A U D I T I N G A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT 9 th Edition Karla M. Johnstone Audrey A. Gramling Larry E. Rittenberg CHAPTER 4 PROFESSIONAL LIABILITY AND THE NEED FOR QUALITY AUDITOR JUDGMENTS AND ETHICAL DECISIONS
LEARNING OBJECTIVES 1. Discuss the liability environment in which auditors operate and explore the effects of lawsuits on audit firms 2. List laws from which auditor liability is derived and describe the causes of legal action against auditors 3. Describe possible causes of action, remedies or sanctions, and auditor defenses under both common law and statutory law 4-2
LEARNING OBJECTIVES 4. Articulate a framework for making quality professional decisions and apply this framework in selected audit settings 5. Articulate a framework for making quality ethical decisions and apply this framework in selected settings 6. Describe and apply the IESBA s Code of Ethics and the AICPA s Code of Professional Conduct 4-3
THE AUDIT OPINION FORMULATION PROCESS 4-4
PROFESSIONAL JUDGMENT IN CONTEXT Audits of two of KPMG LLP s largest sub prime mortgage lending clients, New Century Financial Corporation and Countrywide, led the firm to settle litigation charges in 2010 for $44.7 million and $24 million, respectively KPMG had given both companies unqualified audit opinions just before the housing crash of 2007 4-5
PROFESSIONAL JUDGMENT IN CONTEXT KPMG was subsequently accused of: Violating professional standards Lacking independence Being negligent The firm defended itself by arguing that its audits were not the cause of financial woes and it was the failed business model of the two companies that led to investor losses 4-6
PROFESSIONAL JUDGMENT IN CONTEXT How does the business environment affect the litigation risk faced by audit firms? (LO 1) Should auditors be held liable when their client s business fails or its financial statements contain a fraud that the auditors did not detect? (LO 2) What defenses do auditors use in response to litigation? (LO 3) What actions can auditors take to minimize litigation exposure? (LO 3, 4, 5, 6) 4-7
LEARNING OBJECTIVE 1 DISCUSS THE LIABILITY ENVIRONMENT IN WHICH AUDITORS OPERATE AND EXPLORE THE EFFECTS OF LAWSUITS ON AUDIT FIRMS
EFFECTS OF LAWSUITS ON AUDIT FIRMS Litigation cases are expensive for audit firms Result in monetary losses Consume time of audit firm members Hurt their reputation Practice protection costs are second-highest costs for audit firms after employee compensation costs 4-9
REASONS FOR LITIGATION AGAINST AUDIT FIRMS Liability doctrines permit a recovery of full amount of settlement from an external audit firm even though that firm is found to be only partially responsible for the loss Deep-pocket theory: Suing another party based on perceived ability of that party to pay damages Class action suits and associated user awareness of possibilities and rewards of litigation 4-10
REASONS FOR LITIGATION ON AUDIT FIRMS Contingent-fee-based compensation for law firms Misunderstanding by some users of financial statements that an unqualified audit opinion represents an insurance policy against investment losses 4-11
LIABILITY DOCTRINES Joint and several liability: Apportions losses among all defendants who have an ability to pay for damages, regardless of level of fault Designed to protect users suffering losses because of misplaced reliance on materially misstated financial statements 4-12
LIABILITY DOCTRINES Private Securities Litigation Reform Act (PSLRA) of 1995 Designed to curb frivolous securities class action lawsuits brought under federal securities laws against low performing stock of companies Liability is proportional unless auditor knowingly participated in a fraud Proportionate liability: Payment by an individual defendant based on degree of fault 4-13
CLASS ACTION LAWSUITS Brought on behalf of a large group of plaintiffs to: Consolidate lawsuits Encourage consistent judgments Minimize litigation costs Plaintiff shareholders may bring suit for themselves and all others in a similar situation Allows underprivileged individuals to seek compensation for damages 4-14
CONTINGENT-FEE COMPENSATION FOR LAWYERS Lawyers work on contingent fee basis Contingent fee: Depends on finding or results of services Contingent-fee cases: Lawsuits brought by plaintiffs with compensation for their attorneys being contingent on the outcome of the litigation 4-15
AUDITS VIEWED AS AN INSURANCE POLICY Expectations gap: Shareholders mistakenly believe that they are entitled to recover losses on investments for which auditor provided unqualified opinion on financial statements Encourages large lawsuits against auditors even for cases when auditor is partially or not at fault 4-16
