Related Parties

What are related parties?

ISA 550 operates on the premise that related party relationships create opportunities for the financial statements to be misstated, either through undisclosed transactions or through transactions conducted at terms that would not occur between independent parties. The auditor's job is twofold: identify the related parties and evaluate whether the related party transactions have been properly accounted for and disclosed.

ISA 550.11 requires the auditor to inquire of management about the identity of related parties and the nature of the relationships, including whether any transactions occurred during the period. But inquiry alone is not sufficient. ISA 550.17 requires the auditor to remain alert throughout the audit for information that may indicate previously unidentified related party relationships. A bank confirmation that reveals a guarantee by a company with the same shareholder, a contract with terms that don't make commercial sense, a journal entry to a counterparty the team hasn't seen before, an unexplained cash transfer to a dormant company – any of these can surface a related party that management didn't disclose.

ISA 550.18 treats any previously undisclosed related party relationship or significant transaction identified by the auditor (rather than by management) as a fraud risk factor. This is one of the stronger presumptions in the ISAs. The auditor must evaluate why management failed to disclose the relationship and consider the implications for the risk assessment and the rest of the audit. ISA 550.26 then requires written representations from management confirming the completeness of the related party information provided.

Why it matters in practice

The AFM's inspection reports have flagged audit files where the related party register was compiled solely from management's representations without any independent verification (such as company registry searches or bank confirmation cross-checks). ISA 550.11 requires inquiry, but ISA 550.17 requires the auditor to stay alert for indicators throughout the engagement. A register built only from management's list does not satisfy the standard.

Teams often test the accounting treatment of disclosed related party transactions but fail to evaluate whether the terms were at arm's length when the applicable framework requires that disclosure. IAS 24.18 requires disclosure of the nature of the relationship and the amount of the transaction, along with any outstanding balances. IAS 24.19 adds that when the entity claims transactions were at arm's length, the auditor should evaluate whether that claim is supportable. Testing the amount without testing the pricing is an incomplete procedure.

Worked example: Callan Software Ltd

Client: Irish software company, FY2024, revenue €38M, IFRS reporter, founder-CEO holds 62% of shares and sits on the boards of two other companies. The team obtains the CRO (Companies Registration Office) filings for the CEO's other directorships. The two companies (a consulting firm and a property investment vehicle) are identified as related parties under IAS 24.9. Management provides a list of five entities.

During receivables testing, the team identifies a €280K receivable from a company called TechBridge Solutions Ltd. The name does not appear on management's related party list. A CRO search reveals the CEO's spouse is a 45% shareholder. Under IAS 24.9, this entity qualifies as a related party. Management did not disclose it. The team discusses the omission with the CEO and those charged with governance per ISA 550.22. The CEO states the omission was inadvertent.

The team evaluates the €280K receivable: it relates to a software licence agreement at €140K per year, which is above the market rate for comparable licences (the team benchmarks against two similar agreements with unrelated customers at €95K and €110K). The team considers whether the transaction was conducted at arm's length. The previously undisclosed related party triggered the ISA 550.18 fraud risk consideration and the non-arm's-length pricing is flagged for disclosure assessment under IAS 24.19. The representation letter now covers the updated related party list.

Related parties vs arm's length transaction

Related parties are defined by the relationship between the parties. An arm's length transaction is defined by the terms of the transaction. The two concepts intersect but are not opposites: related parties can transact at arm's length, and unrelated parties can transact at non-arm's-length terms (though less commonly).

The practical issue is that related party transactions carry a presumption that the terms may not reflect what independent parties would agree. IAS 24.19 permits the entity to assert that a related party transaction was conducted at arm's length, but only if that assertion can be substantiated. The auditor's job under ISA 550 is to evaluate whether the entity's assertion is supported by evidence (such as market comparables or independent valuations), not to assume it.

Key standard references

• ISA 550.11: Requires the auditor to inquire of management about the identity of related parties and any transactions during the period.
• ISA 550.17: Requires the auditor to remain alert throughout the audit for indicators of previously unidentified related party relationships.
• ISA 550.18: Treats undisclosed related party relationships identified by the auditor as a fraud risk factor.
• ISA 550.26: Requires written representations from management on the completeness of related party identification and disclosure.
• IAS 24.9–12: Defines the scope of related party relationships, including control, joint control, significant influence, and key management personnel.
• IAS 24.18–19: Disclosure requirements for related party transactions, including the basis for arm's length assertions.

Related terms

Related reading

Frequently asked questions