NFRA Series on Auditor-Audit Committee Interaction: Related Party Audits

The National Financial Reporting Authority (NFRA) has launched the Auditor-Audit Committee Interactions Series to improve audit quality and financial integrity. Series 3 focuses on related party relationships, transactions, and disclosures as per Ind AS 24 and SA 550. Related party transactions, including loans, investments, and remuneration, have historically been a source of fraud, leading to concerns about fund diversion, lack of approvals, and improper disclosures. The Companies Act 2013 (CA 2013) and SEBI (LODR) mandate that Audit Committees and Boards oversee and approve such transactions. The regulations require disclosures of financial impacts, material modifications, and internal controls to ensure transparency. Auditors must assess related party relationships, evaluate business rationale, and verify compliance with laws and standards. They should also examine approval processes, identify fraud risks, and ensure proper documentation. NFRA’s findings highlight the need for effective auditor communication with governance bodies to prevent financial misstatements and enhance investor protection.

National Financial Reporting Authority

Audit Committee – Auditor Interactions Series 3 dealing with audit of Related Parties – Ind AS 24, AS 18 & SA 550

NFRA does not set standards and codes for Corporate Governance, Board of Directors and Audit Committees.

NFRA Auditor-Audit Committee Interaction Series 3 – Related Parties

Introduction

In course of NFRA’s enforcement, review and monitoring activities, auditor’s communication with Those Charged With Governance (TCWG) (including the Audit Committees) has been variously highlighted. A need has been felt through these activities towards reinforcing the ways and means of communication between the Statutory Auditors and the Audit Committees in particular drawing upon the requirements in the Companies Act 2013 (CA 2013), the two relevant Standards on Auditing (SA 260 (R) and SA 265), other related SAs and the Standard on Quality Control (SQC 1).

Therefore, in accordance with NFRA’s obligations to suggest measures for improvement in overall audit quality and to promote awareness and significance of accounting and auditing standards, auditor’s responsibilities, audit quality, and keeping in view NFRA’s objectives of protecting public interest and investor protection, NFRA is commencing with this series of Auditor-Audit Committee Interactions, which will be issued on significant areas of accounting and auditing, from time to time.

This Auditor-Audit Committee Interactions Series 3 draws the attention of the auditors to the potential questions the Audit Committees/Board of Directors may ask them in respect of related party relationships, transactions and disclosures as required by Ind AS 24 Related Party Disclosures and SA 550 Related Parties.

Related party relationships and transactions have been a source of major frauds in the corporate history¹ and some of the modus operandi continues to be seen in recent corporate frauds as well. In some cases, transactions with unrelated parties have the purpose and effect of benefiting related parties.

Major related party transactions may be classified into:

• Loans and advances;
• Investments;
• Supplying/availing goods and services; and
• Remuneration of key management personnel etc.

NFRA’s Inspection reports and penalty Orders highlighted following major issues in related party transactions–

• Diversion of funds;
• Absence of business rationale and arm’s length basis;
• Understatement of loans/advances;
• Evergreening of loans/advances;
• Circulation of funds;
• Override of controls;
• Absence of adequate appraisal before sanction of loans;
• Absence of approvals of the Board/Audit Committee;
• Fraudulent/erroneous recognition of revenue;
• Improper recognition of provision for doubtful receivables
• Lack of appropriate and complete disclosures.

Presentation of and Disclosures in financial statements requires management to inter alia (a) identify related party relationships and transactions; (b) identify outstanding balances, including commitments, between an entity and its related parties; (c) identify the circumstances in which disclosure of the items in (a) and (b) is required; and (d) determining the disclosures to be made about those items. Some of these could be challenging requiring special attention by the Preparers, Audit Committee and the Auditors.

Commonality of Goals-Auditors and Audit Committees

Auditors and Audit Committees work towards the common goals of ensuring audit quality and integrity of financial statements.

What do Companies Act 2013 (CA 2013) and SEBI (LODR) require from Audit Committee/Board of Directors?

As per Section 134(5) of CA 2013, Board of Directors (BOD/Board) are required to state in the Directors’ Responsibility Statement in the Board’s Report, that is part of Annual Report, that they had selected such accounting policies and applied them consistently and made judgements and estimates that are reasonable and prudent to give a true and fair view of the state of the affairs of the company.

Schedule IV to CA 2013 lays down code for Independent Directors. Clause 4 of Part II of this code requires the Independent Directors to satisfy themselves on the integrity of financial information and that financial controls and the system of risk management are robust and defensible. This code also requires the Independent Directors to safeguard the interests of all stakeholders, particularly the minority shareholders.

