CFE-Fraud-Prevention-and-Deterrence Certified Fraud Examiner - Fraud Prevention and Deterrence Exam Questions and Answers

Scope of Fraud Risk Assessment:

The fraud risk assessment team must consider various factors, including:

A. Incentive programs:Can create pressures that lead to fraud.

B. Management override of controls:A key risk for fraud occurring despite existing safeguards.

C. Risks to reputation:Fraud incidents can harm the organization's public image.

Comprehensive Discussion:

Considering all these factors ensures a thorough identification of inherent fraud risks.

Conclusion:The fraud risk assessment team should discuss all listed items.

Comprehensive and Detailed in Depth Explanation:

The G20/OECD Principles emphasize the importance of full disclosure, including timely, accurate, and transparent mechanisms to maintain investor confidence and market integrity. While they support the equal treatment of shareholders, not members of the governing body (rejecting B), and call for corporate—not government—governance responsibilities (rejecting C). Protecting management’s rights (A) is not a governance principle focus.

Understanding Fraud Risk Management Responses:

Risk mitigation refers to implementing controls or measures to reduce the likelihood or impact of a risk.

In this case, by implementing additional internal controls, management aims to mitigate the identified fraud risk.

Definition of Other Options:

A. Assuming the risk:This refers to accepting the risk without taking action to mitigate it. This is generally done when the risk is deemed tolerable.

C. Avoiding the risk:This involves changing business practices or ceasing activities to eliminate the risk entirely.

D. Transferring the risk:This occurs when the responsibility for the risk is shifted to another party, such as through insurance.

Conclusion:The described response clearly aligns with risk mitigation, as it focuses on reducing the risk through internal control measures.

The COSO definition of internal control is:

“A process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.”

This is the formal and widely accepted COSO definition.

The Treadway Commission emphasizes improving internal controls, which include strengthening the internal audit function. Providing adequate resources and authority to the internal audit function ensures that it operates independently and effectively, which is critical for preventing and detecting fraud. The internal audit function can evaluate financial reporting systems, detect irregularities, and provide valuable recommendations for improvement. This recommendation aligns with the goal of reducing fraud and ensuring reliable financial reporting.

​

=================

Corporate Governance in Multinational Corporations:

Multinational corporations must adhere to the legal, regulatory, and governance frameworks of each jurisdiction in which they operate. These frameworks may vary significantly across countries.

Why Other Options are Incorrect:

B:There is no Universal Corporate Governance Act applicable globally.

C:G20/OECD Principles provide guidelines but are not mandatory compliance requirements.

D:Operating in multiple jurisdictions increases governance complexity, but does not exempt corporations from compliance.

Why A is Correct:

It reflects the reality of multinational operations, where governance compliance must align with local laws and regulations​​.

References for All Questions:

ACFE and Treadway Commission fraud prevention guidelines​​.

ISSAI standards and international governance principles​​.

COSO framework and legal requirements for multinational corporations​​.

 CFE Ethical Responsibilities:

As per the ACFE Code of Professional Ethics, fraud examiners must ensure transparency in their professional conduct. They cannot promise confidentiality if the information must be disclosed to management or other authorities as part of the investigation.

 Why D is Correct:

Agreeing to confidentiality in this situation would breach ethical and legal obligations, especially if the information pertains to fraud or misconduct that the organization needs to address.

 Why Other Options are Incorrect:

A and B:Attempting to maintain confidentiality is misleading and unprofessional.

C:Taking the request directly to management without clarification could breach trust prematurely​​.

Routine activities theory identifies three main elements necessary for crime: a motivated offender, a suitable target, and the absence of capable guardians. The lack of accountability for misdeeds is not part of this theory, as it focuses on situational factors that facilitate criminal opportunities rather than broader social or institutional factors.

=================

Rational choice theory posits that criminal behavior is a result of deliberate decision-making. According to the ACFE manual:

“Rational choice theory assumes that individuals weigh the expected benefits of committing a crime against the possible consequences. If the perceived benefits outweigh the perceived risks, the individual may choose to offend.”

Comprehensive and Detailed in Depth Explanation:

A key element of vendor due diligence is ensuring that third-party vendors have robust ethics and compliance programs. This helps align values, mitigate fraud risks, and establish clear expectations. While audits and questionnaires are good practices, they are not always mandatory or feasible before engagement. Moreover, transparency in seeking vendor information (unlike in A) is a norm in legitimate vetting practices.

