Artículo 25. Further Consideration of Controls

.72 When the auditor has determined that a significant risk, including a fraud risk, exists, the auditor should evaluate the design of the company's controls that are intended to address fraud risks and other significant risks and determine whether those controls have been implemented, if the auditor has not already done so when obtaining an understanding of internal control, as described in paragraphs .18-.40 of this standard. 36 .73 Controls that address fraud risks include (a) specific controls designed to mitigate specific risks of fraud, e.g. , controls to address risks of intentional misstatement of specific accounts and (b) controls designed to prevent, deter, and detect fraud, e.g. , controls to promote a culture of honesty and ethical behavior. 37 Such controls also include those that address the risk of management override of other controls. .73A The auditor should obtain an understanding of the controls that management has established to identify, authorize and approve, and account for and disclose significant unusual transactions in the financial statements, if the auditor has not already done so when obtaining an understanding of internal control, as described in paragraphs .18-.40 and .72-.73 of this standard.