The audit of related parties and the application of professional scepticism (Part 2)

Fraud Risk Factors

One of the objective of the audit is that of identifying fraud risk factors arising from related parties and assessing the probability that they can lead to fraudulent financial reporting.

For such purpose the auditor should remain alert to fraud risk factors throughout the audit and, as already mentioned, especially when:

  • considering the fraud potential of related parties at the engagement team discussion;

  • considering whether the features of the entity’s control environment may deter or facilitate fraud, especially in terms of potential management override of controls;

  • considering the fraud implications of the intentional non-disclosure by management of related party relationships or transactions; and

  • the business rationale of significant related party transactions outside the normal business of the entity is evaluated.

Related Party with Dominant Influence

Related parties may be in a position to exert dominant influence over an entity or its management and, when a single person or small group of persons is capable of exerting such influence that represents a fraud risk factor.

The auditor may recognise the existence of dominant influence by a related party when some indicators, suggested by ISA 550, are present. That could be the case when, for instance:

  • the related party has vetoed some significant business decisions taken by management or directors;

  • significant transactions require final approval by the related party;

  • when business proposals are initiated by the related party they are not questioned by management or directors;

  • transactions involving the related party are not independently authorised or approved.

Dominant influence may also exist when the related party has been a founder of the entity and continues to be significantly involved in its management. That could often be the case for the owner-manager of a smaller entity and the auditor should consider that dominant influence is more likely than not to exist in owner-managed entities.

When other risk factors are present alongside the fraud risk factor of a related party with dominant influence that may indicate significant risks of material misstatement due to fraud.

Such significant risk may exist if there is a high turnover of management or professional advisers, as in certain cases that may suggest that the related party is imposing unethical or fraudulent business practices to serve its own purposes. Similarly, if business intermediaries are used for significant transactions that do not have a clear business rationale, that may indicate that the dominant related party may have an interest in such transactions and may control the intermediaries for fraudulent purposes.

If the auditor has assessed a significant risk of misstatement due to fraud as a result of the existence of a related party with dominant influence, the auditor should apply the requirements of ISA 240, which deals specifically with fraud. The procedures required by ISA 240 may include, among others, testing of the appropriateness of journal entries and other adjustments in the preparation of the financial statements and reviewing accounting estimates for bias.

In addition to applying the requirements of ISA 240, the auditor may perform some other procedures to understand what business relationships the dominant related party may have established, directly or indirectly, with the entity and to determine whether further substantive procedures are needed.

The procedures that can be performed to obtain such understanding may include:

  • direct enquiry of the related party;

  • background research of certain transactions, for instance control of intermediaries may be researched using company registrar’s information or business information databases;

  • review of significant contracts with related parties or intermediaries;

  • review of employee whistle-blowing reports if available.

Discovery of Unidentified or Undisclosed Related Parties or Transactions

The auditor may discover information or arrangements indicating the existence of related party relationships or significant transactions that have not been previously identified or disclosed by management.

In such a case the auditor should probe the underlying circumstances and, if previously undisclosed related parties or significant transactions are identified, it will be necessary to take action and perform various procedures to respond to the risks that the discovery involves.

In particular the auditor will have to:

  • communicate promptly the newly identified related parties to the engagement team as this may affect the results of risk assessment already performed and the further audit procedures needed;

  • ask management to identify all transactions with the newly identified related parties and inquire why the entity’s controls failed to detect the party or transactions;

  • perform substantive audit procedures in respect of the identified parties or transactions;

  • reconsider the risk that other unidentified related parties or transactions may exist and perform further procedures to identify them if necessary; and

  • if the non-disclosure by management appears intentional, therefore indicating a risk of material misstatement due to fraud, evaluate the implications for the audit.

Substantive audit procedures that can be performed in respect of the newly identified related parties or transactions can include:

  • enquiries about the nature of the relationships with the newly identified related parties, including inquiring parties outside the entity who may have significant knowledge of the entity and its business; these could be legal advisers, agents, consultants or other close business partners;

  • analysing accounting records to identify further transactions with the newly identified related parties;

  • checking the terms and conditions of transactions with the newly identified related parties and verifying if they have been accounted for and disclosed in line with the applicable financial reporting requirements.

If management has intentionally not disclosed to the auditor related party relationships or significant transactions, the omission would represent a considerable risk of material misstatement due to fraud. In such a case the requirements and guidance in ISA 240 in respect of the auditor’s responsibilities relating to fraud in an audit of financial statements will apply.

In particular the possible involvement of management in a misstatement due to fraud requires reconsidering the reliability of the audit evidence previously obtained, as this may raise doubts about the completeness and truthfulness of the representations made by management and the genuineness of accounting records and documentation. In turn, this will require the auditor to re-evaluate the assessment of the risks of material misstatement due to fraud and the nature, timing and extent of the audit procedures to respond to the assessed risks. In other words the intentional non-disclosure by management of related parties and its potential involvement in fraud requires a substantial re-planning of the audit.

Additionally, in accordance with ISA 240, the fact that the auditor has significant concern about the integrity of management or the directors of the entity, as it could the case if management intentionally omitted to disclose related party information to the auditor for fraudulent purposes, is one of the exceptional circumstances that brings into question the auditor’s ability to continue performing the audit. In such circumstances the auditor should consider whether it is appropriate to withdraw from the engagement.

