Which one of the following statements regarding the audit of related party transactions is incorrect?
1. When the auditor assesses inherent risk as low and the auditor's risk assessment does not include an expectation of the operating effectiveness of controls, the auditor is not required to plan to perform any substantive procedures specifically directed to the identification of related parties and related party transactions.
2. The auditor needs to obtain evidence to determine whether a significant related party transaction is in the normal course of operations.
3. When the auditor assesses inherent risk as other than low, the auditor is required to perform sufficient additional substantive procedures because of the risk of unidentified related parties or unidentified related party transactions.
4. When the auditor assesses inherent risk as low based on his or her prior experience with the entity and on enquiries of management, the audit team is still required to be alert for unidentified related parties and related party transactions when performing other procedures during the audit.