Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CFE-Investigations

QuestionAnswer
common methods of obtaining documentary evidence oral consent of the subject/custodian
what is indented writing the impression a writing instrument leaves on sheets of paper underneath the sheet that contains the original writing
what is oblique-lighting method method used to discover the text of an indented writing by shining a bright beam of light at an oblique angle across the document to note shadows from indentations.
what is chain of custody process and a document that establishes that there has not been a material change or alteration to a piece of evidence by memorializing who has had possession of the item and what they have done with it.
purpose of maintaining the chain of custody to be able to effectively authenticate an item of evidence during litigation, if necessary
how should the chain of custody be documented by creating a memorandum of interview with the custodian of the records when the evidence is received.
what should be included when documenting the chain of custody what items were received, when they were received, from whom they were received, where they are maintained
what is an anachronism an item that appears to have existed or occurred at a time when it could not have existed or occurred (e.g. an account transaction that is backdated to before the account was opened.
what is simulated forgery a writing, usually a signature, prepared by carefully copying or tracing a model example of another person's writing
order questions should be asked during an interview as a general rule, questions should proceed from the general to the specific
what is rapport? a relationship marked by harmony, conformity, accord or affinity
what is free narrative? an orderly, continuous account of an event
what is double-negative question a question that has two forms of negation within a single clause
what is controlled answer technique a statement that can be used to simulate a desired answer or impression
what is a complex question a Question that consists of a series of interrelated questions
what are open questions questions worded in a manner that makes them difficult to answer with a yes or no.
what is meant by calibrating a witness process of observing an interviewee's behavior prior to posing critical questions
common nonverbal indicators of deception full body motions away from interviewer, physical responses (sweating),changes in use of illustrators, interruptions to the flow of speech, hands over mouth, manipulation of objects (a pencil),
more non verbal indicators body positioned in a fleeing position, crossing of arms, unnatural or casual reaction to evidence.
what is a leading question question that is framed in a way that evokes a specific reply from the respondent (e.e., a question that contains a suggested answer.)
what is chronological confusion respondent's tendency to confuse order of experiences
what is inferential confusion confusion and inaccuracies resulting from errors of inference
3 types of informational questions Open, leading, closed
what are extrinsic rewards? rewards interviewee receives that are not directly related to the interview experience: they cause the respondent to see the interview as a means to an end.
what is catharsis? process by which a person obtains a release from unpleasant emotional tensions betaking about the source of these tensions
what is meant by establishing the interview theme process of stating the purpose of the interview prior to serious questioning
objectives of closing questions reconfirming facts, gathering additional facts, closing the interview on a positive note
what are closed questions questions that deal with specifics and require a precise answer, such as yes or no.
what are assessment questions questions that seek to establish the credibility of the respondent
what are manipulators displacement activities that reduce nervousness
4 objectives of introductory questions provide an introduction, establish rapport, engender cooperation, observe reactions.
what is ritualistic conversation? a form of verbal behavior that has no real significance other than to provide security in interpersonal relations (e.g. Good Morning)
what is an inhibitor of communication any social-psychological barrier that impedes the flow of a conversation, such as an interview, by making the respondent unable or unwilling to provide the requested information
what is proxemic communication use of interpersonal space to convey meaning
what are illustrators Motions made primarily with the hands that demonstrate points when talking.
