Isn’t That a Conflict? The Internal Auditors’ Role in Scrutinizing Related Parties

Companies have become aware that related-party transactions can raise conflicts of interest concerns, creating the appearance that decisions are made on considerations other than the best interests of the organization and its shareholders. Typically, directors prefer to avoid entering into related-party transactions, but there may be situations where a board recognizes that such a transaction may be in the best interests of the company—including, but not limited to, circumstances where it may obtain products or services on terms that are not readily available from alternative sources.

Given the recent history of related-party transactions that resulted in significant financial reporting fraud, it should come as no surprise that the Public Company Accounting Oversight Board adopted Auditing Standard No. 18, Related Parties, to address the audit procedures to be used when evaluating these relationships. Heightened scrutiny of related-party transactions isn’t unprecedented, and at the PCAOB meeting to adopt the new rules participants cited examples involving Enron, Dynegy, Adelphi Communications, and Tyco, plus a string of more recent episodes where unusual transactions were entered into just to dress up the books.

Notably, a recent academic study that will be published in an upcoming issue of The Accounting Review concludes that lax oversight can result when ties with the board and C-suite are too cozy. The authors of the study, “Will Disclosure of Friendship Ties between Directors and CEOs Yield Perverse Effects?” were surprised that so many directors reported they’d be willing to put the company at risk to ensure a bonus for their CEO “friend.” Although the experiment comprised an artificial role-play environment, the results confirm the PCAOB perspective that auditors should take a more active role in finding out what kinds of relationships their boards and executives have. In addition to related-party transactions, the new auditing standard and amendments further address a company’s financial relationships and transactions with executive officers, and significant unusual transactions.

Under the new related-party standard, external auditors must:

Perform specific procedures to obtain an understanding of a company’s relationships and transactions with related parties.

Perform more in-depth procedures in response to the risk of material mis-statement associated with these relationships and transactions.

Communicate with the audit committee to obtain information specifically regarding related-party transactions during the auditor’s risk assessment.

Communicate the auditor’s evaluation of the company’s identification of, accounting for, and disclosure of related-party relationships and transactions to the audit committee. 

Under the new standard, companies can expect a more rigorous examination of these transactions and a demand for increased communication with their audit committee. Although the new standard and amendments are directed at external auditors, SEC-reporting companies and their internal auditors should consider the extent to which their audit committee agendas should be updated to take into account the new communication and process requirements. Subject to SEC approval, the PCAOB anticipates the new standard will be effective for audits and quarterly reviews for fiscal years beginning on or after Dec. 15, 2014.

A Type of Conflict of Interest

For purposes of the new standards, auditors will look to the definition of “related party” under applicable SEC requirements. However, internal auditors should quickly be alerted to the fact that related-party transactions are merely a subset of conflict-of-interest situations that should already be addressed by the company on a regular basis.

Related-party transactions are also not confined to public companies subject to PCAOB auditing standards. Non-profits have their own requirements for identifying related parties and their transactions with them. Private companies should also be alert to the risks posed by these transactions and conflicts of interest.

... SEC-reporting companies and their internal auditors should consider the extent to which their audit committee agendas should be updated to take into account the new required communications and processes.

While the term conflict of interest can have a negative connotation, only some of the many different types of conflicts may actually be harmful. How an organization manages conflicts of interests, including related-party transactions, and ensures open and honest deliberation, can affect all aspects of its culture and operations. An essential understanding for boards is not to try to avoid all possible related-party transactions and conflict-of-interest situations, which is not practicable, but to develop and follow a process for handling them effectively.

Another notable finding from The Accounting Review study is that simply disclosing a conflict or friendship does not eliminate its potential to create problems. The experiment found that when social relations were disclosed, instead of tightening oversight, counter-intuitively directors went easier on their CEO pal. This, and other studies, seems to suggest that disclosing a relationship or conflict can be treated as a license to put their interests ahead of the company’s, perhaps with the belief their duty was met by the disclosure. This provides even more reason to rigorously test the accuracy and completeness of relationships and transactions in these critical areas.

Auditing Conflict-of-Interest Practices

The new standard requires outside auditors to perform basic procedures to better identify red flags, understand the business purpose behind transactions, and communicate more frequently with audit committees. Internal audit can support application of the standard by monitoring conflict-of-interest policies and assessing their effectiveness. Companies should also review code-of-conduct provisions and internal policies addressing conflicts of interest, considering how these coordinate with a board-level policy for approving related-party transactions.

Most organization have conflict-of-interest policies that oblige the disclosure of conflicts when they arise, require certification that the employee has read the policy and has either reported or isn’t aware of any violations to the policy. Typically, companies use an annual questionnaire that asks the employee to supply information and respond to detailed questions about common scenarios that may give rise to a conflict.

Generally, internal auditors should examine processes around related parties, significant unusual transactions, and executive financial relationships. The PCAOB makes clear that the evaluation “involves more than assessing the process used by the company.”

A particular challenge is the often invisible nature of conflicts of interest. Most agree that companies and employees should avoid situations that even give the appearance of one, but if you don’t see the conflict, or believe it won’t impair your objectivity, you probably won’t avoid or disclose it. We can be a poor judge of our own biases and generally aren’t predisposed to divulge a possible conflict situation. Auditing conflicts of interest can be a challenge because of difficulty in detecting and establishing a negative—how do you identify a conflict of interest that was not reported?

The new audit standard suggests procedures to identify and evaluate related-party transactions. The PCAOB recommends auditors take into account types of information gathered during the audit (such as close review of stockholder meeting minutes) that can identify related parties. The new standard includes examples and sources of information that could point to related parties and other conflicts that might exist.

A technique for internal audit to consider is random and targeted reviews of travel and entertainment expenses, especially in high-volume areas and high-risk departments. These may uncover suspicious spending that indicates a possible conflict. Expense reports can also suggest potential conflicts of interest. Surveying vendors and suppliers can reveal situations where a disgruntled contractor or prospective seller believes a competitor has been unfairly favored. Continual monitoring can help identify red flags and highlight risk areas for more focused review.

There are tools available to the internal auditor to support the company’s management of related-party transactions and conflicts of interest. More frequently, I see the use of analytic technology emerging as a tool to detect potential conflicts of interests. A data match can be performed between employee and vendor data files to identify relationships that suggest possible conflicts and control weaknesses. The matching would look for employees and vendors with the same address, tax ID number, or bank account.

The best approach to managing related-party transactions and conflicts of interest will vary by organization. But all companies share the fundamental need for disinterested decision making.

An organization that fails to prevent and manage conflicts of interests risks public embarrassment and legal liability. A company is better served by having policies and guidelines that are well understood by leadership and the workforce. Fortunately, there are processes and techniques to detect and monitor for potential conflicts and to help ensure such issues are appropriately addressed.