 Definition of Corporate Governance:

Corporate governance establishes the framework for decision-making and accountability within an organization. It includes roles, rights, and responsibilities of stakeholders such as the board, management, and shareholders.

 Why D is Correct:

The governance structure formalizes the distribution of roles and ensures clarity in accountability and oversight.

 Why Other Options are Incorrect:

A:Fraud risk management supports governance but is not its foundation.

B:Governance encompasses more than financial reporting accuracy.

C:Governance practices are essential even when owners are setting strategy​​.

Internal Audit Reporting Responsibilities:

Internal audit must maintain open communication with senior management and the board to ensure appropriate handling of fraud-related issues.

Establishing reporting protocols in advance ensures timely and consistent responses when fraud occurs.

Analysis of Other Options:

B. Periodic reporting is optional:Reporting fraud risks is a required responsibility.

C. Non-disclosure:Fails to fulfill the role of internal audit in governance and accountability.

D. No communication with the board:Misrepresents the internal audit's role in fraud oversight.

Conclusion:Discussing reporting protocols proactively with senior management and the board is the correct approach.

Integrity in Fraud Examination:

Integrity involves trustworthiness, ethical behavior, and transparency. Admitting errors is a critical part of maintaining professional integrity.

Why D is Correct:

Refusal to admit errors is inconsistent with the ethical and professional standards of fraud examination.

Why Other Options are True:

A, B, and C align with the principles of integrity, emphasizing honesty, ethics, and impartiality​​.

References for All Questions:

COSO Enterprise Risk Management Framework​​.

ACFE Code of Professional Ethics and fraud examination best practices​​.

Strategies for fraud prevention and detection from professional auditing standards​​.

Information, communication, and reporting involve the continual process of gathering and sharing relevant information across an organization to support decision-making and risk management. This ensures that all stakeholders are informed and that information flows effectively to enhance organizational performance.

=================

Impartiality in Fraud Risk Assessment:

As the lead on the fraud risk assessment, Glenda must maintain objectivity and avoid the appearance of bias.

Her history of disagreements with Bridgette creates a potential conflict of interest, which could compromise the assessment's credibility.

Why Option D is Correct:

Assigning the accounts receivable department's assessment to another individual eliminates the risk of perceived or actual bias.

Analysis of Other Options:

A. Confrontation:Not appropriate during a professional assessment.

B. Including disagreements:Personal conflicts should not influence risk evaluations.

C. Automatic high-risk designation:This lacks a factual basis and undermines objectivity.

Conclusion:Option D ensures objectivity and credibility in the fraud risk assessment.

Reporting Fraud Risk Assessment Results:

Reports should align with the organization's operational language to ensure comprehension by management and stakeholders.

Why A is Correct:

Using business-appropriate language ensures effective communication of findings and recommendations.

Why Other Options are Incorrect:

B:Comprehensive details may overwhelm the audience; only key findings are usually reported.

C:Reports should reflect objective analysis, not subjective perspectives​​.

 Theory of Differential Association:

This theory suggests that criminal behavior is learned through interaction with others, primarily within intimate groups.

Principles of the theory include:

Learning through communication.

Acquiring criminal knowledge similarly to other forms of learning.

 Why A is Incorrect:

General needs and values, such as poverty or desire for wealth, do not directly explain criminal behavior under this theory. Instead, the behavior is attributed to learned influences from others.

 Clarification of Other Options:

B, C, and D accurately reflect the principles of differential association​​.

Tips have consistently been the leading method for detecting occupational fraud, as confirmed by ACFE research:

“Figure 9 shows that the leading detection methods are tips, internal audit, and management review. This finding is not surprising as these have been the three most common means of detecting occupational fraud in every edition of the report since 2010.”

Simple organizational structures often suffer from lack of segregation of duties and fewer levels of oversight. According to the ACFE Manual:

“A simple or poorly designed structure can inhibit accountability and effective oversight. Lack of defined roles and responsibilities can increase the likelihood that fraud will go undetected.”

Diane Vaughan’s Research:

Vaughan highlights that linking employee performance goals with company goals can create undue pressure, fostering an environment where unethical behavior becomes rationalized.

