ANS: F PTS: 1

1
2

Ethical issues and legal issues are essentially the same. ANS: F PTS: 1
Internal control systems are recommended but not required to prevent fraud.
ANS: F PTS: 1
1 14. Collusion among employees in the commission of a fraud is difficult to
prevent but easy to detect.
2 ANS: F PTS: 1
3 15. Database management fraud includes altering, updating, and deleting
an organizations data.
4 ANS: F PTS: 1
5 16. The fraud triangle represents a geographic area in Southeast Asia
where international fraud is prevalent.
6 ANS: F PTS: 1
7 17. Situational pressure includes personal or job related stresses that
could coerce an individual to act dishonestly.
8 ANS: T PTS: 1
9 18. Opportunity involves direct access to assets and/or access to
information that controls assets.
10 ANS: T PTS: 1
11 19. Cash larceny involves stealing cash from an organization before it is
recorded on the organiza-tions books and records.
12 ANS: F PTS: 1
13 20. Skimming involves stealing cash from an organization after it is
recorded on the organizations books and records
14 ANS: F PTS: 1
The most common access point for perpetrating computer fraud is at the
data collection stage. ANS: T PTS: 1
1 22. Changing the Hours Worked field in an otherwise legitimate payroll
transaction to increase the amount of the paycheck is an example of data
collection fraud.
2 ANS: T PTS: 1
3 23. Scavenging is a form of fraud in which the perpetrator uses a
computer program to search for key terms in a database and then steal
the data.
4 ANS: F PTS: 1
The objective of SAS 99 is to seamlessly blend the auditors consideration of
fraud into all phases of the audit process.

ANS: T PTS: 1

MULTIPLE CHOICE

1. 1. Which ethical principle states that the benefit from a decision

must outweigh the risks, and that there is no alternative decision
that provides the same or greater benefit with less risk?
2. ANS: D PTS: 1
Individuals who acquire some level of skill and knowledge in the field
of computer ethics are involved in which level of computer ethics?

a.
b.
c.
d.

minimize risk
justice
informed consent
proportionality

a.
b.
c.
d.

para computer ethics

pop computer ethics
theoretical computer ethics
practical computer ethics

ANS: A PTS: 1
3. All of the following are factors in the fraud triangle except
a.
b.
c.
d.

Ethical behavior of an individual

Pressure exerted on an individual at home and job related
Materiality of the assets
Opportunity to gain access to assets

ANS: C PTS: 1
4. Which characteristic is not associated with software as intellectual
property?
a.
b.
c.

uniqueness of the product

possibility of exact replication
automated monitoring to detect intruders

b.
c.
d.

accounting records
accounting system
access controls

ANS: A PTS: 1
17. Business ethics involves
a.
b.
c.
d.

how managers decide on what is right in conducting business

how managers achieve what they decide is right for the business
both a and b
none of the above

ANS: C PTS: 1
18. All of the following are conditions for fraud except

a.
b.
c.
d.

false representation
injury or loss
intent
material reliance

ANS: D PTS: 1
19. The four principal types of fraud include all of the following except
a.
b.
c.
d.

bribery
gratuities
conflict of interest
economic extortion

ANS: B PTS: 1

20. Which of the following is not an issue to be addressed in a business code

of ethics required by the SEC?
a.
b.
c.
d.
e.

Conflicts of interest
Full and Fair Disclosures
Legal Compliance
Internal Reporting of Code Violations
All of the above are issues to be addressed

ANS: E PTS: 1
1
2

21. Operations fraud includes

ANS: B PTS: 1

22. Computer fraud can take on many forms, including each of the
following except
ANS: D PTS: 1
23. What does the underlying assumption of reasonable assurance
regarding implementation of internal control mean?
a. Auditors are reasonably assured that fraud has not occurred in
the period.
b. Auditors are reasonably assured that employee carelessness can
weaken an internal control structure.

