COMMITTEE ON INFORMATION TECHNOLOGY

INSTITUTE OF CHARTERED ACCOUNTANTS OF INDIA

Certificate Course on Forensic Accounting & Fraud Detection

MODEL TEST PAPER -1

Total No. of Questions: 100

Total Marks: 100 Time Allowed: 1 Hour 40 Mins (i.e. 100 mins)

GENERAL INSTRUCTIONS

There is no negative marking

Answer all the 100 questions. All Questions carry equal marks and are compulsory.
Each question has four multiple choices for the answer. You are required to choose
only one Answer which according to you is most appropriate and/or correct.
Please do not write or mark on this question booklet.
The candidate should not turn or look at any other page, except this instruction page,
till the chief superintendent / invigilator announces to start.

OBJECTIVE TYPE QUESTIONS

(1×100)

1. Employee’s behavioral changes (alcohol, gambling) will come under which component
of Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
 D. Can’t Say
2. The purpose of the Red Flags Rule is:
A. To detect the warning signs – or “red flags” – of identity theft in day-to-day
operations
B. take steps to prevent the crime
C. Mitigate the damage it inflicts.
D. All of the above

3. The interrelationship among auditing, fraud examination, and financial forensics is:
A. Established and maintained by legal structures and justice processes
B. Constant even while social and cultural pressures are exerted on it
C. Cased on the SOX Act and SAS 99
E. Dynamic and changes over time

4. What is one of the primary differences between a Financial Statement auditor and a
Forensic Accountant?
A. Financial statement auditors are likely to follow leads suggested by
immaterial items whereas Forensic Accountants often must restrict their
efforts to searching for material misstatements.
B. Forensic Accountants are likely to follow leads suggested by immaterial
items whereas .financial statement auditors often must restrict their efforts
to searching for material misstatements
C. .Forensic Accountants must focus on specific legal areas that produce fraud
charges under the courts of law whereas financial statement auditors focus
their attention on the Generally Accepted Accounting Principles.
D. Forensic Accountants are likely to ask individuals to fix discrepancies found
in financial statements whereas financial statement auditors will fail a
corporations financial statement certification, therefore having
repercussions with the SEC.

5. Among the following which would be the red flags for payroll –
A. Overtime time charged during a slack period
B. Excessive or unjustified transactions
C. Large no. of Write- off of accounts
D. All of the above

6. If pressures and opportunities are high and personal integrity is low, the chance of
fraud is:
A. High
 B. Medium
C. Very Low
D. Low

7. Which is not a red flag among following:

A. Negative Cash flows
B. Significant sales to related parties
C. Sudden above-average profits for specific quarters
D. Paid dividend according to dividend payout ratio

8. At a minimum, professional skepticism:

A. is supportive of client’s claim of fraud
B. is a neutral but disciplined approach to detection and investigation
C. assumes that the management is dishonest and therefore must “pull every
loose thread” to find the evidence and fraud
D. assumes unquestioned loyalty by newer and younger employees

9. Which of the following techniques is most effective in preventing computer crime?

A. Backups
B. Digital forensic analysis
C. Using a firewall
D. None of the above

10. Which is not a red flag among following:

A. Negative Cash flows
B. Significant sales to related parties
C. Sudden above-average profits for specific quarters
D. Paid dividend according to dividend payout ratio

11. Which of the following types of organizations typically use Forensic Accountants?
A. Publicly held corporations.
B. Private/non-profit corporations.
C. Federal/State Agencies.
D. All of the above.

12. Which of the following is not a common type of fraud pressure?

A. Pressure to outsmart peers
B. Financial pressures
C. Work-related pressures
 D. Vices

13. Which of the following techniques is most effective in preventing computer crime?
A. Backups
B. Digital forensic analysis
C. Using a firewall
D. None of the above

14. In comparing management fraud with employee fraud, the auditor’s risk of failing to
discover the fraud is:
A. greater for management fraud because managers are inherently more
deceptive than employees
B. greater for management fraud because of management’s ability to override
existing internal controls
C. greater for employee fraud because of the higher crime rate among blue
collar workers
D. greater for employee fraud because of the larger number of employees in
the organization

15. ____ is the science of writing hidden messages I such a way that no one apart from th
sender and intended recipient even realizes there is a hidden message.
A. decryption
B. obfuscation
C. stenography
D. encryption

16. Why is it recommended not to put a password in your EnCase?

A. because you will secure your information
B. it’s to many steps
C. if you forget you are out of luck
D. it cannot be encrypted

