and the UK Bribery Act.[8]
Financial Statement Fraud
is the intentional misstatement of the financials. The five common methods: , timing differences (improper revenue/expense recognition, such as channel stuffing), concealed liabilities and expenses, improper disclosures, and improper asset valuation.
Money Laundering
disguises the illegal origin of criminal proceeds through three stages:[6]
- 1. PlacementIntroduce illicit cash into the financial system (deposits, structuring). The stage most exposed to detection.
- 2. LayeringMove the funds through complex transactions, transfers, and shell entities to obscure their origin.
- 3. IntegrationReturn the laundered funds to the launderer as apparently legitimate income or assets.
Placement is the easiest stage to catch — that is where reporting controls (CTRs, SARs) bite hardest.
introduces illicit cash; obscures the trail; returns the funds as apparently legitimate. (smurfing) — breaking cash below reporting thresholds — is a placement technique and is itself a crime. Anti-money-laundering programs rely on know-your-customer rules, beneficial-ownership identification, currency-transaction reports, and suspicious-activity reports.
Cyber, Payment & Other Schemes
Section 1 also covers a wide range of financial crimes: cyberfraud (business email compromise, phishing, ransomware), payment fraud (check, card, and EFT fraud), securities fraud (insider trading, misrepresentation, ), identity theft, insurance and health care fraud, bankruptcy and tax fraud, consumer scams (romance, advance-fee, elder fraud), and procurement fraud.[7]
Checkpoint · Section 1 · Fraud Schemes
Question 1 of 10
According to the ACFE's Fraud Tree, occupational fraud is divided into how many primary categories?
2 · Fraud Investigations & Legal Issues
120 questions (about 2.5 hours). How to resolve an allegation of fraud the right way — and lawfully. This section blends investigation technique (evidence, data analysis, interviewing, asset tracing) with the legal framework that governs every step.
Predication & Planning
Every fraud examination begins with — a reasonable basis to believe fraud occurred. Without it, an examination risks defamation and invasion-of-privacy claims. Examiners then build the case with the : analyze the data, form a hypothesis, test it, and refine it.
- 1. PredicationConfirm a reasonable basis to believe fraud occurred. No predication, no examination.
- 2. Fraud theory approachAnalyze data, form a hypothesis, test it, and refine — moving from the general to the specific.
- 3. Gather evidenceCollect documents and digital evidence; preserve originals, metadata, and chain of custody.
- 4. Conduct interviewsInterview from least to most culpable; an admission-seeking interview comes last, only with cause.
- 5. Report & disposeWrite an objective report; support civil, criminal, or administrative action as warranted.
Every fraud examination runs only on predication and is built to withstand legal scrutiny.
Evidence & Collection
Evidence is testimonial, documentary, or physical, and either (proves a fact outright) or (requires an inference). Fraud cases lean heavily on documentary and circumstantial evidence. Two rules dominate:
| Rule | What it requires |
|---|---|
| Best evidence rule | Produce the original document to prove its contents, not a copy or description |
| Chain of custody | Document every transfer of evidence; an unbroken chain protects admissibility |
| Authentication | Show the evidence is what it claims to be (e.g., file metadata, system logs) |
| Privileges | Attorney-client and work-product material may be protected from disclosure |
Digital evidence is volatile — preserve originals and metadata, and follow sound forensic phases (seizure, image acquisition, analysis, documentation). Mishandling evidence can make it inadmissible.
Data Analysis & Asset Tracing
Data analytics surface anomalies — duplicate payments, sequence gaps, round numbers, and tests. Benford’s Law expects small leading digits in natural data, but it does not apply to assigned or constrained numbers like ZIP codes or sequential invoice numbers. To prove hidden income, examiners use the and source-and-application-of-funds analysis.
Interview & Admission-Seeking Theory
Conduct interviews from the least to the most culpable — neutral third parties first, the prime suspect last. Establish a behavioral baseline with non-threatening questions before asking sensitive ones. The is reserved for the suspect, only with reasonable cause, and follows structured steps: direct accusation, interrupt denials, establish a rationalization theme, defuse alibis, obtain the verbal admission, then a signed statement.
The Law & the Legal System
Know the legal landscape: the elements of fraud (a material false statement, knowledge of its falsity, reliance, and damages), key statutes (mail and wire fraud, the FCPA, perjury, conspiracy), and the two burdens of proof.
| Criminal | Civil | |
|---|---|---|
| Brought by | The government | A private party |
| Burden of proof | Beyond a reasonable doubt | Preponderance of the evidence |
| Possible outcome | Fines and incarceration | Monetary or equitable remedies |
Common-law systems rely on precedent with judges as neutral referees; civil-law (code-based) systems rely on written codes with a more investigative judge. The same fraud can trigger criminal, civil, and administrative actions.[9]
Reports & Testifying
A fraud examination reportstates the evidence and findings objectively — precise terms, no inflammatory language, and no opinion on the subject’s guilt. When testifying, an (qualified by knowledge or experience) may offer opinions, while a fact witness may testify only to what they observed.
