Chapter 20 Legal Liability McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. Intro Historical Perspective Claims against auditors were relatively uncommon before the 1970’s. 1970 Global credit crisis leads to the Dodd-Frank Act of 2010 and increases scrutiny into auditing profession again. The recession of 1990-1992 led to another upsurge in litigation against auditors. 1980 Due to a slump in the economy in the early 1970’s and the recession of the 1980’s, it became more common for auditors to be sued. 1990 2002 2010 Due to several high-profile frauds, Congress refocused attention on auditors in the Sarbanes-Oxley Act of 2002. 20-2 Largest CPA firm payouts in recent class actions Company CPA firm Settlement Year filed Cendant Corp. Ernst & Young $633,500,000 1998 Adelphia Deloitte & Touche $367,500,000 2002 Tyco International PwC $225,000,000 2002 Baptist Foundation of Arizona Arthur Andersen Parmalat Finanziaria Deloitte & Touche $217,000,000 $157,500,000 1999 2004 HealthSouth Corp. Ernst & Young $142,500,000 2002 Superior Bank FSB Ernst & Young $125,000,000 2002 Rite Aid Corp. KPMG $125,000,000 1999 Lernout & Hauspie Speech Products KPMG $115,000,000 1999 Sunbeam Corp. Arthur Andersen $110,000,000 1998 Enron Corporation Arthur Andersen $105,500,000 2001 LO# 2 One way to classify law is common law vs. statutes Two Classes of Law Common Law Statutory Law Case law developed over time by state court judges Statutes enacted by Congress, interpreted by federal judges 20-4 Another way to classify law: severity of outcome for auditor Note: in most financial reporting lawsuits, auditor is one of several defendants Least severe: auditor not defendant More severe: auditor defendant in private lawsuit but avoids paying anything Still more severe: auditor defendant in private lawsuit and has to pay to settle it Even more severe: auditor defendant in government (usually the SEC) civil lawsuit Most severe: auditor defendant in criminal prosecution (in the US, usually the Justice Department) Another way to classify law: who the auditor is liable to The auditor might be liable to who engaged the auditor (usually, but not always, the company that is audited) The auditor might be liable to users (called 3rd parties) of the financial statements. – Here is where auditor liability is unique, as we will learn LO# 2 Overview 20-7 LO# 2 Overview 20-8 LO# 3 Common Law—liability to who engaged the auditor Since there is an agreement, there can be contract liability as well as tort liability Requires Due Care Bottom line: if auditor performs with due care he is not liable, if not, he is liable. Types of Liability to the Client May be held liable for breach of contract (contract law) •Negligence •Gross negligence •Fraud •These are all genres of tort law 20-9 LO# 3 Breach of Contract (liability to company that engaged the auditor) The contract, law, and GAAS determine what defines “due care.” 20-10 LO# 3 Negligence (liability to company that engaged the auditor) Requires Due Care If an engagement is performed without due care, the CPA may be held liable for an actionable tort in negligence. Tort law – and GAAS - defines what is “due care.” 20-11 Common Law Negligence: liability of auditor to company LO# 3 that engaged the auditor Company must prove, inter alia, that the behavior of the auditor constitutes a lack of due care. Different courts use different language, but #1 is the easiest for the company to prove, since it is just barely a lack of due care. #2 is harder to prove, and #3 is the hardest to prove. 1. Ordinary negligence or negligence 2. Gross negligence, recklessness or statutory fraud. 3. Actual fraud or knowing fraud. 20-12 LO# 3 Common Law Negligence: Client Auditor’s Defense 1. No duty was owed to the client. 2. The client was negligent. 3. The auditor’s work was performed in accordance with professional standards. 4. The client suffered no loss. 5. Any loss was caused by other events. 6. The claim is invalid because the statute of limitations has expired. 20-13 Common law liability to 3rd party users of financials As noted above there’s only tort law liability to 3rd party users of financials (there’s no contract so there’s no possible breach of contract) We also noted there are 3 severity levels of bad (less than due care) auditor behavior. #1 is easiest for 3rd party users to prove against an auditor, but in a traditional 3rd party “privity” or Ultramares state, e.g. New York, if that is all that 3rd party users can prove against the auditor, they lose and the auditor wins (not liable). 