Analysis of Other Options:

A. Diversity in hiring:Encourages broader perspectives and does not inherently lead to crime.

B. Rewarding challenges to the status quo:Promotes innovation and integrity, reducing crime risk.

Conclusion:Management’s linking of performance goals with company goals is the factor most associated with increased crime inclination.

Social Control Theory Overview:

This theory posits that individuals consider social and personal relationships when deciding whether to commit a crime. They reflect on the potential consequences of their actions on their relationships and social standing.

Application to the Scenario:

The question of "What will my spouse think?" aligns directly with social control theory, as it involves weighing personal consequences within a social context.

Analysis of Other Options:

B. Operant theory:Focuses on behavior modification through rewards and punishments.

C. Cognitive theory:Centers on thought processes and decision-making patterns.

D. Behavioral theory:Examines the external influences on behavior, not personal social relationships.

Conclusion:Social control theory best explains the scenario.

Purpose of Fraud Risk Assessment:

The goal is to identify vulnerabilities to fraud and implement preventive measures, not to wait for conclusive evidence of fraud before designating high-risk areas.

Proactive Identification:

High-risk areas are identified based on susceptibility to fraud (e.g., lack of controls, high cash transactions), even if no fraud has been detected. This approach allows organizations to act preemptively.

Improving Fraud Awareness:

Employee education and behavior monitoring are integral components of the assessment process to reduce fraud risks.

Incorrect Assumption in D:

Waiting for conclusive evidence contradicts the proactive nature of fraud risk assessment and undermines its preventative function​​.

References for All Questions:

ACFE Code of Professional Ethics​​.

Auditor Essentials on fraud prevention and deterrence principles​.

COSO and risk assessment frameworks in internal controls​​.

Internal Auditor's Role in Fraud Risk Management:

Internal auditors are not directly responsible for establishing or maintaining anti-fraud controls (Option D). This responsibility lies with management.

They are also not responsible for obtaining reasonable assurance that financial statements are free of fraud (Option A). This is the role of external auditors.

Oversight of management's fraud risk actions (Option B) is primarily a governance role, not the auditor's direct responsibility.

Internal auditors focus on identifying and assessing fraud risks, evaluating controls, and recommending further action when necessary.

Conclusion:Option C aligns with the internal auditor's responsibilities as per the standards outlined in the ACFE's fraud risk management framework.

General Approaches to Control Corporate Crime:

Common approaches include government intervention, consumer action, and voluntary corporate changes.

Financial institution funding is not typically listed as a direct control mechanism for corporate crime.

Analysis of Options:

B. Government intervention:Effective through regulation and enforcement.

C. Consumer action:Encourages ethical practices through market pressures.

D. Voluntary corporate changes:Demonstrates internal commitment to compliance.

Conclusion:Withdrawal of financial institution funding is not one of the recognized general approaches.

Comprehensive and Detailed in Depth Explanation:

Publicizing whistleblower policies both internally and externally demonstrates the organization’s commitment to transparency and ethical conduct. Best practices include clearly communicating the reporting process, available protections, and encouraging reporting by all employees without fear of retaliation. Including a list of all past misconduct is unnecessary (eliminating A), while emphasizing protections only for lower-level staff (D) or focusing on penalties (C) undermines the policy’s intent.

Professional Skepticism Defined:

Professional skepticism is an attitude that includes a questioning mind and a critical assessment of evidence. Fraud examiners must remain vigilant to indications of potential fraud throughout an engagement.

Consistent Application:

ACFE standards emphasize that skepticism should be applied consistently, even if initial findings do not indicate fraud, to avoid overlooking potential risks.

Why D is Correct:

Relaxing skepticism can lead to missed evidence or poor judgment, undermining the examination's effectiveness​​.

 Due Diligence in High-Corruption Risk Transactions:

When operating in high-risk environments, enhanced due diligence is critical. This includes evaluating payment methods, transaction patterns, and the customer's reputation.

 Why A is Correct:

Analyzing purchasing patterns and payment methods helps identify red flags such as unusual payment terms or volumes inconsistent with Green’s business profile.

 Why Other Options are Incorrect:

B: Due diligence is necessary regardless of payment terms.

C: Enhanced due diligence for high-risk countries does not constitute discrimination.

D: Ignoring due diligence poses significant compliance and reputational risks.

 References:

ACFE guidance on due diligence and anti-corruption practices in global commerce​​.

