Question

As part of the risk assessment procedures required by ISA 315, the auditor must carry out certain procedures to obtain information relevant to identifying risks associated with related parties. Describe the audit procedures.

Answer 1

The auditor shall inquire of management and others within the entity, and perform other risk assessment procedures considered appropriate, to obtain an understanding of the controls, if any, that management has established.

(a) Identify, account for, and disclose related party relationships and transactions in accordance with the applicable financial reporting framework;

(b) Authorise and approve significant transactions and arrangements with related parties; and

(c) Authorise and approve significant transactions and arrangements outside the normal course of business.

In case of certain entities, auditor’s responsibilities regarding related party relationships and transactions may be affected by the audit mandate, or by obligations on those entities arising from legislation, regulation, ministerial directives, government policy requirements, or resolutions of the legislature. Consequently, in such cases the auditor’s responsibilities may not be limited to addressing the risks of material misstatement associated with related party relationships and transactions, but may also include a broader responsibility to address the risks of non-compliance with laws and regulations governing such entities that lay down specific requirements in the conduct of business with related parties.

Further, in such cases the auditor may need to have regard to any specific financial reporting requirements for related party relationships and transactions that may differ from other entities

In meeting the SA 315 requirement to obtain an understanding of the control environment,24 the auditor may consider features of the control environment relevant to mitigating the risks of material misstatement associated with related party relationships and transactions, such as:

1 Internal ethical codes, appropriately communicated to the entity’s personnel and enforced, governing the circumstances in which the entity may enter into specific types of related party transactions.

2 Policies and procedures for open and timely disclosure of the interests that management and those charged with governance have in related party transactions.

3 The assignment of responsibilities within the entity for identifying, recording, summarising, and disclosing related party transactions.

4 Timely disclosure and discussion between management and those charged with governance of significant related party transactions outside the entity’s normal course of business, including whether those charged with governance have appropriately challenged the business rationale of such transactions (for example, by seeking advice from external professional advisors).

5 Clear guidelines for the approval of related party transactions involving actual or perceived conflicts of interest, such as approval by a subcommittee of those charged with governance comprising individuals independent of management.

6 Periodic reviews by internal auditors, where applicable.

7 Proactive action taken by management to resolve related party disclosure issues, such as by seeking advice from the auditor or external legal counsel.

8 The existence of whistle-blowing policies and procedures, where applicable