Copyright © KAYLIN 2024/2025 ACADEMIC YEAR. ALL RIGHTS RESERVED FIRST PUBLISH NOVEMBER, 2024
CFE Exam Study Guide Solutions
Falsified Hours & Salary Schemes - ANSWER✔✔-The most common method of misappropriating funds
from the payroll is the overpayment of wages. For hourly employees, the size of a paycheck is based on
two factors: the number of hours worked and the rate of pay. Therefore, for hourly employees to
fraudulently increase the size of their paycheck, they must either falsify the number of hours they have
worked or change their wage rate.
Common ways to commit a falsified hours and salary scheme - ANSWER✔✔-1) Inflating the number of
hours worked
2) Inflating the rate of pay
3) Forging a supervisor's signature
4) Collusion with a supervisor
5) Implementing poor custody procedures
6) Altering a timesheet after it has been approved
Fictitious Provider Scheme - ANSWER✔✔-Corrupt providers or other criminals fraudulently obtain and
use another provider's identification information and steal or purchase lists of patients' identifying
information. Thereafter, the perpetrator submits bills using the fictitious provider's information to the
insurance provider or government health care program for medical services, although no services are
performed.
Copyright ©Stuvia International BV 2010-2024 Page 1/84
,Copyright © KAYLIN 2024/2025 ACADEMIC YEAR. ALL RIGHTS RESERVED FIRST PUBLISH NOVEMBER, 2024
Address Similarity Reports - ANSWER✔✔-electronically compare multiple payments going to the same
address. These reports are extremely useful because they might show a payment defalcation or funds
going to another insurance company, broker, or fictitious payee.
Bad Debt Expense - ANSWER✔✔-Managers can overstate their company's accounts receivable balance
by failing to record bad debt expense. Bad debt expense is recorded to account for any uncollectible
accounts receivable. The debit side of the entry increases bad debt expense, and the credit side of the
entry increases the allowance (or provision) for doubtful accounts, which is a contra account that is
recorded against accounts receivable. Therefore, if the controller fails to record bad debt expense, the
allowance (or provision) for doubtful accounts will be understated.
Systems for safeguarding sensitive and proprietary information should include: - ANSWER✔✔-* Task
force
* Security risk assessments
* Security policies and procedures
* Awareness training
* Nondisclosure agreements
* Noncompetition agreements
* Data classification
* Data retention and destruction policies
* Data minimization
* Security controls
Copyright ©Stuvia International BV 2010-2024 Page 2/84
,Copyright © KAYLIN 2024/2025 ACADEMIC YEAR. ALL RIGHTS RESERVED FIRST PUBLISH NOVEMBER, 2024
* Measures to guard manual file systems
* Monitoring of visitor access
* Quiet room
* Incident response plan
The failure to include any of these measures is a poor information security practice that can contribute
to the loss of proprietary information.
To prevent the loss or misuse of sensitive data or proprietary information, organizations should . . . -
ANSWER✔✔-develop and implement risk-based information-security systems designed to detect and
prevent unauthorized access to sensitive information. An information security system requires controls
that are designed to ensure that data are used as intended, and such controls will depend on the
combination and coordination of people, processes, technologies, and other resources.
Off-book fraud - ANSWER✔✔-A fraud that occurs outside the financial system and therefore has no
direct audit trail. There are several kinds of off-book frauds that will be discussed in this book. Skimming
is the most common off-book fraud.
Skimming - ANSWER✔✔-The removal of cash from a victim entity prior to its entry in an accounting
system. Employees who skim from their companies steal sales or receivables before they are recorded in
the company books. Because of this aspect of their nature, skimming schemes are known as off-book
frauds; they leave no direct audit trail
DRG creep - ANSWER✔✔-occurs when a hospital or other medical institution deliberately and
systematically manipulates diagnostic and procedural codes to increase reimbursement amounts or
Copyright ©Stuvia International BV 2010-2024 Page 3/84
, Copyright © KAYLIN 2024/2025 ACADEMIC YEAR. ALL RIGHTS RESERVED FIRST PUBLISH NOVEMBER, 2024
other forms of funding. In other words, DRG creep is an intentional pattern of upcoding by a hospital or
other medical institution.
smartcard - ANSWER✔✔-a plastic card, the size of a credit or debit card, embedded with a microchip. A
key advantage of smart cards is that, unlike regular magnetic stripe credit and debit cards, they cannot
be easily replicated. Similarly, smart cards cannot be easily counterfeited, which greatly reduces the
potential for fraud with in-person transactions. Smart cards include a wide variety of hardware and
software features capable of detecting and reacting to tampering attempts and countering possible
attacks. If someone tries to tamper with a chip on a smart card, the card detects the intrusion and shuts
itself down, rendering the card useless.
Steps individuals can take to protect their personal information and prevent identity theft - ANSWER✔✔-
* Do not give out government identification numbers unless absolutely necessary.
* Do not carry government identification cards (or numbers) in purses or wallets.
* Create complex passwords or passphrases that are at least eight characters in length and contain
upper- and lowercase letters, numbers, and symbols.
* Do not reuse passwords. Use a different password for every website, account, or device.
* Never send personal information, such as a password or government identification number, via email.
Reputable organizations will not request personal information by email.
* When available, use biometric authentication (e.g., fingerprints, voice recognition).
* Create unique answers for security questions. Do not choose answers containing personal information
that is publicly available (e.g., name of high school, mother's maiden name).
Copyright ©Stuvia International BV 2010-2024 Page 4/84