The CA 2013 requires the Audit Committee and Board of Directors to review and approve related party transactions. The Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015 (SEBI Regulations)also have similar requirements and the requirements to publish related party policy.

CA 2013 defines related party as:

(i) a director or his relative;

(ii) a key managerial personnel or his relative;

(iii) a firm, in which a director, manager or his relative is a partner;

(iv) a private company in which a director or manager or his relative is a member or director;

(v) a public company in which a director or manager is a director and holds along with his relatives, more than two per cent of its paid-up share capital;

(vi) any body corporate whose Board of Directors, managing director or manager is accustomed to act in accordance with the advice, directions or instructions of a director or manager;

(vii) any person on whose advice, directions or instructions a director or manager is accustomed to act: Provided that nothing in sub-clauses (vi) and (vii) shall apply to the advice, directions or instructions given in a professional capacity;

(viii) any body corporate which is—

(A) a holding, subsidiary or an associate company of such company;

(B) a subsidiary of a holding company to which it is also a subsidiary; or

(C) an investing company or the venturer of the company.

Explanation. —For the purpose of this clause, “the investing company or the venturer of a company” means a body corporate whose investment in the company would result in the company becoming an associate company of the body corporate];

(ix) such other person as may be prescribed.

Section 177 of CA 2013 requires the Board to specify terms of reference for the Audit Committee which includes approval or any subsequent modification of transactions of the company with related parties; review the financial statements and auditor’s report thereon; review and monitor the effectiveness of the audit process; and evaluation of internal financial controls and risk management system.

The Audit Committee may make omnibus approval for related party transactions proposed to be entered into by the company subject to such conditions as has been prescribed in the Companies (Meetings of Board and its Powers) Rules 2014. These prescriptions include –

• specifying the criteria for making the omnibus approval like (a) maximum value of the transactions, in aggregate, which can be allowed under the omnibus route in a year; (b) the maximum value per transaction which can be allowed; (c) extent and manner of disclosures to be made to the Audit Committee at the time of seeking omnibus approval; (d) review, at such intervals as the Audit Committee may deem fit, related party transaction entered into by the company pursuant to each of the omnibus approval made; (e) transactions which cannot be subject to the omnibus approval by the Audit Committee.
• The Audit Committee shall, while specifying the criteria for making omnibus approval, consider (a) repetitiveness of the transactions (in past or in future); and (b) justification for the need of omnibus approval.
• The Audit Committee shall satisfy itself on the need for omnibus approval for transactions of repetitive nature and that such approval is in the interest of the company.
• The omnibus approval shall contain or indicate the following: –

(a) name of the related parties;

(b) nature and duration of the transaction;

(c) maximum amount of transaction that can be entered into;

(d) the indicative base price or current contracted price and the formula for variation in the price, if any; and

(e) any other information relevant or important for the Audit Committee to take a decision on the proposed transaction.

Where the need for related party transaction cannot be foreseen and aforesaid details are not available, Audit Committee may make omnibus approval for such transactions subject to their value not exceeding rupees one crore per transaction.

• Omnibus approval shall be valid for a period not exceeding one financial year and shall require fresh approval after the expiry of such a financial year.
• Omnibus approval shall not be made for transactions in respect of selling or disposing of the undertaking of the company.
• In the case of transaction, other than transactions referred to in section 188, and where the Audit Committee does not approve the transaction, it shall make its recommendations to the Board.
• In case any transaction involving any amount not exceeding one crore rupees is entered into by a director or officer of the company without obtaining the approval of the Audit Committee and it is not ratified by the Audit Committee within three months from the date of the transaction, such transaction shall be voidable at the option of the Audit Committee and if the transaction is with the related party to any director or is authorized by any other director, the director concerned shall indemnify the company against any loss incurred by it.
• These provisions shall not apply to a transaction, other than a transaction referred to in section 188, between a holding company and its wholly owned subsidiary company.

Section 188 of CA 2013 provides that except with the consent of the Board of Directors given by a resolution at a meeting of the Board and subject to such conditions as may be prescribed, no company shall enter into any contract or arrangement with a related party with respect to—

(a) sale, purchase or supply of any goods or materials;

(b) selling or otherwise disposing of, or buying, property of any kind;

(c) leasing of property of any kind;

(d) availing or rendering of any services;

(e) appointment of any agent for purchase or sale of goods, materials, services or property;

(f) such related party’s appointment to any office or place of profit in the company, its subsidiary company or associate company; and

(g) underwriting the subscription of any securities or derivatives thereof, of the company.

No contract or arrangement, in the case of a company having a paid-up share capital of not less than such an amount, or transactions exceeding such sums, as may be prescribed, shall be entered into except with the prior approval of the company by a resolution. These limits are prescribed in rule 15 of the Companies (Meetings of Board and its Powers) Rules 2014.

