The following auditing standard is not the current version and does not reflect any amendments effective on or after December 31, 2016. The current version of the auditing standards can be found  here.

Auditing Standard No. 18

Related Parties

Supersedes AU sec. 334, Related Parties; and AU sec. 9334, Related Parties: Auditing Interpretations of Section 334

Effective Date: For audits of fiscal years beginning on or after December 15, 2014.

Final Rule: PCAOB Release No. 2014-002

SUMMARY TABLE OF CONTENTS  

Introduction

1. This standard establishes requirements regarding the auditor's evaluation of a company's identification of, accounting for, and disclosure of relationships and transactions between the company and its related parties.1/

Objective

2. The objective of the auditor is to obtain sufficient appropriate audit evidence to determine whether related parties and relationships and transactions with related parties have been properly identified, accounted for, and disclosed in the financial statements.2/

Performing Risk Assessment Procedures to Obtain an Understanding of the Company's Relationships and Transactions with Its Related Parties

3. The auditor should perform procedures to obtain an understanding of the company's relationships and transactions with its related parties that might reasonably be expected to affect the risks of material misstatement of the financial statements in conjunction with performing risk assessment procedures in accordance with Auditing Standard No. 12, Identifying and Assessing Risks of Material Misstatement. The procedures performed to obtain an understanding of the company's relationships and transactions with its related parties include:

  1. Obtaining an understanding of the company's process (paragraph 4);
  2. Performing inquiries (paragraphs 57); and
  3. Communicating with the audit engagement team and other auditors (paragraphs 89).

Note: Obtaining an understanding of the company's relationships and transactions with its related parties includes obtaining an understanding of the nature of the relationships between the company and its related parties and of the terms and business purposes (or the lack thereof) of the transactions involving related parties.

Note: Performing the risk assessment procedures described in paragraphs 49 of this standard in conjunction with the risk assessment procedures required by Auditing Standard No. 12 is intended to provide the auditor with a reasonable basis for identifying and assessing risks of material misstatement associated with related parties and relationships and transactions with related parties.

Obtaining an Understanding of the Company's Process

4. In conjunction with obtaining an understanding of internal control over financial reporting, the auditor should obtain an understanding of the company's process for: 3/

  1. Identifying related parties and relationships and transactions with related parties;
  2. Authorizing and approving transactions with related parties; and
  3. Accounting for and disclosing relationships and transactions with related parties in the financial statements.

Performing Inquiries

5. The auditor should inquire of management regarding:4/

  1. The names of the company's related parties during the period under audit, including changes from the prior period;
  2. Background information concerning the related parties (for example, physical location, industry, size, and extent of operations);
  3. The nature of any relationships, including ownership structure, between the company and its related parties;
  4. The transactions entered into, modified, or terminated, with its related parties during the period under audit and the terms and business purposes (or the lack thereof) of such transactions;
  5. The business purpose for entering into a transaction with a related party versus an unrelated party;
  6. Any related party transactions that have not been authorized and approved in accordance with the company's established policies or procedures regarding the authorization and approval of transactions with related parties; and
  7. Any related party transactions for which exceptions to the company's established policies or procedures were granted and the reasons for granting those exceptions.

6. The auditor should inquire of others within the company regarding their knowledge of the matters in paragraph 5 of this standard. The auditor should identify others within the company5/ to whom inquiries should be directed, and determine the extent of such inquires, by considering whether such individuals are likely to have knowledge regarding:

  1. The company's related parties or relationships or transactions with related parties;
  2. The company's controls over relationships or transactions with related parties; and
  3. The existence of related parties or relationships or transactions with related parties previously undisclosed to the auditor.6/

7. The auditor should inquire of the audit committee,7/ or its chair, regarding:

  1. The audit committee's understanding of the company's relationships and transactions with related parties that are significant to the company; and
  2. Whether any member of the audit committee has concerns regarding relationships or transactions with related parties and, if so, the substance of those concerns.

Communicating with the Audit Engagement Team and Other Auditors

8. The auditor should communicate to engagement team members relevant information about related parties, including the names of the related parties and the nature of the company's relationships and transactions with those related parties. 8/

9. If the auditor is using the work of another auditor, the auditor should communicate to the other auditor relevant information about related parties, including the names of the company's related parties and the nature of the company's relationships and transactions with those related parties.9/ The auditor also should inquire of the other auditor regarding the other auditor's knowledge of any related parties or relationships or transactions with related parties that were not included in the auditor's communications.

