ACC4304

AUDITING

Audit Liability
Learning Objectives
 Understand the legal environment for auditors.
 Learn the definition of key legal terms.
 Know the types of litigations against auditors.
 Know the auditor’s liability to clients under common law.
 Know the auditor’s liability to third parties under common law.
 Understand the conditions for tort of negligence under common
law.
 Know the auditor’s legal duties to report breaches of laws under
various statutes.
 Know the approaches that public accounting profession and the
firms can take to minimise legal liability.
 Learn the elements of quality control for audit and assurance
services.
Understand the nature of audit
liabilities
 Fraud
 Error
Fraud
An intentional act by one or more individuals among the management,
those charged with governance, employees, or
3rd parties, involving the use of deception to obtain an unjust
or illegal advantage. (ISA 240)

Payroll Fraud Invoice Fraud

Error
Unintentional mistakes in the preparation or,
presentation of financial information.
Differences
Legal Liability

Legal liability is a term applied to being

legally responsible for a situation, and
is often associated with a subcontract,
especially if the terms of that contract
are not fulfilled.
Legal Act that Govern Auditor
Liabilities
Privity
A contractual / fiduciary relationship, lack of
privity means the accountant may not owe a
duty of care to an injured 3rd party.

Established due to existence of substantive

legal relationship
Breach of Contract
Legal Environment
 In the current legal environment, auditors can be held
liable for a number of types of lawsuits. (Negligence &
breach of contract)

 In this topic, we discuss the types of legal actions that

can be brought against the auditors, the types of
plaintiffs that typically sue auditors, what must be proved
to sue the auditors successfully, and the defences available
to the auditor.
Rise in Litigation
 Although auditors have always been liable to clients and certain third
parties, claims against auditors were relatively uncommon before the
1970s.

 Today, the auditing profession faces greater exposure to legal liability

and operates in a much more litigious environment than before.

 Lawsuits against auditors and public accounting firm are experienced

primarily in the U.S. but countries such as Canada, U.K. and Australia
are also subjected to an increase in number of lawsuits against the
professional.

 The legal system and the litigious climate are the main contributing
factors for the significant rise in litigation in the U.S.
Rise in Litigation
 This so-called “deep pocket” syndrome accounts for many of the legal
actions taken against the professional accountants acting as auditors.

 Injured parties who take legal actions in the hope of recovering part or
all of their losses from the “deep pockets” of practitioners with large
insurance coverage are not duly concerned whether the professionals
are at fault or not.

 Furthermore, in many cases involving auditors, the other parties

responsible for the claimants’ losses are often insolvent and unable to
pay damages, thus inevitably putting the burden of compensation
entirely on the shoulders of the practitioners.
Rise in Litigation
 The increase in multitude of litigation and the size of compensation
awarded by the courts have also caused a steep rise in premiums for
professional indemnity insurance, thus indirectly increasing the audit
costs.

 The public accounting profession in these countries has been very

concerned about the effect of litigation on the profession.
 Due to a slump in the
economy in the early
1970s & the recession
of the 1980s, it become
Claims against more common for Due to several high-profile
auditors were auditors to be sued frauds, congress refocused
relatively attention on auditors in the
uncommon before Sarbanes-Oxley Act of
the 1970s 2002

1970 1980 2002

1990

The recession of 1990-

1992 led to another
upsurge in litigation
against auditors
Professional Liability
 Can arise from:
– Statutory requirement (If the accountant is the
liquidator).
– Contract between auditor & client
– Tort of negligence
Negligence
 Before accusing an auditor is negligence
due to the audit work, client must show:
– A duty of care exist.
– The duty was breached.
– The breach caused a financial loss.
Limiting Liability through Law Reforms
 Since 1980s, the public accounting profession in countries badly
affected by litigation has been lobbying for some relief through
changes in legislation to limit the magnitude of the auditor’s liability.

