Week Three - Lecture Three Legal Liability

Summary

These lecture notes cover legal liability in auditing, focusing on audit responsibility and objectives. The document details the different types of audit reports and their relationships to materiality and ethics, along with exploring why people act unethically. It discusses concepts like business failure versus audit failure and factors related to legal cases against auditors.

Full Transcript

AUDIT PRACTICE AND
PROCEDURES II

Legal Liability; Audit
Responsibility and
Objectives
Week Three
 Second Class Recap

1. What is an Audit Report.
2. The Four Types of Audit Reports and when/why they are
issued.
3. Relationship between materiality and the type of opinion.
4. What is Ethics; Code of Professional Conduct; The six (6)
core value ethical values/principles
5. Why are people unethical
6. Ethical Dilema
Many accounting and legal professionals believe that a major
cause of lawsuits against CPA firms is financial statement
users’ lack of understanding of two concepts:
1. The difference between a business failure and an audit
failure.
2. The difference between an audit failure and audit risk.
 Three Fundamental Concepts:

A business failure occurs when a business is unable to repay its lenders or meet the
expectations of its investors because of economic or business conditions, such as a recession,
poor management decisions, or unexpected competition in the industry.

Audit failure occurs when the auditor issues an incorrect audit opinion because it failed to
comply with the requirements of auditing standards. An example is a firm assigning
unqualified assistants to perform certain audit tasks where they failed to notice material
misstatements in the client’s records that a qualified auditor would have found.

Audit risk represents the possibility that the auditor concludes after conducting an adequate
audit that the financial statements were fairly stated when, in fact, they were materially
misstated. Audit risk is unavoidable, because auditors gather evidence only on a test basis and
because well-concealed frauds are extremely difficult to detect.
Accounting professionals tend to agree that in most cases, when an
audit has failed to uncover material misstatements and the wrong
type of audit opinion is issued, it is appropriate to question whether
the auditor exercised due care in performing the audit. In cases of
audit failure, the law often allows parties who suffered losses to
recover some or all of the losses caused by the audit failure. In
practice, because of the complexity of auditing, it is difficult to
determine when the auditor has failed to use due care. Also, legal
precedent makes it difficult to determine who has the right to expect
the benefit of an audit and recover losses in the event of an audit
failure. Nevertheless, an auditor’s failure to follow due care often
results in liability and, when appropriate, damages against the CPA
firm.
 Sources of Legal Liability

1. Liability to clients
2. Liability to third parties under common
law
3. Civil liability under the federal securities
laws
4. Criminal liability
 1. Liability to clients

The most common source of lawsuits against CPAs is from clients. The suits
vary widely, including such claims as failure to complete a nonaudit
engagement on the agreed-upon date, inappropriate withdrawal from an
audit, failure to discover an embezzlement (theft of assets), and breach of the
confidentiality requirements of CPAs. Typically, the amount of these lawsuits
is relatively small, and they do not receive the publicity often given to suits
involving third parties. A typical lawsuit brought by a client involves a claim
that the auditor did not discover an employee theft as a result of negligence in
the conduct of the audit. The lawsuit can be for breach of contract, a tort
action for negligence, or both. Tort actions are more common because the
amounts recoverable under them are normally larger than under breach of
contract. Tort actions can be based on ordinary negligence, gross negligence,
or fraud.
 Auditor’s Defenses Against Client Suits

The CPA firm normally uses one or a combination of four defenses when there are
legal claims by clients: lack of duty to perform the service, nonnegligent
performance, contributory negligence, and absence of causal connection

Lack of Duty - The lack of duty to perform the service means that the CPA firm
claims that there was no implied or expressed contract. For example, the CPA firm
might claim that misstatements were not uncovered because the firm did a review
service, not an audit. The CPA’s use of an engagement letter provides a basis to
demonstrate a lack of duty to perform. Many litigation experts believe that a
wellwritten engagement letter significantly reduces the likelihood of adverse legal
actions
 Auditor’s Defenses Against Client Suits

Nonnegligent Performance - For nonnegligent performance in an audit, the
CPA firm claims that the audit was performed in accordance with auditing
standards. Even if there were undiscovered misstatements, the auditor is not
responsible if the audit was conducted properly. The prudent person concept
(discussed on pages 116 and 117) establishes in law that the CPA firm is not
expected to be infallible. Similarly, auditing standards make it clear that an audit
is subject to limitations and cannot be relied on for complete assurance that all
misstatements will be found. Requiring auditors to discover all material
misstatements would, in essence, make them insurers or guarantors of the
accuracy of the financial statements. The courts do not require that.
 Auditor’s Defenses Against Client Suits