Five Components of COSO’s Internal Control Framework:

A. Control activities:Policies and procedures to ensure objectives are met.

C. Risk assessment:Identifying and analyzing risks.

D. Monitoring:Ongoing evaluation of control effectiveness.

Control environment:Includes the tone at the top and organizational ethics.

Information and communication:Facilitates the flow of relevant information.

Explanation of Ethical Culture:

While ethical culture is critical to the control environment, it is not one of the five standalone components of the framework.

Conclusion:Ethical culture is not a separate component but a part of the control environment.

Government auditors, like their private-sector counterparts, must adhere to International Standard on Auditing (ISA) 240, which provides guidance on the auditor’s responsibilities related to fraud. This standard applies to both private- and public-sector audits, emphasizing the importance of addressing risks of material misstatement due to fraud. Alicia must carefully evaluate fraud risks and incorporate relevant procedures, as mandated by ISA 240, ensuring a comprehensive audit approach.

​

=================

 Deterrence Theory in Criminology:

This theory posits that crime can be prevented by making the potential consequences severe enough to deter individuals from offending. It emphasizes the certainty, severity, and swiftness of punishment.

 Why A is Correct:

The threat of criminal sanctions is a cornerstone of deterrence theory, designed to reduce crime by increasing the perceived risks and consequences.

 References:

Criminological studies and fraud deterrence strategies emphasize the effectiveness of deterrence in reducing criminal behavior​​.

Responsibility for Anti-Fraud Program Effectiveness:

Management holds ultimate responsibility for designing, implementing, and maintaining an effective anti-fraud program.

Internal and external auditors, as well as compliance functions, provide oversight and recommendations but are not directly responsible for the program's effectiveness.

Conclusion:Management is ultimately accountable for ensuring the success of the anti-fraud program.

Understanding the ACFE Code of Professional Ethics:The ACFE Code of Professional Ethics requires Certified Fraud Examiners to demonstrate competence and due care in their professional services. Specifically:

Rule 2 states that CFEs must "perform all professional engagements with due diligence."

Rule 4 emphasizes that CFEs must "avoid conduct that discredits the profession or the Association."

Competence and Due Care:

Benjamin, despite his attendance at a seminar on money laundering, lacks the requisite expertise or experience in investigating complex money laundering cases. Accepting an engagement of this nature without possessing adequate training, knowledge, or resources indicates a failure to exercise due care.

The Code emphasizes the importance of competence, meaning professionals must decline engagements that exceed their expertise unless they involve qualified individuals or teams.

Violation Assessment:

By choosing to conduct the investigation alone, Benjamin disregards the ethical requirement to ensure competence and quality in professional work. This likely jeopardizes the investigation's integrity and results.

This conduct could lead to suboptimal outcomes, legal liabilities, and reputational harm, which discredit the profession, violating the ACFE ethical framework.

Conclusion:Benjamin's decision is a breach of the ACFE Code of Professional Ethics because he failed to ensure adequate preparation, skills, and resources for the engagement.

Rationalization in the Fraud Triangle:

Rationalization refers to the justification an individual uses to make fraudulent behavior acceptable in their mind.

In this case, Jody justifies his theft by believing the company owes him for his loyalty and hard work.

Why B is Correct:

Jody’s reasoning aligns with the rationalization leg of the fraud triangle, as he convinces himself his actions are justified.

Why Other Options are Incorrect:

A (Perceived non-shareable financial need):Involves financial pressure, not justification.

C (Perceived opportunity):Refers to the ability to commit fraud.

D (Lack of personal integrity):Reflects a broader ethical deficiency, not a specific rationalization​​.

 Auditor's Responsibility Under ISA Standards:

ISA 265 requires auditors to communicate significant deficiencies in internal control to those charged with governance in writing.

This ensures proper corrective actions are taken and maintains transparency in the audit process.

 Why B is Correct:

Written communication to governance authorities is the appropriate course of action to address control deficiencies without breaching confidentiality or overstepping regulatory boundaries.

 References:

ISA 265, “Communicating Deficiencies in Internal Control,” supports this approach​​.

COSO Definition of Internal Control:

COSO defines internal control as a process executed by an entity’s board, management, and personnel to provide reasonable assurance about achieving objectives in operations, reporting, and compliance.

Analysis of Options:

A. Corporate compliance:Corporate compliance focuses on adhering to laws and regulations, not the broader operational objectives.

