In certain sections of our monthly newsletters, we may address audit procedures to provide guidance in a format that provides easy reference on engagements. The guidance provided is not exhaustive, and is intended to share observations from real cases of deficiencies on engagement files.
Over the years, Related Parties has developed as a section of the audit that requires detailed attention. As the required procedures have been modified over time, I believe that the real objective of testing related parties has become unclear. Dependent on the risk and circumstances of the section, the following should be considered.
Areas of consideration
Working papers throughout the file may relate to related parties, which should always be considered when addressing the following objectives:
- Determination of overall risk of misstatement, due to error or fraud
- Evaluation of the system of internal control to identify related-party transactions and balances, and correctly allocate or classify them for implementation and ability to prevent material error or fraud
- Determination of risk of misstatement, due to error or fraud at balance and assertion level
- Communication with team on risks and fraud risks relating to related parties
- Performing fieldwork testing responsive to determined risks
- Communication to those charged with governance.
Sections and procedures
The following sections are typical in circumstances of high to significant risk.
- Overall risk ‒ background of the business
Consider the industry and circumstances of the entity to determine the effect on risk of misstatement, due to fraud or error. Consider the reputation of the industry or type of transactions rendering it susceptible to fraud.
- Internal control
a. Overall controls: Reporting controlsObjectiveEvaluation of the reporting controls for implementation and ability to prevent material misstatement, due to fraud or error in identifying related-party transactions and balances, and their correct classification and disclosure.
- Document system and address assertions.
- Perform walk-through testing.Conclusion
- Conclude on implementation.
- Conclude on ability of system to prevent material misstatement, due to error or fraud regarding completeness, classification and disclosure.b. Information systemObjective
Evaluation of information system for implementation and ability to prevent material misstatement, due to fraud or error in identifying related-party transactions and balances, and their correct allocations and classification, and to ensure completeness of related parties identified.
- Document system addressing assertions.
- Perform walk-through testing.
- Conclude on implementation.
- Conclude on ability of system to prevent material misstatement, due to error or fraud regarding completeness, classification and disclosure.
3. Risk at balance and assertion level
a. Determine balances and transactions relevant to related parties.
b. Identify those which are in the normal course of business as indicators of fraud risk.
c. If so identified, the transaction or balance should be assessed as a significant risk.
d. Significant risk assessment requires additional procedures to address the fraud risk, which may take the form of additional substantive procedures, but are required to include an increased understanding of the system of internal control.
4. Communication with team on risks and fraud risks relating to related parties.
With the planning meeting or subsequent communication, details of risks identified, including those relating to related parties, need to be communicated with the engagement team.
For all identified related-party balances and transactions:
a. Verify completeness from, among others, board minutes and a review of other sections’ transactions.
b. Verify correct allocation and/or classification in transactions and balances tested.
c. Verify correct and complete disclosure, in terms of the accounting framework, by comparing disclosures to requirements of the accounting framework.
d. Identify transactions and balances that are significant risks, due to not being in the normal course of business:
-Determine whether transactions or balances are at arm’s length, and conclude whether they are an indication of fraud.
Further procedures to be performed when they are an indication of fraud include:
- Inclusion in management report
- Further enquiries to determine nature and details
- Consideration of reporting as a reportable irregularity
- Consideration of reporting, in terms of NOCLAR.
6. Communication to those charged with governance
Discuss with those charged with governance and include in the management report as necessary:
- Weaknesses identified in controls
- Possible fraudulent behaviour identified
- Reportable irregularities reported
- NOCLAR considerations and, if considered appropriate, reports.
Audit procedures relating to related parties have been found to be very limited in cases where they represent a high or significant risk. Care should be taken to understand the circumstances of the business and the possible motivations of management for manipulating related-party transactions. Increased scepticism is advisable in this area, and engagement teams should be trained in the application of procedures and considerations. LEAF can assist firms by performing thorough file reviews, providing practical advice, and training staff on the relevant requirements and deficiencies identified.
IAASB: International Standard on Auditing 550 (ISA 550), Related parties.