accaglobal.
com
Auditor liability
ACCA - https://www.accaglobal.com
15–19 minutes
The issue of auditor’s liability is included in the syllabus for Advanced Audit
and Assurance (AAA). Candidates need to understand and apply the
principles of establishing liability in a particular situation, as well as being
able to discuss the ways in which liability may be limited. The specific
learning outcomes can be found in the Syllabus and study guide for the AAA
examination.
This article focuses on the issue of auditor’s liability in the UK, and therefore
contains references to the UK Companies Act 2006, as well as UK-specific
legal cases. Candidates other than those attempting the UK adapted paper
are not expected to have UK-specific knowledge. The concepts discussed in
this article, however, are broadly relevant and will help candidates to
understand why this is an important issue within the auditing profession.
Over the past two decades the bill for fines issued by audit regulators of Big
Four audit firms alone has run into millions of pounds. Examples include
KPMG’s 2023 settlement of £21million regarding its audit of the collapsed
outsourcer, Carillion. The FRC found the audit work had not been completed
‘with an adequate degree of professional scepticism’. PwC’s fines on the
inadequate scrutiny of long-term contracts at the construction companies
Kier and Galliford Try totalling £5million were issued in 2022. These fines
are increasingly concerning, both in terms of audit quality and the reputation
of the profession but also in terms of the cost to the industry and the
barriers this creates to competition within the audit market.
This article considers the current legal position of auditors in the UK. It also
discusses the impact on the competitiveness of the audit market and some
of the methods available to limit exposure to expensive litigation.
Types of liability
Auditors are potentially liable for both criminal and civil offences. The former
�occur when individuals or organisations breach a government imposed law;
in other words criminal law governs relationships between entities and the
state. Civil law, in contrast, deals with disputes between individuals and/or
organisations.
Criminal offences
Like any individual or organisation auditors are bound by the laws in the
countries in which they operate. So under current criminal law auditors
could be prosecuted for acts such as fraud and insider trading.
Audit is also subject to legislation prescribed by the Companies Act 2006.
This includes many sections governing who can be an auditor, how auditors
are appointed and removed and the functions of auditors.
One noteworthy offence from the Companies Act is that of ‘knowingly, or
recklessly causing a report under s.495 (auditor’s report on company’s
annual accounts) to include any matter that is misleading, false or deceptive
in a material particular’ (s.507).
This means that auditors could be prosecuted in a criminal court for either
knowingly or recklessly issuing an inappropriate audit opinion.
Civil offences
There are two pieces of civil law of particular significance to the audit
profession; contract law and the law of tort. These establish the principles
for auditor liability to clients and to third parties, respectively.
Under contract law parties can seek remedy for a breach of contractual
obligations. Therefore shareholders can seek remedy from an auditor if they
fail to comply with the terms of an engagement letter. For example; an
auditor could be sued by the shareholders, which was the case in the PwC
settlement to Tyco shareholders referred to above.
Under the law of tort auditors can be sued for negligence if they breach a
duty of care towards a third party who consequently suffers some form of
loss.
Case history
The application of the law of tort in the auditing profession, and the way in
which auditors seek to limit their exposure to the ensuing liabilities, has
been shaped by a number of recent landmark cases. The most notable of
these are Caparo Industries Plc (Caparo) v Dickman (1990) and Royal Bank
of Scotland (RBS) vs Bannerman Johnstone MacLay (Bannerman) (2002).
�In the first case Caparo pursued the firm Touche Ross (who later merged to
form Deloitte & Touche) following a series of share purchases of a company
called Fidelity plc. Caparo alleges that the purchase decisions were based
upon inaccurate accounts that overvalued the company. They also claimed
that, as auditors of Fidelity, Touche Ross owed potential investors a duty of
care. The claim was unsuccessful; the House of Lords concluded that the
accounts were prepared for the existing shareholders as a class for the
purposes of exercising their class rights and that the auditor had no
reasonable knowledge of the purpose that the accounts would be put to by
Caparo.
It was this case that provided the current guidance for when duty of care
between an auditor and a third party exists. Under the ruling this occurs
when:
the loss suffered is a reasonably foreseeable consequence of the
defendant’s conduct
there is sufficient ‘proximity’ of relationship between the defendant and the
pursuer, and
it is 'fair, just and reasonable' to impose a liability on the defendant.
