What You Really Need to Know

Legal Liability

What You Really Need to Know

Chapter 5: Legal Liability

PAs are potentially liable for monetary damages and even subject to criminal penalties including fines and jail terms, for failure to perform professional services properly. They can be sued by clients, clients’ creditors, investors, and the government. Exposure to large lawsuit claims through class actions is permitted under federal rules in Canada and the United States.

Law is essentially a social system for resolving conflicts. Conflicts between individuals (and corporations) that are settled in court are part of what private law or civil law. Disputes between an individual and the state as well as those between states, or different levels of government, are settled in the part of the legal system called public law. Public law includes criminal law, administrative law, and constitutional law. All public law is codified by statutes passed by some level of government.

In the US, SOX is an example of statutory law, as are made charges by the SEC. Another statutory law affecting accountants is the legislation prohibiting money laundering and the payment of bribes. Under this legislation, PAs also have responsibilities to disclose such activities by their clients once they are aware of them. In Ontario, Bill 198 gave the Ontario Securities Commission potentially greater power in setting rules for appointing auditors than even SOX does.

Common law refers to the system of law based primarily on previous judicial decisions. Unlike public law, its laws have not been codified in statutes via legislation (statutory law). It is a distinctive part of the Anglo-American system of private/civil law used in Canada. There are several major categories of civil law: contracts (agreements or promises that create expectations for others), torts (civil wrongs such as negligent actions which create obligations for the offending party), and property (rights over goods and land). Common law liabilities for auditors arise from the law of contracts or torts.

Legal liabilities of PAs arise from lawsuits brought on the basis of the law of contracts or as tort actions for negligence. Most lawsuits based on breach of contract claim that accounting or auditing services were not performed in the manner agreed.

Tort refers to a private or civil wrong or injury such as fraud. These actions are normally brought on by users of financial statements who have suffered a financial loss, asking the auditors compensate them for their losses.

Clients may bring a lawsuit for a breach of contract. The relationship of direct involvement between parties to a contract is also known as privity. When privity exists, a plaintiff only needs to show that the defendant auditor was negligent. If negligence is proven, the auditor may be liable, provided the client did not contribute to his own harm.

Fifty years ago, it was very difficult for parties, other than contracting clients, to succeed in lawsuits against auditors. The case known as Ultramares (1931) expressed the view that, if negligence is so great that it constitutes gross negligence—lack of minimum care in performing professional duties, indicating reckless disregard for duty and responsibility—grounds might exist for concluding that the accountant had engaged in constructive fraud.

Most auditor legal liability arises from the law of negligence, a part of the common law known as the law of torts. Negligence is the failure to perform a duty to a standard of care. Under common law all of the following four elements of negligence must be established by the plaintiff if he is to successfully sue the auditor. There must be a legal duty of care to the plaintiff; there must be a breach in that duty; there must be proof that damage resulted; there must be a reasonably proximate connection between the breach of duty and the resulting damage. The auditor’s best defence is to demonstrate that at least one of the preceding elements is missing. The auditor may also argue that the plaintiff contributed to his own loss by, for example, not correcting internal control weaknesses.

In a contract, an auditor (the first party) owes the client (the second party) a duty of care due to privity of contract. The engagement letter is critical in specifying the contractual obligations. The corporation itself, as a “legal person,” has to claim any damages. In the case of auditors, the owners are not viewed as having privity of contract with the auditors; only the corporation has privity of contract. Thus, shareholders can take action only as third parties. The most significant source of liability to auditors, however, is from these third parties.

The case that extended tort law to cover economic loss is Hedley Byrne v. Heller and Partners (1964). Haig v, Bamford (1976) held that where an accountant has negligently prepared financial statements and a third party relies on them to his or her disadvantage, a duty of care will arise where: the accountant knows that the results will be relied on by the plaintiff; the plaintiff is a member of a known limited class; the statements have been prepared primarily for guidance of that limited class and for purposes the plaintiff did in fact rely on them for. The accountant does not need to know the specific identity of the user as long as the accountant was aware that the client intended to supply the statements to members of this very limited class including the user.

The Toromont v. Thorne (1975) case also upheld precedent of liability to known third parties. Auditor’s liability in Canada was further extended to prospective investors (reasonably foreseeable third parties) in Dupuis v. Pan American Mines (1979). Auditor’s liability under common law was limited again in the Hercules Managements Ltd. v. Ernst & Young (1997) which ruled that “an audit is not prepared in order to assist shareholders in making investment decisions” but rather “to assist the collectivity of shareholders of the audited companies in their task of overseeing management”

Based on the Hercules decision, an auditor who signs a company’s financial statements has no legal liability to shareholders or investors. The court’s concern, observers say, is to protect auditors from unlimited liability to thousands of investors who may use the audit opinion for many different purposes. This decision raises the question of why even have an audit of financial statements that is not useful for investor decision making. Partly in response to this ruling, the Ontario Securities Commission introduced Bill 198 that re-establishes the legal liability of auditors to investors. The intent of Bill 198 (and similar legislation) is to make it easier for investors to recover damages from accountants, directors, and others associated with misleading financial reporting.