1. Ordinary negligence or negligence 2. Gross negligence, recklessness or statutory fraud. 3. Actual fraud or knowing fraud. LO# 4 Common Law - 3rd party Ordinary Negligence / Negligence Four approaches for 3rd Parties: Privity or Ultramares is arguably the most important , because it is the original approach and it is what New York uses. Know how to apply it. Simply know that the other 3 approaches exist. Privity Near Privity Foreseen 3rd Parties Reasonably Foreseeable 3rd Parties 20-15 LO# 4 Common Law—3rd Parties Negligence Third Party Must Prove 1. The auditor had a duty to the plaintiff to exercise due care. 2. The auditor was worse than negligence or ordinary negligence (i.e. committed gross negligence, recklessness, constructive fraud, actual fraud or knowing fraud). 3. The auditor’s breach of due care was the direct cause of the 3rd party’s injury. 4. The 3rd party suffered an actual loss as a result. 20-16 LO# 4 Common Law—3rd Parties Negligence Auditor’s Defense 1. Auditor’s behavior was not worse than negligence or ordinary negligence. 2. The 3rd party was negligent. 3. The 3rd party suffered no loss. 4. Any loss was caused by other events. 5. The claim is invalid because the statute of limitations has expired. 20-17 LO# 4 Fraud - 3rd parties If an auditor has acted with knowledge and intent to deceive a third party, he or she can be held liable for fraud. 20-18 LO# 4 Fraud – 3rd parties Third Party Must Prove 1. A false representation by the CPA. 2. Knowledge or belief by the CPA that the representation was false. 3. The CPA intended to induce the 3rd party to rely on the false representation. 4. The 3rd party relied on the false representation. 5. The 3rd party suffered damages. 20-19 LO# 5 Statutory Liability Two major federal statutes provide sources of statutory liability for auditors: The Securities Act of 1933 The Securities Exchange Act of 1934 20-20 LO# 5 Securities Act of 1933 Only applies re an offering of securities. Could be an IPO or could be A secondary or other kind of offering 20-21 Securities Act of 1933 – auditor’s worst liability exposure toLO# 5 3rd parties because a) very little must be proved, b) no privity defense allowed, and c) auditor has burden of proof that he performed with due care (“due diligence defense”) 3rd Party Must Merely Prove 1. The 3rd party suffered losses by investing in the registered security. 2. The audited financial statements contained a material omission or misstatement. 20-22 Securities Exchange Act of 1934 LO# 6 Applies to offerings plus ongoing reporting (e.g. 10K or 10Q) by public companies. Section 10(b) and Rule 10b-5 are the greatest source of liability for auditors under this act. 20-23 LO# 6 Securities Exchange Act of 1934 3rd Party Must Prove 1. A material, factual misrepresentation or omission. 2. Reliance on the financial statements. 3. Damages suffered as a result of reliance on the financial statements. 4. Scienter (gross negligence or recklessness is enough). • If 3rd party proves auditor committed knowing fraud then auditor faces joint/several liability instead of proportionate liability • This means that the auditor could have to pay all the money, if the lawsuit is lost, instead of just his proportionate share 20-24 LO# 9 SEC and PCAOB Sanctions Suspend Practicing Privilege Impose Fines Remedial Measures 20-25 LO# 10 Foreign Corrupt Practices Act (FCPA) Passed in 1977 in response to the discovery of bribery and other misconduct on the part of more than 300 American companies. An auditor may be subject to administrative proceedings, civil liability, and civil penalties. 20-26 LO# Criminal Liability 8 & 12 Auditors can be held criminally liable under the laws discussed in the previous section. Criminal prosecutions require that some form of criminal intent (mens rea) be present. •Criminal prosecutions of auditors are rare. In a recent study I did of the Big 5, with 1169 lawsuits filed 2001-2008, the auditor was criminally prosecuted in only 7: •BAWAG (KPMG) •Finance Credit (KPMG) •Parmalat (Deloitte & Touche) •American Tissue (Arthur Andersen) •Peregrine Systems (Arthur Andersen) •Enron (Arthur Andersen) •NextCard (Ernst & Young) 20-27 End of Chapter 20 20-28