38. What is the objective of a FRA (fraud risk assessment)? A. To provide an estimate of an organization's fraud losses B. To help an organization identify what makes it most vulnerable to fraud C. To establish the guilt or innocence of an employee suspected of committing fraud D. To assess the design and effectiveness of an organization's internal controls over financial reporting 39. Part of conducting an effective fraud risk assessment involves A. Being able to think like a fraudster B. Being able to act like a fraudster 40. Proactive fraud auditing comprises the following steps: A. Understand the business, identify risk exposures, list possible fraud symptoms, build a fraud program that looks for symptoms for each exposure, analyse results and investigate identified symptoms. B. Interview suspect, interview colleagues, search public records, interview former employees or unsuccessful vendors, and check personnel and company records. c. Compare statement balances from one period to the next, use key ratios, perform horizontal analvsis and perform vertical analysis. 41. The average organisation loses 5% of its annual turnover to fraud and corruption. A. True B. False 42. This hacking technique involves using unsuspecting and gullible users to provide information. A. Impersonation B. Social engineering C. Scavenging D. Network weaving 43. The most direct way of gaining access to a computer is to A. Use a Trojan horse B. Use an authorised person's password C. Use a trap door D. Use a logic bomb 44. Which of the following is NOT a basic element of computer fraud? A. Input B. Output C. Computer Instructions D. Data clustering.