Mitigating the Risks of Related Party Transactions as an Internal Auditor

As an internal auditor, one of the key responsibilities is to identify and manage the risks associated with related party transactions within an organization. Related party transactions, if not properly controlled, can expose the company to a variety of risks such as:

• Conflicts of Interest: When company executives or directors engage in transactions with entities they have a personal stake in, it can lead to biased decision-making and preferential treatment that is not in the best interest of the organization.
• Inaccurate Financial Reporting: Related party transactions may be recorded improperly, hidden, or disclosed inadequately, distorting the company's true financial position and performance.
• Regulatory and Legal Non-Compliance: Many jurisdictions have strict rules and regulations governing the disclosure and approval of related party transactions, non-compliance with which can result in hefty fines and legal consequences.
• Reputational Damage: The perception of impropriety or self-dealing in related party transactions, even if unsubstantiated, can seriously undermine the company's reputation and public trust.

The following five-point action plan focuses on the specific areas where existing audit work on related party relationships and transactions could be developed to enhance the quality of the audit.

PLAN YOUR WORK ON THE AUDIT OF RELATED PARTY RELATIONSHIPS AND TRANSACTIONS THOROUGHLY

? Plan the audit of related party relationships and transactions by updating existing information, and, where possible, obtain a list of related parties from clients or compile a list based on discussions with clients.

? Ask management about changes from the prior period, the nature of the relationships, whether any transactions have been entered into and the type and purpose of the transactions.

? Ensure that the client understands who or what related parties are and why the relevant disclosure requirements are necessary.

? Speak to the right person ‘in authority’ at the client who can answer questions. ? Plan for concerns raised by audit team members and others to be considered and reviewed by suitably experienced staff.

? Brief all audit team members on related party relationships and transactions and the risks of material misstatement due to fraud or error that could arise from such transactions.

? Ensure that all staff are informed about any changes to related party relationships throughout the engagement and are aware of the need to bring such changes to the attention of the rest of the team.

FOCUS ON THE RISK OF MATERIAL MISSTATEMENT THAT MIGHT ARISE FROM RELATED PARTY TRANSACTIONS

? Understand the nature, size and complexity of the businesses and use family trees or document group structures to help identify related parties and relationships between the client and related parties.

? Follow up indicators of the existence of undisclosed related parties or related party transactions.

? Consider the impact of undisclosed related party relationships and transactions as a potential fraud risk.

? Consider the qualitative aspects of materiality.

? Emphasize the importance of the audit team remaining alert for related party relationships and transactions as the audit proceeds.

? Discuss related party relationships with others within the firm who provide services to the client, such as staff in the tax, accounting or corporate finance departments.

UNDERSTAND THE INTERNAL CONTROLS AT THE COMPANY TO IDENTIFY RELATED PARTIES AND TO RECORD RELATED PARTY TRANSACTIONS

? Understand the controls, if any, that management has put in place to identify, account for and disclose related party transactions and to approve significant transactions with related parties, and significant transactions outside the normal course of business

? If few or no processes are in place for dealing with related party relationships and transactions, seek to obtain an understanding of those relationships and transactions by asking management

DESIGN PROCEDURES TO RESPOND TO RISKS IDENTIFIED

? Perform procedures to confirm identified related party relationships and transactions and identify others including:

– inspecting bank and legal confirmations obtained as part of other audit procedures;

– inspecting minutes of shareholder and management meetings and any other records or documents considered necessary, such as regulatory returns, tax returns and records of investments.

? Where the existence of related party relationships or transactions that management has not previously identified or disclosed is indicated, communicate the information to team members promptly and;

– request management to identify all such transactions; – ask why controls failed to identify or disclose the related parties or transactions;

– perform appropriate substantive procedures; – reconsider the risk that further unidentified or undisclosed relationships or transactions may exist and evaluate the implications for the audit

? Consider any fraud risk factors in the context of the requirements of ISA 240.

? Establish the nature of significant transactions outside the company’s normal course of business and whether related parties could be involved, by inquiring of management.

? Consider any arm’s-length assertions and obtain supporting evidence from third parties.

? Treat significant related party transactions outside the normal course of business as significant risks and inspect relevant documentation to evaluate the business rationale of the transactions, whether they have been appropriately authorized and approved, whether the terms are consistent with management’s explanations and whether they have been appropriately accounted for.

? Document the identity of related parties and the nature of related party relationships

PERFORM COMPLETION PROCEDURES

? Obtain a representation that management has disclosed the identity of related parties, relationships and transactions of which they are aware and that related parties and transactions have been appropriately accounted for and disclosed.

? Communicate significant related party matters arising during the audit to those charged with governance unless all of those charged with governance are involved in its management.

? Ensure that the accounting for and disclosure of related parties and related party transactions are appropriate.

? Consider the implications of the findings from work performed on related parties and related party transactions for the audit opinion.

Conclusion

By implementing these strategies, internal auditors can play a crucial role in mitigating the risks associated with related party transactions and safeguarding the integrity of the organization's financial reporting and decision-making processes. Through a proactive and collaborative approach, internal auditors can help to foster a culture of transparency, accountability, and ethical conduct within the company.