Professional Documents
Culture Documents
Auditing standards are general guidelines to aid auditors in fulfilling their professional
responsibilities in the audit of historical financial statements. They are the auditing
profession’s means of assuring the quality of auditing performance. The broadest
guidelines available to auditors are the 10 generally accepted auditing standards, which
were developed by the AICPA. These 10 generally accepted auditing standards fall into three
categories:
• General standards
• Standards of field work
• Reporting standards
These standards are not sufficiently specific to provide any meaningful guide to practitioners,
but they do represent a framework upon which the AICPA can provide interpretations.
The general standards stress the important personal qualities that the auditor should
possess. The standards include:
1
Adequate Technical Training and Proficiency - The first general standard is normally
requiring the auditor to have formal education in auditing and accounting, adequate practical
experience for the work being performed, and continuing professional education. Recent court
cases clearly demonstrate that auditors must be technically qualified and experienced in those
industries in which their audit clients are engaged.
In any case in which the CPA or the CPA’s assistants are not qualified to perform the work, a
professional obligation exists to acquire the requisite knowledge and skills, suggest someone
else who is qualified to perform the work, or decline the engagement.
Independence in Mental Attitude - audit firms are required to follow several practices to
increase the likelihood of independence of all personnel. For example, there are established
procedures on larger audits when there is a dispute between management and the auditors.
Due Professional Care - The third general standard involves due care in the performance of
all aspects of auditing. Simply stated, this means that auditors are professionals responsible for
fulfilling their duties diligently and carefully. Due care includes consideration of the
completeness of the audit documentation, the sufficiency of the audit evidence, and the
appropriateness of the audit report. As professionals, auditors must not act negligently or in
bad faith, but they are not expected to be infallible.
Adequate Planning and Supervision - The first standard requires that the audit be sufficiently
planned to ensure an adequate audit and proper supervision of assistants. Planning means
understanding the client and its business and determining which audit procedures to use, when
they will be performed, and who will perform them. Further, since members of the audit team
generally have varying degree of experience in auditing (some members may be relatively
inexperienced), they must be adequately supervised. Additional supervision should be used to
compensate for inexperienced staff.
2
Understand the Entity and its Environment, including Internal Control – To adequately
perform an audit, the auditor must have an understanding of the client’s business and industry.
This understanding helps the auditor identify significant client business risks and the risk of
significant misstatements in the financial statements. For example, to audit a bank, an auditor
must understand the nature of the bank’s operations, federal and state regulations applicable to
banks, and risks affecting significant accounts such as loan loss reserves.
One of the most widely accepted concepts in the theory and practice of auditing is the
importance of the client’s system of internal control for mitigating client business risks,
safeguarding assets and records, and generating reliable financial information. If the auditor is
convinced that the client has an excellent system of internal control, one that includes
adequate internal controls for providing reliable data, the amount of audit evidence to be
accumulated can be significantly less than when controls are not adequate. In some instances,
internal control may be so inadequate as to preclude conducting an effective audit.
The reporting standards require the auditor to prepare a report on the financial statements
taken as a whole, including informative disclosures. The reporting standards also require
that the report state whether the statements are presented in accordance with GAAP and also
identify any circumstances in which GAAP have not been consistently applied in the current
year compared with the previous one. The standards include:
1. The auditor must state in the auditor’s report whether the financial statements are
presented in accordance with generally accepted accounting principles (GAAP).
3
2. The auditor must identify in the auditor’s report those circumstances in which such
principles have not been consistently observed in the current period in relation to the
preceding period.
The second standard deals simply with consistency in using GAAP. For example, the use of
FIFO for inventory valuation may well result in a different net income than using LIFO. If
accounting principles have changed, it is fair that the user be able to distinguish between year-
to-year changes that have occurred because of business activity as opposed to those that owe
only to a change in accounting principles.
3. When the auditor determines that informative disclosures are not reasonably
adequate, the auditor must so state in the auditor’s report.
The third standard deals with informative disclosures or the notes to the financial statements.
In order to properly understand the numbers in a set of financial statements, the user needs to
have information about their basis. If the auditor concludes that these notes are not adequate
for helping the user understand the statements, then this should be mentioned in the report.