LEARNING OBJECTIVE 2 LIST LAWS FROM WHICH AUDITOR LIABILITY IS DERIVED AND DESCRIBE THE CAUSES OF LEGAL ACTION AGAINST AUDITORS
LAWS FROM WHICH AUDITOR LIABILITY IS DERIVED Common law: Liability concepts developed through court decisions based on negligence, gross negligence, or fraud Contract law: Liability occurred where there is a breach of contract Contract is between external auditor and client for performance of financial statement audit 4-18
CAUSES OF LEGAL ACTION Statutory law: Developed through legislation Securities Act of 1933 Securities Exchange Act of 1934 Sarbanes-Oxley Act of 2002 Breach of contract Failure to perform a contractual duty that has not been excused For audit firms, parties to a contract include clients and designated third-party beneficiaries 4-19
CAUSES OF LEGAL ACTION Negligence: Failure to exercise reasonable care, thereby causing harm to another or to property Gross negligence Failure to use minimal care or evidence of activities that show a recklessness or careless disregard for truth Evidence may not be present, but inferred by jury because of carelessness of defendant s conduct 4-20
CAUSES OF LEGAL ACTION Fraud: Intentional concealment or misrepresentation of a material fact Intending to deceive another person Causing damage to deceived person Scienter: Knowledge on part of person making representations, at the time they are made, that they are false 4-21
PARTIES THAT MAY BRING SUIT AGAINST AUDITORS Client and third-party users - Anyone who can support a claim that damages were incurred based on misleading audited financial statements can bring a claim against an auditor Can accuse auditor of: Breach of contract Tort: A civil wrong, other than breach of contract, based on negligence, constructive fraud, or fraud 4-22
EXHIBIT 4.1 - OVERVIEW OF AUDITOR LIABILITY 4-23
LEARNING OBJECTIVE 3 DESCRIBE POSSIBLE CAUSES OF ACTION, REMEDIES OR SANCTIONS, AND AUDITOR DEFENSES UNDER BOTH COMMON LAW AND STATUTORY LAW
COMMON-LAW LIABILITY TO CLIENTS - BREACH OF CONTRACT Auditors are expected to fulfill contractual responsibilities to clients Can be held liable to clients under contract law and/or under common law for breach of contract Can be sued under concepts of negligence, gross negligence, and fraud 4-25
COMMON-LAW LIABILITY TO CLIENTS - BREACH OF CONTRACT Causes for action against auditor for breach of contract Violating client confidentiality Failing to provide audit report on time Failing to discover a material error or employee fraud Withdrawing from an audit engagement without justification 4-26
COMMON-LAW LIABILITY TO CLIENTS - BREACH OF CONTRACT Remedies for breach of contract Requires specific performance of contract agreement Grant of an injunction to prohibit auditor from doing certain acts Provide for the recovery of amounts lost as a result of breach When an injunction is not appropriate the client is entitled to recover compensatory damages 4-27
COMMON-LAW LIABILITY TO CLIENTS - BREACH OF CONTRACT Auditor s arguments as defenses against a breach of contract suit Auditor exercised due professional care in accordance with contract Client was contributory negligent Client s losses not caused by breach 4-28
AUDITING IN PRACTICE - MOSS ADAMS AND THE MERIDIAN MORTGAGE FUNDS FRAUD This case illustrates that auditors can be held liable for failing to detect a fraud, even when management is perpetrating it and concealing it Audit firms can face serious litigation risk when: Clients are acting fraudulently They conduct audits in a way that allows those relying on the financial statements to question audit quality 4-29
COMMON-LAW LIABILITY TO THIRD PARTIES To win a claim against the auditor, third parties suing under common law must prove that: They suffered a loss The loss was due to reliance on misleading financial statements The auditor knew, or should have known, that financial statements were misleading 4-30
DIFFERING REQUIREMENTS FOR AUDITOR LIABILITY TO THIRD PARTIES Foreseeability and negligence: Common Law The Ultramares case: Third-party beneficiary test Expansion of Ultramares: Identified user test Foreseen user test Foreseeable user test 4-31
FORESEEABILITY AND NEGLIGENCE - COMMON LAW Critical point in determining the type of claim is the likelihood that an auditor could foresee the user relying upon audited financial statements Less foreseeable plaintiffs need to establish a gross negligence claim Foreseeable users, in some jurisdictions, have to establish only a negligence claim 4-32