These provisions are not applicable to any transactions entered into by the company in its ordinary course of business other than transactions which are not on an arm’s length basis.

The requirement of passing the resolution shall not be applicable for transactions entered into between a holding company and its wholly owned subsidiary whose accounts are consolidated with such a holding company and placed before the shareholders at the general meeting for approval.

Where any contract or arrangement is entered into by a director or any other employee, without obtaining the consent of the Board or approval by a resolution in the general meeting and if it is not ratified by the Board or, as the case may be, by the shareholders at a meeting within three months from the date on which such contract or arrangement was entered into, such contract or arrangement shall be voidable at the option of the Board or, as the case may be, of the shareholders and if the contract or arrangement is with a related party to any director, or is authorized by any other director, the Directors concerned shall indemnify the company against any loss incurred by it.

Schedule III of CA 2013 requires companies to present information about related parties separately relating to loans & advances taken as well as given in the financial statements.

The Companies (Auditor’s Report) Order (CARO) inter alia requires the auditor to report –

• whether all transactions with the related parties are in compliance with sections 177 and 188 of the Act where applicable and the details have been disclosed in the financial statements, etc., as required by the applicable accounting standards;
• the aggregate amount during the year, and balance outstanding at the balance sheet date with respect to loans or advances and guarantees or security to subsidiaries, joint ventures and associates;
• whether the company has granted any loans or advances in the nature of loans either repayable on demand or without specifying any terms or period of repayment, and, if so, to specify the aggregate amount, percentage thereof to the total loans granted, aggregate amount of loans granted to Promoters, related parties as defined in clause (76) of section 2 of the Companies Act, 2013;

SEBI Regulations 2015 requires the Board of Directors to inter alia monitor and manage potential conflicts of interest of management, members of the Board of Directors and shareholders, including misuse of corporate assets and abuse in related party transactions.

Section 2(zc) of SEBI Regulations 2015 define a “related party transaction” as a transaction involving a transfer of resources, services or obligations between:

(i) a listed entity or any of its subsidiaries on one hand and a related party of the listed entity or any of its subsidiaries on the other hand; or

(ii) a listed entity or any of its subsidiaries on one hand, and any other person or entity on the other hand, the purpose and effect of which is to benefit a related party of the listed entity or any of its subsidiaries;

regardless of whether a price is charged and a “transaction” with a related party shall be construed to include a single transaction or a group of transactions in a contract.

Provided that the following shall not be a related party transaction:

(a) the issue of specified securities on a preferential basis, subject to compliance of the requirements under the SEBI (Issue of Capital and Disclosure Requirements) Regulations, 2018;

(b) payment of dividend; subdivision or consolidation of securities; issuance of securities by way of a rights issue or a bonus issue; and buy-back of securities, when these corporate actions are uniformly applicable/offered to all shareholders in proportion to their shareholding;

(c) acceptance of fixed deposits by banks/non-banking finance companies at the terms uniformly applicable/offered to all shareholders/public, subject to disclosure of the same along with the disclosure of related party transactions every six months to the stock exchange(s), in the format as specified by the Board:

(d) acceptance of current account deposits and saving account deposits by banks in compliance with the directions issued by the Reserve Bank of India or any other central bank in the relevant jurisdiction from time to time:

Explanation: For the purpose of clauses (c) and (d) above, acceptance of deposits includes payment of interest thereon.

(e) retail purchases from any listed entity or its subsidiary by its directors or its employees, without establishing a business relationship and at the terms which are uniformly applicable/offered to all employees and directors.

Provided further that this definition shall not be applicable for the units issued by mutual funds which are listed on a recognized stock exchange(s);

