Auditing Risk and Liabilities

Auditors are naturally nervous of the potential liability that they face when undertaking their role. This is particularly the case when it comes to the high risk audit client, where there is a much greater chance of inherent problems either within the business itself or with the way that it reports its position. This difficulty is recognised by the Accounting Standards Board to the extent that it has brought out guidance requiring auditors to undertake risk assessments in relation to the potential client, before it undertakes any auditing engagement (AICPA, 2006)^[1]. The role of the auditor is quite simply to report (predominantly to the members of the company) as to whether the accounts have been prepared to give a true and fair view of the company’s financial position. Typically, factors such as complying with the Companies Act 2006 and preparing accounts in accordance with recognised accounting standards are all matters that the auditors will draw on to decide whether or not the accounts have been prepared in a way that gives a true and fair view of the financial position of the company.

The problem occurs when something goes wrong with the company that is being audited. Risks are incurred by auditors when some sort of defect appears in the accounts of the company that has been audited as being true and fair. Naturally, the burden does not rest entirely with the auditor and there may well be other parties who are drawn in as jointly responsible, such as those who prepare the accounts, the directors of the company, the staff members within the company and, in the case of fraud, the person responsible for the fraud. However, for the purposes of this examination, only auditor risk will be considered (Cunningham, 2007)^[2].

Auditors are often the main target when there is a problem, particularly in the case of a corporate collapse, due to the perception that they have deep pockets, largely provided by the indemnity insurance that auditors hold. Liquidators are particularly keen to access these funds as those involved in the business will rarely have access to any funds, at this point.

Auditor risk (i.e. the risk of the auditor giving an incorrect opinion on the accounts) can be broken down into three areas: inherent, control and detection. The risk that a set of company accounts is inaccurate is inherently higher in certain sectors. When setting the level of audit risk, in this respect, the auditor will not take into account the level of internal control and will only consider the risk inherent with the business. For high risk audit clients, this inherent risk will be considerably higher than in other sectors, e.g. banking and financial institutions.

Control risk is different from inherent risk in that it measures how likely it is that the company will pick up any accounting misstatements, if they occur. This is vital as a company may be inherently very risky; however, if it has exceptionally good internal controls, the inherent risks will be substantially limited. Finally, there are detection risks which reflect the risk that auditors do not pick up any misstatements that remain in the accounts (Worthington, 2007)^[3].

Therefore, where there is an inherently high risk client, this will not necessarily result in an increased audit risk, if the controls are sufficient. Similarly, there may be an inherently un-risky company that has few or no controls, yet may become considerably more risky than it would immediately appear.

Because of the potentially high risks involved and the chances of auditors being targeted in order to assist recovery of funds, in cases of corporate collapse, it is not surprising that auditors are keen to establish a cap on their liability.

The Office of Fair Trading was asked by the government to consider whether imposing a cap on liability would result in a negative impact on competition between auditing firms. This is particularly concerning given the dominance of the top four accountancy firms in this area (KPMG, Pricewaterhouse Coopers, Ernst & Young and Deloittes). There were mixed views from the auditing profession, with some believing that a liability on the cap would result in an increase in competition, whereas others believed that the cap would increase the dominance of the big four firms.

The OFT noted, in the report, that there were no available mechanisms for auditors to limit their liability in relation to faults due to negligence or incompetence. It also noted that it saw no history of courts awarding excessive amounts in cases relating to auditor liability. It also referred to the fact that most auditing companies are set up in an LLP structure so that the partners’ personal assets are protected and the existence of professional insurance was noted.

The report concluded that the position should not alter in relation to auditors’ liability and no cap should be introduced. However, it did recognise that there was at least an argument in favour of introducing a cap. In particular, the report recognised the key differences that exist between the UK and US. It should also be noted that the recommendations deviated from the findings of the report and this shift will be discussed later in the examination.