17. All of the following are methods that organization can adopt to proactively
eliminate fraud opportunities EXCEPT:
A. Accurately identifying sources and measuring risks
B. Implementing appropriate preventative and detective controls
C. Creating widespread monitoring by employees
D. Eliminating protections for whistle blowers
18. Overstating revenues and understating liabilities and expenses typifies which of the
following fraud schemes?
A. Unconcealed larceny
B. Purchase and sales Skimming
C. Fraudulent statements
D. Schemes

19. From the statements below select the most correct.

A. Prevention and deterrence are typically more costly than attempting to
remediate a fraud that has already occurred.
B. Fraud deterrence refers to creating environments in which people are
prohibited from committing fraud.
C. Fraud detection refers to the process of preventing and discovering the
presence of fraud.
D. Prevention and deterrence are typically more cost beneficial than
attempting to remediate a fraud that has already occurred.

20. when working on computer forensics always work from of the evidence and never
from the original to prevent damage to the evidence.
A. Original hard drive
B. Live computer
C. Remote desktop
D. An image

21. Financial statement fraud is easiest to commit in organizations that:

A.have democratic leadership.
B.have a large internal audit department.
C.have a board of directors comprised primarily of outsiders.
D.have complex organizational structures.

22. Customer fraud includes all of the following EXCEPT:

A. Get something for nothing
B. Do not pay for goods purchased
C. Fraud perpetrated through collusion between buyers and vendors.
D. Deceive organization into giving them something they should not

23. What is the most cost-effective way to minimize the cost of fraud?
A. Prevention
B. Detection
 C. Investigation
D. Prosecution

24. The Fraud Exposure Rectangle includes:

A. Rationalization
B. perceived pressure
C. relationships with others
D. All of the choices are included in the Fraud Exposure Rectangle

25. Which of the following statements is most correct regarding errors and fraud?
A. An error is unintentional, whereas fraud is intentional.
B. Frauds occur more often than errors in financial statements.
C. Errors are always fraud and frauds are always errors.
D. Auditors have more responsibility for finding fraud than errors.

26. You are suppose to maintain three types of records. Which answer is not a record?
A. Chain of custody
B. Documentation of the crime scene
C. Searching the crime scene
D. Document your actions

27. Forensic Interviewing Techniques does not include

A. Investigation
B. Polygraph test
C. Physical Behaviour Analysis
D. Disk Imaging

28. When performing forensics work, which of the guidelines below should be followed?

i. You should make a copy of a suspect's drive and interact with the copy
instead of the original
ii. If you take the evidence home with you, carry it in a locked briefcase.
iii. You should only document those tests that provide information that can be
used in court.
iv. The location and use of the evidence from the point it was seized until the
moment it is shown in court must be known.
A. i and ii
B. i and iii
C. i and ii
D. All of above
29. Which financial ratio is not useful in detecting revenue-related fraud?
A. Gross profit margin ratio
B. Account receivable ratio
C. Asset turnover ratio
D. All of the above

30. Phishing attackers use –––––––––––––––––– to commit their crimes.

A. Email
B. SMS
C. Courier
D. Whatsapp

31. The possible profiles of a fraud perpetrator are

A. Very friendly, but self centered and egoistic
B. Unfriendly and an introvert
C. Surly and angry but good in work
D. Very slow in work that he/she is used to doing for years together

32. Steganography is
A. graph of sales to technological spending
B. the science of hiding information
C. graph of mails sent to mails received
D. the science of generating random passwords

33. Tools for imaging:

(a) Dossier
(b) Tableau
(c) Encase & FTK
(d) ACL

A. (a), (b) & (c) only

B. (b) & (c) only
C. (a) & (b) only
D. All of the above

34. most popular software forensic tools include all of the following except:
A. Forensics Autopsy
 B. QUICKEN
C. Forensics Toolkit
D. SMART

35. One very well-known software used for forensic analysis is .

A. IBM
B. Google
C. Encase
D. Forensic-ripper

36. Three conditions are necessary for a fraud to occur. These three conditions are:
A. need, dissatisfaction, and challenge
B. pressure, opportunity, and rationalization
C. no separation of duties, need, and no independent performance checks
D. challenge, motivation, and failure to enforce internal controls

37. If a company wishes to improve detection methods, they should do all of the following
except:
A. use forensic accountants
B. conduct frequent audits
C. encrypt data
D. all of the above improve detection of fraud

38. Refusal to take sick leave by employees will come under which component of Fraud
Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say

