Pomegra Wiki

Auditing Related-Party Transactions: Risks and Required Procedures

Auditing related party transactions is where auditors encounter some of their highest fraud risk. A related party—a director, family member of management, or affiliate company—can pressure executives to strike deals that benefit insiders at the expense of the company and shareholders. This is why auditors follow heightened procedures under AS 2410 (AICPA) and IAS 24 to identify, evaluate, and vouch for these transactions.

A related party relationship flips the normal negotiating dynamic. In an arm’s-length transaction, a buyer and seller haggle to protect their own interests. With related parties, one person or group may control both sides—or the insider may pressure management to agree to unfavorable terms.

The motive is simple: an executive might sell company assets to a personal corporation at a steep discount, pay inflated rent to a relative’s real-estate company, or gift inventory to an affiliate in exchange for obscure “service fees.” If management records these at fair value (or fails to disclose them), financial statements will overstate assets or understate expenses.

Auditors know the governance safeguards are weaker. A board committee that scrutinizes arm’s-length contracts may rubber-stamp a deal because the CEO’s spouse chairs it, or because the related party is the CEO herself.

The Audit Approach: Identification, Evaluation, and Testing

Identification Phase

Auditors begin by asking management to disclose all related parties at the engagement’s start. They also review:

  • Board and committee minutes for director affiliations
  • Debt documents and equity agreements for change-of-control or affiliation clauses
  • Tax returns and regulatory filings (Forms 10-K, proxy statements) that often list related parties
  • Payroll records, loans to officers, and intercompany reconciliations
  • Entity-to-entity transaction histories

Many auditors use data analytics to flag unusual patterns—large round-dollar transactions, payments to entities with director or employee names, or revenue concentrations in a single customer.

Risk Assessment

Once identified, the auditor evaluates whether a related-party transaction poses a going-concern threat, inflates earnings quality, or signals fraud. Higher-risk indicators include:

  • Complex or circular transaction structures
  • Lack of substantive business purpose or documentation
  • Pricing materially different from market rates
  • Inadequate or buried disclosure
  • Transactions in the final days of a reporting period

If risk is high, auditors expand the scope.

Substantive Testing

Under AS 2410, auditors must:

  1. Obtain the underlying transaction documentation — signed contracts, invoices, delivery receipts, payment evidence. If the related party is an external entity, the auditor may request a copy directly.

  2. Evaluate commercial substance. Does the deal serve a genuine business purpose, or is it a conduit to shift funds? A company that suddenly buys inventory from a related party at 20% above market price raises questions.

  3. Test valuation and pricing against benchmarks. If the company leases office space from a director’s landlord entity, the auditor compares the rent to independent leasing comparables in the same market.

  4. Confirm terms with the third party (the related entity). The auditor may send a written request to the related-party company asking them to confirm the transaction terms, balance, and any side agreements. Weak responses are a red flag.

  5. Examine side agreements. Insiders sometimes use informal follow-up deals to change the real terms. A company might sell inventory to a related party “on approval” with a verbal promise to buy it back, which converts the sale into a loan in disguise.

  6. Review board approvals. AS 2410 requires that related-party transactions receive appropriate board or audit-committee oversight. The auditor inspects approval resolutions and minutes.

Management’s Disclosure Obligation

IAS 24 and the AICPA require that all material related-party transactions be disclosed in the financial statement notes, even if they occurred at arm’s-length terms. The disclosure must identify:

  • The nature of the relationship
  • The type and amount of the transaction
  • Any outstanding balances
  • Any commitments or contingencies

Disclosure alone does not lower audit risk, but it does allow financial-statement readers to make an informed judgment. Poor disclosure—burying related-party sales in a consolidated revenue line—is itself a misstatement and a violation of GAAP.

Auditor Independence and Ethical Concerns

Auditors must also consider whether performing services for a related party, or accepting favors from one, impairs their independence. Auditor independence rules restrict what services auditors can provide and require careful management of conflicts. If the audit partner has a family relationship with the company, the partner must step aside.

Tailoring the Response: Scale and Materiality

The depth of related-party audit testing depends on materiality and risk. A small transaction with a non-controlling family member may warrant only a cursory review. But a material sale to a private equity sponsor, or a loan to an executive at below-market rates, triggers full substantive auditing.

Some auditors expand testing further if the company operates in a high-corruption environment, has weak internal controls, or has a history of related-party issues.

Common Pitfalls and Audit Failures

Auditors have failed to detect related-party fraud when they:

  • Accepted vague or incomplete disclosures without pressing management for detail
  • Skipped confirming transactions with the third party
  • Did not identify the related-party relationship in the first place (e.g., failed to spot that a customer name matched a director’s spouse’s maiden name)
  • Relied on management representations without corroborating evidence
  • Did not challenge commercial substance because the transaction was “approved” by an insider-dominated board

These lapses have contributed to major accounting scandals. Rigorous, skeptical testing of related-party transactions is a core audit competency.

See also

  • Related-Party Transactions — definition and types of insider dealings
  • IAS 24 — Related Party Disclosures — IASB standard on disclosure requirements
  • AS 2410 — Auditing Standard — AICPA’s heightened testing guidance
  • Earnings Quality — how related-party abuse distorts financial health
  • Internal Controls Framework — preventive design to block insider fraud

Wider context

  • Financial Statement Fraud — broad tactics including related-party abuse
  • Fair Value — arm’s-length principle that related-party pricing violates
  • Going Concern — how undisclosed related-party debts can jeopardize solvency
  • Due Diligence — buyer-side testing in mergers that uncovers hidden related-party liabilities
  • Disclosure Controls — management responsibility to identify and flag related-party risks