SEBI Regulations 2015 provide that –

• The listed entities are required to formulate a policy on materiality of related party transactions and on dealing with related party transactions including clear threshold limits duly approved by the board of directors and such policy shall be reviewed by the board of directors at least once every three years and updated accordingly.
• A transaction with a related party shall be considered material, if the transaction(s) to be entered into individually or taken together with previous transactions during a financial year, exceeds rupees one thousand crore or ten per cent of the annual consolidated turnover of the listed entity as per the last audited financial statements of the listed entity, whichever is lower.
• A transaction involving payments made to a related party with respect to brand usage or royalty shall be considered material if the transaction(s) to be entered into individually or taken together with previous transactions during a financial year, exceed five percent of the annual consolidated turnover of the listed entity as per the last audited financial statements of the listed entity.
• The Audit Committee of a listed entity shall define “material modifications” and disclose it as part of the policy on materiality of related party transactions and on dealing with related party transactions.
• All related party transactions and subsequent material modifications shall require prior approval of the audit committee of the listed entity and that only those members of the audit committee, who are independent directors, shall approve related party transactions.
• A related party transaction to which the subsidiary of a listed entity is a party but the listed entity is not a party, shall require prior approval of the audit committee of the listed entity if the value of such transaction whether entered into individually or taken together with previous transactions during a financial year, exceeds ten per cent of the annual standalone turnover, as per the last audited financial statements of the subsidiary.
• Prior approval of the Audit Committee of the listed entity shall not be required for a related party transaction to which the listed subsidiary is a party but the listed entity is not a party, if SEBI Regulations 2015 are applicable to such a listed subsidiary. For related party transactions of such unlisted subsidiaries of a listed subsidiary, the prior approval of the audit committee of the listed subsidiary shall suffice.
• The Audit Committee may grant omnibus approval for related party transactions proposed to be entered into by the listed entity subject to certain conditions similar to the conditions given in CA 2013.
• It is also required that the Audit Committee shall review, at least on a quarterly basis, the details of related party transactions entered into by the listed entity pursuant to each of the omnibus approvals given.
• The members of the Audit Committee, who are independent directors, may ratify related party transactions within three months from the date of the transaction or in the immediate next meeting of the audit committee, whichever is earlier, subject to the following conditions:

(i) the value of the ratified transaction(s) with a related party, whether entered into individually or taken together, during a financial year shall not exceed rupees one crore;

(ii) the transaction is not material in terms of the provisions of sub-regulation (1) of SEBI Regulations 2015;

(iii) rationale for inability to seek prior approval for the transaction shall be placed before the audit committee at the time of seeking ratification;

(iv) the details of ratification shall be disclosed along with the disclosures of related party transactions in terms of the provisions of sub-regulation (9) of SEBI Regulations 2015;

(v) any other condition as specified by the Audit Committee:

Provided that failure to seek ratification of the Audit Committee shall render the transaction voidable at the option of the audit committee and if the transaction is with a related party to any director, or is authorised by any other director, the director(s) concerned shall indemnify the listed entity against any loss incurred by it.

• The role of the Audit Committee includes oversight of the listed entity’s financial reporting process and the disclosure of its financial information to ensure that the financial statement is correct, sufficient and credible (including disclosure of any related party transactions).
• Related party disclosure shall be as per requirements of accounting standards and also includes disclosures of amounts at the year end and the maximum amount of loans/ advances/Investments outstanding during the year in respect of Loans and advances in the nature of loans to subsidiaries/associates/ firms/companies in which directors are interested, by name and amount. It is also required to disclose investments by the loanee in the shares of parent company and subsidiary company, when the company has made a loan or advance in the nature of loan. It is also required to disclose materially significant related party transactions that may have potential conflict with the interests of the listed entity at large.

SEBI Regulations 2015 defines related party as given in CA 2013 or applicable accounting standards; and also includes –

• any person or entity forming a part of the promoter or promoter group of the listed entity; or
• any person or any entity, holding equity shares of ten per cent or more in the listed entity either directly or on a beneficial interest basis as provided under section 89 of the Companies Act, 2013, at any time, during the immediately preceding financial year.
• All material related party transactions and subsequent material modifications as defined by the Audit Committee shall require prior approval of the shareholders through resolution and no related party shall vote to approve such resolutions whether the entity is a related party to the particular transaction or not.

What do Financial Reporting Standards require?

Ind AS 24² deals with related party disclosures.

Related party relationships are a normal feature of commerce and business. For example, entities frequently carry on parts of their activities through subsidiaries, joint ventures and associates. In those circumstances, the entity has the ability to affect the financial and operating policies of the investee through the presence of control, joint control or significant influence.

A related party relationship could have an effect on the profit or loss and financial position of an entity. Related parties may enter into transactions that unrelated parties would not. For example, an entity that sells goods to its parent at cost might not sell on those terms to another customer. Also, transactions between related parties may not be made at the same amounts as between unrelated parties.

The profit or loss and financial position of an entity may be affected by a related party relationship even if related party transactions do not occur. The mere existence of the relationship may be sufficient to affect the transactions of the entity with other parties.

For these reasons, knowledge of an entity’s transactions, outstanding balances, including commitments, and relationships with related parties may affect assessments of its operations by users of financial statements, including assessments of the risks and opportunities facing the entity.

Ind AS 24 has several requirements of related party disclosures relating to related party identification, related party transactions, and related party balances.

Therefore, as a first step, understanding the definition of the related party is important for all stakeholders including the auditors.

Ind AS 24 provides that “A related party is a person or entity that is related to the entity that is preparing its financial statements (‘reporting entity’).