39. MS Excel has an Auditing Formula function known as :

A. Track Formula
B. Trace Dependents
C. Trace Formula
D. Track Reliability

40. A Forensic Auditor is not given any specific written mandate but a general consent to
investigate into a fraud for accounting manipulation in Customer accounts. After
 completion of work, a note on which of the following aspect should NOT be included in
a Forensic Audit Report
A. Objectives that the Forensic Auditor has perceived and pursued during the
course of the investigation.
B. Severe deficiencies in the internal control mechanism observed by him with
regard to Vendor accounts which has immaterial relevance to the subject
fraud
C. A recommendation for volume/ quantum of punishment to be reprimanded
to the erring accountant against whom the Forensic Auditor has an explicit
evidence.
D. A limiting condition where certain file of important document for a specific
period that was not made available to the Forensic Auditor despite several
requests.

41. Which of the following is not a required part of an Identity Theft Prevention Program?
A. Reasonable policies and procedures to identify potential “red flags”
B. A dedicated phone line for customers to call in identity theft reports.
C. Specific procedures to detect the “red flags” identified as potential threats.
D. A plan for regularly re-evaluating the program.

42. A Forensic Auditor is not given any specific written mandate but a general consent to
investigate into a fraud for accounting manipulation in Customer accounts. After
completion of work, a note on which of the following aspect should NOT be included in
a Forensic Audit Report
A. Objectives that the Forensic Auditor has perceived and pursued during the
course of the investigation.
B. Severe deficiencies in the internal control mechanism observed by him with
regard to Vendor accounts which has immaterial relevance to the subject
fraud
C. A recommendation for volume/ quantum of punishment to be reprimanded
to the erring accountant against whom the Forensic Auditor has an explicit
evidence.
D. A limiting condition where certain file of important document for a specific
period that was not made available to the Forensic Auditor despite several
requests.

43. A forensics lab will have dedicated areas for each of the following functions EXCEPT
_________.
A. forensics examination workspace
 B. a secured locker area
C. a continuing education training centre
D. well-stocked inventory

44. The journal of a forensics specialist or expert will contain entries that provide the
following functions EXCEPT _______.
A. the description of WHO did WHAT and WHEN
B. the results of the examination
C. any actions taken to examine the evidence
D. any theories that result from the examination

45. Weakness in internal control environment will lead which kind of fraud-
A. Employee Red Flag
B. Management Red Flag
C. General Red Flag
D. None of above

46. Which of the following is not an example of an antishoplifting technique?

A. “Scarecrooks”
B. “Anne Droid”
C. Trojan Horse
D. Ponzi scheme

47. Lack of segregation of duties in vulnerable area will come under which component of
Fraud Triangle?
A. Opportunity
B. Pressure
C. Rationality
D. Can’t Say

48. Suspicious” refers to which of the following:

A. Inconsistent signatures on file.
B. Driver’s license photo doesn’t match person.
C. Inability to recall mother’s maiden name.
D. Any and all of the above

49. Acquisition to ISO standard 27037, which of the following is an important factor in
data acquisition?
A. The DEFR’s Competency
 B. The DEFR’s skills in using the command lines
C. Use of validated tools
D. Condition at the acquisition setting

50. Computer forensics does not involves ….

A. Interpretation,
B. Preservation,
C. Delimitation
D. Documentation

51. Secretly recording a suspect’s interview will :

A. assist you as electronic notes since it is not possible to always make
comprehensive handwritten notes
B. assist you to confront the suspect later if he/she changes his/her stand or
denies certain information given earlier
C. assist you, to limited extent, to build up evidence against the suspect in a
court of law
D. all the above

52. In the context of forensics, data is most analogous to ________.

A. files and folders
B. information
C. digital evidence
D. bits

53. The use of _____________________ may be particularly valuable in cases of white- collar
crime.
A. Fingerprint examiners
B. Forensic photography
C. Forensic accountants
D. None of the above

54. Which of the following is a not a power under PMLA?

A. Confiscation
B. Abatement of crime
C. Search & Seizure
D. Arrest

55. Social engineering facilitates what type of computer fraud?

 A. Click fraud
B. Identity theft
C. Spoofing
D. Dictionary attacks

56. ……………………………... gives the expected frequencies of the digits in tabulated data.
A. Benford’s Law
B. Beneish Model
C. Relative Size Factor

57. While interviewing/interrogating an investigator should look for following outer

personality/attributes in a person to conclude him as a suspect or a non-suspect

I. Person’s dressing sense: the chances of the one being a suspect is more who
dresses shabbily than the one who dresses immaculately
II. Person’s Gender : the chances of the one being a suspect is more if he is a Male
than the one who is a Female
III. Other Characteristics like Race, Religion, Community, Color, Hierarchy, Age,
Height Weight, no of years of service etc
A. All (I), (II) and (III) above
B. Only (III) above
C. Both (I) and (II) above
D. None