Contributory Negligence - A defense of contributory negligence exists when the
auditor claims the client’s own actions either resulted in the loss that is the basis. for
damages or interfered with the conduct of the audit in such a way that prevented the
auditor from discovering the cause of the loss. Suppose a client claims that a CPA firm
was negligent in not uncovering an employee’s theft of cash. If the CPA firm had
notified the client (preferably in writing) of a deficiency in internal control that would
have prevented the theft but management did not correct it, the CPA firm would have a
defense of contributory negligence

Absence of Causal Connection - To succeed in an action against the auditor, the client
must be able to show that there is a close causal connection between the auditor’s failure to
follow auditing standards and the damages suffered by the client. Assume that an auditor
failed to complete an audit on the agreed-upon date. The client alleges that this caused a
bank not to renew an outstanding loan, which caused damages. A potential auditor defense
is that the bank refused to renew the loan for other reasons, such as the weakening financial
condition of the client. This defense is called an absence of causal connection.
 Liability to third parties under common law

In addition to being sued by clients, CPAs may be liable to third parties under
common law. Third parties include actual and potential stockholders, vendors,
bankers and other creditors, employees, and customers. A CPA firm may be
liable to third parties if a loss was incurred by the claimant due to reliance on
misleading financial statements. A typical suit occurs when a bank is unable
to collect a major loan from an insolvent customer and the bank then claims
that misleading audited financial statements were relied on in making the loan
and that the CPA firm should be held responsible because it failed to perform
the audit with due care.

Three of the four defenses available to auditors in suits by clients are also available in third-
party lawsuits: lack of duty to perform the service, nonnegligent performance, and absence
of causal connection. Contributory negligence is ordinarily not available because a third
party is not in a position to contribute to misstated financial statements.
 Civil Liability Under Federal Securities Law

Although there has been some growth in actions brought against accountants by
clients and third parties under common law, the greatest growth in CPA liability
litigation has been under the federal securities laws. Litigants commonly seek
federal remedies because of the availability of class-action litigation and the
ability to obtain significant damages from defendants. Other factors also make
federal courts attractive to litigants. For example, several sections of the
securities laws impose strict liability standards on CPAs and federal courts are
often likely to favor plaintiffs in lawsuits when there are strict standards.
However, fairly recent tort reform legislation may result in a reduction of
negative outcomes for CPA firms in federal courts.
 Criminal Liability

A fourth way CPAs can be held liable is under criminal liability for accountants.
CPAs can be found guilty for criminal action under both federal and state laws.
Under state law, the most likely statutes to be enforced are the Uniform Securities
Acts, which are similar to parts of the SEC rules. The more relevant federal laws
affecting auditors are the 1933 and 1934 securities acts, as well as the Federal Mail
Fraud Statute and the Federal False Statements Statute. All make it a criminal
offense to defraud another person through knowingly being involved with false
financial statements.

Unfortunately, a few notorious criminal cases have involved CPAs. Historically, one
of the leading cases of criminal action against CPAs is United States v. Simon,
which occurred in 1969. In this case, three auditors were prosecuted for filing false
financial statements of a client with the government, and all three were held
criminally liable.
 Practicing auditors may also take specific action to minimize their liability.
Some of the more common actions are as follows:

Deal only with clients possessing integrity. There is an increased likelihood of
having legal problems when a client lacks integrity in dealing with customers,
employees, units of government, and others. A CPA firm needs procedures to evaluate
the integrity of clients and should dissociate itself from clients found lacking
integrity.

Maintain independence. Independence is more than merely financial. Independence
requires an attitude of responsibility separate from the client’s interest. Much
litigation has arisen from auditors’ too-willing acceptance of client representations or
from client pressure. The auditor must maintain an attitude of healthy professional
skepticism.

Understand the client’s business. In several cases, the lack of knowledge of industry
practices and client operations has been a major factor in auditors failing to uncover
misstatements.
 Practicing auditors may also take specific action to minimize their liability.
Some of the more common actions are as follows:

Perform quality audits. Quality audits require that auditors obtain appropriate evidence and
make appropriate judgments about the evidence. It is essential, for example, that the auditor
understands the client’s internal controls and modifies the evidence to reflect the findings.
Improved auditing reduces the likelihood of failing to detect misstatements and the likelihood
of lawsuits.

Document the work properly. The preparation of good audit documentation helps the
auditor perform quality audits. Quality audit documentation is essential if an auditor has to
defend an audit in court, including an engagement letter and a representation letter that define
the respective obligations of the client and the auditor.

