As discussed in this PubCo post, last year the PCAOB adopted Auditing Standard No. 18, Related Parties, addressing related-party transactions, significant unusual transactions and transactions with executive officers. (See the standard , related fact sheet and SEC release.) These types of transactions are considered to pose an increased risk of material misstatement in financial statements, having been a contributing factor in numerous prominent financial reporting frauds over many years. For most companies, the audit for the 2015 fiscal year will be the first under the new standard. (Also note that, according to the SEC release, the new standard will apply to EGCs.) Auditors are on high alert and companies will need to follow suit. As a result, companies will want to have controls in place for identifying, as well as policies and procedures in place for evaluating and approving (or disapproving), related-party transactions.
In essence, AS 18 requires auditors to look at these transactions with the skeptical eye typically associated with fraud risks. In his statement at the meeting to consider adoption of these changes, PCAOB Chair Jim Doty noted that the new standard should help auditors “identify the right procedures to perform in order to examine transactions with a view toward what could go wrong, or even be improper. Risk isn’t just about doing more procedures in areas that matter, and less in areas that matter less. A risk-based approach mandates not wasting the audit or nullifying the usefulness of its procedures by performing them in a mechanistic, unthinking way….What the new standard and amendments do, through their focus on risk, is to more clearly articulate the importance of approaching such transactions with skepticism.”
AS 18 prescribes specific audit procedures for the auditor’s evaluation of a company’s identification of, accounting for and disclosure of transactions and relationships between a company and its related parties, including obtaining an understanding of the nature of the relationships and of the terms and business purposes (or lack thereof) of transactions involving related parties. Under the new standard, management will be expected to be the initial source of the auditor’s information identifying related parties and transactions, as well as the business purpose for engaging in transactions with related, rather than unrelated, parties. Specific audit procedures are required if the auditor identifies a previously undisclosed related-party relationship or transaction. Consistent with AS 16, Communications with Audit Committees, the results of the auditor’s evaluation will be communicated to the audit committee, including transactions with the related parties that were not authorized in accordance with, or that were required to be excepted from, company policies and transactions that appear to the auditor to lack a business purpose. In addition, if the auditor learns of a related-party relationship or transaction that management did not disclose to the auditor, the auditor must advise the audit committee. Management will also need to represent that it has made available to the auditor the names of all related parties and relationships and transactions with related parties as well as that there are no side agreements or other arrangements (either written or oral) undisclosed to the auditor. Notably, the definition of related-party transactions for purposes of AS 18 can be broader than the definition used under SEC rules (such as Reg S-K Item 404), and companies should discuss the scope with their auditors to be sure that they have a clear and common understanding of the term.
The PCAOB’s amendments regarding significant unusual transactions revise AU sec. 316, Consideration of Fraud in a Financial Statement Audit, and other PCAOB auditing standards. These amendments also require auditors to perform specific audit procedures that are designed to improve the auditor’s identification and evaluation of these unusual transactions (such as those close to period end without clear economic substance) and to enhance the auditor’s understanding of their business purposes (or lack thereof). This information is intended to help the auditor identify “substance-over-form” issues, particularly where transactions may have been entered into to obscure financial results. In evaluating whether significant unusual transactions may have been entered into to engage in fraudulent financial reporting or conceal misappropriation of assets, the auditor will need to take specified factors into account.
The amendments regarding transactions with executive officers are “intended to heighten the auditor’s attention to incentives or pressures for the company to achieve a particular financial position or operating result.” The amendments require the auditor to perform specific audit procedures during the risk assessment process to enhance the auditor’s understanding of a company’s financial relationships and transactions with its executive officers. However, auditors will not be required to assess the reasonableness of compensation arrangements or recommendations regarding compensation arrangements. Regarding these amendments, PCAOB member Steven Harris has cited studies suggesting that “executive officers with equity-based compensation packages have, in the past, influenced earnings to inflate the value of their compensation. These studies examined a variety of industries and explored situations involving the alteration of revenues, accruals and reserves. In addition, as noted in a May 2010 academic study sponsored by the Committee of Sponsoring Organizations, the desire to increase one’s compensation served as the most commonly cited motivation to falsify financial results in all SEC fraud enforcement actions from 1997 to 2007.”
As discussed in this article in Compliance Week, although companies are already required to identify and disclose related-party transactions and auditors have long been required to review them, “now auditors are under new orders to sniff them out and scrutinize them as never before.” According to one commentator quoted in the article, “auditors will be performing new procedures to test the accuracy and completeness of management’s identification of related parties. ‘There’s a lot more specificity compared with historical standards…. It’s clear that we start by getting the list from the company. Before handing over that list, companies should make sure it’s gone through their control processes to make sure it’s complete and accurate, because there’s an iterative process auditors will be going through with that list.’ Should auditors identify related parties (or transactions with related parties) through their own work that are not on the company’s list: ‘There’s a series of questions we have to ask ourselves….Why was this name or this entity or this transaction not on the list?’ AS 18 treats such an omission as an elevated risk, he says. ‘Is it indicative of a control issue, or something a little more nefarious?’” Other commentators recommended that companies take steps before year end to review their controls, their processes for performing internal conflict checks (including legal staff review of contracts to verify the absence of conflicts of interest), their written policies, internal training and whistleblower provisions regarding related parties, as well as confirm with the auditors that “controls are in line with auditors’ expectations and their need for precision and rigor.”