Under CIT Financial Corp. v. Glover (1955), auditors are liable to third parties for ordinary negligence if their reports are for the primary benefit of the third party. Thus, the privity criterion may not serve as a defence when third-party beneficiaries are known. PAs may also be liable to foreseeable beneficiaries—creditors, investors, or potential investors who rely on the accountants’ work. If the PA is reasonably able to foresee a limited class of potential users of his work, liability may be imposed for ordinary negligence.

The courts have attempted to strike a fair balance between reliable information for users of financial statements and unreasonable risk to the auditor. This balance has resulted in Canadian auditors currently being liable for negligent error to limited classes of third parties. Third parties are often classified in the following categories:

(a) Known third parties

(b) Reasonably foreseeable third parties

The trend in litigation suggests the courts will most likely draw the line between categories (a) and (b) for purposes of deciding who auditors owe a duty of care to under common law. For gross negligence or fraud on the part of the auditor the third-party liability is much broader.

The second element of negligence is breach of duty of care. Due professional care implies the careful application of all the standards of the profession (GAAS, GAAP) and observance of all the rules of professional conduct. The courts have interpreted care to be reasonably prudent practice; therefore, neither the highest possible standards nor the minimum standards would be considered due care from a legal perspective.

The third element is that some damage must occur to the third party—otherwise only the audit fee can be recovered. The last element of negligence requires that there be a causal link between the breach of duty and the resulting damage. Thus, for example, if losses occur before the time of the audit, or if it can be proven that the plaintiff did not rely on the audited information to any significant degree, the lawsuit will not be successful.

The primary defence against a negligence claim is to offer evidence that the audit had been conducted in accordance with GAAS with due professional care. In several Canadian cases, the auditors successfully argued that clients should not have relied on the financial statements to make their decision. A good example is a bank. Banks usually have available to them not only their customers’ financial statements but a great deal of other information as well. Their decision to extend a loan is very often based on considerations quite apart the opinion of the customer’s auditors.

The Canada Business Corporation Act (CBCA), along with related provincial corporation acts, identifies conditions under which the auditor is not considered independent. The CBCA also identifies the financial statements subject to audit, and specifies that the financial statements must be in conformity with the CICA Handbook. This gives Handbook standards much higher legal status than comparable standards in the United States.

The CBCA was amended in 2001 to change the liability associated with financial statement misrepresentations from one of joint and several liability to modified proportionate liability. Auditors in Canada are now liable under the CBCA to the extent of their degree of responsibility for the loss (proportionate liability). However, the proportionate liability is modified in that if other defendants in the lawsuit are unable to pay, the auditor is then liable for additional payments capped at 50 percent of his own original liability. Under some conditions, the courts can revert to the joint and several liability, in which case the auditor may be required to pay up to 100 percent of the damages.

The Hercules case, along with post-Enron developments, prompted Ontario to pass its Bill 198 in December 2002. The Canadian Securities Association is promoting passage of similar legislation throughout all of Canada’s provinces in an effort to demonstrate that Canadian regulators are as concerned in preserving the integrity of their capital markets as the SEC is in the U.S. This legislation creates statutory law a civil liability for PAs and others accused of misleading the public. It allows class action lawsuits against PAs, placing the burden of proof that a drop in the client’s share price was not due to a financial statement misrepresentation on the defendant. In other words, once a misrepresentation has been identified, it is up to the auditor to show that any losses suffered by investors were not due to the misrepresentation. However, the legislation puts caps on the PA’s liability and uses the proportionate rather than the joint and several liability rule. These limitations on liability, however, do not apply if the PA knowingly deceived the market.

The auditors defence under Bill 198 is to show that they acted with due professional care and they had no reasonable basis for believing the statements the financial statements are false. To prove due diligence, auditors need to document their work in the audit file.

The two US laws that affect auditors are The Foreign Corrupt Practices Act of 1977 (FCPA) and the Racketeer Influenced and Corrupt Organization Act (RICO). The FCPA makes it a criminal offence for American companies to bribe a foreign official. The FCPA is a law directed at company managements. Independent auditors have no direct responsibility under these laws. There are two Canadian versions of these laws: the Bill C-22 Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA); and Corruption of Foreign Officials Act.

Bill C-22 permits fines of up to $2 million and prison terms for management and employees if they engage in money laundering. Auditors should be aware of their reporting responsibilities to outside agencies, and the need to avoid being considered accomplices under the legislation.

A unique feature of Canadian common law is the expanding concept of accountants’ fiduciary duty. An accountant may be a fiduciary when he or she acts as an auditor, or simply an adviser, to a vulnerable client. If a court concludes that an accountant is a fiduciary, he or she may be held responsible for damages, even though (1) the PA’s conduct did not cause the damage, (2) the plaintiff failed to take reasonable steps to mitigate those damages, or (3) the plaintiff was partially at fault or other third parties contributed to the damages suffered. Thus, a PA’s common defences to a negligence action, such as contributory negligence, remoteness of damages, failure to mitigate and no duty of care, do not apply to an action in breach of fiduciary duty.

What You Really Need to Know 5-XXX