Exercise professional skepticism. Auditors are often liable when they are presented with
information indicating a problem that they fail to recognize. Auditors need to strive to
maintain a healthy level of skepticism, one that keeps them alert to potential misstatements,
so that they can recognize misstatements when they exist
Audit Responsibility and
Objectives

Chapter 6
 Objective of Conducting an Audit of Financial Statements

The purpose of an audit is to provide financial statement users with an opinion by the
auditor on whether the financial statements are presented fairly, in all material respects, in
accordance with the applicable financial accounting framework. An auditor’s opinion
enhances the degree of confidence that intended users can place in the financial
statements.
If the auditor believes that the statements are not fairly presented or is unable to reach a
conclusion because of insufficient evidence, the auditor has the responsibility of notifying
users through the auditor’s report.

The Steps to Develop Audit Objectives:
Understand Objectives and Responsibilities of the Audit
Divide Financial Statements into Cycle
Know Management Assertions about Financial Statements
Know General Audit Objectives for Classes of Transactions, Accounts, and Disclosures
Know Specific Audit Objectives for Classes of Transactions, Accounts, and Disclosures
 Management’s Responsibilities

The responsibility for adopting sound accounting policies, maintaining adequate
internal control, and making fair representations in the financial statements rests
with management rather than with the auditor. Because they operate the business
daily, a company’s management knows more about the company’s transactions and
related assets, liabilities, and equity than the auditor. In contrast, the auditor’s
knowledge of these matters and internal control is limited to that acquired during the
audit.

Management’s responsibility for the integrity and fairness of the representations
(assertions) in the financial statements carries with it the privilege of determining
which presentations and disclosures it considers necessary. If management insists on
financial statement disclosure that the auditor finds unacceptable, the auditor can
either issue an adverse or qualified opinion or withdraw from the engagement.
 Auditors Responsibilities

The overall objectives of the auditor, in conducting an audit of
financial statements, are to:

(a) obtain reasonable assurance about whether the financial
statements as a whole are free from material misstatement,
whether due to fraud or error, thereby enabling the auditor to
express an opinion on whether the financial statements are
presented fairly, in all material respects, in accordance with an
applicable financial reporting framework; and

(b) report on the financial statements, and communicate as
required by auditing standards, in accordance with the auditor’s
findings.
 Auditors Responsibilities

Material Versus Immaterial Misstatements - Misstatements are usually
considered material if the combined uncorrected errors and fraud in the
financial statements would likely have changed or influenced the decisions
of a reasonable person using the statements. Although it is difficult to
quantify a measure of materiality, auditors are responsible for obtaining
reasonable assurance that this materiality threshold has been satisfied. It
would be extremely costly (and probably impossible) for auditors to have
responsibility for finding all immaterial errors and fraud.
 Auditors Responsibilities

Reasonable Assurance - Assurance is a measure of the level of
certainty that the auditor has obtained at the completion of the audit.
Auditing standards indicate reasonable assurance is a high, but not
absolute, level of assurance that the financial statements are free of
material misstatements. The concept of reasonable, but not absolute,
assurance indicates that the auditor is not an insurer or guarantor of
the correctness of the financial statements. Thus, an audit that is
conducted in accordance with auditing standards may fail to detect a
material misstatement.
 Auditors Responsibilities

The auditor is responsible for reasonable, but not absolute, assurance for several reasons:

1. Most audit evidence results from testing a sample of a population such as accounts
receivable or inventory. Sampling inevitably includes some risk of not uncovering a
material misstatement. Also, the areas to be tested; the type, extent, and timing of those
tests; and the evaluation of test results require significant auditor judgment. Even with
good faith and integrity, auditors can make mistakes and errors in judgment.

2. Accounting presentations contain complex estimates, which inherently involve uncertainty
and can be affected by future events. As a result, the auditor has to rely on evidence that is
persuasive, but not convincing.

3. Fraudulently prepared financial statements are often extremely difficult, if not impossible,
for the auditor to detect, especially when there is collusion among management.
 Auditors Responsibilities

Errors Versus Fraud - Auditing standards distinguish between two types of
misstatements: errors and fraud. Either type of misstatement can be material or
immaterial. An error is an unintentional misstatement of the financial statements,
whereas fraud is intentional. Two examples of errors are: a mistake in extending
price times quantity on a sales invoice and overlooking older raw materials in
determining the lower of cost or market for inventory.

