Key Takeaways

  • ISA 550 addresses the auditor's responsibilities for related party relationships and transactions — an area with inherently higher fraud risk because related parties can transact on terms that would not occur between independent parties.
  • The auditor must obtain an understanding of the entity's related parties and the controls management has established to identify, authorise, approve, and disclose related party relationships and transactions.
  • The auditor must remain alert throughout the audit for arrangements or information that may indicate previously unidentified or undisclosed related party relationships — this is an ongoing obligation, not a one-time procedure.
  • Significant related party transactions outside the entity's normal course of business are treated as giving rise to significant risks. The auditor must inspect underlying documentation, evaluate the business rationale, and obtain evidence that they have been properly authorised and approved.
  • If management asserts that related party transactions were conducted on arm's length terms, the auditor must obtain sufficient appropriate evidence to support that assertion — which can be very difficult to verify in practice.
  • Intentional non-disclosure of related parties or transactions is a fraud indicator that triggers ISA 240 responsibilities.
  • Written representations must confirm that management has disclosed all known related parties and that all transactions have been appropriately accounted for and disclosed.

What is ISA 550?

ISA 550, titled "Related Parties," addresses one of the most persistent sources of financial statement fraud and misstatement. Related party transactions are not inherently wrong — many occur in the normal course of business. But the very nature of the relationship means that transactions may not be at arm's length, may be structured to achieve a particular financial reporting outcome, or may be concealed entirely.

The challenge for the auditor is that related party relationships are not always obvious. An entity may transact with companies controlled by a director's spouse, a trust established for the benefit of key management, or an entity in which a shareholder has an undisclosed interest. ISA 550 requires the auditor to be proactive in identifying these relationships and sceptical about the transactions that flow through them.

Identifying Related Parties

Initial identification

ISA 550.13 requires the auditor to inquire of management regarding:

  • The identity of the entity's related parties, including changes from the prior period.
  • The nature of the relationships between the entity and these parties.
  • Whether the entity entered into any transactions with these parties during the period, and if so, the type and purpose.

Ongoing alertness

ISA 550.15 imposes an obligation that extends throughout the audit: the auditor must remain alert when inspecting records and documents for arrangements or information that may indicate related party relationships or transactions not previously identified or disclosed.

Potential indicators include: transactions on unusual terms (interest-free loans, sales at non-market prices, guarantees without consideration), transactions with entities that have no apparent substance (shell companies, entities with vague purposes), transactions involving round-sum amounts that do not correspond to the entity's normal pricing, unexpected cash flows to or from unusual parties, and significant transactions near period-end that lack clear business rationale.

Where to look

ISA 550.17 identifies specific records and documents the auditor should inspect:

  • Bank and legal confirmations obtained during the audit.
  • Minutes of meetings of shareholders and those charged with governance.
  • The entity's register of shareholders to identify principal shareholders.
  • The entity's tax returns and other filings with regulators.
  • Such other records or documents as the auditor considers necessary.

Risk Assessment

ISA 550.18–20 integrates related party risk assessment into the overall framework of ISA 315 and ISA 240:

The auditor must identify and assess the risks of material misstatement associated with related party relationships and transactions, and determine whether any of those risks are significant risks.

If the auditor identifies fraud risk factors — including circumstances relating to the existence of a related party with dominant influence — the auditor must consider this when assessing the risks of material misstatement due to fraud under ISA 240.

A related party with dominant influence exists when one party has the power to dictate the financial and operating decisions of the entity. Dominant influence does not necessarily come from ownership — it can arise from economic dependence, contractual relationships, or personal relationships. Dominant influence is a significant fraud risk factor because it enables transactions to be structured to benefit the dominant party at the expense of other stakeholders.

Responding to Assessed Risks

Significant transactions outside the normal course of business

ISA 550.23 requires that identified significant related party transactions outside the entity's normal course of business be treated as giving rise to significant risks. For these transactions, the auditor must:

  • Inspect the underlying contracts or agreements and evaluate whether the business rationale (or lack thereof) suggests the transaction may be structured to misrepresent or conceal information.
  • Obtain evidence that the transactions have been appropriately authorised and approved by those charged with governance (not just management — governance oversight is critical for related party transactions).
  • Evaluate whether the terms and conditions are consistent with management's explanations and with the entity's business rationale.

Arm's length assertions

ISA 550.24 addresses a particularly difficult area: when management asserts in the financial statements that related party transactions were conducted on terms equivalent to those prevailing in an arm's length transaction.

The auditor must obtain sufficient appropriate evidence about this assertion. In practice, this can be very difficult to verify because genuinely comparable arm's length transactions may not exist. The auditor may need to compare the terms to market prices, independent valuations, or transactions with unrelated parties. If the auditor cannot obtain sufficient evidence to support the arm's length assertion, the auditor must evaluate the implications for the financial statements and the audit opinion.

The arm's length trap

Many entities routinely assert that related party transactions were "at arm's length" without providing evidence. Under some financial reporting frameworks (including IFRS), if the entity asserts arm's length terms, this is a positive assertion that must be supported. If comparable market data is not available, the assertion may be unsubstantiated — which is itself a misstatement. Be cautious about accepting management's assertion at face value. Consider whether comparable independent transactions actually exist and whether the entity has documented its basis for the assertion.

