What you'll learn

  • How to identify related parties and their transactions through procedures that go beyond asking management (ISA 550.14-17)
  • How to test the arm's-length assertion when the entity claims related party transactions occurred at market terms
  • What inspection bodies actually flag on related party files and how to avoid those findings
  • How to evaluate whether the disclosures in the financial statements are complete and accurate under the applicable framework

An inspection reviewer opens your related party working paper. The only evidence is a management representation that all related party transactions have been disclosed and a confirmation that the list matches the prior year. No independent identification procedures. No testing of terms. No assessment of whether the disclosed prices are at arm's length. The file gets flagged.

To audit related party transactions under ISA 550, perform identification procedures beyond management inquiry (including register searches, intercompany reconciliations, and board minute reviews), assess the business rationale of significant transactions, test whether terms are consistent with arm's-length conditions where the entity asserts this, and evaluate the completeness and accuracy of financial statement disclosures under ISA 550.25-27.

Why inquiry alone does not satisfy ISA 550

ISA 550.11 requires the auditor to perform risk assessment procedures to obtain an understanding of the entity's related party relationships and transactions. The standard lists inquiry of management as one of several procedures. It is not sufficient on its own.

The problem is structural. Management may not know about all related parties (particularly indirect relationships through family members or entities controlled by key management personnel). Management may know but not disclose (intentionally or because they don't consider a relationship to be a "related party" under the applicable framework). And management's list from the prior year may be outdated.

ISA 550.13 goes further: the auditor must remain alert throughout the audit for information that may indicate related party relationships or transactions that management has not identified or disclosed. This is an ongoing obligation, not a planning-phase checkbox. If you discover during accounts receivable testing that a significant debtor shares a director with your client, that's an ISA 550 matter regardless of whether it appeared on management's list.

The inspection finding data supports this. Regulators across Europe have consistently flagged insufficient related party procedures. The common thread is over-reliance on inquiry and management representations, with no corroborative procedures to test whether the list is complete. The fix isn't complicated, but it requires deliberate work beyond the management conversation.

ISA 550.11-12 set out the risk assessment procedures. Start with inquiry of management about the identity of related parties, the nature of relationships, whether any transactions occurred during the period, and the terms of those transactions. Then go beyond inquiry.

ISA 550.11(b) requires inquiry of management about the entity's controls over related party transactions. Does the client have a policy requiring disclosure of related party interests? Is there an approval process for transactions with related parties? Do board minutes record related party transactions? If the entity has no controls at all, that's a risk factor, not just a documentation gap.

ISA 550.11(c) requires the auditor to perform other risk assessment procedures considered necessary. The standard doesn't prescribe a fixed list, but the application guidance in ISA 550.A11-A15 gives examples: reviewing prior-year working papers, understanding the entity's ownership structure, reviewing board and shareholder meeting minutes for references to related parties, and considering the regulatory environment.

For a mid-market audit, a practical minimum set of risk assessment procedures includes four elements. Inquire of management and those charged with governance. Obtain and review the register of directors' interests (or equivalent). Review minutes of board meetings and shareholder meetings for references to related party transactions. Compare the current-year related party list to the prior year and investigate changes.

The point of these procedures is to establish a baseline understanding before you start substantive work. If you don't know who the related parties are, you can't assess the risk that related party transactions are misstated or undisclosed.

Identification procedures: finding what management didn't tell you

ISA 550.14-17 address identification. These paragraphs require the auditor to look for related party transactions that management may not have identified. This is the section that separates a compliant file from a flagged one.

ISA 550.15 requires the engagement team to share relevant information about related parties. If the audit senior discovers during bank confirmation procedures that the client has a loan receivable from a company owned by the CEO's spouse, that information needs to reach the engagement manager. This sounds obvious, but on larger engagements where different team members test different areas, related party information can sit in one working paper without reaching the person who needs it.