Identifying and Assessing Risks of Material Misstatement

10. The auditor should identify and assess the risks of material misstatement at the financial statement level and the assertion level.10/ This includes identifying and assessing the risks of material misstatement associated with related parties and relationships and transactions with related parties, including whether the company has properly identified, accounted for, and disclosed its related parties and relationships and transactions with related parties.

Note: In identifying and assessing the risks of material misstatement associated with related parties and relationships and transactions with related parties, the auditor should take into account the information obtained from performing the procedures in paragraphs 49 of this standard and from performing the risk assessment procedures required by Auditing Standard No. 12.

Responding to the Risks of Material Misstatement

11. The auditor must design and implement audit responses that address the identified and assessed risks of material misstatement.11/ This includes designing and performing audit procedures in a manner that addresses the risks of material misstatement associated with related parties and relationships and transactions with related parties.12/

Note: The auditor also should look to the requirements in paragraphs .66.67A of AU sec. 316, Consideration of Fraud in a Financial Statement Audit, for related party transactions that are also significant unusual transactions (for example, significant related party transactions outside the normal course of business). For such related party transactions, AU sec. 316.67 requires that the auditor evaluate whether the business purpose (or the lack thereof) of the transactions indicates that the transactions may have been entered into to engage in fraudulent financial reporting or conceal misappropriation of assets.

Transactions with Related Parties Required to be Disclosed in the Financial Statements or Determined to be a Significant Risk

12. For each related party transaction that is either required to be disclosed in the financial statements or determined to be a significant risk, the auditor should:

  1. Read the underlying documentation and evaluate whether the terms and other information about the transaction are consistent with explanations from inquiries and other audit evidence about the business purpose (or the lack thereof) of the transaction;
  2. Determine whether the transaction has been authorized and approved in accordance with the company's established policies and procedures regarding the authorization and approval of transactions with related parties;
  3. Determine whether any exceptions to the company's established policies or procedures were granted; 13/
  4. Evaluate the financial capability of the related parties with respect to significant uncollected balances, loan commitments, supply arrangements, guarantees, and other obligations, if any;14/ and
  5. Perform other procedures as necessary to address the identified and assessed risks of material misstatement.

Note: The applicable financial reporting framework may allow the aggregation of similar related party transactions for disclosure purposes. If the company has aggregated related party transactions for disclosure purposes in accordance with the applicable financial reporting framework, the auditor may perform the procedures in paragraph 12 for only a selection of transactions from each aggregation of related party transactions (versus all transactions in the aggregation), commensurate with the risks of material misstatement.

Intercompany Accounts

13. The auditor should perform procedures on intercompany account balances as of concurrent dates, even if fiscal years of the respective companies differ.

Note: The procedures performed should address the risks of material misstatement associated with the company's intercompany accounts.

Evaluating Whether the Company Has Properly Identified Its Related Parties and Relationships and Transactions with Related Parties

14. The auditor should evaluate whether the company has properly identified its related parties and relationships and transactions with related parties. Evaluating whether a company has properly identified its related parties and relationships and transactions with related parties involves more than assessing the process used by the company. This evaluation requires the auditor to perform procedures to test the accuracy and completeness of the related parties and relationships and transactions with related parties identified by the company, taking into account the information gathered during the audit.15/ As part of this evaluation, the auditor should read minutes of the meetings of stockholders, directors, and committees of directors, or summaries of actions of recent meetings for which minutes have not yet been prepared.

Note: Appendix A contains examples of information and sources of information that may be gathered during the audit that could indicate that related parties or relationships or transactions with related parties previously undisclosed to the auditor might exist.

15. If the auditor identifies information that indicates that related parties or relationships or transactions with related parties previously undisclosed to the auditor might exist, the auditor should perform the procedures necessary to determine whether previously undisclosed relationships or transactions with related parties, in fact, exist.16/ These procedures should extend beyond inquiry of management.

