Introduction

1. This standard establishes requirements regarding the auditor's evaluation of a company's identification of, accounting for, and disclosure of relationships and transactions between the company and its related parties.^1/

Objective

2. The objective of the auditor is to obtain sufficient appropriate audit evidence to determine whether related parties and relationships and transactions with related parties have been properly identified, accounted for, and disclosed in the financial statements.^2/

Performing Risk Assessment Procedures to Obtain an Understanding of the Company's Relationships and Transactions with Its Related Parties

3. The auditor should perform procedures to obtain an understanding of the company's relationships and transactions with its related parties that might reasonably be expected to affect the risks of material misstatement of the financial statements in conjunction with performing risk assessment procedures in accordance with Auditing Standard No. 12, Identifying and Assessing Risks of Material Misstatement. The procedures performed to obtain an understanding of the company's relationships and transactions with its related parties include:

1. Obtaining an understanding of the company's process (paragraph 4);
2. Performing inquiries (paragraphs 5–7); and
3. Communicating with the audit engagement team and other auditors (paragraphs 8–9).

Note: Obtaining an understanding of the company's relationships and transactions with its related parties includes obtaining an understanding of the nature of the relationships between the company and its related parties and of the terms and business purposes (or the lack thereof) of the transactions involving related parties.

Note: Performing the risk assessment procedures described in paragraphs 4–9 of this standard in conjunction with the risk assessment procedures required by Auditing Standard No. 12 is intended to provide the auditor with a reasonable basis for identifying and assessing risks of material misstatement associated with related parties and relationships and transactions with related parties.

4. In conjunction with obtaining an understanding of internal control over financial reporting, the auditor should obtain an understanding of the company's process for: ^3/

1. Identifying related parties and relationships and transactions with related parties;
2. Authorizing and approving transactions with related parties; and
3. Accounting for and disclosing relationships and transactions with related parties in the financial statements.

5. The auditor should inquire of management regarding:^4/

1. The names of the company's related parties during the period under audit, including changes from the prior period;
2. Background information concerning the related parties (for example, physical location, industry, size, and extent of operations);
3. The nature of any relationships, including ownership structure, between the company and its related parties;
4. The transactions entered into, modified, or terminated, with its related parties during the period under audit and the terms and business purposes (or the lack thereof) of such transactions;
5. The business purpose for entering into a transaction with a related party versus an unrelated party;
6. Any related party transactions that have not been authorized and approved in accordance with the company's established policies or procedures regarding the authorization and approval of transactions with related parties; and
7. Any related party transactions for which exceptions to the company's established policies or procedures were granted and the reasons for granting those exceptions.

6. The auditor should inquire of others within the company regarding their knowledge of the matters in paragraph 5 of this standard. The auditor should identify others within the company^5/ to whom inquiries should be directed, and determine the extent of such inquires, by considering whether such individuals are likely to have knowledge regarding:

1. The company's related parties or relationships or transactions with related parties;
2. The company's controls over relationships or transactions with related parties; and
3. The existence of related parties or relationships or transactions with related parties previously undisclosed to the auditor.^6/

7. The auditor should inquire of the audit committee,^7/ or its chair, regarding:

1. The audit committee's understanding of the company's relationships and transactions with related parties that are significant to the company; and
2. Whether any member of the audit committee has concerns regarding relationships or transactions with related parties and, if so, the substance of those concerns.

8. The auditor should communicate to engagement team members relevant information about related parties, including the names of the related parties and the nature of the company's relationships and transactions with those related parties. ^8/

9. If the auditor is using the work of another auditor, the auditor should communicate to the other auditor relevant information about related parties, including the names of the company's related parties and the nature of the company's relationships and transactions with those related parties.^9/ The auditor also should inquire of the other auditor regarding the other auditor's knowledge of any related parties or relationships or transactions with related parties that were not included in the auditor's communications.

Identifying and Assessing Risks of Material Misstatement

10. The auditor should identify and assess the risks of material misstatement at the financial statement level and the assertion level.^10/ This includes identifying and assessing the risks of material misstatement associated with related parties and relationships and transactions with related parties, including whether the company has properly identified, accounted for, and disclosed its related parties and relationships and transactions with related parties.

Note: In identifying and assessing the risks of material misstatement associated with related parties and relationships and transactions with related parties, the auditor should take into account the information obtained from performing the procedures in paragraphs 4–9 of this standard and from performing the risk assessment procedures required by Auditing Standard No. 12.

11. The auditor must design and implement audit responses that address the identified and assessed risks of material misstatement.^11/ This includes designing and performing audit procedures in a manner that addresses the risks of material misstatement associated with related parties and relationships and transactions with related parties.^12/

Note: The auditor also should look to the requirements in paragraphs .66–.67A of AU sec. 316, Consideration of Fraud in a Financial Statement Audit, for related party transactions that are also significant unusual transactions (for example, significant related party transactions outside the normal course of business). For such related party transactions, AU sec. 316.67 requires that the auditor evaluate whether the business purpose (or the lack thereof) of the transactions indicates that the transactions may have been entered into to engage in fraudulent financial reporting or conceal misappropriation of assets.

12. For each related party transaction that is either required to be disclosed in the financial statements or determined to be a significant risk, the auditor should:

1. Read the underlying documentation and evaluate whether the terms and other information about the transaction are consistent with explanations from inquiries and other audit evidence about the business purpose (or the lack thereof) of the transaction;
2. Determine whether the transaction has been authorized and approved in accordance with the company's established policies and procedures regarding the authorization and approval of transactions with related parties;
3. Determine whether any exceptions to the company's established policies or procedures were granted; ^13/
4. Evaluate the financial capability of the related parties with respect to significant uncollected balances, loan commitments, supply arrangements, guarantees, and other obligations, if any;^14/ and
5. Perform other procedures as necessary to address the identified and assessed risks of material misstatement.