what are facilitators of communication socio-psychological forces that make conversations, including interviews, easier to accomplish
5 types of interview questions introductory, informational, admission-seeking, assessment, closing
what is paralinguistic communication use of volume, pitch, and voice quality to convey meaning
what is kinetic communication use of body movement to convey meaning
what is chronemic communication use of time in interpersonal relationships to convey meaning, attitudes and desires
what is pacing an interview that has the potential to bring about strong emotional reactions in the respondent
what is altruism? an individual's need to identify with a higher value beyond immediate self-interest
common verbal indicators of deception changes in speech patterns, repetition of question, comments regarding the interview, selective memory, oaths, answering with a question, overuse of respect, avoidance of emotive words, tolerant attitudes, feigned unconcern
3 general approaches for obtaining a verbal confession chronologically, by event, by transaction
points to include in signed statements voluntariness of the confession, willingness to cooperate, the confessor's intent, approximate dates, approximate amounts, approximate number of incidents, a confessor's moral excuse, confessor has read the statement, truthfulness of the statement
3 methods for halting a suspect's denial delays, repeated interruptions, reasoning
common themes used to establish rationalization during an interview unfair treatment, inadequate recognition, financial problems, aberration of conduct, family problems, accusers' actions, stress, revenge, depersonalizing the victim, minor moral infraction, altruism, genuine need
what is an alternative question question that is phrased in such a manner that the respondent is forced to choose between 2 answers that both imply guilt
what is a benchmark admission the first instance in which a suspect makes a culpable statement, often following an alternate question
what are admission-seeking questions inquiries designed to obtain a legal admission of wrongdoing
information to obtain during a verbal confession that the act was committed intentionally, facts only known to the confessor, motive for offense, when the offense was terminated, if others were involved, physical evidence, disposition of proceeds, locations of assets, specifics of each offense.
2 major types of covert operations undercover operations, surveillance operations
what is an undercover operation an operation in which evidence is directly sought from people involved in the offense through the use of disguise and deceit
what is surveillance operation an operation in which evidence about subject's activities is gathered using observation rather than direct interaction
what is qualified confidentiality a promise to maintain the confidentiality of a source's identity or other information where possible, but that still allows the fraud examiner to reveal such information to appropriate parties as necessary to the case.
what is unqualified confidentiality a promise to fully maintain the confidentiality of a source's identity or other information under any circumstances
information to document in a covert operation memorandum Info upon which the covert operation will be based, info that is expected to be gained from the operation, identities of suspects, if known, operatives under your care or control (use symbols for confidential sources)
what is entrapment
what is covert operation an investigation technique designed to obtain evidence by use of agents whose true role is undisclosed to the target
what is a confidential source source who furnishes information as a result of his occupation or profession and who has no culpability in the alleged offense
what is confidential informant source who has a direct or indirect involvement in the matter under investigation and who might be culpable
what are public records records kept by a governmental agency that may be accessed by the public
common uses of public records in a fraud examination to supply information about employees, suspects and witnesses, to corroborate or refute witness statements, to track stolen cash or assets, to recover fraud losses
what is pretexting impersonating someone else or making false or misleading statements to obtain, sell, or buy information about a person or organization
How did the Graham-Leach-Bliley Act affect pretexting? by prohibiting pretexting against financial institutions to protect customer information
valuable types of non-public records in fraud examinations banking/financial records, was returns and related documents, credit records, private phone records, personal health care records
information available through a city's building inspector office permit application information, building blueprints and plans, building inspector reports
What is the HIPPA privacy rule designed to protect? "Protected health information," or information relating to an individual's past, present, or future physical or mental health; payment for services; or health care operations.
primary function of the Privacy Act of 1974 to regulate the collection, maintenance, consumption, and distribution of individual's information that is maintained by federal agencies
what does the Freedom of Information Act govern Availability of governmental records to the general public
Primary function of the Right to Financial Privacy Act to prohibit financial institutions from disclosing customer information to the government without consent, legal order, or other exception
uses of external sources of information in fraud examinations to locate witnesses, to locate assets, to determine ownership of entities, to research a suspect's financial condition, to document a suspect's lifestyle and background
Where are a domestic corporation's articles of incorporation found? the secretary of state's office where the entity is incorporated
Primary function of the Fair Credit Reporting Act to regulate the dissemination of consumer information to third parties by credit reporting agencies
who maintains files on all active and closed lawsuits in a jurisdiction the court clerk of that jurisdiction
types of records maintained by the Securities and Exchange Commission (SEC) public records of corporations with stocks and securities sold to the public such as financial statements and identification of the entity's officers, directors, and major shareholders.
Information found in Uniform Commercial Code (UCC) filings name of the debtor or joint debtors, current address of the debtors, name of financial lender, type of collateral pledged as security, date of filing and continuations.
what self-regulatory organization oversees and maintains records of firms in the futures markets National Futures Association
Information available in the probate records of a deceased individual names of individuals with an interest in the estate, financial position of the deceased at time of death, dispersal of estate assets, names and addresses of heirs, value of property willed to heirs.