4
5
6
7
a.
b.
c.
d.

altering program logic to cause the application to process data incorrectly

misusing the firms computer resources
destroying or corrupting a programs logic using a computer virus
creating illegal programs that can access data files to alter, delete, or

insert values
a.
b.
c.
d.

theft or illegal use of computer-readable information

theft, misuse, or misappropriation of computer equipment
theft, misuse, or misappropriation of assets by altering computerreadable records and files
theft, misuse, or misappropriation of printer supplies

c. Implementation of the control procedure should not have a

significant adverse effect on efficiency or profitability.
d. Management assertions about control effectiveness should provide
auditors with reasonable
assurance.
ANS: C PTS: 1
24. The importance to the accounting profession of the Sarbanes-Oxley Act
of 2002 is that
1 a. bribery will be eliminated.
2 b. management will not be able to override the companys internal
controls.
3 c. firms are required to have an effective internal control system.
4 d. firms will not be exposed to lawsuits.
SHORTANSWER
1. What are the main issues to be addressed in a business code of ethics
required by the SEC?
ANS: Conflicts of interest, Full and Fair Disclosures, Legal Compliance, Internal
Reporting of Code Violations, Accountability
PTS: 1
2. What are the five conditions necessary for an act to be considered fraudulent?
ANS:
false representation, material fact, intent, justifiable reliance, and injury or loss
PTS: 1

3. What is the objective of SAS 99?

ANS:The objective of SAS 99 is to seamlessly blend the auditors consideration of
fraud into all phases of the audit process.

PTS: 1
4. Distinguish between exposure and risk.
ANS:Exposure is the absence or weakness of a control which increases the firms
risk of financial loss or injury. Risk is the probability of incurring such a loss or injury.
PTS: 1
5. Explain the characteristics of management fraud.
ANS:Management fraud typically occurs at levels above where the internal control
system is effective.Financial statements are frequently modified to make the firm
appear more healthy than it actually is.If any misappropriation of assets occurs, it
is usually well hidden.
PTS: 1

6. __________________________ are intentional mistakes while

__________________________ are unintentional mistakes.
ANS:
Irregularities, Errors
PTS: 1
7. The text discusses many questions about personal traits of executives
which might help uncover fraudulent activity. What are three?
ANS: executives: with high personal debt, living beyond their means, engaged in
habitual gambling, appear to abuse alcohol or drugs, appear to lack personal codes
of ethics, appear to be unstable, close associations with suppliers
PTS: 1
8. Give two examples of employee fraud and explain how the theft might occur.
ANS:Charges to expense accounts: Cash could be stolen and charged to a
miscellaneous expense account. Once the account is closed, detection would be
more difficult.
Lapping: This involves converting cash receipts to personal use. If a customers
check is taken, his/her balance will not reflect a payment and will be detected when
a statement is sent. In order to concealthis fraud, a later payment is used to cover
the stolen check. This is in effect a small scale Ponzischeme.

PTS: 1
9. What are the six broad classes of physical control activities
defined by SAS 78?
ANS:Transaction authorization, segregation of duties, supervision, access controls,
accounting records, independent verification
PTS: 1

10. Explain the pass through fraud.

ANS:
The perpetrator creates a false vendor and issues purchases orders to it for
inventory or supplies. The false vendor then purchases the needed inventory
from a legitimate vendor. The false vendor charges the victim company a much
higher than market price for the items, but pays only the market price to the
legitimate vendor. The difference is the profit that the perpetrator pockets.
11. Explain the Pay and Return scheme.
ANS:
A pay-and-return scheme involves a clerk with check-writing authority who
pays a vendor twice for the same products (inventory or supplies) received. The
vendor, recognizing that its customer made a double payment, issues a
reimbursement to the victim company. The clerk intercepts and cashes the
reimbursement check.
12. What is check tampering?
ANS:Check tampering involves forging or changing in some material way a
check that the
organization has written to a legitimate payee. One example of this is an employee
who steals an outgoing check to a vendor, forges the payees signature, and
cashes the check. A variation on this is an employee who steals blank checks from
the victim company makes them out to himself or an accomplice.
13. What is program fraud?
ANS:Program fraud involves making unauthorized changes to parts of a program for
the purpose of committing an illegal act.
PTS: 1
14. Explain the shell company fraud.
ANS:

