Multiple Choice Questions
1. What is the source of much information known about employee fraud?
a. Police reports.
b. Criminal court cases.
c. Isolated anecdotal cases.
Correct. Employee fraud is often not reported to authorities, and most cases aren’t prosecuted in court.
d. None of the above.

2. Which of the following is true of good internal control?
a. Prevents most employee frauds.
b. Prevents some employee frauds.
Correct. Internal control seeks to balance the costs of fraud against the costs of implementing controls. It is not generally cost efficient to prevent all frauds.
c. Cannot be expected to prevent employee fraud.
d. None of the above.

3. A company has discovered an embezzlement of $2,500. After investigating the theft, the internal auditor is believes that the perpetrator is one of four employees. None of them will confess or implicate anyone. In this case, the company is most likely to find the perpetrator by doing which of the following?
a. Going to the police who can subpoena employee bank accounts and phone records.
Correct. Given that a definite fraud has been discovered, the police may be willing to investigate the case.
b. Hiring a forensic accountant who might find something that the internal auditor missed.
A forensic accountant could easily cost more than the loss. If the police investigate, they won’t change anything.
c. Hiring a private detective to catch the embezzler in the act.
Again, the police would investigate for free, if they take the case.
d. Adding secret surveillance to catch the embezzler in the act.
This might be helpful if the fraud is ongoing.

4. In an unsophisticated company, which is more likely to be true about the electronic hijacking of an employee’s internal account?
a. It is about as difficult to prove as in cases of fraud in manual systems.
Manual systems can provide handwriting and fingerprint evidence. Such evidence is not generally available in electronic systems.
b. It is easily proved by login records.
Login records only show which account was used for the attack. They don’t provide evidence of the person who accessed the account that was used for the attack.
c. It is never proved with operating-system logs.
Operating system logs might show the network address of the attacker, which might be traceable to a specific computer that is exclusively controlled by the attacker.
d. It is not easily proved without a confession.
Correct. In many cases there is no hard evidence to definitively link an attacker to the attack.

5. What percent of employees have been found to be fundamentally honest?
a. 10 to 15 percent.
Correct. Research has shown that about 10 percent to 15 percent of employees are fundamentally dishonest and are likely to steal from the company if given the opportunity. About 66 percent of employees are likely to steal under the right circumstances, such as when under pressure, or when “everyone is doing it,” and the opportunity exists. In contrast, about 20 percent to 25 percent of employees are fundamentally honest and are unlikely to steal under any circumstances.
b. 20 to 25 percent.
c. About 66 percent.
d. About 50 percent.