(a) A person or a close member of that person’s family is related to a reporting entity if that person:

(i) has control or joint control of the reporting entity;

(ii) has significant influence over the reporting entity; or

(iii) is a member of the key management personnel of the reporting entity or of a parent of the reporting entity.

(b) An entity is related to a reporting entity if any of the following conditions applies:

(i) The entity and the reporting entity are members of the same group (which means that each parent, subsidiary and fellow subsidiary is related to the others).

(ii) One entity is an associate or joint venture of the other entity (or an associate or joint venture of a member of a group of which the other entity is a member).

(iii) Both entities are joint ventures of the same third party.

(iv) One entity is a joint venture of a third entity and the other entity is an associate of the third entity.

(v) The entity is a post-employment benefit plan for the benefit of employees of either the reporting entity or an entity related to the reporting entity. If the reporting entity is itself such a plan, the sponsoring employers are also related to the reporting entity.

(vi) The entity is controlled or jointly controlled by a person identified in (a).

(vii) A person identified in (a)(i) has significant influence over the entity or is a member of the key management personnel of the entity (or of a parent of the entity).

(viii) The entity, or any member of a group of which it is a part, provides key management personnel services to the reporting entity or to the parent of the reporting entity”.

Ind AS 24 requires entities to disclose:

• Relationships between a parent and its subsidiaries irrespective of whether there have been transactions between them. An entity shall disclose the name of its parent and, if different, the ultimate controlling party. If neither the entity’s parent nor the ultimate controlling party produces consolidated financial statements available for public use, the name of the next most senior parent that does so shall also be disclosed.

• Key management personnel compensation in total and for each of the following categories:

(a) short-term employee benefits;

(b) post-employment benefits;

(c) other long-term benefits;

(d) termination benefits; and

(e) share-based payment.

• If an entity has had related party transactions during the periods covered by the financial statements, it shall disclose the nature of the related party relationship as well as information about those transactions and outstanding balances, including commitments, necessary for users to understand the potential effect of the relationship on the financial statements. At a minimum, disclosures shall include:

(a) the amount of the transactions;

(b) the amount of outstanding balances, including commitments, and:

(i) their terms and conditions, including whether they are secured, and the nature of the consideration to be provided in settlement; and

(ii) details of any guarantees given or received;

(c) provisions for doubtful debts related to the amount of outstanding balances; and

(d) the expense recognized during the period in respect of bad or doubtful debts due from related parties.

• Amounts incurred by the entity for the provision of key management personnel services that are provided by a separate management entity.
• The above disclosures shall be made separately for each of the following categories:

(a) the parent;

(b) entities with joint control of, or significant influence over, the entity;

(c) subsidiaries;

(d) associates;

(e) joint ventures in which the entity is a joint venturer;

(f) key management personnel of the entity or its parent; and

(g) other related parties.

Therefore, it is important for auditors to understand the meaning of related party, disclosure requirements and management controls over identification of related parties; accounting of related party transactions; and compliance with disclosure requirements of Laws & Standards. It is equally important to evaluate whether the management has appropriate controls over the authorization of significant transactions and arrangements with related parties.

What do Standards on Auditing (SAs) require?

SA 550³ deals with the auditor’s responsibilities regarding related party relationships and transactions.

The nature of related party relationships and transactions may, in some circumstances, give rise to higher risks of material misstatement of the financial statements than transactions with unrelated parties. For example:

• Related parties may operate through an extensive and complex range of relationships and structures, with a corresponding increase in the complexity of related party transactions.
• Information systems may be ineffective at identifying or summarizing transactions and outstanding balances between an entity and its related parties.
• Related party transactions may not be conducted under normal market terms and conditions; for example, some related party transactions may be conducted with no exchange of consideration.

The auditor needs to obtain an understanding of the entity’s related party relationships and transactions sufficient to be able to conclude whether the financial statements, insofar as they are affected by those relationships and transactions:

(a) achieve a true and fair presentation

(b) are not misleading

In addition, an understanding of the entity’s related party relationships and transactions is relevant to the auditor’s evaluation of whether one or more fraud risk factors are present as required by SA 240⁴ because fraud may be more easily committed through related parties.

Owing to the inherent limitations of an audit, there is an unavoidable risk that some material misstatements of the financial statements may not be detected, even though the audit is properly planned and performed in accordance with the SA⁵. In the context of related parties, the potential effects of inherent limitations on the auditor’s ability to detect material misstatements are greater for reasons such as the following:

• Management may be unaware of the existence of all related party relationships and transactions, particularly if the applicable financial reporting framework does not establish related party requirements.
• Related party relationships may present a greater opportunity for collusion, concealment or manipulation by management.