A shell company fraud first requires that the perpetrator establish a false
supplier on the books of the victim company. The fraudster then manufactures
false purchase orders, receiving reports, and invoices in the name of the vendor
and submits them to the accounting system, which creates the allusion of a
legitimate transaction. Based on these documents, the system will set up an
account payable and ultimately issue a check to the false supplier (the fraudster).
15. Name three forms of computer fraud.
ANS:
Computer fraud includes:
The theft, misuse, or misappropriation of assets by altering computer-readable
records and files.
The theft, misuse, or misappropriation of assets by altering the logic of
computer software.
The theft or illegal use of computer-readable information.
The theft, corruption, illegal copying, or intentional destruction of computer
software.
The theft, misuse, or misappropriation of computer hardware.
PTS: 1
16. Name three types of program fraud.
ANS:

Program fraud includes:

(1) creating illegal programs that can access data files to alter, delete, or
insert values into accounting records;
1 (2) destroying or corrupting a programs logic using a computer virus; or
2 (3) altering program logic to cause the application to process data
incorrectly.
PTS: 1
17. Define operational fraud.
ANS:

Operations fraud is the misuse or theft of the firms computer resources.

This often involves using the computer to conduct personal business.
PTS: 1
18. Define database management fraud.
ANS:

Database management fraud includes altering, deleting, corrupting,

destroying, or stealing an organizations data.
PTS: 1

1. 19.
What is scavenging? ANS:
2. Scavenging involves searching through the trash of the computer center
for discarded output. PTS: 1

As a form of computer fraud, what is eavesdropping? ANS:

Eavesdropping involves listening to output transmissions over

telecommunications lines. PTS: 1

ESSAY
1. What fraud detection responsibilities (if any) are imposed on auditors by
the Sarbanes-Oxley Act?
ANS: Standard No. 2 places responsibility on auditors to detect fraudulent activity.
The standard emphasizes the importance of controls designed to prevent or detect
fraud that could lead to material misstatement of the financial statements.
Management is responsible for implementing such controls and auditors are
expressly required to test them.
PTS: 1
2.

Contrast management fraud with employee fraud.

ANS:Employee fraud is usually designed to directly convert cash or other assets to

the employees personalbenefit.
Management fraud involves less of a direct benefit to the perpetrator.
Management fraud may involvean attempt to misstate financial performance in
order to gain additional compensation or to earn apromotion. Management fraud
may also involve an attempt to misstate financial performance in order to increase
the price of the companys stock or to reduce the cost of debt. Management fraud
is moreinsidious than employee fraud because it often escapes detection until the
organization has suffered irreparable damage or loss. Management fraud usually
does not involve the direct theft of assets.
PTS: 1
3. Why are the computer ethics issues of privacy, security, and property
ownership of interest to accountants?
ANS:Privacy is a concern because the nature of computer data files makes it
possible for unauthorized individuals to obtain information without it being
recognized as missing from its original location.
Security is a concern because its absence makes control from a privacy
viewpoint questionable. In addition lack of security may permit unauthorized
changes to data, therefore distorting information that is reported.
Property ownership raises issues of legitimacy of organizational software,
valuation of assets, and questions of lost revenues.