 The most common suggestions put forth include the capping of

auditor’s liability; incorporation of audit firms, and removal of joint
and severally liability or replacing it with proportionate liability.

 For example, in Australia, the amendment to the corporate laws has

introduced proportionate liability, and a statutory cap of up to a
maximum of 10 times the audit fee for A$20 million.
Limiting Liability through Law Reforms
 In the 1990s, certain litigation reform acts were passed in the U.S.
These laws provided some limits to auditor liability and made it more
difficult to sue auditors successfully.

 However, in 2002, after the capital markets were shaken by the

massive high-profile accounting frauds at Enron and WorldCom and
by the conviction of Arthur Andersen on obstruction of justice in
connection with the Enron investigation, the attention is again focused
on the auditors performance, duties and legal liability.

 In the U.S., this led to the enactment of the Sarbanes-Oxley Act of

2002.
Types of Litigation
 Auditors can be held liable under two classes of law:

1. Common law – this represents case law developed over time by judges
who issue legal opinions when deciding a case. The legal principles
announced in these cases become precedent for judges deciding
similar cases in the future.
 Unwritten Law.
 These laws were not contained in any statutes & can be found only in case
decisions.
 In situation when there is no law governing a particular circumstances,
Malaysia case law may apply.

 Statutory law – this is written law enacted by the legislative arm of

the government that establishes certain course of conduct that must be
adhered to by covered parties. Company Act 2016.
Types of Litigation
 It is important to understand the difference between these two broad
legal categories.

 Civil actions under common law typically allege that the auditor did
not properly perform the audit.

 For example, under common law, an auditor can be held liable to

clients for breach of contract, negligence, gross negligence and fraud.
Types of Litigation
 An auditor can be held liable for fraud if he has acted with knowledge
and intent to deceive.

 Persons taking action alleging fraud must prove that the auditor has
made false representation and the auditor has the knowledge or belief
that the representation was false.

 Fraudulent intent may be established by proof that the auditor acted

with knowledge of the false representation or with reckless disregard
for the truth.
Types of Litigation
 Some courts in the U.S. have interpreted gross negligence as an
instance of fraud .

 Gross negligence is defined to be extreme, flagrant, or reckless

deviation from professional standards of due care.

 The auditor’s liability to third parties (e.g. investors and creditors)

under common law represents one of the more perplexing areas of
litigation.
Types of Litigation
 Statutes in Malaysia that represent the major sources of potential legal
liability against auditors include the corporate, banking and securities
laws.

 The following discussion focuses on the auditor’s liability to clients

and third parties under common law and is organised as follows:

1) Liability to clients – Breach of contract

2) Liability to clients and third parties - Negligence
Liability to Clients – Breach of Contract
 When an auditor fails to carry out contractual arrangements with the
client, he may be held liable for breach of contract and/or negligence.

 Under common law, the auditor may also be liable to the client for gross
negligence and fraud.

 Common law does not require that the auditor guarantee his work
product.

 It does, however, require that the auditor perform professional services

with due care.

 Due care standard requires the auditor to perform professional services

with the same degree of skill, knowledge and judgment possessed by
other members of the profession.
Liability to Clients – Breach of Contract

 Liability for breach-of-contract is based on the auditor’s failure to

complete the services agreed to in the contract with the client.

 An engagement letter should establish the responsibilities for both the

auditor and the client.
Liability to Clients – Breach of Contract
 An engagement letter represents a written contract between the auditor
and the client and the terms of the engagement should be clearly spelt
out even if the engagement is a recurring audit governed by statutory
provisions.

 In performing an audit under the requirements of the Companies Act,

2016, the auditor’s obligation is to examine the reporting entity’s
financial statements and issue the appropriate audit opinion in
accordance with auditing standards.