What is a Form 10-K an annual report that public companies regulated by the SEC must file: it contains the company's financial statements, ownership information, and other key business information
where will fictitious name or doing business as (DBA) records be found either in county or state records, depending on the jurisdiction
what is the deep Web )or invisible Web)? Web content that is not indexed by standard search engines
what is the historical web archived versions of Web pages that have since been updated or are no longer available on line.
which county records include information on real estate purchases real property records, proper records, tax assessor records.wha
what are social media (or networking) sites websites that use software to build online social networks for communities of people with shared interests
what are advanced search operators (or Boolean operators)? Symbols that help search engines better understand exactly what the user is looking for; they improve a search and return relevant results faster
what are meta-search engines Online search engines that send user requests to several other search engines and aggregate the results for display
what are search engines online programs that search websites and documents for specified keywords and return a list of sites and documents whee the keywords were found.
what is a credit header information in a credit report that gives basic information about a person to whom the credit report applies
what is a tax lien a legal hold or claim that a governmental entity places on a taxpayer's property (both real property and personal property) to secure the payment of taxes
What are Uniform Commercial code (UCC) filings? public records of secured transactions in which the debtor(s) owes a stated value to a secured party or parties.
what is data mining the science of searching large volumes of data for patterns
what is a tree map a type of heat map in which rectangular space is divided into regions, and then each region is divided again for each level in the hierarchy
what is link analysis a data analysis technique that creates visual representations of date (e.g. charts with lines showing connections) from multiple data sources.
what can link analysis be used to analyze movement of money, complex networks, trends and patterns in communications, indirect relationships, relationships with several degrees of separation
what is geospatial analysis? use of visual analytics to depict intersections between various types of data and their corresponding geographical locations
types of fraud risks geospatial analysis can be used to analyze potentially fraudulent insurance claims, bribery and corruption risks, accounts payable risks, travel and expense risks
what does the join function do combines fields from 2 sorted input files into a third file
what is the compliance verification function used for to determine whether company policies are met by employee transactions
what is the correlation function used for to determine the relationships between different variables in raw data
what does the date function do checks the differences in dates between 2 fields or enables an aging analysis
examples of fraud keywords related to the pressure to commit fraud deadline, quota, target, short, problem, concern
examples of fraud keywords related to the opportunity to commit fraud override, write off, recognize revenue, adjust, discount, reserve
examples of fraud keywords related to the rationalization of committing fraud reasonable, deserve, borrow, discover, temporary
what is textual analytics a method of using software to extract usable information from unstructured text data and analyze it to reveal patterns, sentiments, and relationships indicative of fraud
4 phases of the data analysis process planning phase, preparation phase, testing and interpretation phase, the post-analysis phase
4 steps of the planning phase of the data analysis process understand the data, articulate examination objectives, build a profile of potential frauds, determine whether predication exists
4 steps of the preparation phase of the data analysis process identify the relevant data, obtain the data, verify the data, cleans and normalize the data
tasks during the testing and interpretation phase of the data analysis process performing txts, analyzing results, addressing any false positives that result
tasks during the post-analysis phase of the data analysis process following up on identified anomalies, documenting findings in a report if necessary, monitoring the data
purpose of Benford's Law analysis to identify fabricated numbers by comparing the actual distribution of digits in a data set of natural numbers against the expected distribution of digits
What is Benford's Law? BL provides that the distribution of the digits in natural numbers is not random; instead, it follows a predictable pattern
What are the natural numbers for the purpose of a Benford's Law analysis? Numbers that are not ordered in a particular numbering scheme and are not human-generated or generated from a random number system, such as total sales figures and invoice amounts
what is a non-natural number for the purpose of a Benford's Law analysis any number that is arbitrarily determined or systematically designed to convey information, such as inventory prices and invoice numbers
what is duplicate testing used for to identify transactions with duplicate values in specified fields that should only contain unique values.