B. Fraud risk management:This is a component of internal control, not its definition.

C. Risk assessment:This is a step within the internal control process but not the overarching process.

D. Internal control:Matches the COSO definition accurately.

Conclusion:Internal control is the correct answer as defined by COSO.

Risk assessment is a core component of the COSO Framework and focuses on identifying, analyzing, and evaluating risks that could affect the organization's objectives. Andrew's initiative to evaluate threats aligns with this component, as it involves understanding the potential risks and their impact on achieving the organization's goals.

=================

The ACFE has found that terminating the employee involved in fraud is the most common internal response to substantiated cases. While many fraud cases are handled internally without being referred to law enforcement, this is often due to concerns such as reputational damage or cost considerations rather than a lack of evidence.

Findings from the 2020 Report to the Nations:

Asset misappropriation:Most common form of occupational fraud (e.g., theft of cash or inventory). It is frequent but less costly.

Financial statement fraud:Most costly, involving significant manipulation of financial data.

Analysis of Options:

A. Asset misappropriation; corruption:Corruption is less costly than financial statement fraud.

B. Corruption, asset misappropriation:Incorrect order and does not match the costliest scheme.

C. Financial statement fraud; corruption:Incorrect pairing.

Conclusion:Asset misappropriation is most common, and financial statement fraud is most costly.

Comprehensive and Detailed in Depth Explanation:

Government auditors typically cannot unilaterally withdraw from an audit engagement, even in cases where fraud is identified. Public-sector audits often follow mandates from higher authorities or statutes that require the auditor to continue and report findings to oversight bodies. Additionally, fraud and abuse (including misconduct and misuse of assets) are relevant to government audits under ISSAIs, contrary to A and B. Option D is incorrect because public-sector audit objectives are often broader, encompassing compliance, performance, and integrity aspects.

Defining Fraud Risk Management Objectives:

Management should focus on tailoring objectives to the organization's needs, examining past fraud incidents, and balancing costs with benefits. Assigning a quantitative measure to risk appetite, while potentially useful, is not a requirement for effective fraud risk management.

Analysis of Options:

A. Examining previous frauds:This helps identify vulnerabilities and design controls.

B. Balancing costs and benefits:Essential to ensure the program's efficiency and feasibility.

D. Tailoring objectives:Necessary for aligning the program with organizational goals.

Conclusion:Option C is false because assigning a quantitative measure to risk appetite is not mandatory in defining fraud risk management objectives.

Detective controls are designed to identify fraud or errors that have already occurred. Continuous audit techniques serve as a detective control by automatically monitoring transactions and flagging anomalies or irregularities for further investigation. On the other hand, preventive controls such as separation of duties, background checks, and hiring policies aim to stop fraud before it happens.

=================

Findings from the 2020 Report to the Nations:

Tips are the most common method of detecting fraud, accounting for over 40% of detected cases.

Whistleblower hotlines and other reporting mechanisms are vital for obtaining tips.

Analysis of Other Options:

A. Internal audit:While effective, it is less common than tips.

B. Confession:Rarely the initial method of detection.

D. External audit:Detects fraud in a smaller percentage of cases.

Conclusion:Tips are the most common method of fraud detection according to the 2020 Report to the Nations.

 Fraud Prevention Methods:

Prevention strategies often focus on education, awareness, and robust controls rather than covert methods. While covert audits can detect fraud, they are not primarily preventive.

 Why D is False:

Covert audits are reactive and focused on identifying existing fraud, not preventing it.

 Why Other Options are True:

A, B, and C accurately describe key aspects of fraud prevention, such as the importance of perception of detection and the challenges of detecting fraud​​.

The “Review and Revision” component is focused on evaluating how ERM practices contribute to organizational value and adapting them accordingly.

“As part of its ERM activities, the organization should review how well the ERM capabilities and practices have increased value over time and how they will continue to drive value.”

Principles in the Fraud Risk Management Guide (COSO and ACFE):

Communicating expectations regarding fraud risk management.

Conducting comprehensive fraud risk assessments.

Implementing preventive and detective controls.

Monitoring and reporting the program’s effectiveness.

Analysis of Option D:

Fraud risk management requires ongoing evaluations, not one-time assessments, to adapt to evolving risks.

