1. As part of the risk assessment as described in paragraph 25, the auditor shall determine whether any of the risks identified are, in the auditor’s judgment, a significant risk. In exercising this judgment, the auditor shall exclude the effects of identified controls related to the risk.
  2. In exercising judgment as to which risks are significant risks, the auditor shall consider at least the following:
    a. Whether the risk is a risk of fraud;
    b. Whether the risk is related to recent significant economic, accounting or other developments and, therefore, requires specific attention.
    c. The complexity of transactions;
    d. Whether the risk involves significant transactions with related parties;
    e. The degree of subjectivity in the measurement of financial information related to the risk, especially those measurements involving a wide range of measurement uncertainty; and
    f. Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual.

If the auditor has determined that a significant risk exists, the auditor shall obtain an understanding of the entity’s controls, including control activities, relevant to that risk.