Planning and performing the audit with professional skepticism as required by SA 200⁶ is therefore particularly important in this context, given the potential for undisclosed related party relationships and transactions.

SA 550 defined Related party as a party that is either:

(a) A related party as defined in the applicable financial reporting framework⁷; or

(b) Where the applicable financial reporting framework establishes minimal or no related party requirements, the standard provides certain guidance to identify related party relationship.

SA 550 requires the auditor to perform the audit

procedures and related activities to obtain information relevant to identifying the risks of material misstatement associated with related party relationships and transactions. These requirements are summarized hereunder.

• Inquiry of management regarding the identity of the entity’s related parties, including changes from the prior period; the nature of the relationships; and the type and purpose of the transactions entered into with these related parties during the period, if any.
• To obtain an understanding of the controls, if any, that management has established to:

> Identify, account for, and disclose related party relationships and transactions in accordance with the applicable financial reporting framework;

> Authorize and approve significant transactions and arrangements with related parties; and

> Authorize and approve significant transactions and arrangements outside the normal course of business.

• To remain alert, when inspecting records or documents, for arrangements or other information that may indicate the existence of related party relationships or transactions that management has not previously identified or disclosed to the auditor. In particular, the auditor should inspect Bank, legal and third party confirmations obtained as part of the auditor’s procedures; and minutes of meetings of shareholders and of those charged with governance.
• If the auditor identifies significant transactions outside the entity’s normal course of business the auditor is required to consider this a significant risk and inquire of management about the nature of these transactions; and whether related parties could be involved.
• If the auditor identifies fraud risk factors (including circumstances relating to the existence of a related party with dominant influence), the auditor shall consider such information when identifying and assessing the risks of material misstatement due to fraud in accordance with SA 240.

An auditor is required to design and perform audit procedures to obtain sufficient appropriate audit evidence about the assessed risks of material misstatement associated with related party relationships and transactions. These inter alia includes:

• If the auditor identifies related parties or significant related party transactions that management has not previously identified or disclosed to the auditor, the auditor shall –

> request management to identify all transactions with the newly identified related parties for the auditor’s further evaluation;

> inquire as to why the entity’s controls over related party relationships and transactions failed to enable the identification or disclosure of the related party relationships or transactions;

> reconsider the risk that other related parties or significant related party transactions may exist that management has not previously identified or disclosed to the auditor, and perform additional audit procedures as necessary;

> and if the non-disclosure by management appears intentional (and therefore indicative of a risk of material misstatement due to fraud), evaluate the implications for the audit.

• For identified significant related party transactions outside the entity’s normal course of business, the auditor is required to:

(a) Inspect the underlying contracts or agreements, if any, and evaluate whether:

(i) The business rationale (or lack thereof) of the transactions suggests that they may have been entered into to engage in fraudulent financial reporting or to conceal misappropriation of assets)

(ii) The terms of the transactions are consistent with management’s explanations; and

(iii) The transactions have been appropriately accounted for and disclosed in accordance with the applicable financial reporting framework; and

(b) Obtain audit evidence that the transactions have been appropriately authorized and approved.

• When management has made an assertion in the financial statements to the effect that a related party transaction was conducted on terms equivalent to those prevailing in an arm’s length transaction, the auditor shall obtain sufficient appropriate audit evidence about the assertion.
• The auditor is required to evaluate:

(a) Whether the identified related party relationships and transactions have been appropriately accounted for and disclosed in accordance with the applicable financial reporting framework; and

(b) Whether the effects of the related party relationships and transactions prevent the financial statements from achieving true and fair presentation; or cause the financial statements to be misleading.

• The auditor is required to obtain written representations from management and, where appropriate, those charged with governance that:

(a) They have disclosed to the auditor the identity of the entity’s related parties and all the related party relationships and transactions of which they are aware; and

(b) They have appropriately accounted for and disclosed such relationships and transactions in accordance with the requirements of the framework.

• The auditor is required to communicate with those charged with governance significant matters arising during the audit in connection with the entity’s related parties.

SA 315⁸ requires that in exercising judgment as to which risks are significant risks, the auditor shall consider inter alia whether the risk involves significant transactions with related parties.

SA 240 states that misappropriation of assets can be accomplished in a variety of ways including using an entity’s assets for personal use (for example, using the entity’s assets as collateral for a personal loan or a loan to a related party).

SA 240 further stated that indicators that may suggest that significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual, may have been entered into to engage in fraudulent financial reporting or to conceal misappropriation of assets include:

• Transactions that involve non-consolidated related parties, including special purpose entities, have not been properly reviewed or approved by those charged with the governance of the entity.
• The transactions involve previously unidentified related parties or parties that do not have the substance or the financial strength to support the transaction without assistance from the entity under audit.

