[The following paragraph was effective for audits of fiscal years beginning before December 15, 2014. See PCAOB Release No. 2014-002 for audits of fiscal years beginning on or after December 15, 2014, or return to the current version.]

56.      The auditor's inquiries regarding fraud risks should include the following:

  1. Inquiries of management regarding:
    (1)Whether management has knowledge of fraud, alleged fraud, or suspected fraud affecting the company;
    (2)Management's process for identifying and responding to fraud risks in the company, including any specific fraud risks the company has identified or account balances or disclosures for which a fraud risk is likely to exist, and the nature, extent, and frequency of management's fraud risk assessment process;
    (3)Controls that the company has established to address fraud risks the company has identified, or that otherwise help to prevent and detect fraud, including how management monitors those controls;
    (4)For a company with multiple locations (a) the nature and extent of monitoring of operating locations or business segments and (b) whether there are particular operating locations or business segments for which a fraud risk might be more likely to exist;
    (5)Whether and how management communicates to employees its views on business practices and ethical behavior;
    (6)Whether management has received tips or complaints regarding the company's financial reporting (including those received through the audit committee's internal whistleblower program, if such program exists) and, if so, management's responses to such tips and complaints; and
    (7)Whether management has reported to the audit committee on how the company's internal control serves to prevent and detect material misstatements due to fraud.
  2. Inquiries of the audit committee, or equivalent, or its chair regarding:
    (1)The audit committee's views about fraud risks in the company;
    (2)Whether the audit committee has knowledge of fraud, alleged fraud, or suspected fraud affecting the company;
    (3)Whether the audit committee is aware of tips or complaints regarding the company's financial reporting (including those received through the audit committee's internal whistleblower program, if such program exists) and, if so, the audit committee's responses to such tips and complaints; and
    (4)How the audit committee exercises oversight of the company's assessment of fraud risks and the establishment of controls to address fraud risks.
  3. If the company has an internal audit function, inquiries of appropriate internal audit personnel regarding:
    (1)The internal auditors' views about fraud risks in the company;
    (2)Whether the internal auditors have knowledge of fraud, alleged fraud, or suspected fraud affecting the company;
    (3)Whether internal auditors have performed procedures to identify or detect fraud during the year, and whether management has satisfactorily responded to the findings resulting from those procedures; and
    (4)Whether internal auditors are aware of instances of management override of controls and the nature and circumstances of such overrides.