THE THIRD-PARTY BENEFICIARY TEST New York Court of Appeals in 1931, Ultramares Corporation v. Touche case Court held auditors liable to third parties for fraud and gross negligence, but not for negligence Third-party beneficiary: A person who was not a party to a contract, but is named in contract as one to whom contracting parties intended that benefits be given For liability to be established, a third-party beneficiary must be specifically identified as a user 4-33
THE IDENTIFIED USER TEST Credit Alliance Corp. v. Arthur Andersen & Co., New York Court of Appeals extended auditor liability for ordinary negligence to identified users Identified user: The auditor has specific knowledge that known users will be utilizing financial statements in making specific economic decisions 4-34
FORESEEN USER TEST Restatement (Second) of Torts expanded auditor liability for negligence to: Identified users Foreseen users: Individually unknown third parties who are members of a known or intended class of third-party users who the auditor can foresee will use the statements Client must inform auditor that third parties intend to use financial statements Auditor does not have to know identity of third party 4-35
FORESEEABLE USER TEST Some courts have extended auditor liability to foreseeable users of audited financial statements Foreseeable users: Not known by auditors to be using financial statements Recognized by general knowledge as current and potential creditors and investors who will use them 4-36
EXHIBIT 4.2 - FORESEEABILITY CONCEPTS FOR AUDITOR S COMMON-LAW LIABILITY TO THIRD PARTIES 4-37
AUDITOR LIABILITY UNDER STATUTORY LAW Primary federal statutes affecting auditor liability for public clients Securities Act of 1933 Securities Exchange Act of 1934 Sarbanes-Oxley Act of 2002 Enacted to assure that investors in public companies have access to full and adequate disclosure of relevant information 4-38
AUDITOR LIABILITY UNDER STATUTORY LAW Auditors found unqualified, unethical, or in willful violation of any provision of federal securities laws can be disciplined by SEC Possible sanctions available to SEC Temporarily or permanently revoking firm s registration with PCAOB Imposing a civil penalty of up to $750,000 for each violation Requiring special continuing education of firm personnel 4-39
SECURITIES ACT OF 1933 Requires companies to file registration statements with the SEC before issuing new securities to public Registration statement contains: Information about company itself Lists of its officers and major stockholders Plans for using proceeds from new securities issue 4-40
SECURITIES ACT OF 1933 Prospectus First part of a registration statement filed with SEC Issued as part of a public offering of debt or equity Used to solicit prospective investors in a new security issue containing, among other items, audited financial statements Securities Act of 1933 imposes liability for misstatements in a prospectus 4-41
SECURITIES ACT OF 1933 Section 11 Most important liability section from the perspective of external auditors It imposes penalties for misstatements contained in registration statements Accuracy of registration statement is determined at its effective date 4-42
SECURITIES ACT OF 1933 SEC intends to assure full and fair disclosure of public financial information An auditor may be held liable to purchasers of securities for negligence, or gross negligence and fraud Purchasers need to prove that: They incurred a loss Financial statements were materially misleading or not fairly stated 4-43
SECURITIES ACT OF 1933 In their defense, auditors must prove that: Due professional care was used Statements were not materially misstated The purchaser did not incur a loss caused by the misleading financial statements 4-44
SECURITIES EXCHANGE ACT OF 1934 Regulated companies are required to file periodic reports with the SEC and stockholders Annual reports to shareholders and 10-Ks Annual reports filed with the SEC Both contain audited financial statements 10-Ks must be filed within 60 to 90 days of the end of the fiscal year Quarterly financial reports to shareholders and 10-Qs Quarterly reports filed with the SEC 10-Qs must be filed within 40 to 45 days of end of each of first three quarters 10-Qs must be reviewed by auditors 8-Ks Reports filed with the SEC describing occurrence of important events 4-45
SECURITIES EXCHANGE ACT OF 1934 Prohibits material misrepresentations or omissions and fraudulent conduct Provides a general antifraud remedy for purchasers and sellers of securities Auditor may be held liable for fraud when a plaintiff alleges being misled by misstatements in financial statements 4-46
