Chapter 5 Legal Liability Presentation Outline I. Preliminary Legal Concepts II. Common Law and the Auditor III. Statutory Law and the Auditor IV. Profession’s Response to Legal Liability V. Protecting Individual CPAs from Legal Liability I. Preliminary Legal Concepts A. Distinguishing Between Failures and Audit Risk B. The Expectations Gap C. The Prudent Person Concept D. CPA Liability A. Distinguishing Between Failures and Audit Risk Business failure occurs when a business is unable to repay its lenders or meet the expectations of investors because of economic or business conditions. Audit risk represents the risk that the auditor will conclude that the financial statements are fairly stated when in fact they are materially misstated. Audit failure occurs when the auditor issues an erroneous audit opinion as a result of failing to comply with GAAS. B. The Expectations Gap Many financial statement users believe that auditors guarantee the accuracy of financial statements, and some even believe that an auditor guarantees the financial viability of the client’s business. Most auditors believe that the conduct of an audit in accordance with GAAS is all that can be expected of auditors. In most cases, courts continue to support the auditor’s view. C. The Prudent Person Concept A person offering service is understood as holding themselves out to the public as possessing the degree of skill commonly possessed by others in the same employment, and if the pretentions are unfounded, commits a species of fraud upon every person who employs them. A person is liable for negligence, bad faith, or dishonesty, but not for losses resulting from pure errors of judgment. D. CPA Liability Joint and Several Liability The assessment against a defendant for the full loss suffered by the plaintiff, regardless to which other parties shared in the wrongdoing. Separate and Proportionate Liability The assessment against a defendant caused by the defendant’s negligence. For example, if 30% of plaintiff loss is due to misstated financials an accountant would only be held liable for the 30%. For lawsuits in state courts, state law determines which approach to damages applies. When lawsuits are brought under federal securities laws, the separate and proportionate approach will apply except in cases where it can be shown that the CPA knew or participated in the fraud. II. Common Law and the Auditor A. Common Law Defined B. Sources of Auditor Liability to Clients Under Common Law C. Common Law Burden of Proof D. Auditor Liabilities to Third Parties E. Auditor Defenses Under Common Law A. Common Law Defined Common law refers to unwritten or case-made law that evolves from prior or precedent cases. It is state dependent meaning that different laws can be applied under common law in different states. B. Sources of Auditor Liability To Clients Under Common Law Suit in Contract is based on privity and the auditors alleged breach of the agreement (usually the engagement letter). This source does not apply to third parties (nonclients). Suit in tort is based on negligence, gross negligence, or fraud. B1. The Meaning of Negligence Negligence is a failure of a CPA to use due professional care. It is also known by the names simple negligence and ordinary negligence. B2. The Meaning of Gross Negligence 1. The CPA made a representation about a material fact with lack of reasonable support. 2. The purpose of the representation was to induce reliance by another. 3. The representation was relied on by the client or third party. 4. The reliance caused damages to the client or third party. B3. The Meaning of Fraud Fraud contains the following items: 1. False representation 2. Knowledge of a wrong and acting with the intent to deceive 3. The intent to induce reliance 4. Justifiable reliance 5. Resulting damages B4. A Comparison of Terms Negligence v. Gross Negligence Difference is a matter of degree. Negligence is failure to exercise due care. Gross negligence is a reckless departure from the standard of due care. Gross Negligence v. Fraud Fraud is different from gross negligence in that there is an intent to deceive. C. Common Law Burden of Proof In order to hold the auditor liable for substandard auditing, the client must prove: 1. The CPA has a duty of care to the client. 2. The CPA has breached the duty of care. 3. The client suffered damages. 