16. If the auditor determines that a related party or relationship or transaction with a related party previously undisclosed to the auditor exists, the auditor should:

  1. Inquire of management regarding the existence of the related party or relationship or transaction with a related party previously undisclosed to the auditor and the possible existence of other transactions with the related party previously undisclosed to the auditor;
  2. Evaluate why the related party or relationship or transaction with a related party was previously undisclosed to the auditor;17/
  3. Promptly communicate to appropriate members of the engagement team and other auditors participating in the audit engagement relevant information about the related party or relationship or transaction with the related party;
  4. Assess the need to perform additional procedures to identify other relationships or transactions with the related party previously undisclosed to the auditor;
  5. Perform the procedures required by paragraph 12 of this standard for each related party transaction previously undisclosed to the auditor that is required to be disclosed in the financial statements or determined to be a significant risk; and
  6. Perform the following procedures, taking into account the information gathered from performing the procedures in a. through e. above:
  1. Evaluate the implications on the auditor's assessment of internal control over financial reporting, if applicable;
  2. Reassess the risk of material misstatement and perform additional procedures as necessary if such reassessment results in a higher risk;18/ and
  3. Evaluate the implications for the audit if management's nondisclosure to the auditor of a related party or relationship or transaction with a related party indicates that fraud or an illegal act may have occurred. If the auditor becomes aware of information indicating that fraud or another illegal act has occurred or might have occurred, the auditor must determine his or her responsibilities under AU secs. 316.79.82, AU sec. 317, Illegal Acts by Clients, and Section 10A of the Securities Exchange Act of 1934, 15 U.S.C. §78j-1.

Evaluating Financial Statement Accounting and Disclosures

17. The auditor must evaluate whether related party transactions have been properly accounted for and disclosed in the financial statements. This includes evaluating whether the financial statements contain the information regarding relationships and transactions with related parties essential for a fair presentation in conformity with the applicable financial reporting framework. 19/

Assertions That Transactions with Related Parties Were Conducted on Terms Equivalent to Those Prevailing in Arm's-Length Transactions

18. If the financial statements include a statement by management that transactions with related parties were conducted on terms equivalent to those prevailing in an arm's-length transaction, the auditor should determine whether the evidence obtained supports or contradicts management's assertion. If the auditor is unable to obtain sufficient appropriate audit evidence to substantiate management's assertion, and if management does not agree to modify the disclosure, the auditor should express a qualified or adverse opinion.20/

Note: Transactions with related parties might not be conducted on terms equivalent to those prevailing in arm's-length transactions (e.g., a company may receive services from a related party without cost). Except for routine transactions, it may not be possible for management to determine whether a particular transaction would have taken place, or what the terms and manner of settlement would have been, if the parties had not been related. Accordingly, it may be difficult for the auditor to obtain sufficient appropriate audit evidence to substantiate management's assertion that a transaction was consummated on terms equivalent to those that prevail in arm's-length transactions. A preface to a statement such as "management believes that" or "it is the company's belief that" does not change the auditor's responsibilities.

Communications with the Audit Committee

19. The auditor should communicate to the audit committee the auditor's evaluation of the company's identification of, accounting for, and disclosure of its relationships and transactions with related parties.21/ The auditor also should communicate other significant matters arising from the audit regarding the company's relationships and transactions with related parties including, but not limited to:

  1. The identification of related parties or relationships or transactions with related parties that were previously undisclosed to the auditor;
  2. The identification of significant related party transactions that have not been authorized or approved in accordance with the company's established policies or procedures;
  3. The identification of significant related party transactions for which exceptions to the company's established policies or procedures were granted;
  4. The inclusion of a statement in the financial statements that a transaction with a related party was conducted on terms equivalent to those prevailing in an arm's-length transaction and the evidence obtained by the auditor to support or contradict such an assertion; and
  5. The identification of significant related party transactions that appear to the auditor to lack a business purpose.

1/ The auditor should look to the requirements of the U.S. Securities and Exchange Commission for the company under audit with respect to the accounting principles applicable to that company, including the definition of the term "related parties" and the financial statement disclosure requirements with respect to related parties.

2/ See, e.g., paragraphs 3031 of Auditing Standard No. 14, Evaluating Audit Results. See also paragraph .04 of AU sec. 411, The Meaning of Present Fairly in Conformity With Generally Accepted Accounting Principles.