SECURITIES EXCHANGE ACT OF 1934 Act makes it unlawful to: Make any untrue statement of a material fact Omit to state a material fact necessary for understanding financial statements Basic elements for a successful case for securities fraud Material misrepresentation or omission Fraudulent conduct in connection with purchase or sale of a security 4-47
SECURITIES EXCHANGE ACT OF 1934 Scienter, when making the misrepresentation or omission Reliance upon fraudulent conduct Measurable monetary damages A causal connection between misrepresentation or omission and economic loss Showing compliance with generally accepted accounting principles (GAAP) is an acceptable defense by an auditor 4-48
SECURITIES EXCHANGE ACT OF 1934 Criminal actions against auditors who: Willfully violate provisions of either Act and related rules or regulations Know that financial statements are false and misleading and who issue inappropriate opinions Resolutions in these cases Injunctions and disgorgement orders Civil penalties Suspending individuals from serving as directors of securities issuers or participating in securities industry 4-49
LEARNING OBJECTIVE 4 ARTICULATE A FRAMEWORK FOR MAKING QUALITY PROFESSIONAL DECISIONS AND APPLY THIS FRAMEWORK IN SELECTED AUDIT SETTINGS
A FRAMEWORK FOR PROFESSIONAL DECISION MAKING Quality decisions of auditors Add value to financial markets Unbiased Meet expectations of users Comply with professional standards Based on sufficient factual information to justify the decision that is rendered 4-51
EXHIBIT 4.3 - A FRAMEWORK FOR PROFESSIONAL DECISION MAKING 4-52
STEPS IN DECISION MAKING Step 1 - Auditor structures the problem Consider relevant parties to involve in the decision process Identify and consider evaluation of various feasible alternatives Identify uncertainties or risks Step 2 - Auditor assesses consequences of alternatives Determining and weighing dimensions on which to evaluate the alternatives 4-53
STEPS IN DECISION MAKING Step 3 - Auditor assesses the risks in the situation Risks the audit client faces Quality of evidence the auditor gathers Sufficiency of audit evidence gathered Step 4 - Auditor evaluates the various information/audit evidence Decision rules are articulated in terms of generally accepted accounting principles or auditing standards 4-54
STEPS IN DECISION MAKING Step 5 - Auditor considers the sensitivity of the conclusions reached in earlier steps Professional judgment: Application of professional knowledge to facts and circumstances to reach a conclusion or make a decision Client and auditor use their professional judgment to determine a value most reflective of economic reality 4-55
AUDITING IN PRACTICE - WHAT IS PROFESSIONAL JUDGMENT? A first part of professional judgment is determining when the auditor has sufficient appropriate evidence to make a decision Then he or she competently applies auditing and/or accounting principles and makes decisions that are appropriate Given the evidence should be known to the auditor at the time of the judgment Documenting a professional judgment is critical 4-56
STEPS IN DECISION MAKING Step 6 - Auditor gathers information in an iterative process that affect considerations about consequences and uncertainties of potential alternatives Costs and benefits of information acquisition considered Step 7 - Auditor needs to decide whether: The problem has been sufficiently analyzed The risk of making an incorrect decision has been minimized 4-57
IMPORTANCE OF SKEPTICISM IN MAKING PROFESSIONAL JUDGMENTS A professionally skeptical auditor will: Critically question contradictory audit evidence Carefully evaluate reliability of audit evidence Reasonably question authenticity of documentation Reasonably question honesty and integrity of: Management Individuals charged with governance Third party providers of audit evidence 4-58
IMPORTANCE OF SKEPTICISM IN MAKING PROFESSIONAL JUDGMENTS Tips to encourage skeptical mindset Be sure to collect sufficient evidence When evidence is contradictory, be diligent in evaluating reliability of individuals or processes Generate independent ideas about reasons for unexpected trends or financial ratios Question trends that appear too good Wait to make professional judgments until facts known Have confidence in your knowledge to understand complex situations 4-59
AUDITING IN PRACTICE - AN EXAMPLE OF POOR PROFESSIONAL JUDGMENT AND LOW AUDIT QUALITY Scharfman was conducting sham audits After conducting its review of Scharfman s work on the audits, the PCAOB: Revoked his CPA firm s registration Barred him from performing audits for public entities permanently His actions are an extreme example of low quality auditing and poor professional decision making 4-60