ISA 550.14 focuses on remaining alert during the audit for arrangements or transactions that may indicate previously unidentified related party relationships. The standard gives examples in ISA 550.A30-A34: transactions with abnormal terms (interest-free loans, sales below cost), circular transactions, transactions with entities that have no apparent business substance, and transactions that are processed in an unusual manner.

Practical identification procedures that go beyond inquiry:

  • Search the commercial register for entities sharing directors or shareholders with the client. In the Netherlands, the KvK (Kamer van Koophandel) provides this. In Belgium, the Crossroads Bank for Enterprises. In Germany, the Handelsregister. A 15-minute search can identify entities that management didn't mention.
  • Review unusual journal entries during the period for counterparties that don't appear in the normal course of business.
  • Review significant contracts entered into during the year for counterparty identities and terms that might indicate a related party relationship.
  • Examine intercompany balances and reconciliations for entities within the group structure.

If you identify a related party or transaction that management didn't disclose, ISA 550.16 requires you to communicate it to the engagement team, request management to identify all transactions with that party, and consider why management's controls failed to identify the relationship.

ISA 550.19-22 require the auditor to design and perform further audit procedures to obtain sufficient appropriate audit evidence about the assessed risks of material misstatement associated with related party relationships and transactions.

For each significant related party transaction identified, you need to understand the business rationale. ISA 550.19 requires the auditor to evaluate whether a significant transaction outside the normal course of business has a genuine commercial rationale. If the client sold a property to a director's company at year-end and the only explanation is "market conditions," that's not sufficient. You need to understand why the transaction occurred, why it occurred at that price, and why it occurred at that time.

ISA 550.20 is specific: for significant related party transactions outside the normal course of business, the auditor must inspect the underlying agreements, evaluate whether the terms are consistent with management's explanations, and obtain audit evidence that the transactions have been appropriately authorised and approved.

This means you need source documents. Contracts, board resolutions authorising the transaction, independent valuations if property or significant assets were transferred, and evidence of actual payment or settlement. A management representation that the transaction was on arm's-length terms is not audit evidence of the terms themselves.

For related party transactions within the normal course of business (the parent charges a management fee to the subsidiary, for example), the risk is typically lower, but you still need to verify that the transaction is appropriately disclosed and that the terms are consistent with what's disclosed. If the financial statements say "management fees are charged at cost," check that the amount charged actually approximates cost.

Testing the arm's-length assertion

When the entity asserts that a related party transaction was conducted on terms equivalent to those prevailing in an arm's-length transaction, ISA 550.22 requires the auditor to obtain sufficient appropriate evidence about that assertion. This is one of the hardest related party procedures to execute well.

The difficulty is finding a genuine comparable. If the client rents office space from a company owned by a director at €250 per square metre per year, you need to determine whether that's a market rate. Options include obtaining independent rental valuations, reviewing comparable lease agreements for similar properties in the same area, or referencing published market data for commercial rents in that location.

For financial transactions (loans between related parties), compare the interest rate to what the entity would have obtained from an independent lender. If the client has a loan from its parent at 2% when comparable bank lending rates are 5%, the below-market rate has accounting implications under IAS 24 and potentially under IFRS 9 if the loan contains a financing benefit that should be measured at fair value on initial recognition.

If you cannot obtain sufficient evidence about the arm's-length assertion, ISA 550.23 requires you to modify the audit opinion. In practice, this means you either find the evidence or you ask management to remove the arm's-length assertion from the disclosures. Most entities, when pushed, either provide supporting evidence or agree to disclose the transaction without the arm's-length claim.

Evaluating disclosure completeness

ISA 550.25-27 deal with financial statement disclosure. The auditor must evaluate whether the related party relationships and transactions are properly disclosed in accordance with the applicable financial reporting framework.