58. The following firm is not involved in accounting scandals:

A. Enron
B. Larson and Toubro
C. Worldcom
D. Satyam
59. Weak internal controls in an organization will affect which of the following elements of
fraud?
A. Motive
B. Opportunity
C. Rationalization
D. None of the above

60. Financial statement auditors, under SAS 99, are required to make inquires about
possible fraudulent activity of all of the following parties except:
 A.bond holders.
B.audit committee members.
C.management.
D.internal auditors.

61. Accounts that can be manipulated in revenue fraud include all of the following except:
A. Accounts Receivable.
B. Inventory.
C. Sales Discounts.
D. Bad Debt Expense

62. MS Excel has an Auditing Formula function known as :

A. Track Formula
B. Trace Dependents
C. Trace Formula
D. Track Reliability

63. Which of the following statement related to Fraud Risk Assessment (FRA) is
INCORRECT:
A. Evaluate whether identified fraud risk controls are operating effectively.
B. It is a one-time activity, not required to be performed on periodic basis.
C. Identify and map existing preventive and detective controls to the
relevant fraud risk.
D. Identify and evaluate residual fraud risk resulting from ineffective or non-
existent controls.

64. After you have identified the red flags of ID Theft that you’re likely to come across in
your business, what do you do next?
A. Set up procedures to detect those red flags in your day-to-day operations.
B. Train all employees who will use the procedures.
C. Decide what actions to take when a red flag is detected.
D. All of the above

65. One of the key success driver of Data Analysis is the ability to keep shuffling between
the bird’s eye view (i.e macro overview) vis-à-vis the ant’s view (i.e micro view) of the
data. In that context, which of the following techniques are useful for Forensic Auditor
to get Bird’s Eyeview Or Macro overview of the Data

(i) Missing / Gap Analysis (ii) Stratification (iii) Isolated Outliers

(iv) Classification (v) Ageing Analysis (vi) Round Number Analysis
 A. (i), (ii) and (iii)
B. (i), (iii) and (iv)
C. (ii), (iv) and (vi)
D. (ii), (iv) and (v)

66. In the context of forensics, data is most analogous to ________.

A. files and folders
B. information
C. digital evidence
D. bits

67. ____________________ is a generic term which refers to all the legal and regulator aspects of
Internet and the World Wide Web
A. Cyber Law
B. Cyber Dyne
C. Cyber Café
D. Electronic Law

68. When was the first ever cybercrime recorded?

A. 1820 by Joseph-Marie Jacquard, a textile manufacturer in France
B. 1830 by Joseph-Marie Jacquard, a textile manufacturer in London
C. 1850 by Joseph-Marie Jacquard, a textile manufacturer in Roam
D. 1880 by Joseph-Marie Jacquard, a textile manufacturer in Japan

69. A system of checks and balances between management and all other interested parties
with the aim of producing an effective, efficient, and law-abiding corporation is known
as:
A. Corporate governance
B. Code of conduct
C. Transparency
D. Culture of compliance

70. Many indicators of fraud are circumstantial; that is, they can be caused by nonfraud
factors. This fact can make convicting someone of fraud difficult. Which of the
 following types of evidence would be most helpful in proving that someone committed
fraud?
A. Missing documentation.
B. Analytical relationships that don’t make sense.
C. A repeated pattern of similar fraudulent acts.
D. A general ledger that is out of balance.

71. All of the following are indicators of financial statement fraud except:
E. Unusually rapid growth of profitability.
F. Dependence on one or two products.
G. Large amounts of available cash.
H. Threat of a hostile takeover.

72. Disc imaging

I. bit stream duplicate
J. no alterations to original media
K. verify integrity
L. All of above

73. FTK's Known File Filter (KFF) can be used for which of the following purposes?

i. Filter known program files from view

ii. Calculate hash values of known files to evidence files.
iii. Filter out evidence that doesn't relate to your investigation.