In the second case RBS alleged to have lost over £13m in unpaid overdraft
facilities to insolvent client APC Ltd. They claimed that Bannerman had
been negligent in failing to detect a fraudulent and material misstatement in
the accounts of APC. The banking facility was provided on the basis of
receiving audited financial statements each year.
In contrast to Touche Ross, who had no knowledge of Caparo’s intention to
rely upon the audited financial statements, Bannerman, through their audit
of the banking facility letter of APC, would have been aware of RBS’s
intention to use the audited accounts as a basis for lending decisions. For
this reason it was upheld that they owed RBS a duty of care. The judge in
the Bannerman case also, and crucially, concluded that the absence of any
disclaimer of liability to third parties was a significant contributing factor to
the duty of care owed to them.
Joint and several liability
The guidance for when an auditor may be liable, either under criminal or
civil law, appears to be clear and largely uncontroversial. The same cannot
be said of the nature of the fines and settlements, which remains a hotly
� debated issue.
Before discussing this, it is worth making the point that auditors are only
found liable in cases where they have breached their responsibilities to
perform work with professional competence and due care and to act
independently of their clients. There is therefore little argument that they
should face the penalties of their own failures and that parties that have
suffered as a result should be able to seek adequate compensation.
The main criticism of the current system is that the penalties incurred by the
audit profession are unfairly high. This arises from the civil law principle of
‘joint and several liability’ enforced in the UK (as well as the US). This
means that even if there are multiple culpable parties in a negligence case
the plaintiff may pursue any one of those parties individually for the entire
damages sought.
So for example, if a director fraudulently misstates the financial statements,
the company’s management fail to detect this because of poor controls and
the auditor performs an inadequate audit leading to the wrong audit opinion,
it would be fair to say all three parties are at fault. Shareholders seeking
compensation for any consequent losses, however, could try and recover
the full loss from only one of those three parties.
Given that many of the cases arise when companies are facing financial
difficulties, as with the examples cited above, and that any individuals
involved are unlikely to possess sufficient assets to settle the liabilities, the
audit firm, who may be asset rich and possess professional indemnity
insurance, is often the sole target for financial compensation.
Regardless of the perceived fairness, this situation does create a number of
challenges for the profession, namely:
1. The increasing cost to the industry, firstly from defending and settling claims
but also from spiralling insurance premiums.
2. The potential for consequent increases in audit fees to cover these rising
costs.
3. The overall lack of sufficient insurance cover in the sector in comparison to
the size of some of the claims.(Reference 1)
4. The lack of competition in the audit market for large (listed) entities.
With regard to the final point, auditor liability is not the sole reason for the
lack of competition in the audit of listed entities but it is a significant barrier
to entering that market. In the UK, there are continuing proposals to
�encourage more ‘mid tier’ audit firms to audit FTSE 350 companies.
However, the size of the teams and the resources and experience required
have traditionally been barriers to new entrants.
Managing exposure to liability
Audit quality
There are a number of ways in which audit firms can manage their exposure
to claims of negligence. Perhaps the most obvious is not being negligent in
the first place. In practical terms this means rigorously applying International
Standards on Auditing and the IESBA’s International Code of Ethics for
Professional Accountants and paying close attention to the terms and
conditions agreed upon in the engagement letter.
Of course, improvements in quality management have been strengthened
by the issue of the revised suite of International Standards on Quality
Management and an upgraded ISA 220 (UK) (Revised) Quality Management
for an Audit of Financial Statements. These have stressed a change in
mindset, moving from an individual engagement risk and quality
assessment, to one which is looking at the culture of quality at a firmwide
level. The aim of this is to incorporate the management of quality throughout
the whole firm, embedding it within the work, the employees and, most
significantly, at a leadership and management level. . However, there is still
significant pressure to reduce audit fees, and many companies who are
audited by the large firms are facing a more challenging economic forecast.
Stakeholders, such as corporate and individual investors are seeking more
certainty and increasingly wanting assurance over non-financial issues,
such as those relating to sustainability and corporate responsibility. With the
introduction of the sustainability disclosure standards and the need for
further upskilling by auditors, there are likely to be more challenges on the
horizon.