In the OFT report, it was recognised that one of the leading cases for dealing with the scope of liability for auditors remains that of Caparo v Dickman^[4] where a duty of care was established between the auditor and a minor shareholder. Although the decision itself was not surprising, the obiter in the case maintained that only the company could bring an action against the auditors. This position is not the same in the US where other third parties can bring actions aside from the company (although the changes in the Companies Act 2006 should be noted) (Smith & Keenan, 2004)^[5].

The case of Royal Bank of Scotland v Bannerman Johnstone Maclay^[6] served as a timely manner of the extent of this potential duty of care. In this case, liability was allowed to be extended to third parties that have been adversely affected by a corporate failure. In this case, the issue of whether auditors could possibly have a duty of care to the company bankers was considered. The bankers continued to make investments into the company, having relied on the financial accounts that were incorrectly prepared and audited. The auditors naturally relied on the Caparo case and attempted to argue that they had no liability to third parties. Conversely, the bank argued that the auditors knew the bankers would be relying on the accounts and felt that this meant that a duty would be owed (Vinten, 1999)^[7].

By considering all of the facts such as the degree of attention that was placed on the loan facilities being provided by the bank, it was felt by the court that the auditors did, in fact, assume a duty of care towards the bankers. The auditors were completely aware of the banks’ role in assessing working capital. It was noted by the court that if the auditors had issued a suitable disclaimer then the decision would have been different. As a result of this case, the Institute of Chartered Accountants of England and Wales has issued advice that auditors should include a disclaimer, advice which all four of the big four auditors have chosen to accept. Conversely, the Association of Chartered Certified Accountants felt that a disclaimer should not be routinely used, as it may undermine the value of audit reports.

Regardless of this, the potential of liability to third parties has undoubtedly caused some nerves for the auditing firms (Pacini, Hilison & Sinason, 2000)^[8].

Despite the ability of audit firms to establish themselves as limited liability partnerships, audit firms have pressed for a change in the regime from a joint and several liability process to a proportionate liability regime as seen in the US. As previously indicated, the joint and several liability process often results in the auditors being much greater targets where a claim is thought to exist. In the US, there is the Private Securities Litigation Reform Act of 1995 which specifically replaced the joint and several liability approaches with that of proportionate liability. Under the US regime, liability is allocated based on the degree of wrong doing for which each party is potentially responsible, rather than based on who has the deeper pockets, which seems to be more the case in the UK. This has the effect that where there is no wrongdoing, companies are not inclined to sue the auditors simply because they have the resources to pay any damages (van Boom, Koziol, Witting & Bloch, 2004)^[9].

As well as limiting the way that wrongdoing is allocated, the PSLRA 1995 has the impact of limiting the cap on liability to reflect the difference between the sale or purchase price and the mean trading price that the company displayed in the ninety day period immediately after the market became aware of the misstatement. This is clearly completely opposite to the structure in the UK whereby liability is joint and several and limitation is based on the loss levels that the claimant can prove in court that they have lost.

This critical difference between the UK and US also raises issues when there are international companies involved that can legitimately bring an action in either jurisdiction. In these cases, it is likely that the company would choose to bring an action in the UK against the UK branch of the audit company in order to avoid the limitation on liability that exists in the US (Hood, Rothstein & Baldwin, 2004)^[10].

Whilst this dichotomy between the US and UK has not entirely been closed, the issue has certainly been considered by policy setters, in the UK. There was some speculation that provisions to provide a cap on limitation would be introduced in the Companies Act 2006. This has not happened, but some concessions have occurred that will potentially be of assistance to auditors in attempting to limit their liability.

Under part 16 of the 2006 Act, a company cannot indemnify its auditor. Where previously a company could purchase insurance for their auditor, this is no longer the case; however, the company can agree to indemnify the auditors for any costs incurred in successfully defending a claim. The big amendment under the 2006 Act is that it is now possible for the company to agree a liability limit in the form of a liability limitation agreement (LLA) with the auditors. This agreement can cover breach of duty, negligence and breach of trust, thus making it potentially exceptionally useful for auditors.