LEARNING OBJECTIVE 5 ARTICULATE A FRAMEWORK FOR MAKING QUALITY ETHICAL DECISIONS AND APPLY THIS FRAMEWORK IN SELECTED SETTINGS
RESOLVING ETHICAL DILEMMAS Ethical dilemma: A situation in which moral duties or obligations conflict An ethically correct action may conflict with an individual s immediate self-interest Ethical theories help in dealing with ethical dilemmas Utilitarian theory Rights theory 4-62
UTILITARIAN THEORY Suggests that ethical is the action that achieves the greatest good for the greatest number of people Requirements An identification of the potential problem and possible courses of action An identification of the potential direct or indirect impact of actions on each affected party An assessment of the desirability of each action An overall assessment of the greatest good for the greatest number 4-63
PROBLEM WITH UTILITARIAN THEORY This approach can lead to disastrous courses of actions when those making decisions fail to adequately measure or assess potential costs and benefits 4-64
RIGHTS THEORY Identifies a hierarchy of rights that should be considered in solving ethical dilemmas Based on fundamental rights of parties involved Higher order rights take precedence over lower order rights Most effective in identifying outcomes that ought to be automatically eliminated 4-65
HIERARCHY OF RIGHTS Highest order Include the right to life, to autonomy, and to human dignity Include rights granted by government Civil rights, legal rights, rights to own property, and license privileges Related to social rights Right to education, to good health care, and to earning a living Secondorder Thirdorder Fourthorder Related to one s nonessential interests or one s personal tastes 4-66
EXHIBIT 4.4 - A FRAMEWORK FOR ETHICAL DECISION MAKING 4-67
LEARNING OBJECTIVE 6 DESCRIBE AND APPLY THE IESBA S CODE OF ETHICS AND THE AICPA S CODE OF PROFESSIONAL CONDUCT
INTERNATIONAL ETHICS STANDARDS BOARD FOR ACCOUNTANTS (IESBA) CODE OF ETHICS The Code of Ethics requires auditors to adhere to fundamental principles Integrity Objectivity Professional competence and due care Confidentiality Professional Behavior 4-69
AICPA CODE OF PROFESSIONAL CONDUCT Principles of professional conduct Broad principles that articulate auditors responsibilities and their requirements to: Act in the public interest Act with integrity and objectivity Be independent Exercise due care Perform an appropriate scope of services 4-70
AICPA RULES OF CONDUCT Rules of conduct Detailed guidance to assist an auditor in applying broad principles contained in AICPA s Code of Professional Conduct Rules evolved over time as members of profession encountered specific ethical dilemmas in complying with principles of the Code 4-71
INDEPENDENCE - RULE 101 External auditors required to be independent when providing services to either public or private entities Specific rulings provide detailed guidance on such matters as: Financial interests in the client Family relationships Loans with a client Performance of nonaudit services 4-72
FINANCIAL INTEREST Applies to: A covered member An individual on audit engagement team An individual in a position to influence audit engagement A partner in office in which lead audit engagement partner primarily practices in connection with audit engagement Covered member s immediate family also subject to Rule 101 4-73
FINANCIAL INTEREST Direct financial interest: Owned directly by, or under the control of, an individual or entity or beneficially owned through an investment vehicle, estate, or trust Beneficiary controls intermediary or has authority to supervise or participate in intermediary s investment decisions Indirect financial interest: Beneficiary does not have control or authority to supervise or participate in intermediary s investment decisions 4-74
FAMILY RELATIONSHIPS AND LOANS Covered member s independence considered impaired if immediate family member employed by an audit client in a key position Limits on types and amounts of loans covered members may obtain from a financial institution that is also an audit client Auditors permitted to obtain normal loans if they are at standard terms 4-75
PERFORMING NONAUDIT SERVICES AICPA s code does not prohibit auditors from performing other services such as bookkeeping for their private client Sarbanes-Oxley Act requires that external auditors may not provide the following nonaudit services to publicly traded clients: Bookkeeping services Financial information systems design and implementation 4-76