Under IAS 24, the entity must disclose the name of the parent, the names of key management personnel, the nature of the relationship, and for each material transaction: the amount, outstanding balances, terms and conditions, provisions for doubtful debts on outstanding balances, and expense recognised for bad or doubtful debts.

Your evaluation covers both completeness and accuracy. Completeness: are all identified related parties and their transactions disclosed? Compare your working paper list to the note in the financial statements. Accuracy: do the disclosed amounts match the accounting records? Do the described terms match the underlying contracts?

ISA 550.26 adds a layer: even if the applicable framework does not require disclosure, the auditor must evaluate whether the related party relationships and transactions are such that the financial statements achieve fair presentation (under a fair presentation framework). This means you might need to push for disclosure of a transaction that IAS 24 doesn't technically require to be disclosed, if omitting it would make the financial statements misleading.

ISA 550.27 addresses the specific case where the entity states that related party transactions were conducted on arm's-length terms. The auditor must evaluate whether this disclosure is supported by evidence. An unsupported arm's-length claim in the notes is a disclosure misstatement.

Scenario: Vermeer Vastgoed B.V. is a Dutch real estate holding company with €45 million in investment property and rental income of €3.8 million for the year ended 31 December 2025. The sole shareholder and director is M. Vermeer. Overall materiality is €190,000. The prior-year file lists three related parties: Vermeer Beheer B.V. (management company, 100% owned by M. Vermeer), Vermeer Bouw B.V. (construction company, 80% owned by M. Vermeer), and J. Vermeer (M. Vermeer's spouse, who owns two apartments in the portfolio personally).

1. Perform identification procedures beyond inquiry.

Search the KvK register for entities where M. Vermeer or J. Vermeer appears as a director or significant shareholder. Result: a fourth entity, Vermeer Advies B.V., 100% owned by M. Vermeer, not on the prior-year list. Inquire of management about this entity. M. Vermeer states it is dormant and had no transactions with Vermeer Vastgoed during 2025.

Documentation note: Record the KvK search date, the entities identified, and management's response about Vermeer Advies B.V. Verify the dormancy claim by checking the bank statements and general ledger for any transactions with Vermeer Advies.

2. Map transactions and assess risk.

The following related party transactions occurred during 2025: management fees of €180,000 charged by Vermeer Beheer B.V. (recurring, within normal course), construction work of €620,000 invoiced by Vermeer Bouw B.V. (renovation of two properties), and a rental reduction of €6,000 for the apartments occupied by J. Vermeer (rent charged below market rate). The construction work is significant (exceeds materiality) and outside the normal course of business for a holding entity.

Documentation note: List all related party transactions, their amounts, and their nature. Flag the €620,000 construction work as requiring ISA 550.20 procedures (significant transaction outside normal course). Flag the below-market rent to J. Vermeer as requiring arm's-length assessment.

3. Test the significant construction transaction.

Obtain the construction contract between Vermeer Vastgoed and Vermeer Bouw. Review the scope of work. Obtain the board resolution (sole director decision, documented in writing) approving the renovation budget. Compare the €620,000 invoiced to the original contract sum of €580,000. The overrun of €40,000 is attributed to additional plumbing work. Obtain the variation order and supporting invoices from subcontractors (€38,400 in subcontractor costs, leaving €1,600 margin for Vermeer Bouw on the variation).

Documentation note: File the contract, the variation order, and a sample of subcontractor invoices. Assess whether the original contract price is reasonable by comparing the per-square-metre renovation cost (€1,240/m²) to published construction cost indices for Dutch commercial property renovation (range: €1,100-€1,400/m² for mid-quality fit-out). The price falls within the range. Conclude that the transaction terms are supportable.

4. Evaluate the below-market rent.

J. Vermeer rents two apartments at €800/month each. Comparable market rent for similar apartments in the same neighbourhood is €1,050-€1,150/month based on published rental data from Pararius. The annual shortfall is approximately €6,000-€8,400.

