Artículo 20. Inquiries Regarding Fraud Risks

.56 The auditor's inquiries regarding fraud risks should include the following: Inquiries of management regarding: Whether management has knowledge of fraud, alleged fraud, or suspected fraud affecting the company; Management's process for identifying and responding to fraud risks in the company, including any specific fraud risks the company has identified or account balances or disclosures for which a fraud risk is likely to exist, and the nature, extent, and frequency of management's fraud risk assessment process; Controls that the company has established to address fraud risks the company has identified, or that otherwise help to prevent and detect fraud, including how management monitors those controls; For a company with multiple locations (a) the nature and extent of monitoring of operating locations or business segments and (b) whether there are particular operating locations or business segments for which a fraud risk might be more likely to exist; Whether and how management communicates to employees its views on business practices and ethical behavior; Whether management has received tips or complaints regarding the company's financial reporting (including those received through the audit committee's internal whistleblower program, if such program exists) and, if so, management's responses to such tips and complaints; Whether management has reported to the audit committee on how the company's internal control serves to prevent and detect material misstatements due to fraud; and Whether the company has entered into any significant unusual transactions and, if so, the nature, terms, and business purpose (or the lack thereof) of those transactions and whether such transactions involved related parties. 31A Inquiries of the audit committee, or equivalent, or its chair regarding: The audit committee's views about fraud risks in the company; Whether the audit committee has knowledge of fraud, alleged fraud, or suspected fraud affecting the company; Whether the audit committee is aware of tips or complaints regarding the company's financial reporting (including those received through the audit committee's internal whistleblower program, if such program exists) and, if so, the audit committee's responses to such tips and complaints; How the audit committee exercises oversight of the company's assessment of fraud risks and the establishment of controls to address fraud risks; and Whether the company has entered into any significant unusual transactions. If the company has an internal audit function, inquiries of appropriate internal audit personnel regarding: The internal auditors' views about fraud risks in the company; Whether the internal auditors have knowledge of fraud, alleged fraud, or suspected fraud affecting the company; Whether internal auditors have performed procedures to identify or detect fraud during the year, and whether management has satisfactorily responded to the findings resulting from those procedures; Whether internal auditors are aware of instances of management override of controls and the nature and circumstances of such overrides; and Whether the company has entered into any significant unusual transactions. .57 In addition to the inquiries outlined in the preceding paragraph, the auditor should inquire of others within the company about their views regarding fraud risks, including, in particular, whether they have knowledge of fraud, alleged fraud, or suspected fraud. The auditor should identify other individuals within the company to whom inquiries should be directed and determine the extent of such inquiries by considering whether others in the company might have additional knowledge about fraud, alleged fraud, or suspected fraud or might be able to corroborate fraud risks identified in discussions with management or the audit committee. Examples of other individuals within the company to whom inquiries might be directed include: Employees with varying levels of authority within the company, including, e.g. , company personnel with whom the auditor comes into contact during the course of the audit (a) in obtaining an understanding of internal control, (b) in observing inventory or performing cutoff procedures, or (c) in obtaining explanations for significant differences identified when performing analytical procedures; Operating personnel not directly involved in the financial reporting process; Employees involved in initiating, recording, or processing complex or unusual transactions, e.g. , a sales transaction with multiple elements, a significant unusual transaction, or a significant related party transaction; and In-house legal counsel. .58 When evaluating management's responses to inquiries about fraud risks and determining when it is necessary to corroborate management's responses, the auditor should take into account the fact that management is often in the best position to commit fraud. Also, the auditor should obtain evidence to address inconsistencies in responses to the inquiries.