PTS: 1

4. According to common law, there are five conditions that must be present
for an act to be deemed fraudulent. Name and explain each.
ANS:In order for an act to be deemed fraudulent under common law, it must
possess the following characteristics:false representation, meaning some
misrepresentation or omission must have occurred,material facts, meaning that the
facts must influence someones actions,intent, meaning there must have been the
intention to deceive others,justifiable reliance, meaning it did affect someones
decision, andinjury or loss must have occurred.
PTS: 1
5. Management fraud is regarded as more serious than employee fraud.
Three special characteristics have been discussed for management fraud. What
are they? Explain.
ANS:Management fraud is more insidious than employee fraud because it often
escapes detection until theorganization has suffered irreparable damage or loss.It
usually occurs at levels above the normal internal control system.There is typically
an intent to present a better picture of the business than is valid, often to
deceivecreditors and/or shareholders.If assets are misappropriated, the route is
quite devious involving a maze of business transactions.
PTS: 1
6. Four principal types of corruption are discussed. Name all four and
explain at least two.
ANS:Corruption involves an executive, manager, or employee of a business working
in collusion with an outsider. The four principal types of corruption are: bribery,
illegal gratuities, conflicts of interest, and economic extortion.
Bribery involves giving, offering, soliciting, or receiving things of value to influence
an official in theperformance of his or her lawful duties.
An illegal gratuity involves giving. receiving, offering, or soliciting something of
value because of an official act that has been taken.
A conflict of interest occurs when an employee acts on behalf of a third party
during the discharge of his or her duties or has self-interest in the activity being
performed.
Economic extortion is the use (or threat) of force (including economic sanctions)
by an individual or organization to obtain something of value.
PTS: 1
7. Misappropriation of assets can involve various schemes: expense

reimbursement fraud, lapping, and payroll fraud. Explain each and give an
example.
ANS:Expense reimbursement fraud involve fictitious charges to such accounts as
miscellaneous expenseto offset theft of an asset. Because the expense account is
closed to revenue at the end of the period, the period in which it could be detected
is short.
Lapping is a technique whereby an early theft is covered up by a later one, i.e.,
with the moveslapping over each other. The simplest example involves taking a
customers payment. A later payment is then credited to the first customers
account, not the second. And on it goes. This requiressome control over billing to
avoid tipping off the last customer.
Payroll fraud is the distribution of fraudulent paychecks to existent and/or
nonexistent employees.PTS: 1
8. Distinguish between skimming and cash larceny. Give an example of each
ANS: Skimming involves stealing cash from an organization before it is

recorded on the organiza-tions books and records. One example of

skimming is an employee who accepts payment from a customer but does
not record the sale. Another example is mail room fraud in which an
employee opening the mail steals a customers check and destroys the
associated remit-tance advice.
Cash larceny involves schemes in which cash receipts are stolen from an
organization after they have been recorded in the organizations books and
records. An example of this is lapping, in which the cash receipts clerk first
steals and cashes a check from Customer A. To
conceal the accounting imbalance caused by the loss of the asset, Customer
As account is not credited. Later (the next billing period), the employee
uses a check received from Customer B and applies it to Customer As
account. Funds received in the next period from Customer C are then
applied to the account of Customer B, and so on
PTS: 1
9. Explain why collusion between employees and management in the
commission of a fraud is difficult to both prevent and detect.
ANS: Collusion among employees in the commission of a fraud is difficult to both
prevent and detect. This is particularly true when the collusion is between
managers and their subordinate employees. Manage-ment plays a key role in the
internal control structure of an organization. They are relied upon to prevent and
detect fraud among their subordinates. When they participate in fraud with the
employees over whom they are supposed to provide oversight, the organizations
control structure is weakened, or completely circumvented, and the company
becomes more vulnerable to losses.
PTS: 1