Checkpoint · Section 2 · Investigations & Law
Question 1 of 10
Which stage of money laundering involves the initial introduction of illicit cash into the financial system?
3 · Fraud Prevention & Deterrence
70 questions (about 1.5 hours).Why people commit fraud and how organizations stop it. This is the shortest section but the most concept-heavy — fraud risk assessment and ethics carry the largest weights here, so don’t underestimate it.
The Fraud Triangle & Why People Steal
The , from criminologist Donald Cressey’s research, names the three conditions present when fraud occurs:
Strong internal controls attack the opportunityleg — the only one largely within an organization’s control.
Pressure and rationalization live inside the individual; opportunity is the leg an organization controls through internal controls. The adds a fourth element, capability. The ACFE’s consistently finds that tips are the single most common way fraud is detected.[4]
Governance & Management Responsibility
Strong corporate governance — an independent board, an effective audit committee, and a healthy — reduces fraud risk; a dominant CEO who overrides controls elevates it. Management owns the anti-fraud program: culture, awareness, policies, and training. Auditors (internal, external, and government) have defined fraud-related responsibilities, but an audit is not a guarantee that fraud is absent.
Internal Controls (COSO)
The Internal Control–Integrated Framework defines five components that, together, give reasonable assurance over operations, reporting, and compliance:
The widely used model for internal control; the control environment is the foundation the other four rest on.
- 1Control Environment— Integrity, ethical values, governance, and tone at the top — the foundation.
- 2Risk Assessment— Identifying and analyzing risks (including fraud risk) to objectives.
- 3Control Activities— Policies and procedures — approvals, segregation of duties, reconciliations.
- 4Information & Communication— Relevant information — including how to report concerns — flows to the right people.
- 5Monitoring Activities— Ongoing and separate evaluations confirm the controls keep working.
are how organizations attack the opportunity leg of the Fraud Triangle. The most foundational is — dividing authorization, custody, recording, and reconciliation so no one person can both commit and conceal a scheme.
Fraud Prevention Programs
Effective programs combine controls (which remove opportunity) with controls (which find fraud after the fact):
- Segregation of duties
- Authorizations & approvals (dual control)
- Positive pay & vendor verification
- Access restrictions & mandatory vacations
- Tips & whistleblower hotlines
- Internal audit & management review
- Reconciliations & surprise audits
- Data analytics (incl. Benford’s Law)
A strong program needs both — but tips remain the single most common way fraud is caught.
Because tips dominate detection, whistleblower hotlines and employee awareness training are among the highest-leverage controls. Increasing the perception of detection — through visible auditing, surprise audits, and enforcement — is one of the strongest deterrents.
Fraud Risk Assessment & Management
The is the highest-weighted topic in this section. It is an ongoingprocess that identifies the organization’s fraud risks, evaluates whether existing controls mitigate each, and prioritizes the residual risks. It distinguishes (before controls) from residual risk (after controls).
| Response | What it means |
|---|---|
| Accept (assume) | Tolerate the residual risk because it is within the risk appetite |
| Mitigate | Add or strengthen controls to reduce the risk |
| Avoid | Stop the activity that creates the risk |
| Transfer | Shift the risk to a third party (e.g., insurance) |
Broader fraud risk management aligns these activities with enterprise risk management and governance, drawing on frameworks such as COSO ERM, ISO 31000, and the ACFE/COSO Fraud Risk Management Framework.
Ethics for Fraud Examiners
The binds every CFE: act with integrity and professional competence, maintain confidentiality, exercise professional skepticism, and avoid conflicts of interest.[5]
Checkpoint · Section 3 · Prevention & Deterrence
Question 1 of 10
In the Fraud Triangle, which element refers to a perceived non-shareable financial problem that motivates an individual to commit fraud?
How to Use This Study Guide
A study guide is a map, not the whole territory — use it alongside the ACFE Fraud Examiners Manual and our practice tools. Because you must pass each of the three sections at 75%, study to your weakest section, not your average.
- 1
Read a section here
Work through one section at a time, in order: schemes, then investigation and law, then prevention.
- 2
Take the checkpoint
The quick check at the end of each section exposes what didn't stick.
- 3
Drill the gaps
Send your weak section straight into the free practice questions and flashcards.
- 4
Pass each section
Confirm you're clearing 75% on every section before you schedule it — strong sections can't carry weak ones.