Options :

M. I and ii
N. Ii and iii
O. I and iii
P. All of above

74. A ____ function is any well defined procedure or mathematical function for turning
some kind of data into a relatively small integer.
A. hash
B. metadata
C. encryption
D. decryption
75. Which of the following are strategies used to attempt to minimize piracy of software or
other intellectual property?
A. Encryption
B. Intellectual property laws
C. Legal copyrighting
D. All of the above

76. A denial of service attack occurs when the perpetrator:

A. sends e-mail bombs
B. eavesdrops
C. installs a logic time bomb
D. cracks a computer system

77. A fraud perpetrated by tricking a person into disclosing confidential information, such
as a password, is called
A. a Trojan horse
B. hacking
C. social engineering
D. scavenging

78. Which of the following is a method used to embezzle money a smallamount at a time
from many different accounts?
A. Data diddling
B. Pretexting
C. Spoofing
D. Salami technique

79. A challenge relating to Cyber-crimes is the collection of ____________________

A. electronic evidence
B. paper evidence
C. mechanical evidence
D. hardware evidence

80. Lie detector test does not include

A. Polygraph Test
B. Blood Group
C. Blood Pressure
D. Computer Analysis
81. the chronological documentation showing the seizure, custody, control, transfer,
analysis, and disposition of physical or electronic evidence

A. chain of custody
B. Documentary Evidence
C. Demonstrative evidence
D. None of these

82. You are suppose to maintain three types of records. Which answer is not a record?
A. Chain of custody
B. Documentation of the crime scene
C. Searching the crime scene
D. Document your actions

83. What is the best response of a forensic professional to an attorney who asks a
hypothetical question?
A. Provide the best answer possible given the evidence and appropriately
emphasis the hypothetical nature of the question.
B. Demonstrate anger and register a protest.
C. Refuse to answer the question.

84. Which of the following is least likely to be considered a financial reporting fraud
symptom, or red flag?
A. Grey directors.
B. Family relationships between directors or officers.
C. Large increases in accounts receivable with no increase in sales.
D. Size of the firm.

85. Customer fraud includes all of the following EXCEPT:

A. Get something for nothing
B. Do not pay for goods purchased
C. Fraud perpetrated through collusion between buyers and vendors.
D. Deceive organization into giving them something they should not

86. Which of the following is the indicator of deception while conducting Forensic
Interview
A. Quick, spontaneous answers
 B. Consistent strong denial
C. Direct, brief answers
D. Hesitant

87. Which of the following is NOT one of the major types of fraud classification schemes?
A. Employee embezzlement
B. Government fraud
C. Investment scams
D. Customer fraud

88. Which of the following is not a common type of fraud pressure?

A. Pressure to outsmart peers
B. Financial pressures
C. Work-related pressures
D. Vices
89. The Auditor’s Responsibilities Relating to fraud in an audit of Financial Statements
are specified in :

A. SA 240
B. SA 250
C. SA 300
D. SA 450
90. Which of the following is not a characteristic of computer viruses?
A. They can lie dormant for a time without doing damage
B. They can mutate which increases their ability to do damage
C. They can hinder system performance
D. They are easy to detect and destroy

91. Which of the following is not a type of external fraud?

A. Delivery of substandard goods at full price
B. Creating phony vendors
C. Phishing attacks
 D. Cheating on travel expense reports

92. Financial statement fraud is easiest to commit in organizations that:

A.have democratic leadership.
B.have a large internal audit department.
C.have a board of directors comprised primarily of outsiders.
D.have complex organizational structures

93. Accounts that can be manipulated in revenue fraud include all of the following except:

A. Accounts Receivable.
B. Inventory.
C. Sales Discounts.
D. Bad Debt Expense.

94. All of the following ratios are useful in detecting large revenue frauds except:

A. Gross profit margin.

B. Working capital turnover.
C. Accounts receivable turnover.
D. Current ratio.

95. The ratio that is computed by dividing the number of days in a period by the inventory
turnover ratio is:

A. accounts receivable turnover ratio.

B. inventory turnover ratio.
C. working capital turnover ratio.
D. number of days' sales in inventory.

96. According to the opportunity part of the fraud triangle, a person may do all of the
following acts except

A. Convert the theft or misrepresentation for personal gain

B. Control the fraud
C. Commit the fraud
 D. Conceal the fraud

97. The most common account(s) manipulated when perpetrating financial statement
fraud are:

A. Inventory
B. Expenses
C. Revenues
D. Accounts Payable

98. Which of the following is NOT a method that is used for identity theft?

A. Dumpster diving
B. Phishing
C. Shoulder surfing
D. Spamming

99. General financial statement fraud can be detected through

A. audit
B. Surprise audits /cash counts.
C. Data mining
D. All of the above

100. Which of the following is not a skill needed by a Forensic Accountant?

A. Auditing Skills.
B. Criminology.
C. Sociology
D. Information Technology