Documentation note: Document the comparison with market rents. The shortfall is below materiality (€190,000) but requires disclosure under IAS 24 as a related party transaction. Verify that the financial statements disclose the below-market terms, not just the amount charged.

5. Evaluate disclosure completeness.

Compare the related party note to the working paper list. The draft financial statements disclose Vermeer Beheer (management fees), Vermeer Bouw (construction), and J. Vermeer (rental income). Vermeer Advies B.V. is not disclosed. Since no transactions occurred and the entity is dormant, disclosure of the relationship itself may not be required under IAS 24.12 (which requires disclosure of control relationships regardless of transactions for parent-subsidiary relationships, but Vermeer Advies is a sibling entity, not a subsidiary of Vermeer Vastgoed). Confirm that the amounts match the general ledger and that the terms described in the note match the contracts.

Documentation note: Record the comparison between the related party note and the working paper list. Document the conclusion on Vermeer Advies (no disclosure required). Confirm that the arm's-length assertion for the construction work is supported by the cost comparison performed in step 3.

ISA 550.16-18 cover what happens when you find a related party or transaction that management didn't disclose. This is more common than it should be, and the procedures are specific.

When you identify a previously unidentified related party, ISA 550.16 requires you to promptly communicate the information to other members of the engagement team. If the audit senior discovers an undisclosed relationship during accounts payable testing, the engagement manager needs to know before the related party section is finalised.

ISA 550.17 requires the auditor to request management to identify all transactions with the newly identified related party. You can't just add the party to the list and move on. You need to understand the full scope of the relationship and its financial impact.

ISA 550.18 asks why. Why did management's controls fail to identify this relationship? Was it an oversight (the CEO forgot to mention a dormant company), or was it intentional concealment? The answer affects your fraud risk assessment. If the omission was deliberate, it's a fraud risk indicator under ISA 240, and you need to reassess the integrity of management's other representations about related parties.

If the previously unidentified related party or transaction is significant, reconsider whether your audit procedures for other related party matters are sufficient. A single discovered omission suggests the related party identification process at the entity may be incomplete, and other relationships may also be missing.

  1. Obtain management's list of related parties and their transactions, then corroborate it through independent procedures: commercial register searches, prior-year working paper review, board minute review, and intercompany reconciliation review (ISA 550.11-13).
  2. Communicate identified related parties to all engagement team members and instruct the team to remain alert for previously unidentified related party indicators throughout fieldwork (ISA 550.15).
  3. For each significant related party transaction outside the normal course of business, obtain and inspect the underlying contract, verify board or shareholder approval, and evaluate the business rationale (ISA 550.19-20).
  4. Test any arm's-length assertion by obtaining comparable market data, independent valuations, or other evidence that supports the disclosed terms (ISA 550.22).
  5. Compare the related party note in the financial statements to your complete working paper list and verify that amounts, relationships, terms, and outstanding balances are accurately and completely disclosed (ISA 550.25-27).
  6. If the entity cannot provide evidence supporting an arm's-length assertion, request removal of the assertion from the disclosures or consider the effect on your audit opinion (ISA 550.23).

Common mistakes

  • Performing no related party identification procedures beyond asking management and relying on the prior-year list. The FRC has flagged this as a recurring deficiency, particularly where the auditor failed to search public registers or review board minutes for evidence of undisclosed relationships.
  • Accepting a management representation that related party transactions were on arm's-length terms without obtaining any corroborative evidence. ISA 550.22 requires evidence, not assertion. A management representation letter is not a substitute for testing.
  • Failing to communicate identified related parties across the engagement team, particularly on multi-location audits where different team members may encounter related party indicators in different working paper sections without connecting them.

Related content

Get practical audit insights, weekly.

No exam theory. Just what makes audits run faster.

No spam — we're auditors, not marketers.

This content is for educational purposes and does not constitute legal or professional advice. Always consult applicable national standards alongside international texts.

Last reviewed: March 2026