CFE Concept Questions
Common CFE concepts the exam tests — at least one per section. Tap any card for a short, exam-ready answer backed by an official source (the ACFE, FinCEN, the SEC, the U.S. DOJ), then test yourself on them as flashcards.
CFE Glossary
Quick definitions for the terms you’ll see most across the CFE Exam:
- ACFE Code of Professional Ethics
- The ethical rules binding CFEs — integrity, competence, confidentiality, no material misrepresentation, and no opinion on a person's legal guilt or innocence.
- Admission-seeking interview
- An interview conducted only with reasonable cause to believe the subject is culpable, designed to obtain a legally sound confession; held privately and saved for last.
- Asset misappropriation
- Theft or misuse of an organization's assets — the most common category of occupational fraud, but typically the least costly. Includes skimming, larceny, billing, payroll, and check schemes.
- Benford's Law
- A principle that in many natural datasets the leading digit is more likely to be small (1 appears first about 30% of the time); deviations can flag fabricated numbers.
- Best evidence rule
- To prove the contents of a writing, a party generally must produce the original document when available, rather than a copy or oral description.
- Beyond a reasonable doubt
- The high criminal standard of proof — the evidence must leave the trier of fact firmly convinced of guilt.
- Billing scheme
- A fraudulent disbursement in which an employee causes the employer to pay for fictitious or inflated goods or services, often through a shell company or a pass-through vendor.
- Bribery
- Offering, giving, receiving, or soliciting anything of value to influence a business decision or official act. A kickback is a common form.
- Cash larceny
- Theft of cash after it has already been recorded — an on-book scheme that creates a detectable discrepancy in the records.
- Chain of custody
- The chronological documentation of the seizure, control, transfer, and analysis of evidence; an unbroken chain is essential to admissibility.
- Check tampering
- A scheme in which a perpetrator prepares or alters a check drawn on the employer's account — forging the maker's signature, altering the payee, or forging an endorsement.
- Circumstantial evidence
- Evidence that requires an inference to connect it to a conclusion; fraud cases rely heavily on it.
- Conflict of interest
- When an employee has an undisclosed economic or personal interest in a transaction that harms the employer — for example, secretly owning an approved vendor.
- Corruption
- The wrongful use of influence in a transaction to obtain a benefit contrary to one's duty. Subtypes: bribery, conflicts of interest, illegal gratuities, and economic extortion.
- COSO framework
- The Committee of Sponsoring Organizations' Internal Control–Integrated Framework, defining five components of internal control.
- Detective controls
- Controls that find fraud after it occurs (reconciliations, audits, hotlines, data analysis).
- Direct evidence
- Evidence that proves a fact without any inference, such as eyewitness testimony.
- Economic extortion
- The flip side of bribery: an employee demands payment from a vendor as a condition of a favorable decision.
- Expert witness
- A witness qualified by knowledge or experience to offer opinion testimony that helps the trier of fact understand specialized evidence.
- Fictitious revenue
- Recording sales of goods or services that never occurred to inflate reported revenue and earnings.
- Financial statement fraud
- The deliberate misstatement or omission of amounts or disclosures to deceive financial-statement users — the least common but most costly category of occupational fraud.
- Fraud Diamond
- An extension of the Fraud Triangle that adds a fourth element, capability — the personal traits and position that let a person actually carry out the fraud.
- Fraud risk assessment
- An ongoing process that identifies an organization's fraud risks, evaluates whether controls mitigate each, and prioritizes residual risks for action.
- Fraud theory approach
- A method of building a case: analyze the data, form a hypothesis, test it, then refine and amend it as evidence develops.
- Fraud Tree
- The ACFE's classification of occupational fraud into three primary categories: asset misappropriation, corruption, and financial statement fraud.
- Fraud Triangle
- The three conditions generally present when fraud occurs — pressure (a perceived non-shareable need), opportunity, and rationalization — developed from criminologist Donald Cressey's research.
- Inherent vs. residual risk
- Inherent risk is the fraud risk before controls; residual risk is what remains after controls are applied.
- Integration
- The third stage of money laundering — returning the laundered funds to the criminal as apparently legitimate income or assets.
- Internal controls
- Processes designed to provide reasonable assurance over operations, reporting, and compliance — the main way organizations reduce fraud opportunity.
- Layering
- The second stage of money laundering — moving funds through complex transactions to obscure their origin.
- Money laundering
- Disguising the illegal origin of criminal proceeds so they appear legitimate, through the stages of placement, layering, and integration.
- Net-worth method
- An indirect method of proving unreported income by measuring the increase in a subject's net worth plus living expenses, less known legitimate income.
- Occupational fraud
- The use of one's occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization's resources or assets.
- Placement
- The first stage of money laundering — introducing illicit cash into the financial system; the stage most exposed to detection.
- Ponzi scheme
- An investment fraud that pays earlier investors with money from new investors rather than real profits; it collapses when new money slows or redemptions surge.
