Career Employer

FREE CFE Study Guide 2026: All 3 ACFE Exam Sections, Built to the Exam

Every CFE Exam section, taught to the exam — an interactive study guide with built-in quizzes, diagrams, and flashcards for all three ACFE sections.

Check sections to boost your score

Don't know where to start?

To find us again, just search “Career Employer CFE

By

This free CFE study guide teaches to the Certified Fraud Examiner Exam administered by the Association of Certified Fraud Examiners (ACFE) — all three exam sections, organized the way the exam is built.[1] The ACFE recently restructured the exam from four sections to three; this guide reflects the current three-section version. It is broad and rigorous, so this guide is deep: real teaching of the schemes, the investigation process, the law, and the controls that decide pass/fail — not a summary.

And it’s interactive, not a wall of text: every section has a built-in checkpoint quiz, hover-able glossary terms, labeled diagrams, and concept questions, so you learn by doing.

Read it section by section, test yourself at each checkpoint, then round out your free CFE study resources with our practice questions and flashcards.

CFE Exam Snapshot

CFE Exam at a glance (2026)
DetailCFE Exam (ACFE)
Sections3 — scheduled and scored independently
Questions310 total (120 + 120 + 70)
Question typesMultiple-choice and true/false
Total timeAbout 6.5 hours (2.5 + 2.5 + 1.5 hours)
Passing standardAt least 75% correct on each section
FormatComputer-based, closed-book; at-home online proctoring or test center
Certifying bodyAssociation of Certified Fraud Examiners (ACFE)
EligibilityACFE Associate Member; 40 points to sit, 50 to certify; 2 years' experience

The three sections are weighted by their question counts — Sections 1 and 2 carry 120 questions each, and Section 3 carries 70. Because you must pass each section at 75%, you cannot lean on a strong section to carry a weak one. Spend your time accordingly:[2]

CFE Exam weighting by section (2026)
Fraud Schemes & Financial Crimes39% · 120 Q · 2.5 hr
Fraud Investigations & Legal Issues39% · 120 Q · 2.5 hr
Fraud Prevention & Deterrence22% · 70 Q · 1.5 hr

This guide teaches all three official sections as three study modules, each broken into the high-yield topics the ACFE content outline lists. The ACFE does not publish an official pass rate, so be wary of any specific percentage you see quoted elsewhere.[1]

1 · Fraud Schemes & Financial Crimes

120 questions (about 2.5 hours). The largest body of content on the exam: the full catalog of how fraud is committed — from asset theft to financial statement manipulation to money laundering, cyberfraud, and procurement schemes. Know the categories and how to tell similar schemes apart.

Occupational Fraud & the Fraud Tree

is the use of one’s job for personal enrichment by misusing the employer’s resources. The ACFE’s sorts it into three primary categories — and their frequency and cost run in opposite directions:[4]

The ACFE Occupational Fraud Tree

Occupational fraud splits into three primary categories. Their frequency and median loss run in opposite directions.

Occupational Fraud
Asset MisappropriationTheft or misuse of assets (skimming, larceny, billing, payroll, check tampering)Most common · Lowest median loss
CorruptionMisuse of influence (bribery, kickbacks, conflicts of interest, economic extortion)Moderately common · Mid median loss
Financial Statement FraudIntentional misstatement of the financials (fictitious revenue, concealed liabilities)Least common · Highest median loss

The rarer the scheme, the bigger the hit: financial statement fraud is least frequent but most costly.

is the most common but least costly; is the rarest but most costly; sits in between. This frequency-versus-loss relationship is one of the most reliably tested facts on the exam.

Asset Misappropriation

Asset misappropriation divides into cash and noncash schemes. The cash schemes are the most-tested. The first distinction to master is when the theft happens relative to the books:

Cash misappropriation schemes
SchemeWhat it isKey tell
SkimmingTheft of cash before it is recorded (off-book)No accounting entry exists — hard to detect
Cash larcenyTheft of cash after it is recorded (on-book)Leaves a discrepancy in the records
Billing schemePaying fictitious or inflated invoices (shell company, pass-through vendor)Most costly disbursement scheme
Check tamperingForging or altering the employer's checksForged maker vs. altered payee
Payroll fraudGhost employees, falsified hours or commissionsPay issued for work not performed
Expense reimbursementFictitious, overstated, or duplicate expense claimsSame receipt on multiple reports

Corruption & Bribery

is the misuse of influence in a transaction. Its four subtypes: (including kickbacks — a vendor returning part of an overbilled payment), (an undisclosed personal stake), illegal gratuities (a reward for a decision already made), and (demanding payment for a favorable decision).