3/ See, e.g., paragraph 18 of Auditing Standard No. 12, which requires the auditor to obtain a sufficient understanding of each component of internal control over financial reporting to (a) identify the types of potential misstatements, (b) assess the factors that affect the risks of material misstatement, and (c) design further audit procedures. See also paragraph 20 of Auditing Standard No. 12, which states that obtaining an understanding of internal control includes evaluating the design of controls that are relevant to the audit and determining whether the controls have been implemented.

4/ See also AU sec. 333, Management Representations. Obtaining such representations from management complements the performance of procedures in paragraph 5 and is not a substitution for those inquiries.

5/ Examples of "others" within the company who may have such knowledge include: personnel in a position to initiate, process, or record transactions with related parties and those who supervise or monitor such personnel; internal auditors; in-house legal counsel; the chief compliance/ethics officer or person in equivalent position; and the human resources director or person in equivalent position.

6/ For purposes of this standard, the phrase "related parties or relationships or transactions with related parties previously undisclosed to the auditor" includes, to the extent not disclosed to the auditor by management: (1) related parties; (2) relationships or transactions with known related parties; and (3) relationships or transactions with previously unknown related parties.

7/ The term "audit committee" has the same meaning as the term used in Auditing Standard No. 16, Communications with Audit Committees.

8/ This communication, which can be more effective when it occurs at an early stage of the audit, complements the discussion among engagement team members regarding risks of material misstatement in accordance with paragraph 49 of Auditing Standard No. 12. See also paragraph 5 of Auditing Standard No. 10, Supervision of the Audit Engagement, which establishes requirements regarding supervision of the engagement team members, including directing engagement team members to bring significant accounting and auditing issues arising during the audit to the attention of the engagement partner or other engagement team members performing supervisory activities.

9/ See AU sec. 543, Part of Audit Performed by Other Independent Auditors, which describes the auditor's responsibilities regarding using the work and reports of other independent auditors who audit the financial statements of one or more subsidiaries, divisions, branches, components, or investments included in the financial statements.

10/ See paragraph 59 of Auditing Standard No. 12.

11/ See paragraph 3 of Auditing Standard No. 13, The Auditor's Responses to the Risks of Material Misstatement.

12/ See generally, Auditing Standard No. 13 and paragraph 17 of Auditing Standard No. 15, Audit Evidence, which provides that inquiry of company personnel, by itself, does not provide sufficient audit evidence to reduce audit risk to an appropriately low level for a relevant assertion or to support a conclusion about the effectiveness of a control.

13/ Information gathered while obtaining an understanding of the company also might assist the auditor in identifying agreements prohibiting or restricting related party transactions (for example, loans or advances to related parties).

14/ Examples of information that might be relevant to the auditor's evaluation of a related party's financial capability include, among other things, the audited financial statements of the related party, reports issued by regulatory agencies, financial publications, and income tax returns of the related party, to the extent available.

15/ Information obtained from identifying and evaluating a company's significant unusual transactions and obtaining an understanding of a company's financial relationships and transactions with its executive officers could indicate that related parties or relationships or transactions with related parties previously undisclosed to the auditor might exist.

16/ See paragraph 29 of Auditing Standard No. 15, which states that if audit evidence obtained from one source is inconsistent with that obtained from another, or if the auditor has doubts about the reliability of information to be used as audit evidence, the auditor should perform the audit procedures necessary to resolve the matter and should determine the effect, if any, on other aspects of the audit.

17/ See AU sec. 333.04, which states that if a representation made by management is contradicted by other audit evidence, the auditor should investigate the circumstances and consider the reliability of the representation made. Based on the circumstances, the auditor should consider whether his or her reliance on management's representations relating to other aspects of the financial statements is appropriate and justified.

18/ See paragraph 74 of Auditing Standard No. 12, which states that when the auditor obtains audit evidence during the course of the audit that contradicts the audit evidence on which the auditor originally based his or her risk assessment, the auditor should revise the risk assessment and modify planned audit procedures or perform additional procedures in response to the revised risk assessments.

19/See paragraphs 3031 of Auditing Standard No. 14.

20/ See paragraph .06.l. of AU sec. 333, which requires the auditor to obtain written representations from management if the financial statements include such an assertion. Representations from management alone are not sufficient appropriate audit evidence. See also paragraphs .35.36 of AU sec. 508, Reports on Audited Financial Statements.

21/ See Auditing Standard No. 16 regarding the timing of the communications to the audit committee.