4. The auditor must either express an opinion regarding the financial statements, taken
as a whole, or state that an opinion cannot be expressed, in the auditor’s report.
When the auditor cannot express an overall opinion, the auditor should state the
reasons therefore in the auditor’s report. In all cases where an auditor’s name is
associated with financial statements, the auditor should clearly indicate the character
of the auditor’s work, if any, and the degree of responsibility the auditor is taking, in
the auditor’s report.
Note the last standard carefully. Modern auditing is test-based, and uses sampling techniques
to determine which items to test. Based on the results of those tests, the auditor wants to be
able to say how near the financial statements are to economic reality. An external auditor’s
aim is not to find every instance of fraud, theft or misuse of funds within the organization,
although if those things do exist, the auditor might well find them in the course of his
examination. The word “opinion” suggests that the auditor is never 100% certain about those
things.
4
Other parts of the last standard address the type of work the auditor has done. Auditors may be
employed to do other things besides auditing financial statements, for example, compiling or
reviewing financial statements, or giving business advice. If the auditor does not do an audit,
the type of work the auditor did should be clearly mentioned in the report, along with how
much responsibility the auditor has for the work.
5
Ethics - can be defined broadly as a set of moral principles or values. Each of us has such a
set of values, although we may or may not have considered them explicitly. It is common for
people to differ in their moral principles and values and the relative importance they attach to
these principles. Most people define unethical behavior as conduct that differs from what they
believe is appropriate given the circumstances. Examples of prescribed sets of moral
principles or values include laws and regulations, religious doctrines, codes of business ethics
for professional groups such as CPAs, and codes of conduct within organizations.
Ethical behavior is necessary for a society to function in an orderly manner. It can be argued
that ethics is the glue that holds a society together. Imagine, for example, what would
happen if we couldn’t depend on the people we deal with to be honest. If parents, teachers,
employers, siblings, coworkers, and friends all consistently lied, it would be almost
impossible to have effective communication. The need for ethics in society is sufficiently
important that many commonly held ethical values are incorporated into laws.
The term professional means a responsibility for conduct that extends beyond satisfying
individual responsibilities and beyond the requirements of our society’s laws and regulations.
Auditors as a professional, recognize a responsibility to the public, to the client, and to fellow
practitioners, including honorable behavior, even if that means personal sacrifice.
The reason for an expectation of a high level of professional conduct by any profession is the
need for public confidence in the quality of service by the profession, regardless of the
individual providing it. For the CPA, it is essential that the client and external financial
statement users have confidence in the quality of audits and other services.
Audit firms have a different relationship with users of financial statements than most other
professionals have with their customers. Attorneys, for example, are typically engaged and
paid by a client and have primary responsibility to be an advocate for that client. Audit firms
are usually engaged by management for private companies and the audit committee for public
companies, and are paid by the company issuing the financial statements, but the primary
beneficiaries of the audit are financial statement users. Often, the auditor does not know or
6
have contact with the financial statement users but has frequent meetings and ongoing
relationships with client personnel.
It is essential that users regard audit firms as competent and unbiased. If users believe that
audit firms do not perform a valuable service (reduce information risk), the value of audit
firms’ audit and other attestation reports is reduced and the demand for these services will
thereby also be reduced. Therefore, there is considerable incentive for audit firms to conduct
themselves at a high professional level.
The AICPA Code of Professional Conduct provides both general standards of ideal conduct
and specific enforceable rules of conduct. There are four parts to the code: principles, rules of
conduct, interpretations of the rules of conduct, and ethical rulings. The parts are listed in
order of increasing specificity; the principles provide ideal standards of conduct, whereas
ethical rulings are highly specific. The four parts are summarized in Figure 2.2 below and
discussed in the following sections.
A. Principles -
7
Although not enforceable against AICPA members, principles provide ideal standards of
ethical conduct stated in philosophical terms.
B. Rules of conduct –
Rules of conduct represent minimum standards of ethical conduct stated as specific rules.
These are enforceable against AICPA members. Minimum level of compliance with rules
does not imply substandard conduct. This part of the Code includes the explicit rules that must
be followed by every CPA in the practice of public accounting. Those individuals holding the
CPA certificate but not practicing public accounting must follow most, but not all
requirements. Because the section on rules of conduct is the only enforceable part of the code,
it is stated in more precise language than the section on principles.
