The 2015 audit was the first one for most companies under the PCAOB’s Auditing Standard 18, Related Parties. This Auditing Standard created new and expanded audit procedures for related party transactions; significant unusual transactions, and a company's financial relationships and transactions with its executive officers. As cited in the rulemaking release, related party transactions have been contributing factors in numerous financial reporting frauds over the last several decades.
With regard to related party transactions, auditors are directed to perform procedures to obtain an understanding of the company’s relationships and transactions with its related parties “that might reasonably be expected to affect the risks of material misstatement of the financial statements.” Procedures include obtaining an understanding of the company’s process, performing the auditor’s own inquiries and communicating with the audit engagement team and other auditors on its findings.
The Auditing Standard’s definition of related party transactions may be broader under certain circumstances than the one used for SEC disclosure purposes, thereby potentially increasing the number of transactions covered by the new standard. As a result, the first wave of 2015 audits highlighted the significant challenges of identifying and reviewing a bigger pool of related party transactions while remaining focused on transactions that might be reasonably expected to affect the risks of a material misstatement.
While the audit season has yielded a wide range of approaches, some companies have made no changes to existing processes, while other companies are being asked to varying degrees to expand their D&O questionnaires and supplement their internal controls with regard to related party transactions. The required changes to D&O questionnaires can range from modifying certain definitions in the questionnaire to adding questions that ask directors and officers to provide lists of immediate family members and their affiliations, while the additions to the internal controls can range from requiring directors and officers to inform the company of changes to their immediate family members and their affiliations to quarterly certifications from each director and officer.
Companies should be prepared to have a thoughtful discussion with their auditors about what procedures are appropriate for their company and its risk profile. Considerations may include the industry, prior accounting history, existing compliance processes for related party transactions, and the risk of a material misstatement given the size of the business.
For a review of trending issues for this proxy season and future ones, click here.