Conclusion:Option D is not included in the principles described in the Fraud Risk Management Guide.

Analysis of Each Option:

A. Green's conduct:Including unrelated deficiencies violates the principle of relevance and focus in reporting. It may lead to confusion or breach professional diligence.

B. Stephanie's conduct:Delegating tasks without oversight or review violates the ACFE Code's requirement for due diligence.

C. Susan's conduct:Failing to seek client authorization before disclosing records (even under a court order) breaches confidentiality provisions unless explicitly required by law.

Key Ethical Considerations:

CFEs must adhere to principles of confidentiality, diligence, and focus in their work.

Failing to follow these standards compromises the integrity and credibility of their practice.

Conclusion:All the described scenarios involve violations of the ACFE Code of Professional Ethics.

Effect of Documenting Organizational Hierarchies:

Properly documenting hierarchies improves fraud prevention by clarifying responsibilities, ensuring accountability, and establishing clear information flow.

This reduces ambiguity and limits opportunities for fraud.

Why the Statement is False:

Documenting and communicating hierarchies strengthens fraud prevention, rather than hindering it.

Conclusion:The statement is false because clear hierarchies enhance fraud prevention initiatives.

Differential Reinforcement Theory:

This theory suggests behavior is strengthened when positive rewards are gained or punishment is avoided, not weakened.

The premise is the opposite of what the statement claims.

Conclusion:The statement is incorrect because differential reinforcement strengthens, not weakens, behavior.

Comprehensive and Detailed in Depth Explanation:

The Treadway Commission emphasized strengthening the internal audit function as a key fraud deterrent. This includes ensuring auditors have adequate resources, authority, and independence to carry out their duties. While formal structures like audit committee charters are useful, the commission specifically focused on functional empowerment of internal audit.

Rational Choice Theory Overview:

This theory posits that individuals consciously weigh the benefits and risks of committing a crime and make calculated decisions to engage in criminal behavior if the perceived benefits outweigh the risks.

Deterrence Mechanism:

Crime can be deterred by reducing opportunities (e.g., strong internal controls) and increasing the likelihood of detection and punishment (e.g., effective monitoring systems).

Why Other Options are Incorrect:

A. Routine activities theory:Focuses on the convergence of motivated offenders, suitable targets, and lack of guardianship.

B. Differential association theory:Explains crime as learned behavior through interaction with others.

D. Social conflict theory:Suggests crime results from societal inequalities and power struggles.

Why C is Correct:

Rational choice theory explicitly addresses crime prevention through increased risks and reduced opportunities​​.

References for All Questions:

ACFE Fraud Examination Guide​​.

Criminological theories as applied to fraud prevention and deterrence​​.

Corporate governance frameworks and corruption-related risks​​.

Step by Step Comprehensive Detailed Explanation with All References:

Proactive Fraud Auditing:

Proactive fraud audit procedures aim to prevent and detect fraud before it escalates. Implementing these procedures signals to employees and stakeholders that fraud will not be tolerated.

Such actions align with creating a strong anti-fraud culture within the organization.

Examples of Proactive Fraud Audits:

Surprise audits, continuous monitoring, and analytical procedures identify discrepancies and potential fraud risks.

Fraud prevention and deterrence are enhanced through consistent implementation.

Effectiveness and Prevention:

Unlike reactive measures, proactive approaches demonstrate an organization’s commitment to maintaining integrity and ethical standards​​.

Management is ultimately responsible for ensuring the effectiveness of the organization’s anti-fraudprogram. They set the tone at the top, establish internal controls, and ensure that the necessary resources and oversight mechanisms are in place to prevent and detect fraud. Other stakeholders, such as auditors and compliance officers, provide support but do not bear ultimate responsibility.

=================

According to ISA 240, the auditor is required to communicate identified fraud involving management to those charged with governance.

“When fraud involving senior management is identified or suspected, the auditor shall communicate these findings directly to those charged with governance.”

 Criminogenic Nature of Organizations:

Research suggests that organizational culture and pressures can override an individual's personal values, especially when authority figures issue direct orders to engage in unethical behavior.

 Why B is Correct:

Strong personal values do not guarantee resistance to unethical orders, as obedience to authority is a powerful psychological force, as seen in studies like the Milgram experiment​​.

 Implication for Fraud Prevention:

Organizations must establish strong ethical environments to reduce the influence of authority pressure on employees