As part of the risk assessment procedures and related activities that ASA 315 and ASA 240 require the auditor to perform during the audit,[7] the auditor shall perform the audit procedures and related activities set out in paragraphs 12‑17 of this Auditing Standard, to obtain information relevant to identifying the risks of material misstatement associated with related party relationships and transactions.  (Ref: Para. A8)

Understanding the Entity’s Related Party Relationships and Transactions

The engagement team discussion that ASA 315 and ASA 240 require[8] shall include specific consideration of the susceptibility of the financial report to material misstatement due to fraud or error that could result from the entity’s related party relationships and transactions.  (Ref: Para. A9‑A10)

The auditor shall enquire of management regarding:  

1. The identity of the entity’s related parties, including changes from the prior period; (Ref: Para. A11‑A14)
2. The nature of the relationships between the entity and these related parties; and
3. Whether the entity entered into any transactions with these related parties during the period and, if so, the type and purpose of the transactions.

The auditor shall enquire of management and others within the entity, and perform other risk assessment procedures considered appropriate, to obtain an understanding of the controls, if any, that management has established to:  (Ref: Para. A15‑A20)

1. Identify, account for, and disclose related party relationships and transactions in accordance with the applicable financial reporting framework;
2. Authorise and approve significant transactions and arrangements with related parties; and  (Ref: Para. A21) 
3. Authorise and approve significant transactions and arrangements outside the normal course of business.

Maintaining Alertness for Related Party Information When Reviewing Records or Documents

During the audit, the auditor shall remain alert, when inspecting records or documents, for arrangements or other information that may indicate the existence of related party relationships or transactions that management has not previously identified or disclosed to the auditor.  (Ref: Para. A22‑A23)

In particular, the auditor shall inspect the following for indications of the existence of related party relationships or transactions that management has not previously identified or disclosed to the auditor:

1. Bank and legal confirmations obtained as part of the auditor’s procedures;
2. Minutes of meetings of shareholders and of those charged with governance; and
3. Such other records or documents as the auditor considers necessary in the circumstances of the entity.

If the auditor identifies significant transactions outside the entity’s normal course of business when performing the audit procedures required by paragraph 15 of this Auditing Standard or through other audit procedures, the auditor shall enquire of management about: (Ref: Para. A24‑A25)

1. The nature of these transactions; and  (Ref: Para. A26)
2. Whether related parties could be involved.  (Ref: Para. A27)  

Sharing Related Party Information with the Engagement Team

The auditor shall share relevant information obtained about the entity’s related parties with the other members of the engagement team.  (Ref: Para. A28)

In meeting the ASA 315 requirement to identify and assess the risks of material misstatement,[9] the auditor shall identify and assess the risks of material misstatement associated with related party relationships and transactions and determine whether any of those risks are significant risks.  In making this determination, the auditor shall treat identified significant related party transactions outside the entity’s normal course of business as giving rise to significant risks. 

If the auditor identifies fraud risk factors (including circumstances relating to the existence of a related party with dominant influence) when performing the risk assessment procedures and related activities in connection with related parties, the auditor shall consider such information when identifying and assessing the risks of material misstatement due to fraud in accordance with ASA 240.  (Ref: Para. A6 and A29‑A30)

As part of the ASA 330 requirement that the auditor respond to assessed risks,[10] the auditor designs and performs further audit procedures to obtain sufficient appropriate audit evidence about the assessed risks of material misstatement associated with related party relationships and transactions.  These audit procedures shall include those required by paragraphs 21‑24 of this Auditing Standard.  (Ref: Para. A31‑A34)

Identification of Previously Unidentified or Undisclosed Related Parties or Significant Related Party Transactions

If the auditor identifies arrangements or information that suggests the existence of related party relationships or transactions that management has not previously identified or disclosed to the auditor, the auditor shall determine whether the underlying circumstances confirm the existence of those relationships or transactions.  (Ref: Para. Aus A34.1)

If the auditor identifies related parties or significant related party transactions that management has not previously identified or disclosed to the auditor, the auditor shall:

1. Promptly communicate the relevant information to the other members of the engagement team;  (Ref: Para. A35)
2. Where the applicable financial reporting framework establishes related party requirements:
   1. Request management to identify all transactions with the newly identified related parties for the auditor’s further evaluation; and
   2. Enquire as to why the entity’s controls over related party relationships and transactions failed to enable the identification or disclosure of the related party relationships or transactions;
3. Perform appropriate substantive audit procedures relating to such newly identified related parties or significant related party transactions;  (Ref: Para. A36)
4. Reconsider the risk that other related parties or significant related party transactions may exist that management has not previously identified or disclosed to the auditor, and perform additional audit procedures as necessary; and
5. If the non‑disclosure by management appears intentional (and therefore indicative of a risk of material misstatement due to fraud), evaluate the implications for the audit.  (Ref: Para. A37)

Identified Significant Related Party Transactions outside the Entity’s Normal Course of Business

For identified significant related party transactions outside the entity’s normal course of business, the auditor shall:

1. Inspect the underlying contracts or agreements, if any, and evaluate whether:
   1. The business rationale (or lack thereof) of the transactions suggests that they may have been entered into to engage in fraudulent financial reporting or to conceal misappropriation of assets;[11]  (Ref: Para. A38‑A39)
   2. The terms of the transactions are consistent with management’s explanations; and
   3. The transactions have been appropriately accounted for and disclosed in accordance with the applicable financial reporting framework; and
2. Obtain audit evidence that the transactions have been appropriately authorised and approved.  (Ref: Para. A40‑A41) 

Assertions That Related Party Transactions Were Conducted on Terms Equivalent to Those Prevailing in an Arm’s Length Transaction

If management has made an assertion in the financial report to the effect that a related party transaction was conducted on terms equivalent to those prevailing in an arm’s length transaction, the auditor shall obtain sufficient appropriate audit evidence about the assertion.  (Ref: Para. A42‑A45)

In forming an opinion on the financial report in accordance with ASA 700,[12] the auditor shall evaluate:  (Ref: Para. A46)

1. Whether the identified related party relationships and transactions have been appropriately accounted for and disclosed in accordance with the applicable financial reporting framework; and  (Ref: Para. A47)
2. Whether the effects of the related party relationships and transactions:
   1. Prevent the financial report from achieving fair presentation (for fair presentation frameworks); or
   2. Cause the financial report to be misleading (for compliance frameworks). 

Where the applicable financial reporting framework establishes related party requirements, the auditor shall obtain written representations from management and, where appropriate, those charged with governance that:  (Ref: Para. A48‑A49)

1. They have disclosed to the auditor the identity of the entity’s related parties and all the related party relationships and transactions of which they are aware; and
2. They have appropriately accounted for and disclosed such relationships and transactions in accordance with the requirements of the framework. 

Unless all of those charged with governance are involved in managing the entity,[13] the auditor shall communicate with those charged with governance significant matters arising during the audit in connection with the entity’s related parties.  (Ref: Para. A50)

If the auditor is unable to:

the auditor shall modify the auditor’s opinion in accordance with   ASA 705.*

1. obtain sufficient appropriate audit evidence regarding related parties and related party transactions; or
2. form a conclusion as to the completeness of the disclosure of related party relationships and transactions in accordance with the applicable financial reporting framework;

If the auditor concludes that the related party disclosures in the financial report do not satisfy the requirements of the applicable financial reporting framework, the auditor shall modify the auditor’s opinion in accordance with ASA 705.

The auditor shall include in the audit documentation the names of the identified related parties and the nature of the related party relationships.[14]