SA 240 also states that auditor should investigate the possibility of related parties and the sources of financial resources supporting the transactions for significant and unusual transactions, particularly those occurring at or near year end.

SA 330⁹ states that if the confirming party is a related party of the entity, responses to confirmation requests may be less reliable.

What are the potential questions the Auditors may expect from the Audit Committee in respect of related party transactions under Ind AS 24 and SA 550? (Illustrative Only)

Identification and Completeness

1) Whether management’s understanding of the meaning of related parties is consistent with the definitions given in CA 2013, Ind AS 24 or AS 18, SA 550 and the SEBI Regulations 2015?

2) Has the auditor inquired the management about the following.

(a) The identity of the entity’s related parties, including changes from the prior period;

(b) The nature of the relationships between the entity and these related parties; and

(c) Whether the entity entered into any transactions with these related parties during the period and, if so, the type and purpose of the transactions.

3) Has the auditor considered related party transaction considering definition given in SEBI Regulations 2015?

4) Which risk assessment procedures were performed by the auditor to understand the management controls established to:

(a) Identify, account for, and disclose related party relationships and transactions;

(b) Authorize and approve significant transactions and arrangements with related parties; and

(c) Authorize and approve significant transactions and arrangements outside the normal course of business?

5) Which audit procedures were performed to identify related party relationships and transactions? Did the auditor consider legal structure of the entire group? Did the auditor consider investment of holding company/ultimate holding company/ subsidiaries/ associates/joint ventures, and other entities of the promoter group?

6) How did the auditor verify that appropriate internal control processes have been established to verify the group structure (for any changes therein) on a periodic basis?

7) How did the auditor determine whether an entity or an individual has control over the company, or vice versa?

8) Has the management reviewed all shareholders’ agreements and relevant contracts to identify entities that it has control on and those that control the entity?¹⁰

9) Has the management obtained confirmations from the promoters at the beginning of each financial year to identify their related entities? Have the promoters notified to companies whenever there is a change in interest in the related parties? Do the promoters’ declarations include direct and indirect holdings (indirect holdings include holdings through layers of subsidiaries) of the promoters? (this is because it is important to identify the ultimate beneficial owner of an entity i.e., there is no shell company involved).

10) Did the management establish procedures to independently validate the information declared by directors or promoters?

11) Did the management establish a procedure to determine and monitor shareholding of investors with a prescribed shareholding?

12) Has the management identified individuals or entities that would be classified as ‘connected parties’ for the purpose of identifying transactions the purpose and effect of which is to benefit a related party (indirect transaction)? Has the list of connected parties been updated on a regular basis and included in the ‘related parties’ (digital) database maintained by the company?

13) Does the company maintain the database of related parties on a technology enabled platform and integrated with other databases of the company? (for example, the vendor master, customer master, etc.)

14) Whether the finance, legal and secretarial team perform a post-facto compliance of all transactions entered into during the year?

15) Has the management taken steps to rectify the errors that were identified while performing the post-facto compliance check?

16) Has the company obtained periodic confirmations from the directors, promoter group, large shareholders¹¹ and other related parties that there are no transactions that have been undertaken indirectly with the listed company or its subsidiaries or its related parties?

17) Has the management established procedure to identify indirect transactions (transactions where the purpose and effect of which is to benefit related parties)?

18) While entering into schemes of arrangement (such as mergers, acquisitions, strategic investments, strategic partnerships, etc.) have the investor and investee companies exchanged a list of their related parties and identified RPTs?

19) Did the auditor identify related party relationships and/or transactions which the management had not identified? If yes:

> Did the auditor inquire as to why the entity’s controls over related party relationships and transactions failed to enable the identification or disclosure of the related party relationships or transactions?

> Whether the auditor requested the management to identify all transactions with the newly identified related parties for the auditor’s further evaluation?

> Which audit procedures were performed on newly identified related parties/transactions?

> How did the auditor evaluate the risk of material misstatements due to fraud in respect of newly detected related parties/transactions?

Evaluation

20) How did the auditor determine significant risk in related party relationships and transactions?

21) Did the auditor identify fraud risk factors in connection with related parties? If yes, details thereof along with audit procedures performed to mitigate such risks?

22) How did the auditor evaluate business rationale of significant related party transactions?

23) Did the auditor identify significant related party transactions outside the normal course of business? If yes –

> whether the business rationale (or lack thereof) of the transactions suggests that they may have been entered into to engage in fraudulent financial reporting or to conceal misappropriation of assets? How did the auditor evaluate this matter?

