This is the expert-level fraud control certification for fraud control professionals with at least five years of qualified experience. One of your primary responsibilities is protecting the organization from suffering losses and business disruption resulting from internal occupational fraud and abuse. Your experience in the field is an important component of your value to an employer. As a designated leader of fraud prevention, detection, and investigation processes, your employer counts on you to mitigate fraud risk throughout the enterprise. You have at least five years fraud control related experience, but experience just isn’t enough. Employers need something quantifiable and verifiable to show them you have the expertise they need, and you want to establish occupational identity with a respected certification in internal fraud risk prevention and mitigation. Earning the CFCM™ certification will give you the credential and proof of expertise today's employers require.

Upon completion of this training and certificate program, you will:

• be equipped with knowledge and skills required to prevent, detect, and investigate potential occupational fraud and abuse;
• expand your fraud control competency;
• increase your credibility through gaining international recognition; and
• improve your résumé and help to increase your earning potential.

Get trained and certified in preventing, detecting, and investigating fraud

In a world fraught with personal and corporate financial insecurity, the need for skilled and knowledgeable fraud-control professionals has never been greater. As profits drop and budgets tighten, many internal managers and even officers feel forced to become "creative" with internal accounts. Employees and management alike now face multiple layoffs - often eliminating employee loyalty while making employees desperate with the prospect of living in a global economy that has all but collapsed. It has been estimated that internal occupational fraud and abuse costs organizations around 7% of gross revenues. Organizations need to stop this hemorrhage of profits, and they need to recover what has already been lost.

Moreover, compliance with local and international laws and industry regulations such as Sarbanes-Oxley, BASEL II, CICA Instrument 52-109, and J-SOX have raised the bar globally for professional business practices expected of organizations in terms of internal fraud control, which have in turn increased the need for professionals who know how to help organizations build and maintain a strong fraud-control capability.

Certified Information Security provides the training and credentialing you need to become recognized as an authority in preventing, detecting, and investigating internal fraud.

Getting certified is easy, and can be accomplished completely online. The CFCM™ certification is available to qualified candidates who:

1. Are a member of CIS in good standing. If you are not already an Associate member of the CIS certification student body, you must first become a member to pursue the CFCP credential.
   
   
2. Attend the required courses, live or online. Prerequisite training for CFCP certification eligibility includes:
   • Corporate Fraud Prevention and Detection
   • Advanced Interviews Techniques for Investigating Fraud and Abuse
     
     
3. Pass the CFCM Exams. For CFCM certification, candidates must pass exams #FC101 and #FC102. Exams are administered on-line and can be taken at your convenience at your home or work through the CIS eLearning Center, where your progress and score are monitored and recorded centrally. Your exam results are provided automatically upon completion of your exam.
   
   
4. Complete and submit your CFCM application to the Certification Department at certification@certifiedinfosec.com. Certification applications are available for download at www.certifiedinfosec.com/services/certification-programs/cis-professional-certification-program/certification-kit-brochures-and-applications.

Your digital credentials

You will officially become certified (certificated) once your exam results and required documentation are validated and approved by the certification committee.

Your digital credential certificates and badges will be processed and emailed to you within 10 business days following the receipt of the required documentation. Learn more about CIS' digital certificates and badges.

Certification maintenance and renewal requirements can be viewed at www.certifiedinfosec.com/services/certification-programs.

Certified Information Security is authorized to provide all required training and exams for CFCM certification. CFCM certification candidates must successfully complete:

• Fraud Prevention & Detection
   
• Advanced Interview Techniques for Investigating Fraud & Abuse

Required Exams - #FC101 and #FC102 

CFCM certification requires successful completion of two exams:

• FC101
  
  
• FC102

Required Exam: FC101

Exam FC101 maps to content areas explained in "Fraud Prevention and Detection."

• Required for CFCA, CFCP, and CFCM certifications
• Number of questions: 65
• Passing Score: 75%
• Time limit: 70 minutes

Content Areas

1. Setting Up the Organization’s Fraud Control Function and Capabilities

• Current governance issues that drive fraud risk assessment and control
• Fraud risk assessment challenges
• Fraud risk assessment
• Evaluate Fraud Risk Oversight (Business Process)
• Evaluate Fraud Risk Ownership (Business Process)
• Evaluate Fraud Risk Assessment (Business Process)
• Evaluate Fraud Risk Tolerance and Risk Management Policy
• Evaluate Process Level Controls/Anti-Fraud Re-engineering (Business Process)

2. Occupational Fraud Background

• Fraud examination methodology
• Defining occupational fraud and abuse
• Research

3. Skimming

• Skimming schemes
• Sales skimming
• Receivables skimming

4. Cash Larceny

• Cash larceny schemes
• Larceny at the point-of-sale
• Larceny of receivables
• Cash larceny of deposits

5. Billing Schemes

• Billing Schemes
• Shell Company Schemes
• Billing schemes involving non-accomplice vendors
• Personal purchases with company funds
• Proactive computer audit tests for detecting billing schemes

6. Check Tampering

• Check tampering schemes
• Forged maker schemes
• Forged endorsement schemes
• Altered payee schemes
• Check concealment schemes
• Authorized maker schemes
• Concealing check tampering

7. Payroll Schemes

• Ghost employees
• Falsified hours and salary
• Commission schemes
• Proactive computer audit tests for detecting payroll fraud

8. Expense Reimbursement Schemes

• Mis-characterized expense reimbursements
• Fictitious expense reimbursement schemes
• Multiple reimbursement schemes
• Proactive computer audit tests for detecting expense reimbursement schemes