Bid rigging — suppression, complementary bidding, rotation, or market division — is a common procurement corruption scheme. Key statutes include the U.S. Foreign Corrupt Practices Act and the UK Bribery Act.[8]

Financial Statement Fraud

is the intentional misstatement of the financials. The five common methods: , timing differences (improper revenue/expense recognition, such as channel stuffing), concealed liabilities and expenses, improper disclosures, and improper asset valuation.

Money Laundering

disguises the illegal origin of criminal proceeds through three stages:[6]

The three stages of money laundering
  1. 1. PlacementIntroduce illicit cash into the financial system (deposits, structuring). The stage most exposed to detection.
  2. 2. LayeringMove the funds through complex transactions, transfers, and shell entities to obscure their origin.
  3. 3. IntegrationReturn the laundered funds to the launderer as apparently legitimate income or assets.

Placement is the easiest stage to catch — that is where reporting controls (CTRs, SARs) bite hardest.

introduces illicit cash; obscures the trail; returns the funds as apparently legitimate. (smurfing) — breaking cash below reporting thresholds — is a placement technique and is itself a crime. Anti-money-laundering programs rely on know-your-customer rules, beneficial-ownership identification, currency-transaction reports, and suspicious-activity reports.

Cyber, Payment & Other Schemes

Section 1 also covers a wide range of financial crimes: cyberfraud (business email compromise, phishing, ransomware), payment fraud (check, card, and EFT fraud), securities fraud (insider trading, misrepresentation, ), identity theft, insurance and health care fraud, bankruptcy and tax fraud, consumer scams (romance, advance-fee, elder fraud), and procurement fraud.[7]

Checkpoint · Section 1 · Fraud Schemes

Question 1 of 10

According to the ACFE's Fraud Tree, occupational fraud is divided into how many primary categories?

2 · Fraud Investigations & Legal Issues

120 questions (about 2.5 hours). How to resolve an allegation of fraud the right way — and lawfully. This section blends investigation technique (evidence, data analysis, interviewing, asset tracing) with the legal framework that governs every step.

Predication & Planning

Every fraud examination begins with — a reasonable basis to believe fraud occurred. Without it, an examination risks defamation and invasion-of-privacy claims. Examiners then build the case with the : analyze the data, form a hypothesis, test it, and refine it.

The fraud examination process
  1. 1. PredicationConfirm a reasonable basis to believe fraud occurred. No predication, no examination.
  2. 2. Fraud theory approachAnalyze data, form a hypothesis, test it, and refine — moving from the general to the specific.
  3. 3. Gather evidenceCollect documents and digital evidence; preserve originals, metadata, and chain of custody.
  4. 4. Conduct interviewsInterview from least to most culpable; an admission-seeking interview comes last, only with cause.
  5. 5. Report & disposeWrite an objective report; support civil, criminal, or administrative action as warranted.

Every fraud examination runs only on predication and is built to withstand legal scrutiny.

Evidence & Collection

Evidence is testimonial, documentary, or physical, and either (proves a fact outright) or (requires an inference). Fraud cases lean heavily on documentary and circumstantial evidence. Two rules dominate:

Key evidence rules
RuleWhat it requires
Best evidence ruleProduce the original document to prove its contents, not a copy or description
Chain of custodyDocument every transfer of evidence; an unbroken chain protects admissibility
AuthenticationShow the evidence is what it claims to be (e.g., file metadata, system logs)
PrivilegesAttorney-client and work-product material may be protected from disclosure

Digital evidence is volatile — preserve originals and metadata, and follow sound forensic phases (seizure, image acquisition, analysis, documentation). Mishandling evidence can make it inadmissible.

Data Analysis & Asset Tracing

Data analytics surface anomalies — duplicate payments, sequence gaps, round numbers, and tests. Benford’s Law expects small leading digits in natural data, but it does not apply to assigned or constrained numbers like ZIP codes or sequential invoice numbers. To prove hidden income, examiners use the and source-and-application-of-funds analysis.

Interview & Admission-Seeking Theory

Conduct interviews from the least to the most culpable — neutral third parties first, the prime suspect last. Establish a behavioral baseline with non-threatening questions before asking sensitive ones. The is reserved for the suspect, only with reasonable cause, and follows structured steps: direct accusation, interrupt denials, establish a rationalization theme, defuse alibis, obtain the verbal admission, then a signed statement.

The Law & the Legal System

Know the legal landscape: the elements of fraud (a material false statement, knowledge of its falsity, reliance, and damages), key statutes (mail and wire fraud, the FCPA, perjury, conspiracy), and the two burdens of proof.