what is regression analysis used for to create a model relationship between a dependent number variable and 1 or more independent variables
what is multi-file processing used for to relate several files by defining relationships between multiple files, without the use of the join command
what is gap testing used for to identify missing items in a sequence or find sequences where none are expected to exist
what is structured data Data that consists of recognizable and predictable structures, such as what you would find in a database
what is unstructured data data that is not organized in a pre-determined structure, such as text-based data
what is graceful shutdown a method of shutting down a computer in which the user relies on the set of built -in processes that prepare a computer for shutdown
what is hard shutdown a shutdown occurring from power failure; it is performed by unplugging all power from the computer, including power cables
what is a peripheral device an auxiliary device that is connected to, but not part of, a host computer
common methods of detecting the use of steganography? (3 of 4)visual detection by looking for visual anomalies image files, audible detection by looking for audible anomalies in media files, statistical detection by determining whether statistical properties of files deviate from expected norm,
more methods of detecting the use of stenography (4 of 4) structural detection by looking for structural oddities that suggest manipulation
what is steganography? Process of hiding information within an apparently innocent file
what is encryption Procedures used to convert information using an algorithm (called a cipher) that makes information unreadable
what occurs during the image acquisition process in a digital forensic investigation a forensic image of a hard drive or other digital media is made and imaged to another hard disk drive or other media for forensic analysis
what is a forensic image an image or exact sector-by-sector, copy of a hard drive or other digital media
what is metadata data about data, such as a file's name, author, or creation date/time
what is an event log a data set containing records of events or transactions on a computer
what is a system log a type of event log that records events executed on an operating system, including miscellaneous events and those generated during system start-up, like hardware and controller failures
what is an application log a type of event log the records the events regarding access to application data
what happens during the analysis phase of a digital forensic investigation Specialized software is used to identify, extract, collect and store digital artifacts that will be used as evidence in an investigation
primary concern when analyzing digital evidence maintaining the integrity of the data at all times
4 requirements for digital evidence to be admissible in court relevant to an issue that is in dispute in the case, material, established as authentic, legally obtained
what happens during the processing phase of a digital forensic investigation identification of relevant information in collected data, segregation of duplicates and other information that is not relevant due to its type, origin or date
what is digital evidence information stored or transmitted in binary form that can be used to prove something
what are user-created files digital files created under a user's direction
what are computer-created files information generated by a computer's operating system
what is cloud storage a service model in which data is stored by a third party host and is accessible online
what is mobile phone forensics techniques used to gather data from smart phone so that the data will be admissible in court
information included on a wire transfer record amount of the transfer, date, name of sender or originator, routing number of the originating bank or financial institution, identity designated beneficiary or receiver of funds, routing # of recipient bank
what is direct approach to tracing financial transactions using the subject's books and records(or financial transaction records belonging to third parties) to analyze the relationship between a suspect's receipt and subsequent disposition of funds or assets
what is indirect approach to tracing financial transactions employing circumstantial evidence to analyze the relationship between a suspect's receipt and subsequent disposition of funds or assets
what is their comparative net-worth analysis)? Method for proving illicit income circumstantially by comparing a person's assets or expenses for a given period of time against known legitimate sources of income.
when should the net-worth method be used to trace assets when several of the subject's assets or liabilities have changed during the period under investigation, when the target's financial records are not available
Purpose of conducting a net-worth analysis to show that the subject's assets or expenditures for a given period exceed that which can be accounted for from known or admitted legitimate sources of income
what is letter rogatory a formal request by the courts of a county seeking judicial assistance from the courts of another county
what is mutual legal assistance (MLA)? a process by which countries request and provide assistance in criminal law enforcement matters
what is a signature card a document that is required to open a personal bank account
what is the bank deposit method of tracing illicit funds method of computing income by analyzing the subject's deposits to financial institutions, cancelled checks, and currency transactions and adjusting for non-income items
when should the bank deposit analysis method be used to trace assets when most of the subject's income is deposited, when the subject's books and records are unavailable, withheld, incomplete or maintained on a cash basis
when should the asset method be used to compute an individual's net worth when the subject is using his illicit funds to accumulate wealth and acquire assets, thus causing his net worth to increase from year to year
when should the expenditures method be used to compute an individual's net worth when the subject spends illicit income on consumables (such as travel and entertainment) that would not cause an increase in net worth
5 steps for developing an individual's financial profile Identify all significant assets held by the suspect, ID all significant liabilities, ID all income sources during the relevant time period, ID all significant expenses incurred during relevant period, analyze the collected information
what are loan proceeds? the net amount a lender disperses to a borrower under the terms of a loan agreement
what is asset tracing search for evidence showing what has happened to property, identifying the proceeds of property, and Identifying those who have handled or received property or the proceeds of property
what is net worth? the difference between assets and liabilities at a particular point in time
what are certified checks customer checks stamped with the paying bank's guarantee that the maker's signature is genuine and that there is enough money available in the holder's account to cover the amount to be paid
what is a trust a fiduciary relationship in which a person (the trustee) manages property for the benefit of another (the beneficiary)
what should the executive summary section of an examination report include? an overview of what was done during the examination process
what should the summary section of an examination report include a succinct summary of the fraud examination and its results.
