- What Is Asset Misappropriation on the CFE Exam?
- Domain 1: Financial Transactions and Fraud Schemes
- Cash-Based Misappropriation Schemes
- Non-Cash Asset Theft and Misuse
- Payroll and Expense Reimbursement Fraud
- Red Flags Examiners Must Recognize
- How the CFE Exam Tests This Material
- Structuring Your Preparation Around Asset Misappropriation
- Frequently Asked Questions
- Asset misappropriation is covered under Domain 1 (Financial Transactions and Fraud Schemes) and represents the most common fraud category in practice.
- The CFE exam tests misappropriation through scenario-based questions requiring you to classify, detect, and recommend controls for specific schemes.
- Skimming, larceny, billing schemes, payroll fraud, and expense reimbursement abuse are all individually testable sub-categories.
- Recognizing the behavioral and documentary red flags of each scheme type is as important as knowing the scheme's definition.
What Is Asset Misappropriation on the CFE Exam?
Asset misappropriation is the theft or misuse of an organization's resources by employees, managers, or executives who have been entrusted with those assets. On the Certified Fraud Examiner certification exam, it sits at the heart of Domain 1: Financial Transactions and Fraud Schemes - and for good reason. In practice, asset misappropriation is by far the most frequently occurring category of occupational fraud, even though it tends to produce smaller individual losses compared to financial statement fraud.
For CFE candidates, understanding asset misappropriation is not simply a matter of memorizing scheme names. The exam requires you to apply your knowledge to realistic organizational scenarios, identify which scheme is occurring based on limited information, recommend appropriate internal controls, and recognize what evidence a fraud examiner would gather during an investigation. This guide walks through every major sub-category you need to master, explains how the CFE exam actually tests this material, and gives you a concrete preparation framework.
Domain 1: Financial Transactions and Fraud Schemes
The CFE exam is organized into four domains, each assessed in a separate section of the exam. Domain 1 covers the widest range of technical fraud knowledge and includes financial statement fraud alongside asset misappropriation. Candidates who underestimate the scope of Domain 1 frequently find themselves underprepared on exam day.
Domain 1: Financial Transactions and Fraud Schemes
This domain requires candidates to understand how fraudulent transactions are structured, concealed, and detected across multiple scheme types. Asset misappropriation is a primary sub-topic.
- Cash receipt schemes: skimming and larceny
- Cash disbursement schemes: billing, payroll, expense reimbursements, check tampering
- Non-cash schemes: theft of inventory, misuse of assets, intellectual property theft
- Financial statement fraud: fictitious revenues, concealed liabilities, asset overstatements
- Corruption: bribery, conflicts of interest, economic extortion
Within Domain 1, asset misappropriation is subdivided into cash schemes and non-cash schemes. The exam tests both, and the distinctions between subtypes - especially between skimming and larceny, or between billing schemes and payroll schemes - appear directly in scenario-based questions. Understanding where each scheme fits in the fraud tree taxonomy is essential preparation.
The other three domains - Domain 2: Law, Domain 3: Investigation, and Domain 4: Fraud Prevention and Deterrence - each intersect with asset misappropriation in important ways. Domain 2 covers the legal consequences of theft and embezzlement. Domain 3 covers how to investigate a misappropriation allegation. Domain 4 addresses controls that prevent these schemes from occurring. A thorough study plan connects asset misappropriation across all four domains rather than treating Domain 1 in isolation.
Cash-Based Misappropriation Schemes
Skimming
Skimming involves stealing cash before it is recorded in the accounting system. Because the theft occurs off-book, there is no direct accounting entry that flags the missing funds. Common skimming scenarios tested on the CFE exam include:
- Sales skimming: An employee accepts payment from a customer and pockets the cash without ringing up the sale.
- Receivables skimming: A payment received from a customer is intercepted before it reaches the accounting department, and the receivable is written off or lapping is used to conceal the shortage.
- Unrecorded sales: Transactions are completed but never entered into the system, making detection through internal records nearly impossible without external data comparison.
The CFE exam frequently asks candidates to identify the most appropriate control to prevent or detect a given skimming scheme. Segregation of duties, independent reconciliation of sales records to bank deposits, and use of point-of-sale systems with mandatory receipt generation are all high-value answers.