Criminal vs. civil fraud actions
CriminalCivil
Brought byThe governmentA private party
Burden of proofBeyond a reasonable doubtPreponderance of the evidence
Possible outcomeFines and incarcerationMonetary or equitable remedies

Common-law systems rely on precedent with judges as neutral referees; civil-law (code-based) systems rely on written codes with a more investigative judge. The same fraud can trigger criminal, civil, and administrative actions.[9]

Reports & Testifying

A fraud examination reportstates the evidence and findings objectively — precise terms, no inflammatory language, and no opinion on the subject’s guilt. When testifying, an (qualified by knowledge or experience) may offer opinions, while a fact witness may testify only to what they observed.

Checkpoint · Section 2 · Investigations & Law

Question 1 of 10

Which stage of money laundering involves the initial introduction of illicit cash into the financial system?

3 · Fraud Prevention & Deterrence

70 questions (about 1.5 hours).Why people commit fraud and how organizations stop it. This is the shortest section but the most concept-heavy — fraud risk assessment and ethics carry the largest weights here, so don’t underestimate it.

The Fraud Triangle & Why People Steal

The , from criminologist Donald Cressey’s research, names the three conditions present when fraud occurs:

The Fraud Triangle (Donald Cressey)
PressureOpportunityRationalizationFRAUD
PressureA perceived non-shareable financial need or motivation.
OpportunityThe chance to act and conceal it — weak controls. The leg an organization controls.
RationalizationJustifying the act as acceptable (“I’ll pay it back”).

Strong internal controls attack the opportunityleg — the only one largely within an organization’s control.

Pressure and rationalization live inside the individual; opportunity is the leg an organization controls through internal controls. The adds a fourth element, capability. The ACFE’s consistently finds that tips are the single most common way fraud is detected.[4]

Governance & Management Responsibility

Strong corporate governance — an independent board, an effective audit committee, and a healthy — reduces fraud risk; a dominant CEO who overrides controls elevates it. Management owns the anti-fraud program: culture, awareness, policies, and training. Auditors (internal, external, and government) have defined fraud-related responsibilities, but an audit is not a guarantee that fraud is absent.

Internal Controls (COSO)

The Internal Control–Integrated Framework defines five components that, together, give reasonable assurance over operations, reporting, and compliance:

COSO Internal Control — the five components

The widely used model for internal control; the control environment is the foundation the other four rest on.

  1. 1Control EnvironmentIntegrity, ethical values, governance, and tone at the top — the foundation.
  2. 2Risk AssessmentIdentifying and analyzing risks (including fraud risk) to objectives.
  3. 3Control ActivitiesPolicies and procedures — approvals, segregation of duties, reconciliations.
  4. 4Information & CommunicationRelevant information — including how to report concerns — flows to the right people.
  5. 5Monitoring ActivitiesOngoing and separate evaluations confirm the controls keep working.

are how organizations attack the opportunity leg of the Fraud Triangle. The most foundational is — dividing authorization, custody, recording, and reconciliation so no one person can both commit and conceal a scheme.

Fraud Prevention Programs

Effective programs combine controls (which remove opportunity) with controls (which find fraud after the fact):

Preventive vs. detective anti-fraud controls
Preventive — stop it before it happens
  • Segregation of duties
  • Authorizations & approvals (dual control)
  • Positive pay & vendor verification
  • Access restrictions & mandatory vacations
Detective — find it after the fact
  • Tips & whistleblower hotlines
  • Internal audit & management review
  • Reconciliations & surprise audits
  • Data analytics (incl. Benford’s Law)

A strong program needs both — but tips remain the single most common way fraud is caught.

Because tips dominate detection, whistleblower hotlines and employee awareness training are among the highest-leverage controls. Increasing the perception of detection — through visible auditing, surprise audits, and enforcement — is one of the strongest deterrents.

Fraud Risk Assessment & Management

The is the highest-weighted topic in this section. It is an ongoingprocess that identifies the organization’s fraud risks, evaluates whether existing controls mitigate each, and prioritizes the residual risks. It distinguishes (before controls) from residual risk (after controls).

Responding to residual fraud risk
ResponseWhat it means
Accept (assume)Tolerate the residual risk because it is within the risk appetite
MitigateAdd or strengthen controls to reduce the risk
AvoidStop the activity that creates the risk
TransferShift the risk to a third party (e.g., insurance)

Broader fraud risk management aligns these activities with enterprise risk management and governance, drawing on frameworks such as COSO ERM, ISO 31000, and the ACFE/COSO Fraud Risk Management Framework.