 The contract between the client and the auditor stipulate the amount of
fees to be charged for the designated professional services, and
deadlines for completing the services are normally indicated or
implied in the contract.
Liability to Clients – Breach of Contract
 In a statutory audit, the client and the auditor may contract for
responsibilities additional to the specific requirements under the law
but the auditor is not permitted to exclude or reduce his statutory
duties through contractual terms.

 If the client entity breaches its obligations under the engagement letter,
the auditor is excused from his contractual obligations. If the auditor
discontinues an audit without adequate cause, he may be liable for
economic injury suffered by the client.

 Similarly, other issues (such as timely delivery of the auditor’s report

or failure to detect a fraud or material error) can lead to litigation by
the client against the auditor for breach of contract.
Liability to Clients and Third Parties -
Negligence
 A tort is a wrongful act other than a breach of contract for which civil
action may be taken.

 If an audit engagement has been performed without due care, the

auditor may be held liable for an actionable tort in negligence.

 Negligence has been defined as: “some act or omission which occurs
because the person concerned has failed to exercise that degree of
professional care and skill, appropriate to the circumstances of the
case, which is expected of accountants and auditors.”
Liability to Clients and Third Parties -
Negligence
 In an action for negligence against an auditor, whether brought by the
client or third party, the plaintiff must prove the following elements:
1) The auditor owed a duty of care to the plaintiff to conform to a
required standard of care.

2) There is a failure to act in accordance with that duty of care, that is, a
breach of duty of care to the plaintiff on the part of the auditor.

3) There is a causal relationship or connection between the auditor’s

negligence and the plaintiff damage.

4) The plaintiff suffered actual loss or damage.

Duty of Care
 A legal duty of care arises in situations when a person’s relationship to
another is such that his actions or omissions could reasonably be
expected to cause injury to the other person.

 A professional such as an auditor has the obligation under law to

perform his duties with the skill and care required under the
circumstances.
Duty of Care
 In an audit engagement, due to the contractual relationship between
them, the auditor always owes a duty of care to the client.

 Also implied in the terms of the contract is the auditor’s duty to

perform the audit with due care and competence.

 If the auditor fails to discharge his duty properly, the client has the
right to bring legal action against the auditor either for breach of
contract or negligence or both.
Duty of Care to Third Parties
 Under common law, actions can be brought by non-client third parties
against the auditors for tort in negligence.

 Such legal actions often involve allegation of misrepresented financial

statements and inaccurate audit reporting.

 The main difficulty faced by third parties in proving negligence

against the auditor is showing that the auditor’s duty to exercise due
care is extended to them.
Duty of Care to Third Parties
 This legal perception is based on the doctrine of privity of contract.

 The traditional view based on privity held that, under common law,
auditors had no liability to third parties who did not have privity
relationship with the auditor.

 Privity of contract means that the obligations that exist under a

contract between the original parties to the contract, and failure to
perform with due care results in a breach of that duty only to those
parties.
Duty of Care to Third Parties
 The first landmark decision in this area is the case of Ultramares v.
Touche, et al. (U.S., 1931).

 In that case, the plaintiff (Ultramares Corporation) who was

approached for a loan, asked the borrowing company to provide
audited balance sheet of the company.

 The auditors were aware of the fact that the audit reports were being
used by the client to obtain external debt financing but did not know
which specific banks or finance companies would be given the audit
reports.
Duty of Care to Third Parties
 The company went bankrupt after obtaining the loan from the
plaintiff. The plaintiff alleged that the auditors had been negligent in
their audit for failing to detect or report deceptive accounting entries
that had concealed the borrowing company’s problems.

 During that time, this case was viewed as a test case for third parties
seeking damages from auditors. At the court of appeals, it was ruled
unanimously in favour of the auditor, thus upholding the privity
doctrine.

 The rational for this finding by the New York Court of Appeals is
summarised in a famous quote by Judge Cardozo:
Duty of Care to Third Parties
“If a liability for negligence exists, a thoughtless slip or blunder, the
failure to detect a theft of forgery beneath the cover of deceptive
entries, may expose accountants to a liability in an indeterminate
amount for an indeterminate time to an indeterminate class. The
hazards of business on these terms are so extreme as to enkindle doubt
whether a flaw may not exist in the implication of a duty that exposes
to these circumstances.”