Cash Larceny
Unlike skimming, cash larceny involves stealing cash that has already been recorded. This makes it easier to detect through standard accounting procedures, but also means the perpetrator must take steps to conceal the theft after the fact. Common concealment methods - journal entry manipulation, destruction of records, and falsified reconciliations - are all testable on the CFE exam.
Key Takeaway
The single most important conceptual distinction in cash schemes is timing: skimming happens before recording; larceny happens after. The CFE exam will test this distinction directly through scenario questions where you must classify which type of scheme is occurring based on the described circumstances.
Non-Cash Asset Theft and Misuse
Non-cash misappropriation covers the theft or unauthorized use of assets other than money. The CFE exam tests several distinct categories within this area:
| Scheme Type | What Is Stolen or Misused | Common Detection Method |
|---|---|---|
| Inventory Theft | Physical goods, raw materials, finished products | Physical inventory counts vs. perpetual records |
| Asset Misuse | Company vehicles, equipment, facilities used for personal benefit | Usage logs, mileage records, supervisor oversight |
| Intellectual Property Theft | Trade secrets, customer lists, proprietary software | IT access logs, data loss prevention systems |
| Misuse of Information | Confidential data used for personal gain or sold to competitors | System audit trails, anomaly detection |
For non-cash schemes, the CFE exam often focuses on what evidence a fraud examiner would collect during an investigation (connecting back to Domain 3) and what internal controls would prevent the conduct (connecting to Domain 4). When you study non-cash misappropriation, always think about it across all four domains simultaneously.
Payroll and Expense Reimbursement Fraud
Payroll Schemes
Payroll fraud is a significant sub-category of cash disbursement schemes. The CFE exam tests multiple forms:
- Ghost employees: Fictitious employees are added to the payroll, and their paychecks are diverted to the perpetrator. The CFE exam asks both how ghost employee schemes are perpetrated and what controls prevent them - particularly the requirement for dual authorization to add new employees and mandatory annual payroll audits.
- Falsified hours and salary: Real employees submit inflated timesheets or manipulate hourly rates in the payroll system.
- Commission schemes: Sales employees manipulate commission calculations or create fictitious sales that generate commission payments.
- Workers' compensation schemes: Fraudulent injury claims result in improper benefits payments.
Expense Reimbursement Fraud
Expense reimbursement schemes involve employees submitting false or inflated claims for business expenses. The four main types - mischaracterized expenses, overstated expenses, fictitious expenses, and multiple reimbursements - are all individually testable on the CFE exam. Candidates should be able to identify which type of scheme is occurring from a described fact pattern and then recommend the appropriate preventive control.
Red Flags Examiners Must Recognize
The CFE exam regularly presents behavioral and documentary red flags and asks candidates to interpret their significance. Memorizing lists of red flags is insufficient; you must be able to reason about why a particular indicator points toward a specific scheme type.
Behavioral red flags associated with asset misappropriation include:
- An employee who refuses to take vacations or cross-train others in their role (classic concealment behavior)
- An employee living significantly beyond their apparent means
- Defensiveness or irritability when asked routine questions about records or transactions
- Unusually close or exclusive relationships with specific vendors
Documentary and accounting red flags include:
- Invoices from vendors with post office box addresses and no phone numbers
- Duplicate payments to the same vendor within a short time period
- Payroll checks issued to employees with addresses matching vendor records
- Inventory shrinkage that cannot be explained by spoilage or breakage records
- Expense reports with rounded dollar amounts and no supporting receipts
On the CFE practice exam platform, red-flag identification questions appear frequently because they simulate the real-world judgment that fraud examiners must exercise. Practicing these scenarios builds pattern recognition that is difficult to develop from reading alone.
How the CFE Exam Tests This Material
The CFE exam uses scenario-based multiple-choice questions. You will not be asked to simply define "skimming." Instead, you will be given a four-to-six sentence scenario describing a situation at a hypothetical company, and you will need to determine what type of fraud is occurring, what the perpetrator's motive or method is, or what the appropriate response would be.