9. Register Disbursement Schemes

• False refunds
• False voids
• Concealing register disbursements

10. Corruption

• Corruption schemes
• Bribery
• Economic extortion
• Illegal gratuities
• Preventing and detecting register disbursement schemes

11. Fraudulent Financial Reporting Schemes

• Defining financial statement fraud
• Costs of financial statement fraud
• Fraud in financial statements – Who, why, and how?
• Financial statement fraud methods
• Fictitious revenues
• Timing differences
• Concealed liabilities and expenses
• Improper disclosures
• Improper asset valuation
• Detection of fraudulent financial statement schemes

Required Exam: FC102

General Description

Exam FC102 maps to content areas explained in "Advanced Interview Techniques for Investigating Fraud and Abuse."

• Required for CFCA, CFCP, and CFCM certifications
• Number of questions: 65
• Passing score: 75%
• Time limit: 70 minutes

Content Areas

1. Know Your Boundaries: Legal Considerations for Investigating and Interviewing

• Legal authority to conduct interviews
• Use of deception in interviews
• Employee’s duty to cooperate
• Consideration of employee rights under law
• Consideration of Trade Unions
• Common law considerations

2. Understanding the Science of Communication

• Types of conversation
• Communication inhibitors
• Communication facilitators
• Verbal Communication
• Communication Analysis

3. Preparing for the Interview

• Planning the Investigation
• Establishing the foundation for investigation
• Developing Evidence
• Physical considerations for interviewing

4. Conducting the Interview

• Step 1 – Opening the interview
• Step 2 - Developing information from the interview with information-seeking questions
• Step 3 - Investigating with Assessment questions
• Step 4 – Closing the Interview, Re-Assessing, and Confirming Facts
• Step 5 – Obtaining the confession with admission-seeking questions

5. Reporting Findings

• Purpose
• Accuracy
• Clarity
• Objectivity
• Timeliness
• Common mistakes
• Organization of information
• Consideration of target audience
• Report structure

Qualified experience for Certified Fraud Control Manager™ certification

CFCM is an expert-level fraud control certification. This certification requires a minimum of five years of related experience.

General characterization for eligible experience:

• Accounting and Auditing: You may qualify if you have experience as an accountant or auditor (e.g., internal or external auditor), and have certain responsibilities for the detection and deterrence of fraud by evaluating accounting systems for weaknesses, designing internal controls, determining the degree of organizational fraud risk, interpreting financial data for unusual trends, and following up on fraud indicators.
• Criminology and Sociology: Only those professionals with education or research in the fraud and white-collar crime dimensions of sociology or criminology may claim experience under this category. An experienced background in general sociological fields is insufficient.
• Fraud Investigation: Experience in the investigation of civil or criminal fraud, or of white-collar crime for law enforcement agencies or in the private sector, qualifies. Examples include federal, state, or local law enforcement (e.g., IRS, inspectors general, and district attorney investigators). Insurance fraud investigators and fraud examiners working for corporations, businesses, or associations qualify as well.
• Internal Controls, Security, and Loss Prevention: Security directors for corporations and associations who deal with issues of loss prevention may claim this experience as credit. Security consultants or other professionals dealing with fraud-related issues also are eligible. Security professionals responsible for the design, maintenance, or deployment of internal controls used to mitigate risk of unauthorized access or activity are eligible. Experience as a security guard or equivalent is not acceptable.
• Participation in supporting previous investigation of potential fraud incidents: In the course of duties performed with the normal job functions within Human Resources, Finance, Accounts, Audit, Compliance, Industrial Relations, Procurement, and operations may qualify as eligible fraud-related experience.
• Law: Candidates with experience in the legal field might qualify, provided the experience deals with some consideration of fraud. Examples include prosecuting lawyers, fraud litigators, and others with an anti-fraud specialization.

Prior certification experience credits

Each of the following professional credentials may be used to substitute for 6 months of required experience:

It’s convenient!

Certified Information Security provides the training and credentialing you need to become recognized as an authority in information fraud prevention, detection, and investigation.  You choose the method of delivery: online through our secure website, or in-person at a publicly available course or privately at your facility.  We take care of the rest – from administration, to record keeping, to providing certificates of completion and certification.

Online students have the additional convenience of taking courses whenever they want without the need to travel or disrupt their busy schedules. Our program allows users to start and stop without losing their place or data. Learning and certifying expertise has never been so easy!

How to get started - two alternatives 

1. If your employer is paying for your training and certification, we recommend purchasing a complete ISO 27001 Lead Implementer certification package voucher that includes all required resources, including membership in the CIS Body of Certified Professionals, all required training programs, all recommended practice exams, and the required certification exam. This allows your employer to purchase and pay all of your necessary resources at once, while still giving you flexibility of when to use your training, practice exams, and certification exams later.
   
   

2. "Pay-as-you-go" by purchasing your membership in the CIS Body of Certified Professionals, training, recommended practice exams, and the certification exams as you need them. Start by purchasing training, and then purchase practice exams when you are ready. After you complete your practice exams, you then purchase your certification exam.

A breakdown of the costs are as follows: 

1. Required CIS Membership Application Fee & Membership Dues: $100.00 Learn more

2. Required Training 

3. Optional Online Practice Exams for exams #FC101 and #FC102: $225.00 Learn more

4. Required Online Certification Exams #FC101 and #FC102: $200.00 Learn more