In U.K., the case of Candler v. Crane Christmas & Co. (1951)
reinforced the doctrine that third parties, in the absence of a
contractual relationship, were not entitled to recover financial damages
resulting from an auditor’s negligence. The outcome of this case was,
a majority of the Court of Appeal in England held that, in the absence
of a contractual relationship between the parties, the auditor did not
owe a duty of care to the plaintiff (Mr Chandler).
Duty of Care to Third Parties
 The privity doctrine was again tested in another important English case:
Hedley Byrne v. Heller & Partners (U.K. 1963). In that case, the
dissenting Judge Denning’s view in the Candler Case was shared by other
judges.

 The case of Hedley Byrne did not involve auditors but a merchant bank
which gave a certificate of creditworthiness to an advertising agency. The
credit reference was for a potential customer of the advertising agency;
unfortunately the bank gave the reference negligently without proper
checking of its records. The advertising agency relied on the credit
reference and suffered financial loss because the customer went into
liquidation.

 The bank denied responsibility on the ground that it owed no duty of care
to the plaintiff in the absence of a contractual relationship. The House of
Lords however held that the bank owed a duty of care to the plaintiff.
Breach of the Standard of Care
 The second condition in a tort of negligence is to establish that the person
who owed the duty of care has breached the duty of care. For a
professional person such as an auditor, the standard of care is that of the
reasonable skill and care of another skilled person carrying out the same
assignment.

 Under common law, an auditor has the duty to perform an audit using the
same degree of care that would be used by an ordinary, prudent member of
the public accounting profession. Negligence represents a deviation from a
standard of behaviour that is consistent with that of a “reasonable person.”

 With respect to audit engagements, two classic statements have often been
referred to in defining the auditor’s responsibility in relation to auditing of
an entity’s account. The first is by Lindley LJ in Re London and General
Bank (1895):
Breach of the Standard of Care
“An auditor…. Is not bound to do more than exercise reasonable care and skill
in making inquiries and investigations.

He is not an insurer; he does not guarantee that the books do correctly show
the true position of the company’s affairs; he does not even guarantee that his
balance sheet is accurate according to the books of the company. If he did, he
would be responsible for error on his part, even if he were himself deceived
without any want of reasonable care on his part, say by the fraudulent
concealment of a book from him. His obligation is not so onerous as this.

Such I take to be the duty of the auditor; he must be honest – i.e. he must not
certify what he does not believe to be true, and he must take reasonable care
and skill before be believes that what he certifies is true. What is reasonable
care in any particular case must depend upon the circumstances of the case.
Where there is nothing to excite suspicion very little inquiry will be reasonably
sufficient, and in practice I believe businessmen select a few cases at
haphazard, see that they are right and a
Breach of the Standard of Care
Assume that others like them are correct also. Where suspicion is
aroused more care is obviously necessary; but, still an auditor is not
bound to exercise more than reasonable care and skill, even in a case of
suspicion, and he is perfectly justified in acting on the opinion of an
expert where special knowledge is required.
Causal Relationship or Connection
 The third element in the tort of negligence is the proof of causation or
connection between the plaintiff’s loss and the act of negligence.

 To succeed in their claim for economic loss, the plaintiffs must

demonstrate that the loss is the consequence of the breach in the duty
of care and at the time the breach was committed, the loss was
reasonably foreseeable as a consequence.
Causal Relationship or Connection
 A common example is the proof of connection between an auditor’s
failure to detect (breach of the duty of care) a fraud and the loss
(damage) arising from the fraud.

 For example, a client trying to establish the causation relationship

would have to prove that if the audit had been carried out competently,
the loss from the fraud would have been avoided, since the control
weakness that caused the fraudulent act would have been rectified.