There are some restrictions as to when an LLA can be entered into. These include approval by the company’s members; it must be limited to the financial year of the audit and it must not be limited at a level that is below that which is seen as fair and reasonable. When considering what a fair and reasonable amount of limitation would be, the court will take into account various factors including other sources of recourse that the company may have against other parties, thus retaining the essence of joint and several liability (Markesinis & Deakin, 1999)^[11].

Auditors in the UK are rightly concerned about the level of risk that they are potentially exposed to when undertaking their role as auditor. The position is distinct from that in the US and has resulted in UK auditors facing an increasing burden in international transactions. The failure to impose a liability cap naturally means that those attempting to reclaim losses will target the deep pockets of the auditor. The argument against having a proportional liability approach is that in doing so the valuable auditor’s reputation would be jeopardised (Law, 2008)^[12].

There have been slight moves towards capping liability in the 2006 Act, but this has not gone nearly as far as the auditing profession would have liked and is still not in line with the position in the US. Despite multiple efforts, it would seem that a statutory limitation of liability is not going to be forthcoming and auditors will have to rely on entering into their own arrangements with individual companies, although the fair and reasonable requirement may result in the effectiveness of this provision being, at best, piecemeal. It seems that for now, at least, auditors’ deep pockets will remain under fire.

Bibliography

Cunningham, L.A., 2007. Securitizing Audit Failure Risk: An Alternative to Caps on Damages. William and Mary Law Review, 49.

Hood, C., Rothstein, H. & Baldwin, R., 2004. The Government of Risk: Understanding Risk Regulation Regimes. Oxford University Press.

Law, P., 2008. Auditors’ perceptions of reasonable assurance in audit work and the effectiveness of the audit risk model. Asian Review of Accounting, 16 (2).

Markesinis, B.S. & Deakin S.F., 1999. Tort Law. Clarendon Press.

Pacini, C., Hillison, W. & Sinason, D., 2000. Auditor liability to third parties: an international focus. Managerial Auditing Journal, 15 (8).

Sealy, L. & Worthington, S., 2007. Cases and Materials in Company Law. Oxford University Press.

Smith, K. & Keenan, D.J., 2004. Smith & Keenan’s English Law. Pearson Education.

van Boom, W.H., Koziol, H., Witting, C.A. & Bloch, L., 2004. Pure Economic Loss. Springer.

Vinten, G., 1999. Audit independence in the UK – the state of the art. Managerial Auditing Journal, 14 (8).

Footnotes

^[1] AICPA Statement on Auditing Standards No. 109, 2006.

^[2] Cunningham, L.A., 2007. Securitizing Audit Failure Risk: An Alternative to Caps on Damages. William and Mary Law Review, 49.

^[3] Sealy, L. & Worthington, S., 2007. Cases and Materials in Company Law. Oxford University Press.

^[4] [1990] 1 All ER 568

^[5] Smith, K. & Keenan, D.J. 2004. Smith & Keenan’s English Law. Pearson Education.

^[6] unreported, 23 July 2002

^[7] Vinten, G., 1999. Audit independence in the UK – the state of the art. Managerial Auditing Journal, 14 (8).

^[8] Pacini, C., Hillison, W. & Sinason, D., 2000. Auditor liability to third parties: an international focus. Managerial Auditing Journal, 15 (8).

^[9] van Boom, W.H., Koziol, H., Witting, C.A. & Bloch, L., 2004. Pure Economic Loss. Springer.

^[10] Hood, C., Rothstein, H. & Baldwin, R., 2004.The Government of Risk: Understanding Risk Regulation Regimes. Oxford University Press.

^[11] Markesinis, B.S. & Deakin, S.F., 1999. Tort Law. Clarendon Press.

^[12] Law, P., 2008. Auditors’ perceptions of reasonable assurance in audit work and the effectiveness of the audit risk model. Asian Review of Accounting, 16 (2).