CFE – Fraud Prevention and Deterrence — Question 59

Which of the following is NOT a way that an organization's fraud risk assessment should be incorporated into the audit process?

Answer options

• A. It should be used to map existing controls to the moderate-to-high fraud risks identified
• B. It should be used to determine areas where the auditors can reduce their awareness of indicators of fraud.
• C. It should be used to deliver reports that incorporate the results of the auditors’ validation and testing of the fraud risk controls.
• D. It should be used to design audit procedures in a way that enables auditors to look for fraud in known areas of high risk.

Correct answer: D

Explanation

The correct answer is D because designing audit procedures to look for fraud in known high-risk areas is essential for an effective audit process. In contrast, options A, B, and C all reflect appropriate ways to use the fraud risk assessment, either for mapping controls, determining auditor awareness, or incorporating findings into reports.