Previously Unidentified Related Parties

ISA 550.22(a)–(e) addresses the situation where the auditor discovers, during the audit, a related party or transaction that management had not previously identified or disclosed:

  • Communicate promptly to the engagement team so they can reassess whether this information affects procedures already performed.
  • Request management to identify all transactions with the newly identified party.
  • Inquire about why the entity's controls failed to identify the relationship.
  • Perform additional substantive procedures regarding the newly identified party and transactions.
  • Reconsider the risk that other related parties or transactions exist that management has not identified or disclosed.
  • If the non-disclosure appears intentional, evaluate the implications for the audit under ISA 240 — intentional concealment of related parties is a strong fraud indicator.

Written Representations

ISA 550.26 requires the auditor to obtain written representations from management (and, where appropriate, those charged with governance) confirming:

  • They have disclosed to the auditor the identity of all related parties and all related party relationships and transactions of which they are aware.
  • They have appropriately accounted for and disclosed such relationships and transactions in accordance with the framework.

ISA 550 in Your Jurisdiction

Netherlands. COS 550 follows ISA 550 closely. The AFM has identified related party transactions as a persistent area of concern, particularly in owner-managed businesses and family-controlled companies. AFM inspections focus on whether auditors have performed adequate procedures to identify related parties beyond management's disclosed list, and whether significant transactions have been properly scrutinised.

Germany. IDW PS 550 adapts ISA 550. German practice integrates related party requirements with the Prüfungsbericht, which must address related party transactions explicitly. The GmbH and AG structures create specific related party dynamics (Geschäftsführer transactions, Gesellschafter loans) that require particular attention.

United Kingdom. ISA (UK) 550 is substantively aligned with ISA 550. UK company law requires specific related party disclosures, and the FRC's inspections have highlighted deficiencies in the identification of undisclosed related parties, insufficient scrutiny of transactions outside the normal course of business, and insufficient challenge to arm's length assertions.

France. NEP 550 implements ISA 550 within the French statutory framework. French company law (Code de Commerce) has specific procedures for conventions réglementées (regulated agreements), which are agreements between the entity and its directors, significant shareholders, or their related parties. These must be approved by the board and disclosed in a rapport spécial by the commissaire aux comptes — a formal report that is distinct from the standard audit report.

Related Ciferi Content

Continue building your understanding of the ISA framework:

ISA 240 — The Auditor's Responsibilities Relating to Fraud
Fraud considerations triggered by related party indicators
ISA 315 — Identifying and Assessing the Risks of Material Misstatement
Risk assessment framework including related party relationships
ISA 330 — The Auditor's Responses to Assessed Risks
Designing audit responses to related party risks
ISA 260 — Communication with Those Charged with Governance
Communicating significant related party matters to governance

Put audit concepts into practice with these free tools:

Materiality Calculator
ISA 320
Sampling Calculator
ISA 530
Going Concern Checklist
ISA 570
ECL Calculator
IFRS 9

Frequently Asked Questions

Who is a related party under ISA 550?

ISA 550 uses the financial reporting framework's definition (e.g., IAS 24 for IFRS reporters). Generally, related parties include parent companies, subsidiaries, associates, joint ventures, key management personnel and their close family members, entities controlled or jointly controlled by key management or their families, and post-employment benefit plans.

Are all related party transactions high risk?

No. Many related party transactions — intercompany management fees, shared service charges, purchases from group companies — occur in the normal course of business at standard terms. These may carry no higher risk than transactions with unrelated parties. The heightened risk applies to significant transactions outside the normal course of business, transactions on unusual terms, and situations involving dominant influence or intentional concealment.

What is "dominant influence"?

A situation where a related party is in a position to dictate the entity's financial and operating policies, to the extent that the entity may be unable to pursue its own separate interests. This can arise from majority ownership, contractual arrangements, economic dependence, or personal authority. Dominant influence is a significant fraud risk factor.

What if management refuses to disclose a related party?

This is a serious matter. The auditor must consider whether the refusal indicates fraud (ISA 240), evaluate the implications for the risk assessment, communicate with those charged with governance, and consider the impact on the audit opinion.

Further Reading and Source References

  • IAASB Handbook 2024ISA 550 full text — The authoritative source including all application material.
  • IAS 24 — Related Party Disclosures — the IFRS standard defining related parties and requiring disclosures.
  • ISA 240 — The Auditor's Responsibilities Relating to Fraud — relevant when related party relationships involve fraud indicators.
  • ISA 315 (Revised 2019) — Risk assessment framework, including understanding the entity's related party relationships.
  • ISA 260 (Revised) — Communication with Those Charged with Governance — significant related party matters must be communicated.

This guide reflects the ISA 550 text as published in the IAASB 2024 Handbook. National implementations may include additional requirements — always consult the applicable national standard (e.g., COS 550 in the Netherlands, ISA (UK) 550 in the UK, IDW PS 550 in Germany, or NEP 550 in France) alongside the international text. This content is for educational purposes and does not constitute legal or professional advice.

Last reviewed: March 2026 · Standards version: IAASB 2024 Handbook