Arm’s Length Assertions for Related Party Transactions

An entity could make a statement in the financial statements that a related party transaction was conducted on terms equivalent to those that prevail in an arm’s length transaction. When this type of statements are included in the financial statements, the auditor should obtain sufficient appropriate audit evidence to verify the assertion.

The auditor may face some practical difficulties when trying to obtain audit evidence in respect of all the various aspects of a related party transaction. In fact, whilst the auditor may be able to confirm that such a transaction has been conducted at market price, like a similar arm’s length transaction, as audit evidence in that respect may be readily available, it may be difficult to confirm whether other terms and conditions are equivalent to those that would apply with an independent party. For instance the transaction may feature different credit terms or provisions for contingencies or charges.

However financial reporting frameworks normally require management to make an arm’s length statement in respect of related party transactions only if such assertion can be substantiated, as it is the case for IAS 24 Related Party Disclosures. The auditor should therefore be able to obtain sufficient appropriate audit evidence by testing the management’s support for the arm’s length assertion.

If for instance management has based its assertion on comparing the terms of the related party transaction with those of an identical or similar one with unrelated parties or with the known market terms for broadly similar transactions, the auditor may consider whether the approach taken by management is appropriate to support the assertion and may verify the source of the internal or external data and check whether the data is accurate, complete and relevant.

Evaluation of the Accounting for and Disclosure of Related Parties

In forming an opinion on the overall financial statements the auditor will need to evaluate whether:

  1. Accounting and disclosure of related party relationships and transactions comply with the requirements of the applicable financial reporting framework, and

  2. The effects of the related party relationships and transactions prevent the financial statements to achieve fair presentation.

The evaluation of related party disclosures in respect of the applicable financial reporting requirements may need special attention by the auditor as they may be complex and are often a source of material misstatement. The same complexity and excessive detail of the disclosures may actually obscure the substance of the related party transactions.

Related party disclosures should be evaluated considering whether the facts and circumstances of the entity have been appropriately summarised and presented so that disclosures are understandable. Disclosures may not be understandable if the business rationale and the effects of the transactions on the financial statements are unclear or if the key terms, conditions or other important elements necessary for understanding the transactions are not appropriately disclosed.

Other Requirements in ISA 550

The auditor is required to obtain written representations from the entity’s management, and in certain circumstances from directors when these are not involved in managing the entity, that:

  1. They have disclosed to the auditor the identity of related parties and all the related party relationships and transactions they are aware of; and

  2. They have accounted for and disclosed such relationships and transactions as required by the reporting framework.

The auditor may request written representations from directors to confirm oral representations on details of certain related party transactions or when they have interests in related party transactions.

Additionally, unless all the directors are involved in managing the entity, the auditor is required to communicate with directors (those charged with governance) significant related party matters arising during the audit.

Discussing with directors significant related party issues, as they arise during the audit, helps in reaching a common understanding of facts and circumstances and in finding a resolution to these issues on a timely basis.

Significant related party matters that can be discusses with directors include non-disclosure (intentional or not) by the management of related parties or significant transactions, which may alert directors of the existence of relationships or transactions of which they were not aware.

Similarly the auditor may point out to directors significant related party transactions not appropriately authorised and approved, which may indicate suspected fraud.

The auditor should also discuss with directors any disagreement with management about the disclosure of related party transactions under the applicable financial reporting requirements.

In respect of related parties’ documentation, ISA 550 requires the auditor to document the names of the identified related parties and the nature of the related party relationships.

The schedule below illustrates the documentation requirements in respect of related parties included in ISA 550 and relates to a family owned/managed business consisting of a hotel and leisure centre.

Name of related party Nature of relationship Types of transactions Likely value of transactions
Toby Hamilton Non-executive director and 20% shareholder

Uses the restaurant on a regular basis

Some large functions held at hotel in the past at reduced rates

Dividend

£2-3,000 per annum through the DLA

£20,000 per annum through his DLA

Wilma Hamilton Non-executive director and 20% shareholder

Uses the restaurant and spa on a regular basis

Dividend

£3-4,000 per annum through the DLA

£20,000 per annum through her DLA

Frank Hamilton Managing director and 20% shareholder

Uses the restaurant on a regular basis

Dividend

Salary

£2-3,000 per annum through the DLA

£20,000 per annum through his DLA

£50,000 per annum

Edwina Hamilton Finance director and 20% shareholder

Uses the restaurant and spa on a regular basis

Large function held at hotel in audit period at reduced rates

Dividend

Salary

£3-4,000 per annum through the DLA

£10,000 invoiced and promptly paid

£20,000 per annum through her DLA

£50,000 per annum

Steps taken to ensure completeness

(e.g. inspection of documents, observation of processes, further management enquiries)

The booking schedules for the restaurants and spa and diaries are reviewed by Tess Foreman on a weekly basis to ensure that there is a value against all transactions.

Specific risk areas identified

(e.g. transactions outside the entity’s normal business activity, fraud risk from management override of internal controls, etc.)

No major risk areas anticipated and related parties appear to be limited to family members.

Discussions with client

Sufficient understanding of related parties requirements

The client’s control environment is conducive to compliance with financial reporting requirements for related parties with clear cut policies and procedures for related party transactions and responsibilities assigned to senior employees for identifying, recording, summarising, and disclosing such transactions.

Importance attached to identification and disclosure of related parties

The use of a qualified member of the team to review for transactions reflects how seriously they take this matter.

Intentional disregard of controls or requirements

None identified.

Audit impact of the above

Audit procedures should include ensuring that the controls identified have been applied.

0.00 avg. rating (0% score) - 0 votes