Ethics for Fraud Examiners

The binds every CFE: act with integrity and professional competence, maintain confidentiality, exercise professional skepticism, and avoid conflicts of interest.[5]

Checkpoint · Section 3 · Prevention & Deterrence

Question 1 of 10

In the Fraud Triangle, which element refers to a perceived non-shareable financial problem that motivates an individual to commit fraud?

How to Use This Study Guide

A study guide is a map, not the whole territory — use it alongside the ACFE Fraud Examiners Manual and our practice tools. Because you must pass each of the three sections at 75%, study to your weakest section, not your average.

A study loop that actually works
  1. 1

    Read a section here

    Work through one section at a time, in order: schemes, then investigation and law, then prevention.

  2. 2

    Take the checkpoint

    The quick check at the end of each section exposes what didn't stick.

  3. 3

    Drill the gaps

    Send your weak section straight into the free practice questions and flashcards.

  4. 4

    Pass each section

    Confirm you're clearing 75% on every section before you schedule it — strong sections can't carry weak ones.

CFE Concept Questions

Common CFE concepts the exam tests — at least one per section. Tap any card for a short, exam-ready answer backed by an official source (the ACFE, FinCEN, the SEC, the U.S. DOJ), then test yourself on them as flashcards.

CFE Glossary

Quick definitions for the terms you’ll see most across the CFE Exam:

ACFE Code of Professional Ethics
The ethical rules binding CFEs — integrity, competence, confidentiality, no material misrepresentation, and no opinion on a person's legal guilt or innocence.
Admission-seeking interview
An interview conducted only with reasonable cause to believe the subject is culpable, designed to obtain a legally sound confession; held privately and saved for last.
Asset misappropriation
Theft or misuse of an organization's assets — the most common category of occupational fraud, but typically the least costly. Includes skimming, larceny, billing, payroll, and check schemes.
Benford's Law
A principle that in many natural datasets the leading digit is more likely to be small (1 appears first about 30% of the time); deviations can flag fabricated numbers.
Best evidence rule
To prove the contents of a writing, a party generally must produce the original document when available, rather than a copy or oral description.
Beyond a reasonable doubt
The high criminal standard of proof — the evidence must leave the trier of fact firmly convinced of guilt.
Billing scheme
A fraudulent disbursement in which an employee causes the employer to pay for fictitious or inflated goods or services, often through a shell company or a pass-through vendor.
Bribery
Offering, giving, receiving, or soliciting anything of value to influence a business decision or official act. A kickback is a common form.
Cash larceny
Theft of cash after it has already been recorded — an on-book scheme that creates a detectable discrepancy in the records.
Chain of custody
The chronological documentation of the seizure, control, transfer, and analysis of evidence; an unbroken chain is essential to admissibility.
Check tampering
A scheme in which a perpetrator prepares or alters a check drawn on the employer's account — forging the maker's signature, altering the payee, or forging an endorsement.
Circumstantial evidence
Evidence that requires an inference to connect it to a conclusion; fraud cases rely heavily on it.
Conflict of interest
When an employee has an undisclosed economic or personal interest in a transaction that harms the employer — for example, secretly owning an approved vendor.
Corruption
The wrongful use of influence in a transaction to obtain a benefit contrary to one's duty. Subtypes: bribery, conflicts of interest, illegal gratuities, and economic extortion.
COSO framework
The Committee of Sponsoring Organizations' Internal Control–Integrated Framework, defining five components of internal control.
Detective controls
Controls that find fraud after it occurs (reconciliations, audits, hotlines, data analysis).
Direct evidence
Evidence that proves a fact without any inference, such as eyewitness testimony.
Economic extortion
The flip side of bribery: an employee demands payment from a vendor as a condition of a favorable decision.
Expert witness
A witness qualified by knowledge or experience to offer opinion testimony that helps the trier of fact understand specialized evidence.
Fictitious revenue
Recording sales of goods or services that never occurred to inflate reported revenue and earnings.
Financial statement fraud
The deliberate misstatement or omission of amounts or disclosures to deceive financial-statement users — the least common but most costly category of occupational fraud.
Fraud Diamond
An extension of the Fraud Triangle that adds a fourth element, capability — the personal traits and position that let a person actually carry out the fraud.
Fraud risk assessment
An ongoing process that identifies an organization's fraud risks, evaluates whether controls mitigate each, and prioritizes residual risks for action.
Fraud theory approach
A method of building a case: analyze the data, form a hypothesis, test it, then refine and amend it as evidence develops.
Fraud Tree
The ACFE's classification of occupational fraud into three primary categories: asset misappropriation, corruption, and financial statement fraud.
Fraud Triangle
The three conditions generally present when fraud occurs — pressure (a perceived non-shareable need), opportunity, and rationalization — developed from criminologist Donald Cressey's research.
Inherent vs. residual risk
Inherent risk is the fraud risk before controls; residual risk is what remains after controls are applied.
Integration
The third stage of money laundering — returning the laundered funds to the criminal as apparently legitimate income or assets.
Internal controls
Processes designed to provide reasonable assurance over operations, reporting, and compliance — the main way organizations reduce fraud opportunity.
Layering
The second stage of money laundering — moving funds through complex transactions to obscure their origin.
Money laundering
Disguising the illegal origin of criminal proceeds so they appear legitimate, through the stages of placement, layering, and integration.
Net-worth method
An indirect method of proving unreported income by measuring the increase in a subject's net worth plus living expenses, less known legitimate income.
Occupational fraud
The use of one's occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization's resources or assets.
Placement
The first stage of money laundering — introducing illicit cash into the financial system; the stage most exposed to detection.
Ponzi scheme
An investment fraud that pays earlier investors with money from new investors rather than real profits; it collapses when new money slows or redemptions surge.
Predication
The totality of circumstances that would lead a reasonable, prudent professional to believe a fraud has occurred, is occurring, or will occur — the required basis for a fraud examination.
Preponderance of the evidence
The civil standard of proof — the proposition is more likely true than not (greater than 50%).
Preventive controls
Controls that stop fraud before it happens (segregation of duties, approvals, positive pay).
Report to the Nations
The ACFE's flagship biennial global study of occupational fraud — its frequency, costs, schemes, perpetrators, and detection methods.
Segregation of duties
Dividing authorization, custody, recording, and reconciliation among different people so no one person can both commit and conceal fraud.
Skimming
Theft of cash before it is recorded in the accounting system — an off-book scheme that leaves no direct entry, making it hard to detect.
Structuring
Breaking a large cash transaction into smaller amounts to evade reporting thresholds (such as the $10,000 currency-transaction report). Structuring is itself illegal.
Tone at the top
The ethical example set by senior management and the board; a strong tone deters fraud, a poor one elevates risk.