4. The damages were caused by the CPA’s breach of the duty of care. D1. Auditor Liability to Third Parties (Nonclients) – Traditional Rulings Ultramares Corporation v. Touche decided in 1931 in New York. The Ultramares doctrine holds that ordinary negligence is insufficient for liability to third parties because of lack of privity of contract between the third party and the auditor, unless the third party is a primary beneficiary. However, liability to more general third parties will exist if the the third plaintiff can establish gross negligence or fraud. Many courts have broadened the Ultramares doctrine by introducing the concept of a forseen user. Three views have emerged regarding the concept of forseen users. D2. Views on Auditor Liability to Third Parties Credit Alliance (1) Auditor must know and intend that the work product be used by the plaintiff third party for a specific purpose. (2) The knowledge and intent must be evidenced by the auditor’s conduct. Restatement of Torts Rule Forseen users must be members of a reasonably limited and identifiable group of users that have relied on the CPA’s work, such as creditors, even though those persons were not specifically known to the CPA at the time the work was done. Forseeable Users Any users that the auditor should have reasonably been able to forsee as being likely users of financial statements have the same rights as those with privity of contract. Current movement is away from the forseeable users approach. There may be some movement toward the Credit Alliance ruling. E. Auditor Defenses Under Common Law CPA may use the following defenses under common law: 1. There was a lack of duty to perform the service. 2. The engagement was performed using reasonable care and skill, and in accordance with GAAS. 3. There is no connection between the client’s loss and the CPA’s actions. 4. The client was contributively negligent. Note that is defense is not viable against third party plaintiffs since they are not in a position to misstate the financial statements. III. Statutory Law and the Auditor A. Statutory Law Defined B. The Sarbanes-Oxley Act C. Liability to Third Parties (Nonclients) Under the Securities Acts D. Criminal Procedures and Defenses A. Statutory Law Defined Statutory law refers to written law as established by federal or state legislative bodies. B. The Sarbanes-Oxley Act The Sarbanes-Oxley Act provides for fines and imprisonment of up to 20 years for altering or destroying documents to impede an official investigation. (See Figure 5-9 on page 122) C. Liability to Third Parties (Nonclients) Under the Securities Acts The Securities Acts signficantly extended the CPA’s liability to third parties beyond the bounds of common law. Securities Act of 1933 (1933 Act) regulates the initial offering and sale of securities through the mails and other forms of interstate commerce. Only protects original purchaser of securities. Securities Exchange Act of 1934 (1934 Act) deals primarily with trading in previously issued securities. C1. Plaintiff’s Burden of Proof Under the 1933 Act - Section 11 1. The security was part of the offering of shares covered by the registration statement. 2. The registration statement was false or misleading or omitted material information that should have been included. C2. Auditor Defenses under the 1933 Act - Section 11 Third-party users do not have the burden of proof that they relied on the financial statements or that the auditor was negligent or fraudulent in doing the audit. The auditor has the burden of demonstrating as a defense that: An adequate audit was conducted in the circumstances or all or a portion of the plaintiff’s loss was caused by factors other than the misleading financial statements. C3. Plaintiff’s Burden of Proof Under the 1934 Act – Rule 10b-5 1. The materiality of the alleged false, misleading, or omitted statement. 2. The CPA’s knowledge of the statement. Although not the current trend, earlier cases considered poor judgment to be equivalent to knowledge. 3. The plaintiff’s reliance on the statements. 4. Actual damages sustained as a result of such reliance. C4. Auditor Defenses under the 1934 Act – Rule 10b-5 1. CPA’s conduct does not include scienter. Scienter is “a mental state embracing intent to deceive, manipulate or defraud.” 2. The engagement was performed using reasonable care and skill, and in accordance with GAAS. 3. There was a lack of duty to perform the service. 4. There is no connection between the client’s loss and the CPA’s actions. D. Criminal Procedures and Defenses 1. In a criminal action, the U.S. Justice Department or the state attorney general files suit as the plaintiff. 2. Plaintiff does not need to establish damages, only that a statute has been violated. 3. Plaintiff must establish beyond a reasonable doubt that the auditor knew they were acting criminally. 4. Primary defense is “good faith” meaning that the audit complied with GAAP and GAAS, and there was no willful knowledge of criminal acts. IV. Profession’s Response to Legal Liability Auditing research in regard to errors, fraud, and auditor independence. Standard setting to meet changing needs. Peer review to identify deficiencies in meeting standards. Oppose unwarranted lawsuits. Lobby for changes in laws to protect accountants. V. Protecting Individual CPAs from Legal Liability Deal only with clients possessing integrity. Understand the client’s business. Document the work properly. Exercise professional skepticism. The Legal Environment of the Auditor Illegal Client Acts Common law Negligence Gross negligence Statutory law Securities laws Criminal liability Fraud