Within this issue of CFGInsights, we discuss practical tips and suggestions that companies can consider if they are struggling to satisfy the enhanced requirements around the identification of related party transactions during their year-end audits.
In June 2014, the Public Company Accounting Oversight Board (“PCAOB”) issued Auditing Standard No. 18, Related Parties (the “Standard”) which supersedes AU sec. 334, Related Parties.
Although the Standard prescribes certain procedures required to be performed by external auditors to identify and assess related party transactions, companies must ensure their existing control programs are sufficiently designed and executed to identify and assess these types of transactions.
OVERVIEW OF PCAOB AUDITING STANDARD NO. 18
Auditing Standard No. 18 is intended to strengthen auditor performance in identifying, assessing, and responding to the risks of material misstatement associated with related party transactions by prescribing certain required procedures including, but not limited to:
- Obtaining an understanding of the company’s relationships and transactions with related parties in conjunction with their risk assessment procedures;
- Assessing whether the company has identified all of its related party transactions;
- Performing procedures if previously undisclosed related party transactions are identified;
- Performing specific procedures over those related party transactions which are required to be disclosed or are deemed to be a significant risk; and
- Requiring communication to the company’s Audit Committee of the procedures performed over related parties and the results thereof.
IMPACT ON A COMPANY’S SYSTEM OF INTERNAL CONTROL
Companies must ensure that their system of internal control is sufficiently designed and operating effectively to identify related party relationships and transactions. Below are examples of controls CFGI recommends, and procedures we can assist our clients to implement, identify and assess related party relationships and transactions:
- Assessing related party relationships and transactions as part of the company’s annual risk assessment process.
- Requiring Board members to disclose all affiliations and related party transactions in a D&O questionnaire which is reviewed by Legal and Finance.
- Compiling a related party transaction listing which is updated and reviewed on, a minimum, quarterly basis. The listing can be derived from various sources including investment statements, the accounts payable ledger, investor listings, D&O questionnaires, Board meeting minutes, etc.
- Requiring training and recertification by all employees on their understanding and agreement to abide by the company’s related party policies. A company’s related party policy should define what a related party relationship or transaction is, provide practical examples, and clearly lay out the protocol for disclosing such relationships or transactions.
- Incorporating certain detective controls as part of the vendor and customer master data setup process. For example, using an identifier within the ERP system when establishing a new vendor or customer to identify possible related party relationships. A report of potential related party relationships could then be generated on a periodic basis and reviewed by the appropriate personnel in Finance and/or Legal.
- For large companies with decentralized operations, requiring a quarterly certification by all designated personnel (for example, Controllers at subsidiaries) that sufficient procedures have been performed to identify related party relationships and transactions and that all such relationships and transactions have been reported (for example, via monthly reporting packages submitted to the Corporate office as part of the standard close process).
- Prescribing specific procedures that must be performed by the HR function to identify potential related party relationships when interviewing and hiring individuals for both employee and contractor positions.
- Establishing, within a company’s authority listing, designated individuals or committees who must approve and/or authorize related party transactions.
A greater emphasis on the identification and assessment of related party relationships and transactions emerged with the issuance of Auditing Standard No. 18. Companies must continuously reassess their existing internal control program to ensure that sufficient controls are in place to identify these types of affiliations and transactions. Management must be able to demonstrate that their listing of related party affiliations and transactions is (1) complete and (2) accurate, and this can only be done when sufficient related party controls and procedures are established and enforced. CFGI has extensive experience designing internal controls that meet the ever-increasing needs and requirements of companies, their stakeholders, regulators, and auditors.