This application-focused format means that rote memorization of scheme definitions is necessary but not sufficient. You must be able to:
- Classify a described scheme accurately within the fraud taxonomy
- Identify which internal control failure enabled the scheme
- Select the most effective preventive or detective control for the specific situation
- Recognize what evidence would be most probative in an investigation
- Apply legal concepts from Domain 2 (such as elements of embezzlement) to the described conduct
For candidates preparing for this exam, reviewing the CFE Exam Cost and Fees: Complete 2026 Breakdown alongside your content preparation helps you plan your overall commitment. Understanding the financial investment in the credential reinforces the importance of thorough, targeted preparation rather than last-minute cramming.
Structuring Your Preparation Around Asset Misappropriation
Because Domain 1 is the most content-dense section of the CFE exam, most candidates benefit from front-loading it in their study schedule while dedicating focused time to the remaining three domains as they approach exam day. The schedule below is built around the CFE exam's domain structure, not generic study advice.
Domain 1 Foundation: Fraud Taxonomy and Cash Schemes
- Master the full fraud tree: asset misappropriation branches (cash vs. non-cash) and all sub-types
- Study skimming vs. larceny distinctions until they are automatic
- Learn all billing scheme variations: shell company, non-accomplice vendor, personal purchases
- Complete 40-50 scenario questions on cash disbursement fraud daily using CFE practice tests
Domain 1 Completion: Payroll, Expense, Non-Cash, and Financial Statement Fraud
- Study all payroll scheme subtypes with focus on ghost employees and falsified timekeeping
- Map all four expense reimbursement scheme types to specific red flags and controls
- Cover non-cash misappropriation and inventory fraud detection techniques
- Begin Domain 1 and Domain 2 crossover: legal elements of theft, embezzlement, and conversion
Domains 2, 3, and 4: Law, Investigation, and Prevention
- Study Domain 2 legal concepts with constant reference back to asset misappropriation scenarios
- Learn Domain 3 investigative procedures: document requests, interviews, digital evidence in misappropriation cases
- Study Domain 4 internal controls specifically mapped to each misappropriation scheme type
- Run full timed practice exams covering all four domains
This domain-first approach - prioritizing the content-heaviest section before fatigue sets in - is specifically suited to the CFE exam's structure. Candidates who try to study all four domains simultaneously often find they have shallow coverage of Domain 1's extensive scheme taxonomy when it matters most.
For a complete picture of what the CFE credential requires beyond the content - including registration mechanics and fees - see the CFE Exam Cost and Fees: Complete 2026 Breakdown, which covers the financial and administrative side of the certification process.
Frequently Asked Questions
Asset misappropriation is a central focus of Domain 1: Financial Transactions and Fraud Schemes, which is the most content-intensive domain on the CFE exam. However, the exam tests all four domains, and candidates must achieve competency across all of them. Do not over-index on misappropriation at the expense of Domain 2 (Law), Domain 3 (Investigation), and Domain 4 (Fraud Prevention and Deterrence).
The defining distinction is timing relative to the accounting record. Skimming occurs before cash is recorded - it is an off-books theft. Larceny occurs after cash has already been recorded in the accounting system. This distinction determines what evidence a fraud examiner would look for and what controls would be most effective, both of which the CFE exam tests directly.
Yes. Non-cash asset theft and misuse - including inventory theft, misuse of company equipment, and intellectual property theft - are all part of the Domain 1 fraud taxonomy. The CFE exam may present scenarios involving non-cash schemes and ask candidates to identify appropriate controls or investigative steps, often requiring knowledge from multiple domains simultaneously.
Focus on the primary mechanism of the fraud described. Identify which fraud tree branch the core conduct falls under, then address secondary conduct if the question specifically asks about it. Practice with realistic multi-element scenarios - available through the CFE practice test platform - is the most reliable way to build the pattern recognition these questions require.
CFEs with strong asset misappropriation knowledge are sought across a wide range of sectors: public accounting firms, corporate internal audit departments, government agencies, financial institutions, healthcare organizations, insurance companies, and law enforcement. The breadth of asset misappropriation schemes means this expertise is relevant wherever employees have access to cash, inventory, or other organizational assets.