14. When planning and performing the audit of internal control over financial reporting, the auditor should take into account the results of his or her fraud risk assessment. 10/ As part of identifying and testing entity-level controls, as discussed beginning at paragraph 22, and selecting other controls to test, as discussed beginning at paragraph 39, the auditor should evaluate whether the company's controls sufficiently address identified risks of material misstatement due to fraud and controls intended to address the risk of management override of other controls. Controls that might address these risks include -
- Controls over significant, unusual transactions, particularly those that result in late or unusual journal entries;
- Controls over journal entries and adjustments made in the period-end financial reporting process;
- Controls over related party transactions;
- Controls related to significant management estimates; and
- Controls that mitigate incentives for, and pressures on, management to falsify or inappropriately manage financial results.