10. Since all fraud involves some form of financial misstatement, how is
Fraudulent Statement fraud different?
ANS: Fraudulent statements are associated with management fraud. While all fraud
involves some form of financial misstatement, to meet the definition under this
class of fraud scheme, the statement itself must bring direct or indirect financial
benefit to the perpetrator. In other words, the statement is not simply a vehicle for
obscuring or covering a fraudulent act. For example, misstating the cash account
balance to cover the theft of cash does not fall under this class of fraud scheme. On
the other hand, understating liabilities to present a more favorable financial picture
of the organization to drive up stock prices does qualify.
PTS: 1
11. Explain the problems associated with lack of auditor independence.
ANS: Auditing firms who are also engaged by their clients to perform nonaccounting activities such as actuarial services, internal audit outsourcing services,
and consulting lack independence. They are essentially auditing their own work.
This risk is that as auditors they will not bring to managements attention detected
problems that may adversely affect their consulting fees. For example, Enrons
auditors Arthur Andersen were also their internal auditors and their
management consultants.
PTS: 1
12. Explain the problems associated with lack of director independence
ANS: Many boards of directors are comprised of individuals who are not
independent. Examples of lack of independence are directors who: have a personal
relationship by serving on the boards of other directors companies; have a business
trading relationship as key customers or suppliers of the company; have a financial
relationship as primary stockholders or have received personal loans from the
company; have an operational relationship as employees of the company.
PTS: 1
13. Explain the problems associated with Questionable Executive
Compensation Schemes
ANS: A survey by Thompson Financial revealed the strong belief that executives
have abused stock-based compensation. The consensus is that fewer stock options
should be offered than currently is the practice. Excessive use of short-term stock
options to compensate directors and executives may result in short term thinking
and strategies aimed at driving up stock prices at the expense of the firms longterm health. In extreme cases, financial statement misrepresentation has been the
vehicle to achieve the stock price needed to exercise the option.
PTS: 1
14. Explain the problems associated with inappropriate accounting practices.

ANS: The use of inappropriate accounting techniques is a characteristic common to

many financial statement fraud schemes. Enron made elaborate use of Special
Purpose Entities (SPE) to hide liabilities through off balance sheet accounting.
WorldCom management transferred transmission line costs from current expense
accounts to capital accounts. This allowed them to defer some operating expenses
and report higher earnings. Also, they reduced the book value of hard assets of MCI
by $3.4 billion and increased goodwill by the same amount. Had the assets been
left at book value, they would have been charged against earnings over four years.
Goodwill, on the other hand, was amortized over much longer period.
PTS: 1
15. Computer fraud is easiest at the data collection stage. Why?
ANS:Computer fraud is easiest at the data collection stage because much of what
occurs after the datacollection or input stage is not visible to human eyes. Once
entered, the system will presume that theinput is legitimate and will process it as
all others.
PTS: 1

16. Describe the factors that constitute the fraud triangle. Why is it important to
auditors?
ANS: The fraud triangle consists of three factors that contribute to or

are associated with manage-ment and employee fraud. These are:

1 (1) situational pressure, which includes personal or job related
stresses that could coerce an individual to act dishonestly;
2 (2) opportunity, which involves direct access to assets and/or access
to information that controls assets, and;
3 (3) ethics, which pertains to ones character and degree of moral
opposition to acts of dishonesty.
An individual with a high level of personal ethics, who is confronted by low
pressure and limited opportunity to commit fraud, is more likely to behave
honestly than one with weaker personal ethics, who is under high pressure
and exposed to greater fraud opportunities.
Research by forensic experts and academics has shown that the auditors
evaluation of fraud is enhanced when the fraud triangle factors are
considered.
PTS: 1
17. Distinguish between errors and irregularities. Which are of greatest concern to
auditors?

ANS: Errors are unintentional mistakes; while irregularities are intentional

misrepresentations to perpetrate a fraud or mislead users of financial statements.
Errors are a concern if they are numerous or sizable enough to cause the financial
statements to be materially misstated. All processes that involve human actions
are highly susceptible to human error. Computer processes are subject to program
errors, faulty systems operating procedures and system malfunction. Errors are
typically easier to uncover than misrepresentations, thus auditors typically are
more concerned about detecting all irregularities.
Also, under SAS No. 99 and Sarbanes-Oxley, auditors are specifically charged with
fraud detection. PTS: 1