WHAT YOU REALLY NEED TO KNOW
CHAPTER 5: LEGAL LIABILITY
PAs are potentially liable for monetary damages and even subject to criminal penalties including
fines and jail terms, for failure to perform professional services properly. They can be sued by
clients, clients’ creditors, investors, and the government. Exposure to large lawsuit claims through
class actions is permitted under federal rules in Canada and the United States.
Law is essentially a social system for resolving conflicts. Conflicts between individuals (and
corporations) that are settled in court are part of what private law or civil law. Disputes between an
individual and the state as well as those between states, or different levels of government, are settled
in the part of the legal system called public law. Public law includes criminal law, administrative
law, and constitutional law. All public law is codified by statutes passed by some level of
government.
In the US, SOX is an example of statutory law, as are made charges by the SEC. Another statutory
law affecting accountants is the legislation prohibiting money laundering and the payment of bribes.
Under this legislation, PAs also have responsibilities to disclose such activities by their clients once
they are aware of them. In Ontario, Bill 198 gave the Ontario Securities Commission potentially
greater power in setting rules for appointing auditors than even SOX does.
Common law refers to the system of law based primarily on previous judicial decisions. Unlike
public law, its laws have not been codified in statutes via legislation (statutory law). It is a
distinctive part of the Anglo-American system of private/civil law used in Canada. There are several
major categories of civil law: contracts (agreements or promises that create expectations for others),
torts (civil wrongs such as negligent actions which create obligations for the offending party), and
property (rights over goods and land). Common law liabilities for auditors arise from the law of
contracts or torts.
Legal liabilities of PAs arise from lawsuits brought on the basis of the law of contracts or as tort
actions for negligence. Most lawsuits based on breach of contract claim that accounting or auditing
services were not performed in the manner agreed.
Tort refers to a private or civil wrong or injury such as fraud. These actions are normally brought on
by users of financial statements who have suffered a financial loss, asking the auditors compensate
them for their losses.
Clients may bring a lawsuit for a breach of contract. The relationship of direct involvement between
parties to a contract is also known as privity. When privity exists, a plaintiff only needs to show that
the defendant auditor was negligent. If negligence is proven, the auditor may be liable, provided the
client did not contribute to his own harm.
Smieliauskas/Bewley, 5e
What You Really Need to Know
© The McGraw-Hill Companies, Inc., 2010
5-1
Legal Liability
Fifty years ago, it was very difficult for parties, other than contracting clients, to succeed in lawsuits
against auditors. The case known as Ultramares (1931) expressed the view that, if negligence is so
great that it constitutes gross negligence—lack of minimum care in performing professional duties,
indicating reckless disregard for duty and responsibility—grounds might exist for concluding that the
accountant had engaged in constructive fraud.
Most auditor legal liability arises from the law of negligence, a part of the common law known as the
law of torts. Negligence is the failure to perform a duty to a standard of care. Under common law all
of the following four elements of negligence must be established by the plaintiff if he is to
successfully sue the auditor. There must be a legal duty of care to the plaintiff; there must be a
breach in that duty; there must be proof that damage resulted; there must be a reasonably proximate
connection between the breach of duty and the resulting damage. The auditor’s best defence is to
demonstrate that at least one of the preceding elements is missing. The auditor may also argue that
the plaintiff contributed to his own loss by, for example, not correcting internal control weaknesses.
In a contract, an auditor (the first party) owes the client (the second party) a duty of care due to
privity of contract. The engagement letter is critical in specifying the contractual obligations. The
corporation itself, as a “legal person,” has to claim any damages. In the case of auditors, the owners
are not viewed as having privity of contract with the auditors; only the corporation has privity of
contract. Thus, shareholders can take action only as third parties. The most significant source of
liability to auditors, however, is from these third parties.
The case that extended tort law to cover economic loss is Hedley Byrne v. Heller and Partners
(1964). Haig v, Bamford (1976) held that where an accountant has negligently prepared financial
statements and a third party relies on them to his or her disadvantage, a duty of care will arise where:
the accountant knows that the results will be relied on by the plaintiff; the plaintiff is a member of a
known limited class; the statements have been prepared primarily for guidance of that limited class
and for purposes the plaintiff did in fact rely on them for. The accountant does not need to know the
specific identity of the user as long as the accountant was aware that the client intended to supply the
statements to members of this very limited class including the user.
The Toromont v. Thorne (1975) case also upheld precedent of liability to known third parties.
Auditor’s liability in Canada was further extended to prospective investors (reasonably foreseeable
third parties) in Dupuis v. Pan American Mines (1979). Auditor’s liability under common law was
limited again in the Hercules Managements Ltd. v. Ernst & Young (1997) which ruled that “an audit
is not prepared in order to assist shareholders in making investment decisions” but rather “to assist
the collectivity of shareholders of the audited companies in their task of overseeing management”
Based on the Hercules decision, an auditor who signs a company’s financial statements has no legal
liability to shareholders or investors. The court’s concern, observers say, is to protect auditors from
unlimited liability to thousands of investors who may use the audit opinion for many different
purposes. This decision raises the question of why even have an audit of financial statements that is
not useful for investor decision making. Partly in response to this ruling, the Ontario Securities
Commission introduced Bill 198 that re-establishes the legal liability of auditors to investors. The
intent of Bill 198 (and similar legislation) is to make it easier for investors to recover damages from
accountants, directors, and others associated with misleading financial reporting.