> whether the terms of the transactions are consistent with management’s explanations?

> whether the transactions have been appropriately accounted for and disclosed in accordance with the applicable financial reporting framework (CA 2013, Ind AS 24/AS 18 and SEBI Regulations 2015)?

> whether the transactions have been appropriately authorised and approved?

24) How did the auditor evaluate that a related party transaction was conducted on terms equivalent to those prevailing in an arm’s length transaction?

25) How did the auditor obtain assurance that related party disclosure is complete and compliant with the CA 2013, SEBI Regulations 2015 and Ind AS 24/AS 18?

Approvals

26) Did the management have any technology enabled database relevant systems, so as to generate an alert for Audit Committee’s approvals for all RPTs and shareholders’ approvals when the transaction with a related party crosses a particular threshold?

27) How did the auditor verify that all companies which are a part of the listed holding company’s group, including foreign subsidiaries, comply with the RPT rules as prescribed in the SEBI Regulations 2015 and CA 2013?

28) Has the management put in place appropriate controls, such that a particular defined department (say the legal/ secretarial/finance department) monitors changes in contracts, and evaluates: whether the change is a material modification (as defined by the Audit Committee) of an existing contract; and whether appropriate approvals of the Audit Committee and/ or the Shareholders have been obtained for a material modification of a contract?

29) Has the company availed of the exemption from obtaining Audit Committee’s and Shareholders approvals, where the transaction is in between the: the holding company and its wholly owned subsidiary; two wholly owned subsidiaries; and two government companies? If yes, has the company documented the rationale for not obtaining Audit Committee’s and Shareholders’ approvals?

30) Which audit procedures were performed before reporting under CARO that the company has complied with section 177 and 188 of the Act?

31) Did the auditor examine the circumstances leading to necessity of obtaining ratification of related party transactions from the Audit Committee, if any?

32) Did the management engage any internal or external agency to evaluate the entire gamut of related parties like identification, transactions, approvals, disclosures and compliance with laws and regulations? If yes, did the auditor review the report of such an agency?

33) Have you evaluated any significant variation between the value of proposed RPT approved by the Audit Committee and the actual value of RPT executed?

Acknowledgments

NFRA appreciates the guidance and support provided by eminent subject matter experts, Shri D Sundaram, Shri Nawshir Mirza, Shri P R Ramesh and Shri R Anand in developing this publication.

Disclaimer: This publication by NFRA Staff is intended purely towards promotion of awareness of auditing and accounting standards and audit quality as part of NFRA’s education, training, seminar and advocacy initiatives. NFRA and the subject matter experts do not accept any responsibility or liability for any loss caused to any person or any entity, howsoever arising from the use of or refraining from the use of the contents of this document. This document is not a policy/standard/recommendation/statement of Executive Body of NFRA, the Authority or the Government and is not issued as a substitute for any obligations of Auditors, Management, TCWG including Audit Committees, as are provided in law, rules, and regulations.

Extracts of Laws, Rules, Regulations and Standards are provided in this document only as a foundation to the suggested questions. NFRA does not hold out that these extracts are comprehensive. In case of any inconsistencies the relevant laws, rules, regulations and standards would prevail.

Notes:

¹ Kreuger & Toll (1933) and McKesson & Robbins Inc (1940)

² In case of non-Ind AS companies, prescriptions of AS 18 are

³ SA 550, Related Parties

⁴ Paragraph 24 of SA 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements

⁵ Paragraph A52 of SA 200,Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Standards on Auditing

⁶ Paragraph 15 of SA 200.

⁷ In Indian context, applicable standards are Ind AS 24 as prescribed under Companies (Ind AS) Rule 2015 for certain prescribed class of companies or AS 18 Companies (AS) Rules 2021 to Non-Ind AS companies.

⁸ SA 315, Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment

⁹ SA 330, The Auditor’s Responses to Assessed Risks

¹⁰ On a combined reading of the Companies Act, 2013 and Ind AS 110, Consolidated Financial Statements, control over an entity is established when:

– An entity has the right to appoint majority of the directors (Section 2(27) of CA 2013)

– An entity can control the management or policy decisions exercisable by a person or persons acting individually or in concert, directly or indirectly, including by virtue of their shareholding or management rights or shareholders’ agreements or voting agreements (Section 2(27) of CA 2013).

– An entity has power over the other entity (Ind AS 110)

– An entity has exposure or rights to variable returns from its involvement with the investee (Ind AS 110)

– An entity has the ability to use its power over the investee to affect the amount of the investor’s returns (Ind AS 110)

¹¹ Large shareholders include investors with a holding exceeding 10 per cent (these are specifically identified by SEBI as related parties)