Companies preparing your year-end financial disclosures will want to pay closer attention this time around to related-party transactions—auditors will be on the lookout this year to make sure those parties don’t get too wild.

2015 year-end audits will be the first to fall under Auditing Standard No. 18, Related Parties, adopted by the Public Company Accounting Oversight Board last year. It requires auditors to treat any omission as a potentially serious fraud risk, which means the firms will do much deeper digging to answer any questions they have about such transactions.

AS 18 tells auditors to perform some specified audit procedures to understand a company’s relationships and transactions with its related parties. That means greater scrutiny on any special relationships that a company’s top executives, board members, or shareholders might have with outside entities doing business with the company.

One example might be construction contracts granted to a company where a board member has a significant ownership interest. Or a procurement deal with a supplier owned by an executive’s brother. The list could go on. Companies are already required to identify, account for, and disclose such arrangements, and auditors have always been required to review the company’s work. But now auditors are under new orders to sniff them out and scrutinize them as never before.

AS 18 tells auditors, for example, to evaluate whether the issuer has properly identified all of its related parties and transactions with those related parties. That means auditors will be performing new procedures to test the accuracy and completeness of management’s identification of related parties.

“There’s a lot more specificity compared with historical standards,” says Chris Smith, assurance partner with BDO USA. “It’s clear that we start by getting the list from the company. Before handing over that list, companies should make sure it’s gone through their control processes to make sure it’s complete and accurate, because there’s an iterative process auditors will be going through with that list.”

Should auditors identify related parties (or transactions with related parties) through their own work that are not on the company’s list: “There’s a series of questions we have to ask ourselves,” Smith says. “Why was this name or this entity or this transaction not on the list?”

AS 18 treats such an omission as an elevated risk, he says. “Is it indicative of a control issue, or something a little more nefarious?”

Mike Yates, a partner at Crowe Horwath, says even for smaller reporting companies that are not subject to the audit of internal control over financial reporting, auditors will do more work. “This is going to cause auditors to look deeper and look for controls management has put in place to identify their related-party transactions,” he says. “Now there’s a whole host of work we have to do if management doesn’t identify them.”

“Companies are starting to wake up to the fact that there’s a new standard here, but there’s a difference between awareness of it and executing against it.”
Chris Smith, Assurance Partner, BDO USA

The standard also directs auditors to have discussions with the audit committee, preferably early in the audit process, to determine whether there are any concerns around related-party transactions and to communicate the auditor’s evaluation of the company’s identification, accounting for, and disclosure of, related-party transactions.

Even further, the standard directs auditors to examine all “significant unusual transactions” to understand the business purpose behind them. Auditors are expected to consider whether fraudulent intent might be behind such transactions. Finally, the standard tells auditors to examine financial relationships and transactions with executive officers, including executive compensation, to look for any incentives or pressures that might motivate executive behavior.

Party Police

Given the PCAOB’s heightened focus in recent inspection cycles on professional skepticism and auditors’ response to risks of misstatement, the new standard on related parties is expected to raise the bar on auditor examinations. Even where companies assert they have no related-party transactions, auditors will be looking more closely, says Pat Voll, vice president at consulting firm RoseRyan. “How do you know you don’t have any related-party transactions?” she says. “What are you doing to monitor that and make sure you don’t get surprised?”


Below is an excerpt from the SEC’s press release in its enforcement action against Home Loan Servicing for misstatements and adequate internal controls.
The Securities and Exchange Commission today charged Home Loan Servicing Solutions Ltd. (HLSS) for making material misstatements about its handling of related party transactions and the value of its primary asset and for having inadequate internal accounting controls.
Cayman Islands-based HLSS agreed to pay a $1.5 million penalty to settle the SEC’s charges and agreed to cease and desist from disclosure and books and recordkeeping violations.
According to the SEC’s order instituting a settled administrative proceeding, HLSS misstated its handling of transactions with related parties, including Ocwen Financial Corp., whose Chairman also served as HLSS’s Chairman.  From 2012 to 2014, HLSS disclosed that to avoid potential conflicts of interest, it required its Chairman to recuse himself from transactions with Ocwen and other related parties.  However, the SEC order found that HLSS had no written policies or procedures on recusals for related-party transactions and that its Chairman approved many transactions between HLSS and Ocwen.
HLSS misstated its net income in 2012, 2013, and the first quarter of 2014 because the methodology it used to value its primary asset – billions of dollars of rights to mortgage servicing rights that it purchased from Ocwen – did not conform to generally accepted accounting principles (GAAP), the SEC order also found.  Although HLSS disclosed that it valued these assets at their fair value, the order found that its actual approach was to assign a value equal to their carrying value, provided the carrying value was within five percent of a third-party’s fair market value estimate.  According to the order, HLSS senior management and the HLSS audit committee failed to adequately review whether the valuation methodology complied with GAAP despite internal concerns that the valuation methodology might result in material differences between the carrying value and the third-party’s fair value estimate.
“As a result of its lax internal controls environment, HLSS failed to properly value its primary asset and to make accurate and complete disclosures in its public filings,” said Michael J. Osnato, Chief of the SEC Enforcement Division’s Complex Financial Instruments Unit.  “It failed to meet requirements that are fundamental to ensuring that investors receive reliable information, including in matters involving complex assets.”
The Commission’s investigation was conducted by staff in the Enforcement Division’s Complex Financial Instruments Unit and the New York Regional Office, including William Finkel, Elisabeth Goot, Kevin McGrath, Peter Altenbach, Kerri Palen, Sharon Bryant, and Daniel Nigro.  The case was supervised by Daniel Michael and Steven Rawlings.  The SEC appreciates the assistance of the New York Department of Financial Services and the Public Company Accounting Oversight Board.
Source: SEC.

Adam Hallemeyer, senior manager at McGladrey, says companies should take steps now—before the end of the year—to assure they understand what a related party is and to review their controls to assure they are capturing and identifying all such relationships.

“Evaluate transactions you’ve entered into that may have been different or new from the last evaluation you performed,” he says. “Giving a complete and accurate list is going to be key.” Companies should review their process for performing internal conflict checks and their process for the legal staff to review contracts to verify no conflicts of interest, he adds.

Leonard Combs, U.S. chief auditor at PwC, says every engagement will differ depending on the nature of the company, its related-party relationships, and its transactions that are not in the normal course of business. “You’re going to see auditors in general more focused on management’s controls over identifying, authorizing, and approving related-party transactions,” he says.

The level of additional work for companies will depend on what a company already does to identify its related parties, says Combs. “Given the increased expectations and focus on this, for companies that don’t already have more granular level controls around how they identify all important related-party transactions, they’re going to have to make sure they have robust controls that have the level of precision auditors will expect,” he says.

Auditors also will be more focused than ever on reconciling intra-company accounts, says Yates. He has seen cases where transactions among entities within a consolidated company have been used to hide fraudulent activity. Under the new standard, auditors are instructed to be cautious. “It’s not enough that the debits equal the credits,” he says. “I need to understand the substance of that transaction.”

To assure management teams are prepared, Smith is encouraging companies to review their written policies, internal training, and whistleblower provisions with respect to related parties, to assure they all point toward identifying and elevating related parties. “Companies are starting to wake up to the fact that there’s a new standard here, but there’s a difference between awareness of it and executing against it,” he says.

Even where companies believe they already have controls in place, Combs is encouraging companies to have a conversation with their auditors to assure controls are in line with auditors’ expectations and their need for precision and rigor. “Make sure everyone is on the same page so there are no surprises,” he says.