PERFORMING NONAUDIT SERVICES Appraisal or valuation services Actuarial services Internal audit outsourcing services Management functions or human resources Broker or dealer, investment adviser, or investment banking services Legal services and expert services unrelated to the audit 4-77
INTEGRITY AND OBJECTIVITY - RULE 102 AICPA members required to act with integrity and objectivity in all services that may be provided to a client Applies to CPAs who are not in public practice CPA - Special certificate that holds its owner to a high standard of ethical conduct 4-78
GENERAL STANDARDS - RULE 201 Members required to comply with following standards and with any interpretations thereof by bodies designated by Council Professional competence Due professional care Planning and supervision Sufficient relevant data 4-79
COMPLIANCE WITH STANDARDS - RULE 202 Members performing following tasks required to comply with standards promulgated by bodies designated by Council Auditing Review Compilation Consulting Tax Other professional services 4-80
ACCOUNTING PRINCIPLES - RULE 203 When financial statements are not in conformance with GAAP, members not allowed to: Express an opinion that financial data are presented in conformity with generally accepted accounting principles or State unawareness regarding any material modifications that should be made to financial data to be in conformity with generally accepted accounting principles 4-81
CONFIDENTIALITY - RULE 301 Client must be assured that auditor will not communicate confidential information to outside parties Privileged communication: Information about a client that cannot be subpoenaed by a court of law to be used against a client Most states allow privileged communication for lawyers, but not for auditors 4-82
CONFIDENTIALITY - RULE 301 Auditors not restricted from communicating information for the following purposes To assure adequacy of accounting disclosures required by GAAP To comply with a validly issued and enforceable subpoena or summons or with applicable laws and government regulations 4-83
CONFIDENTIALITY - RULE 301 To provide relevant information for an outside quality review of firm s practice under PCAOB, AICPA, or state board of accountancy authorization To initiate a complaint with or responding to an inquiry made by: AICPA s professional ethics division Trial board or investigative or disciplinary body of a state CPA society or board of accountancy 4-84
CONTINGENT FEES - RULE 302 Contingent fee: Charged for performance of any service A fee will not be collected unless a specified finding or result is attained, or in which amount of fee depends on the finding or results of such services Contingent fees are not allowed for audit engagements 4-85
ACTS DISCREDITABLE - RULE 501 Members not allowed to commit an act discreditable to the profession 4-86
ADVERTISING AND OTHER FORMS OF SOLICITATION - RULE 502 Members in public practice not allowed to seek clients by advertising or other forms of solicitation in a false, misleading, or deceptive manner Solicitation by use of coercion, overreaching, or harassing conduct is prohibited 4-87
COMMISSIONS AND REFERRAL FEES - RULE 503 Commissions prohibited for: Recommendation or referring to a client any product or service Recommendation or referring any product or service to be supplied by a client Members or the members firms performing attestation services for client 4-88
COMMISSIONS AND REFERRAL FEES - RULE 503 Disclosure of permitted commissions: Members not prohibited from performing services or receiving commission discloses that fact to any person or entity to whom product or service is recommended or referred Referral fees: Any member who accepts a referral fee for recommending or referring any service of a CPA to any person or entity or who pays a referral fee to obtain a client shall disclose such acceptance or payment to the client 4-89
FORM OF ORGANIZATION AND NAME - RULE 505 Members allowed to practice public accounting only in a form of organization permitted by state law or regulation Members not allowed to practice public accounting under a firm name that is misleading 4-90
ENFORCEMENT OF THE CODE OF PROFESSIONAL CONDUCT Compliance with code depends on: Voluntary cooperation of AICPA members Public opinion and reinforcement by peers Disciplinary proceedings by the Joint Ethics Enforcement Program Sponsored by the AICPA and state CPA societies 4-91
ENFORCEMENT OF THE CODE OF PROFESSIONAL CONDUCT Audit and other attestation reports on financial statements can be signed by those licensed as CPAs by their state board of accountancy To become a licensed CPA: Person must pass the CPA exam Meet specific education and experience requirements Agree to uphold the profession and its code of professional conduct 4-92