Audit Legal Environment

Kathleen Sage Huffman, Esq.

Legal liability of the auditor

varies from country to country, district to district.

based on one or more of the following:common law, civil liability under statutory law, criminal liability under statutory law, and liability for members of professional accounting

organizations.

Common Law Ultramares - Touche case (Ultramares Corporation v Touche et al.)

the accountants were negligent for not finding that a material amount of accounts receivable had been falsified when careful investigation would have shown it to be fraudulent, not liable to a third party bank because the creditors were not a primary beneficiary, or known party, called the Ultramares doctrine, that ordinary negligence is not sufficient for a liability to a third party because of lack of privity of contract between the third party and the auditor.

Civil Liability Under Statutory Law

• The Securities Act of 1933 established the first U.S. statutory civil recovery rules for third parties against auditors.

• Original purchasers have recourse against the auditor for up to the original purchase price if the financial statements are false or misleading.

• The auditor has the burden of demonstrating that reasonable investigation was conducted or that all the loss of the purchaser of securities (plaintiff) was caused by factors other than the misleading financial statements.

Sarbanes Oxley Act of 2002 Civil Penalties for CEOs and CFOs

• If there is a material restatement of a company’s reported financial results due to the material noncompliance of the company, as a result of misconduct, the CEO and CFO shall reimburse the company for any bonus or incentive or equity-based compensation received within the 12 months following the filing with the financial statements subsequently required to be restated (Section 304)

• Financial statements filed with the SEC by any public company must be certified by CEOs and CFOs. If all financials do not fairly present the true condition of the company CEOs and CFOs may receive fines of up to $1 million. If certifications are made knowing the statements are incorrect, the fine can be up to $5 million.

Criminal Liability Under Statutory Law

The Securities Exchange Act of 1934 in the United States sets out (Rule 10b-5) criminal liability for the auditor to employ any device, scheme or artifice to defraud or intentionally or recklessly misrepresent information for third party use.

Cases: In United States v. Natelli (1975)* United States v. Weiner (1975) * ESM Government Securities v. Alexander Grant & Co. (1986).

United States v. Natelli (1975)

auditors convicted of criminal liability under 1934 SEC Art for certifying National Student Marketing Corporation financial statements with material account receivable disclosure omissions

United States v. Weiner (1975)

auditors convicted of securities fraud in auditing Equity Funding Corporation of America which overstated financial statements by fraud.

The audit work was so poor that the court concluded that the auditors must have known about the fraud.

ESM Government Securities v. Alexander Grant & Co. (1986).

The company told AG partner about a fraud the prior year and the partner agreed to say nothing.

The partner was sentenced to 12 years in prison.

• To knowingly destroy, create, manipulate documents and/or impede or obstruct federal investigations is considered felony, and violators will be subject to fines or up to 20 years imprisonment, or both

• All audit reports or related workpapers must be kept by the auditor for 7 years. Failure to do this may result in 10 years imprisonment.

• CFOs and CEOs who falsely certify financial statements or internal controls are subject to 10 years imprisonment. Willful false certification may result in a maximum of 20 years imprisonment

Sarbanes Oxley Act of 2002 Criminal Penalties for CEOs, CFOs and Auditors

Liabilities as Members of Professional Organizations

Nearly all national audit professions have some sort of disciplinary court.

The disciplinary court makes its judgment and determines the sanction. It may be:

1. a fine;2. a reprimand (either oral or written);3. a suspension for a limited period of time (e.g. 6

months); or4. a lifetime ban from the profession.

In order to hold the auditor successfully legally liable in a civil suit, the following conditions have to be met:

An audit failure/neglect has to be proven (negligence issue).

The auditor should owe a duty of care to the plaintiff (due professional care).

The plaintiff has to prove a causal relationship between her losses and the alleged audit failure (causation issue)

The plaintiff must quantify her losses (quantum issue).

Suggested Solutions to Auditor Liability

A system of proportionate liability - an audit firm is not liable for the entire loss incurred by plaintiffs but only to the extent to which the loss is attributable to the auditor.

Some countries (e.g. Germany) have put a legally determined cap on the liability of auditors (to the client in the case of Germany).

In order to protect the personal wealth of audit partners, some audit firms are structured as a limited liability partnership (e.g. in the UK).

The Occurrence of Fraud• ISA 240- the responsibility for the

prevention and detection of fraud and error rests with both those charged with the governance and the management.

• ISA 210 states that when planning and performing audit procedures and in evaluating and reporting the results, auditors should consider the risk of misstatements in financial statements resulting in fraud.

• In planning the audit, the auditor must assess the risk that material fraud or error has occurred.

US Fraud Standard• Auditing Standard Number 99

(SAS 99)• The standard requires that as part

of the planning process the audit team must consider how and where the client’s financial statements may be susceptible to fraud.

• Gather information by inquiring of management and consider ing fraud risk factors

Cenco Inc. v. Seidman & Seidman (1982)

Cenco management in massive fraud to inflate the value of company inventory

After the fraud was discovered shareholders sued the auditors who settled out of court for $3.5 million

Replacement management sued the CPAs a second time, who claimed that wrongdoings of management was at fault

CPA firm judged not responsible

The Occurrence of Illegal Acts

Both ISA 250 and most national regulators state that the tauditor is not responsible for preventing non-compliance and cannot be expected to detect noncompliance with all laws and regulations. In conducting an audit of financial statements, the auditor takes into account the applicable legal and regulatory framework when planning the audit.

The professional regulations in some countries require the auditor to inform members of the audit committee or board of directors