Smieliauskas/Bewley, 5e
What You Really Need to Know
© The McGraw-Hill Companies, Inc., 2010
5-2
Legal Liability
Under CIT Financial Corp. v. Glover (1955), auditors are liable to third parties for ordinary
negligence if their reports are for the primary benefit of the third party. Thus, the privity criterion
may not serve as a defence when third-party beneficiaries are known. PAs may also be liable to
foreseeable beneficiaries—creditors, investors, or potential investors who rely on the accountants’
work. If the PA is reasonably able to foresee a limited class of potential users of his work, liability
may be imposed for ordinary negligence.
The courts have attempted to strike a fair balance between reliable information for users of financial
statements and unreasonable risk to the auditor. This balance has resulted in Canadian auditors
currently being liable for negligent error to limited classes of third parties. Third parties are often
classified in the following categories:
(a) Known third parties
(b) Reasonably foreseeable third parties
(c) All third parties relying on financial statements
The trend in litigation suggests the courts will most likely draw the line between categories (a) and
(b) for purposes of deciding who auditors owe a duty of care to under common law. For gross
negligence or fraud on the part of the auditor the third-party liability is much broader.
The second element of negligence is breach of duty of care. Due professional care implies the careful
application of all the standards of the profession (GAAS, GAAP) and observance of all the rules of
professional conduct. The courts have interpreted care to be reasonably prudent practice; therefore,
neither the highest possible standards nor the minimum standards would be considered due care from
a legal perspective.
The third element is that some damage must occur to the third party—otherwise only the audit fee
can be recovered. The last element of negligence requires that there be a causal link between the
breach of duty and the resulting damage. Thus, for example, if losses occur before the time of the
audit, or if it can be proven that the plaintiff did not rely on the audited information to any significant
degree, the lawsuit will not be successful.
The primary defence against a negligence claim is to offer evidence that the audit had been
conducted in accordance with GAAS with due professional care. In several Canadian cases, the
auditors successfully argued that clients should not have relied on the financial statements to make
their decision. A good example is a bank. Banks usually have available to them not only their
customers’ financial statements but a great deal of other information as well. Their decision to
extend a loan is very often based on considerations quite apart the opinion of the customer’s auditors.
The Canada Business Corporation Act (CBCA), along with related provincial corporation acts,
identifies conditions under which the auditor is not considered independent. The CBCA also
identifies the financial statements subject to audit, and specifies that the financial statements must be
in conformity with the CICA Handbook. This gives Handbook standards much higher legal status
than comparable standards in the United States.
The CBCA was amended in 2001 to change the liability associated with financial statement
misrepresentations from one of joint and several liability to modified proportionate liability. Auditors
in Canada are now liable under the CBCA to the extent of their degree of responsibility for the loss
(proportionate liability). However, the proportionate liability is modified in that if other defendants
Smieliauskas/Bewley, 5e
What You Really Need to Know
© The McGraw-Hill Companies, Inc., 2010
5-3
Legal Liability
in the lawsuit are unable to pay, the auditor is then liable for additional payments capped at 50
percent of his own original liability. Under some conditions, the courts can revert to the joint and
several liability, in which case the auditor may be required to pay up to 100 percent of the damages.
The Hercules case, along with post-Enron developments, prompted Ontario to pass its Bill 198 in
December 2002. The Canadian Securities Association is promoting passage of similar legislation
throughout all of Canada’s provinces in an effort to demonstrate that Canadian regulators are as
concerned in preserving the integrity of their capital markets as the SEC is in the U.S. This
legislation creates statutory law a civil liability for PAs and others accused of misleading the public.
It allows class action lawsuits against PAs, placing the burden of proof that a drop in the client’s
share price was not due to a financial statement misrepresentation on the defendant. In other words,
once a misrepresentation has been identified, it is up to the auditor to show that any losses suffered
by investors were not due to the misrepresentation. However, the legislation puts caps on the PA’s
liability and uses the proportionate rather than the joint and several liability rule. These limitations
on liability, however, do not apply if the PA knowingly deceived the market.
The auditors defence under Bill 198 is to show that they acted with due professional care and they
had no reasonable basis for believing the statements the financial statements are false. To prove due
diligence, auditors need to document their work in the audit file.
The two US laws that affect auditors are The Foreign Corrupt Practices Act of 1977 (FCPA) and the
Racketeer Influenced and Corrupt Organization Act (RICO). The FCPA makes it a criminal
offence for American companies to bribe a foreign official. The FCPA is a law directed at company
managements. Independent auditors have no direct responsibility under these laws. There are two
Canadian versions of these laws: the Bill C-22 Proceeds of Crime (Money Laundering) and Terrorist
Financing Act (PCMLTFA); and Corruption of Foreign Officials Act.
Bill C-22 permits fines of up to $2 million and prison terms for management and employees if they
engage in money laundering. Auditors should be aware of their reporting responsibilities to outside
agencies, and the need to avoid being considered accomplices under the legislation.
A unique feature of Canadian common law is the expanding concept of accountants’ fiduciary duty.
An accountant may be a fiduciary when he or she acts as an auditor, or simply an adviser, to a
vulnerable client. If a court concludes that an accountant is a fiduciary, he or she may be held
responsible for damages, even though (1) the PA’s conduct did not cause the damage, (2) the
plaintiff failed to take reasonable steps to mitigate those damages, or (3) the plaintiff was partially at
fault or other third parties contributed to the damages suffered. Thus, a PA’s common defences to a
negligence action, such as contributory negligence, remoteness of damages, failure to mitigate and no
duty of care, do not apply to an action in breach of fiduciary duty.
Smieliauskas/Bewley, 5e
What You Really Need to Know
© The McGraw-Hill Companies, Inc., 2010
5-4