Disclaimers of liability
One of the outcomes of the Bannerman case was the potential exposure of
auditors to litigation from third parties to whom they have not disclaimed
liability. As a result it became common to include a disclaimer of liability to
third parties in the wording of the audit report.
Disclaimers may not entirely eliminate liability to third parties but they do
reduce the scope for courts to assume liability to them. It should be noted
that whilst this should reduce the threat of litigation in the UK, this protection
�may not extend overseas because the disclaimer is based on a ruling from a
UK court case. It also provides no protection from the threat of litigation
from clients under contract law.
There are also critics of the ‘Bannerman Paragraph,’ who believe that its
presence devalues the audit report. They argue that the disclaimer acts as a
barrier to litigation, which reduces the pressure to perform good quality
audits in the first place. It is plausible that this reduces the credibility of the
audit report in the eyes of the reader.
Liability Limitation Agreements
Since 2008 auditors have been permitted, under the terms of the
Companies Act, to use Liability Limitation Agreements (LLAs) to reduce the
threat of litigation from clients. LLAs are clauses built into the terms of an
engagement that impose a cap on the amount of compensation that can be
sought from the auditor. These must be approved by shareholders annually
and be upheld by judges as ‘fair and reasonable’ when cases arise.
Whilst this may sound straightforward it has created problems, including
how to define the cap (ie as a fixed monetary amount, a multiple of the fee,
proportionate liability on a case by case basis). It is also difficult to decide
what is fair and reasonable when setting the terms of the engagement
because this is done before any potential litigation, or the scale of potential
litigation, is known to the auditor and the client. This is therefore open to the
interpretation of the courts. At which point the level of compensation may as
well lie at the discretion of the courts in the first place.
Another problem lies with the shareholders; what motivation do they have
for agreeing to terms that could potentially reduce their ability to recover any
losses they incur due to the negligence of other parties? Once again this
may be perceived as a barrier to litigation that audit firms can hide behind,
reducing the pressure to perform good quality audits. Indeed, if the
company and the audit firm enter into an auditor liability limitation
agreement, the company must disclose within the financial statements the
extent to which it is limited (Companies (Disclosure of Auditor Remuneration
and Liability Limitation Agreement) Regulations 2008). The directors
themselves may also be exposed to a breach of their fiduciary duty to act in
the interests of the shareholders if they recommend the limitation
agreement.
Proportional liability
Under this proposal the audit firm would accept their proportion of the blame
�in a negligence case and would pay that proportion of the compensation.
This system, as introduced in Australia in 2004, would ensure a fair
outcome for the plaintiff without placing the entire financial burden upon the
audit profession.
This is still being debated in the UK, but its advocates say that it would help
to reduce the financial barriers for entry into the FTSE 350 audit market by
reducing insurance premiums.
Current status
There is an increasing trend of litigation that is costing the audit profession
millions of pounds. The potential costs and risks of auditing large, listed
businesses may now be prohibitive for any firm of willing auditors outside of
the top ten audit firms. In more recent years, there are an increasing
number of non-Big Four firms, namely Grant Thornton, BDO and Mazars,
who have become statutory auditors of public interest companies in the UK.
The UK government is increasingly seeking to reform audit by undertaking a
number of significant reviews, such as the Kingman Report. This gave the
FRC stronger powers, which will eventually lead to the establishment of a
strong regulatory body Audit, Reporting and Governance Authority (ARGA).
Further recommendations have been put to the government in its white
paper published by the Department for Business, Energy and Industrial
Strategy (BEIS). Currently no further developments have occurred due to
delays in legislation following the 2020 impact of the COVID-19 pandemic.
The FRC are issuing heavier fines and challenging poor quality audits with
greater capacity than in previous years.
Auditors can reduce their exposure to litigation by adopting the revised
quality management standards established by the IAASB, ensuring training
of all staff on key risk assessment areas and employing a firmwide culture of
quality and best practice.
Reference
1. Auditing: Commission Issues Recommendation on Limiting Audit Firms’
Liability, European Commission, 6 June 2008
Updated by a member of the AAA Examining Team (Oct 2023)