- Predication
- The totality of circumstances that would lead a reasonable, prudent professional to believe a fraud has occurred, is occurring, or will occur — the required basis for a fraud examination.
- Preponderance of the evidence
- The civil standard of proof — the proposition is more likely true than not (greater than 50%).
- Preventive controls
- Controls that stop fraud before it happens (segregation of duties, approvals, positive pay).
- Report to the Nations
- The ACFE's flagship biennial global study of occupational fraud — its frequency, costs, schemes, perpetrators, and detection methods.
- Segregation of duties
- Dividing authorization, custody, recording, and reconciliation among different people so no one person can both commit and conceal fraud.
- Skimming
- Theft of cash before it is recorded in the accounting system — an off-book scheme that leaves no direct entry, making it hard to detect.
- Structuring
- Breaking a large cash transaction into smaller amounts to evade reporting thresholds (such as the $10,000 currency-transaction report). Structuring is itself illegal.
- Tone at the top
- The ethical example set by senior management and the board; a strong tone deters fraud, a poor one elevates risk.
Free CFE Study Materials & Resources
Everything you need to prepare for the CFE Exam is free here — no paywall, no sign-up. This guide is the foundation; pair it with the rest of our free CFE study materials for active recall, timed practice, and last-minute review:
- CFE Practice Test — exam-style questions across all three sections, with explanations.
- CFE Flashcards — active-recall decks for the schemes, investigation rules, and prevention concepts.
CFE Study Guide FAQ
The CFE Exam has 310 questions total, split across three separately scheduled sections: Fraud Schemes and Financial Crimes (120 questions), Fraud Investigations and Legal Issues (120 questions), and Fraud Prevention and Deterrence (70 questions).
The current CFE Exam has three sections: Fraud Schemes and Financial Crimes, Fraud Investigations and Legal Issues, and Fraud Prevention and Deterrence. The ACFE restructured the exam from four sections to three; the new version launched in June 2026.
You must score at least 75% correct on each of the three sections. The sections are scheduled and scored independently, so you must pass all three — a strong score on one cannot offset a failing score on another.
About 6.5 hours of testing in total: 2.5 hours each for Sections 1 and 2 (120 questions each) and 1.5 hours for Section 3 (70 questions). It is computer-based and closed-book, and can be taken at home with remote online proctoring or at a test center.
You must be an Associate Member of the ACFE, meet a minimum points threshold (40 points to sit, 50 points to be certified — a bachelor's degree is about 40), have at least two years of fraud-related professional experience, and agree to the ACFE Code of Professional Ethics.
No. The CFE Exam is closed-book and closed-notes; you complete it independently with no reference materials or outside assistance, whether you test at home with online proctoring or at a test center.
Work through the three sections in order, take the checkpoint quiz after each to find gaps, then drill that section with our free CFE practice questions and flashcards. Spend extra time on Section 3's fraud risk assessment and ethics topics, which carry heavy weight.
Yes — the full guide, the checkpoints, the glossary, the practice questions, and the flashcards are 100% free with no account required.
References
- 1.Association of Certified Fraud Examiners. “About the CFE Exam.” ACFE. ↑
- 2.Association of Certified Fraud Examiners. “CFE Exam Content Outline / Blueprint.” ACFE. ↑
- 3.Association of Certified Fraud Examiners. “CFE Credential Eligibility.” ACFE. ↑
- 4.Association of Certified Fraud Examiners. “Report to the Nations — Occupational Fraud.” ACFE. ↑
- 5.Association of Certified Fraud Examiners. “ACFE Code of Professional Ethics.” ACFE. ↑
- 6.Financial Crimes Enforcement Network (U.S. Treasury). “What Is Money Laundering?.” FinCEN. ↑
- 7.U.S. Securities and Exchange Commission. “Ponzi Scheme — Investor.gov.” SEC / Investor.gov. ↑
- 8.U.S. Department of Justice. “Foreign Corrupt Practices Act (FCPA).” U.S. DOJ. ↑
- 9.U.S. Department of Justice. “Justice 101 — Burden of Proof.” U.S. DOJ. ↑
Sources for the concept answers
Every answer in the CFE concept questions above is drawn from an official primary source:

Career Employer
Career Employer is the ultimate resource to help you get started working the job of your dreams. We cover topics from general career information, career searching, exam preparation with free study materials, career interviewing, and becoming successful in your career of choice.
All PostsCareer Employer’s Editorial Process
Here at Career Employer, we focus a lot on providing factually accurate information that is always up to date. We strive to provide correct information using strict editorial processes, article editing, and fact-checking for all of the information found on our website. We only utilize trustworthy and relevant resources. To find out more, make sure to read our full editorial process page here.