what should the background section of an examination report include details about why the fraud examination was conducted
when should a party seeking prosecution submit the case to prosecutors after completing the fraud examination and the accompanying report
steps fraud examiners can take to enhance the chances that a prosecutor pursues a case obtain a legal and binding admission of guilt, obtain a commitment from the outset for the prosecutor to consider the case, pledge to help the prosecutor during the trial process, follow up regularly with prosecutor,
who should the examination report writer expect to possibly read the report? company insiders, attorneys, defendants and witnesses, press and media outlets, juries
what is a conclusion in the context of a fraud report an observation based on factual evidence
what is an opinion in the context of a fraud examination report a statement that calls for an interpretation of the facts
types of opinions allowed in fraud examination reports opinions regarding technical matters where the fraud examiner is qualified as an expert in the matter
what is a memorandum of interview a written record used to document each interview conducted during a fraud examination
how much of an interview's subject's testimony should be included in the examination report all statements and facts that are relevant to the examination
when should an interview be documented in a memorandum of interview ASAP after questioning -preferably on same day of the interview
basic reporting documents in an examination report memoranda, cover page, exhibits, documents or enclosures, forms, indexes, transmittal letter
what is a matrix used for in an examination report to show the relationship (for points of contact) between a # of parties in the form of a grid
4 characteristics of a well-written report Accuracy, clarity, impartiality and relevance, timeliness
what should the scope section of an examination report include a description of the range of issues reviewed during the examination process
what should the approach section of an examination report include? a description of the approach used to examine the fraud
what should the findings section of an examination report include a detailed description of the tasks performed and the team's findings
what should the impact section of an examination report include a description of the impact of any misconduct identified during the examination
what is a link-network diagram used for in an examination report to show the relationships between people, organizations, and events using different symbols to represent different entities.
What is a fraud examination? A process of resolving allegations of fraud from inception to disposition.
how should documents be organized during the collection stage of an examination? by transaction or by party
ways to access bank records held by financial institutions written consent from the accountholder court order (e.g. subpoenas at warrant)
what is a fraud response plan? A plan that outlines the actions an organization will take when suspicions of fraud have arisen
What is the fraud theory approach? An investigative approach in which the fraud examiner forms a hypothesis for theory) of what might have occurred and then tests the hypothesis to determine whether it is provable
What is a volatile interview An interview that has the potential to bring about strong emotional reactions in the respondent
What is predication The totality of circumstances that would lead a reasonable professionally, trained, and prudent individual to believe a fraud has occurred, is occurring, or will occur
what assumption must fraud examiners make about every fraud examination that every case will end in litigation
general order of witness interviews in fraud examiners neutral third-party witnesses, corroborative witnesses, co-conspirators, subject
4 tasks encompassed in the fraud examination process obtaining evidence, reporting, testifying, assisting in fraud detection and prevention
what is forensic accounting? the use of professional accounting skills in matters involving potential or actual civil or criminal litigation
4 steps of the fraud theory approach analyze the available data, create a hypothesis, test the hypothesis, refine and amend the hypothesis
how should documents be organized during the collection stage of an examination by transaction or by party
What is a key document file A file created during the document collection phase of an examination that allows easy access to the most relevant and important files in a case
Created by: Monatlo