For fraud, there is a distinction between misappropriation of assets, often called
defalcation or employee fraud, and fraudulent financial reporting, often called
management fraud. An example of misappropriation of assets is a clerk taking cash at
the time a sale is made and not entering the sale in the cash register. An example of
fraudulent financial reporting is the intentional overstatement of sales near the
balance sheet date to increase reported earnings.
 Management Assertions

Management assertions are implied or expressed representations by management
about classes of transactions and the related accounts and disclosures in the
financial statements. In most cases they are implied. Management assertions are
directly related to the financial reporting framework used by the company (usually
U.S. GAAP or IFRS), as they are part of the criteria that management uses to record
and disclose accounting information in financial statements. Auditors must therefore
understand the assertions to do adequate audits.

International auditing standards and AICPA auditing standards classify assertions
into three categories:
1. Assertions about classes of transactions and events for the period under audit
2. Assertions about account balances at period end
3. Assertions about presentation and disclosure
 Plan and Design an Audit Approach (Phase I)

Obtain An Understanding of the Entity and its Environment - To adequately assess the
risk of misstatements in the financial statements and to interpret information obtained
throughout the audit, the auditor must have a thorough understanding of the client’s business
and related environment, including knowledge of strategies and processes. The auditor should
study the client’s business model, perform analytical procedures and make comparisons to
competitors. The auditor must also understand any unique accounting requirements of the
client’s industry. For example, when auditing an insurance company, the auditor must
understand how loss reserves are calculated.

Understand Internal Control and Assess Control Risk - The risk of misstatement in the
financial statements is reduced if the client has effective controls over computer operations
and transaction processing. The auditor identifies internal controls and evaluates their
effectiveness, a process called assessing control risk. If internal controls are considered
effective, planned assessed control risk can be reduced and the amount of audit evidence to
be accumulated can be significantly less than when internal controls are not adequate
 Plan and Design an Audit Approach (Phase I)

Assess Risk of Material Misstatement The auditor uses the understanding of
the client’s industry and business strategies, as well as the effectiveness of
controls, to assess the risk of misstatements in the financial statements. This
assessment will then impact the audit plan and the nature, timing, and extent
of audit procedures. For example, if the client is expanding sales by taking
on new customers with poor credit ratings, the auditor will assess a higher
risk of misstatement for net realizable value of accounts receivable and plan
to expand testing in this area.
 Perform Tests of Controls and Substantive Tests of Transactions (Phase II)

Before auditors can justify reducing planned assessed control risk when internal controls are
believed to be effective, they must first test the effectiveness of the controls. The procedures for
this type of testing are commonly referred to as tests of controls. For example, assume a client’s
internal controls require computer matching of all relevant terms on the customer sales order,
shipping document, and sales invoice before sales invoices are transmitted to customers. This
control is directly related to the occurrence and accuracy transaction-related audit objectives for
sales. The auditor might test the effectiveness of this control by comparing a sample of sales
invoices to related shipping documents and customer sales orders, or by performing tests of the
computerized controls related to this process.

Auditors also evaluate the client’s recording of transactions by verifying the monetary amounts
of transactions, a process called substantive tests of transactions. For example, the auditor might
use computer software to compare the unit selling price on duplicate sales invoices with an
electronic file of approved prices as a test of the accuracy objective for sales transactions. For
the sake of efficiency, auditors often perform tests of controls and substantive tests of
transactions at the same time.
 Perform Analytical Procedures and Tests of Details of Balances (Phase III)

There are two general categories of phase III procedures. Analytical procedures consist of
evaluations of financial information through analysis of plausible relationships among
financial and nonfinancial data. For example, to provide some assurance for the accuracy
objective for both sales transactions (transaction-related audit objective) and accounts
receivable (balance-related audit objective), the auditor might examine sales transactions in
the sales journal for unusually large amounts and also compare total monthly sales with prior
years.

Tests of details of balances are specific procedures intended to test for monetary
misstatements in the balances in the financial statements. An example related to the accuracy
objective for accounts receivable (balance-related audit objective) is direct, written
communication with the client’s customers to identify incorrect amounts. Tests of details of
ending balances are essential to the conduct of the audit because much of the evidence is
obtained from third-party sources and therefore is considered to be of high quality.
 Complete the Audit and Issue an Audit Report (Phase IV)

After the auditor has completed all procedures for each audit
objective and for each financial statement account and related
disclosures, it is necessary to combine the information obtained to
reach an overall conclusion as to whether the financial statements
are fairly presented. This highly subjective process relies heavily on
the auditor’s professional judgment. When the audit is completed,
the CPA must issue an audit report to accompany the client’s
published financial statements.
 Terms to Remember:

Audit Risk
Business Failure
Audit Failure
Contributory Negligence
Legal Liability
Error
Fraud
Cycle Approach
Management Assertions
Test of Controls
Test of Details Balances
Phrases of the Audit Process
 References

Chapter Five and Six of the Textbook