Free CFE Study Materials & Resources

Everything you need to prepare for the CFE Exam is free here — no paywall, no sign-up. This guide is the foundation; pair it with the rest of our free CFE study materials for active recall, timed practice, and last-minute review:

  • CFE Practice Test — exam-style questions across all three sections, with explanations.
  • CFE Flashcards — active-recall decks for the schemes, investigation rules, and prevention concepts.

CFE Study Guide FAQ

The CFE Exam has 310 questions total, split across three separately scheduled sections: Fraud Schemes and Financial Crimes (120 questions), Fraud Investigations and Legal Issues (120 questions), and Fraud Prevention and Deterrence (70 questions).

References

  1. 1.Association of Certified Fraud Examiners. “About the CFE Exam.” ACFE.
  2. 2.Association of Certified Fraud Examiners. “CFE Exam Content Outline / Blueprint.” ACFE.
  3. 3.Association of Certified Fraud Examiners. “CFE Credential Eligibility.” ACFE.
  4. 4.Association of Certified Fraud Examiners. “Report to the Nations — Occupational Fraud.” ACFE.
  5. 5.Association of Certified Fraud Examiners. “ACFE Code of Professional Ethics.” ACFE.
  6. 6.Financial Crimes Enforcement Network (U.S. Treasury). “What Is Money Laundering?.” FinCEN.
  7. 7.U.S. Securities and Exchange Commission. “Ponzi Scheme — Investor.gov.” SEC / Investor.gov.
  8. 8.U.S. Department of Justice. “Foreign Corrupt Practices Act (FCPA).” U.S. DOJ.
  9. 9.U.S. Department of Justice. “Justice 101 — Burden of Proof.” U.S. DOJ.

Sources for the concept answers

Every answer in the CFE concept questions above is drawn from an official primary source:

    Career Employer

    Career Employer is the ultimate resource to help you get started working the job of your dreams. We cover topics from general career information, career searching, exam preparation with free study materials, career interviewing, and becoming successful in your career of choice.

    Follow Us:

    All Posts

    Career Employer’s Editorial Process

    Here at Career Employer, we focus a lot on providing factually accurate information that is always up to date. We strive to provide correct information using strict editorial processes, article editing, and fact-checking for all of the information found on our website. We only utilize trustworthy and relevant resources. To find out more, make sure to read our full editorial process page here.