Return to the current version.]
fn 8 See footnote 6.
fn 9 In addition to these inquiries, section 333, Management Representations, requires the auditor to obtain selected written representations from management regarding fraud.
fn 10 Section 319, Consideration of Internal Control in a Financial Statement Audit, paragraphs .06 and .07, defines internal control and its five interrelated components (the control environment, risk assessment, control activities, information and communication, and monitoring). Entity programs and controls intended to address the risks of fraud may be part of any of the five components discussed in section 319.
fn 11 Examples of "others with equivalent authority and responsibility" may include the board of directors, the board of trustees, or the owner in an owner-managed entity, as appropriate.
fn 12 See footnote 10.
fn 13 See paragraph .70 for a discussion of the need to update these analytical procedures during the overall review stage of the audit.
fn 14 See Statement on Quality Control Standards (SQCS) No. 2, System of Quality Control for a CPA Firm's Accounting and Auditing Practice [QC section 20.14–.16], as amended.
fn 15 Section 312.18 provides guidance on the auditor's consideration of the extent to which auditing procedures should be performed at selected locations or components.
fn 16 The occurrence of material misstatements of financial statements due to fraud is relatively infrequent in relation to the total population of published financial statements. However, the auditor should not use this as a basis to conclude that one or more risks of a material misstatement due to fraud are not present in a particular entity.
fn 17 For a discussion of indicators of improper revenue recognition and common techniques for overstating revenue and illustrative audit procedures, see the AICPA Audit Guide Auditing Revenue in Certain Industries.
fn 18 See footnote 10.
fn 19 Notwithstanding that the auditor assesses identified risks of material misstatement due to fraud, the assessment need not encompass an overall judgment about whether risk for the entity is classified as high, medium, or low because such a judgment is too broad to be useful in developing the auditor's response described in paragraphs .46 through .67.