Note: The applicable financial reporting framework may allow the aggregation of similar related party transactions for disclosure purposes. If the company has aggregated related party transactions for disclosure purposes in accordance with the applicable financial reporting framework, the auditor may perform the procedures in paragraph 12 for only a selection of transactions from each aggregation of related party transactions (versus all transactions in the aggregation), commensurate with the risks of material misstatement.

13. The auditor should perform procedures on intercompany account balances as of concurrent dates, even if fiscal years of the respective companies differ.

Note: The procedures performed should address the risks of material misstatement associated with the company's intercompany accounts.

14. The auditor should evaluate whether the company has properly identified its related parties and relationships and transactions with related parties. Evaluating whether a company has properly identified its related parties and relationships and transactions with related parties involves more than assessing the process used by the company. This evaluation requires the auditor to perform procedures to test the accuracy and completeness of the related parties and relationships and transactions with related parties identified by the company, taking into account the information gathered during the audit.^15/ As part of this evaluation, the auditor should read minutes of the meetings of stockholders, directors, and committees of directors, or summaries of actions of recent meetings for which minutes have not yet been prepared.

Note: Appendix A contains examples of information and sources of information that may be gathered during the audit that could indicate that related parties or relationships or transactions with related parties previously undisclosed to the auditor might exist.

15. If the auditor identifies information that indicates that related parties or relationships or transactions with related parties previously undisclosed to the auditor might exist, the auditor should perform the procedures necessary to determine whether previously undisclosed relationships or transactions with related parties, in fact, exist.^16/ These procedures should extend beyond inquiry of management.

16. If the auditor determines that a related party or relationship or transaction with a related party previously undisclosed to the auditor exists, the auditor should:

1. Inquire of management regarding the existence of the related party or relationship or transaction with a related party previously undisclosed to the auditor and the possible existence of other transactions with the related party previously undisclosed to the auditor;
2. Evaluate why the related party or relationship or transaction with a related party was previously undisclosed to the auditor;^17/
3. Promptly communicate to appropriate members of the engagement team and other auditors participating in the audit engagement relevant information about the related party or relationship or transaction with the related party;
4. Assess the need to perform additional procedures to identify other relationships or transactions with the related party previously undisclosed to the auditor;
5. Perform the procedures required by paragraph 12 of this standard for each related party transaction previously undisclosed to the auditor that is required to be disclosed in the financial statements or determined to be a significant risk; and
6. Perform the following procedures, taking into account the information gathered from performing the procedures in a. through e. above:

1. Evaluate the implications on the auditor's assessment of internal control over financial reporting, if applicable;
2. Reassess the risk of material misstatement and perform additional procedures as necessary if such reassessment results in a higher risk;^18/ and
3. Evaluate the implications for the audit if management's nondisclosure to the auditor of a related party or relationship or transaction with a related party indicates that fraud or an illegal act may have occurred. If the auditor becomes aware of information indicating that fraud or another illegal act has occurred or might have occurred, the auditor must determine his or her responsibilities under AU secs. 316.79–.82, AU sec. 317, Illegal Acts by Clients, and Section 10A of the Securities Exchange Act of 1934, 15 U.S.C. §78j-1.

17. The auditor must evaluate whether related party transactions have been properly accounted for and disclosed in the financial statements. This includes evaluating whether the financial statements contain the information regarding relationships and transactions with related parties essential for a fair presentation in conformity with the applicable financial reporting framework. ^19/

18. If the financial statements include a statement by management that transactions with related parties were conducted on terms equivalent to those prevailing in an arm's-length transaction, the auditor should determine whether the evidence obtained supports or contradicts management's assertion. If the auditor is unable to obtain sufficient appropriate audit evidence to substantiate management's assertion, and if management does not agree to modify the disclosure, the auditor should express a qualified or adverse opinion.^20/

Note: Transactions with related parties might not be conducted on terms equivalent to those prevailing in arm's-length transactions (e.g., a company may receive services from a related party without cost). Except for routine transactions, it may not be possible for management to determine whether a particular transaction would have taken place, or what the terms and manner of settlement would have been, if the parties had not been related. Accordingly, it may be difficult for the auditor to obtain sufficient appropriate audit evidence to substantiate management's assertion that a transaction was consummated on terms equivalent to those that prevail in arm's-length transactions. A preface to a statement such as "management believes that" or "it is the company's belief that" does not change the auditor's responsibilities.

19. The auditor should communicate to the audit committee the auditor's evaluation of the company's identification of, accounting for, and disclosure of its relationships and transactions with related parties.^21/ The auditor also should communicate other significant matters arising from the audit regarding the company's relationships and transactions with related parties including, but not limited to:

1. The identification of related parties or relationships or transactions with related parties that were previously undisclosed to the auditor;
2. The identification of significant related party transactions that have not been authorized or approved in accordance with the company's established policies or procedures;
3. The identification of significant related party transactions for which exceptions to the company's established policies or procedures were granted;
4. The inclusion of a statement in the financial statements that a transaction with a related party was conducted on terms equivalent to those prevailing in an arm's-length transaction and the evidence obtained by the auditor to support or contradict such an assertion; and
5. The identification of significant related party transactions that appear to the auditor to lack a business purpose.