 Thus, an auditor could be liable for loss due to defalcation which

could have been prevented by this audit.
Damages
 The type of damage that can result from negligent misrepresentation is
usually economic or financial loss. The common types of claims for
economic losses resulted from an auditor’s negligence include:
 Loss of investment.
 Overpayment of investment.
 Loss due to defalcation by management or employees.
 Overpayment of dividends.
Damages
 The usual remedy for actions in tort negligence against auditors is an
award of damages.

 The measure of damages is dependent on the circumstances and the

courts typically attempt to approximate monetary equivalents that will
put the plaintiff in the same position that he would be if the auditor has
discharged his duties properly.

 An award of damages would not be granted if the plaintiff had not

suffered real or measurable loss.
Damages
Contributory Negligence
In cases of negligence, the auditor may be able to argue that the client is
partly responsible for its own loss or the loss was not due entirely to the
auditor’s negligence.

 For example, the auditor may attempt to prove contributory negligence

on the part of the client by showing that the client’s negligence caused the
fraudulent actions of its employees or manager. When the auditor is able
to prove successfully the existence of contributory negligence,
apportionment of liability may be possible between the auditor and client.
Duties to Report Breaches of Laws
 Various statutes in Malaysia such as the Companies Act 2016, the
Securities Commission Act 1993 (SCA), and the Banking and
Financial Institution Act, 1989 (BAFIA) are intended to safeguard the
interests of shareholders and depositors and also to protect the
investors and the public from malfeasance or breach of trust in the
securities and capital market.

 While not aimed directly at auditors, these laws can expose auditors to
potential legal liability.

 The sources of liability come from the legal reporting responsibilities

imposed on the auditors under these statutes.
Duties to Report Breaches of Laws
 Apart from the duty to report on a company’s financial statements
under the Companies Act 2016, an auditor has reporting duties under
various other statutes.

 The duties primarily require the auditors to report to the relevant

authority violation of laws or regulations they encounter in the course
of performing their duties; for example, when performing the statutory
audit of company accounts.
Duties to Report Breaches of Laws
 The legal requirements to report breaches of laws do not impose
additional investigative duties on the auditors, meaning the auditor
does not perform specific procedures to search for violation or non-
compliance with relevant laws and regulations in the course of a
financial statement audit.

 The additional duty is the duty to report, and not to detect, any
violation of laws that came to the auditor’s attention during the course
of the audit.

 Apart of the Companies Act 2016, laws in Malaysia that impose a

legal duty on the auditors to report breaches and irregularities include
the Securities Industry Act 1983, the SCA, BAFIA and the Anti-
Money Laundering Act 2001.
Approaches to Minimising Legal
Liability
 Everyone involved with the public accounting profession has an
interest in minimising auditors’ exposure to legal liability.

 For example, audit firms have seen their costs of defending such
lawsuits, including management time and their insurance premiums,
increase dramatically in recent years. The firms has also suffered
from significant blows to their reputations through the negative
publicity arising from litigation.
Approaches to Minimising Legal
Liability
 Everyone involved with the public accounting profession has an
interest in minimising auditors’ exposure to legal liability.

 To reduce practice risk, many accounting firms adopt client

acceptance strategies that avoid certain high risk clients or industries.

 In some countries, small to medium-size public accounting firms are

limiting or abandoning their audit practices.
Approaches to Minimising Legal
Liability
At Professional Level
These include:
 Establishing stronger auditing and assurance standards.
 Continually updating the code on professional ethics and sanctioning
members who do not comply with it.
 Educating users
Approaches to Minimising Legal
Liability
At Firm Level
 Instituting sound quality control and review procedures.
 Ensuring that members of the firm are independent.
 Following sound client acceptance and retention procedures.
 Being alert to risk factors that may result in lawsuits.
 Performing and documenting work diligently.
Thank you