8
The need for published interpretations of the rules of conduct arises when there are frequent
questions from practitioners about a specific rule. The Professional Ethics Executive
Committee of the AICPA prepares each interpretation based on a consensus of a committee
made up principally of public accounting practitioners. Before interpretations are finalized,
they are issued as exposure drafts to the profession and others for comment. Interpretations are
not officially enforceable, but a departure from the interpretations is difficult if not impossible
for a practitioner to justify in a disciplinary hearing. The most important interpretations are
discussed as a part of each section of the rules.
D. Ethical Rulings –
They are explanations by the executive committee of the professional ethics division of
specific factual circumstances. A large number of ethical rulings are published in the
expanded version of the AICPA Code of Professional Conduct. The following is an example
(Rule 101 - Independence; Ruling No. 16):
Question: A member serves on the board of directors of a nonprofit social club. Is the
independence of the member considered to be impaired with respect to the club?
Here we discuss the explicit rules that must be followed by every CPA in the practice of
public accounting.
What are the external factors that may influence auditor independence?
9
The value of auditing depends heavily on the public’s perception of the independence of
auditors. The reason that many diverse users are willing to rely on CPA’s reports is their
expectation of an unbiased viewpoint. Independence consists of two components:
independence of mind and independence in appearance.
Independence of mind reflects the auditor’s state of mind that permits the audit to be
performed with an unbiased attitude. Independence of mind reflects a long-standing
requirement that members be independent in fact. Independence in appearance is the result
of others’ interpretations of this independence. If auditors are independent in fact but users
believe them to be advocates for the client, most of the value of the audit function is lost.
CPA firms are required to be independent for certain services that they provide, but not for
others. The last phrase in Rule 101, “as required by standards promulgated by bodies
designated by Council” is a convenient way for the AICPA to include or exclude
independence requirements for different types of services. For example, the Auditing
Standards Board requires that auditors of historical financial statements be independent. Rule
101 therefore applies to audits. Independence is also required for other types of attestations,
such as review services and audits of prospective financial statements. However, a CPA firm
can do tax returns and provide management services without being independent. Rule 101
does not apply to those types of services.
There are more interpretations for independence than for any of the other rules of conduct.
Some of the more significant issues and interpretations involving independence include the
following.
10
Covered Members - Rule 101 applies to covered members in a position to influence an
attest engagement. Covered members include the following:
ii. Normal Lending Procedures - Generally, loans between a CPA firm and an audit
client are prohibited because it is a financial relationship (with some exceptions).
11
impair independence. Independence is also not impaired if the covered member is not
aware of the close relative’s ownership interest.
iv. Joint Investor or Investee Relationship with Client – Assume, for example, that a
CPA owns stock in a non-audit client, Jackson Company. Frank Company, which is an
audit client, also owns stock in Jackson Company. This may be a violation of Rule 101.
Interpretation 101-8 addresses situations where the client is either an investor or investee
for a non-client in which the CPA has an ownership interest.
1. Client investor. If the client’s investment in the non-client is material, any direct or
material indirect investment by the CPA in the non-client investee impairs independence.
If the client’s investment is not material, independence is impaired only if the CPA’s
investment is material.
2. Client investee. If investment in a client is material to a non-client investor, any direct or
material indirect investment by the CPA in the non-client impairs independence. If the
non-client’s investment in the client is not material, independence is not impaired unless
the CPA’s investment in the non-client allows the CPA to exercise significant influence
over the non-client.
vi. Litigation Between CPA Firm and Client - Generally, independence is impaired if
there is litigation between the CPA firm and the client regarding audit services. For example,
if management sues a CPA firm claiming a deficiency in the previous audit, the CPA firm is
not considered independent for the current year’s audit. Similarly, if the CPA firm sues
management for fraudulent financial reporting or deceit, independence is lost.
Litigation by the client related to tax or other non audit services, or litigation against both the
client and the CPA firm by another party, does not usually impair independence. The key
consideration in all such suits is the likely effect on the ability of client, management, and
CPA firm personnel to remain objective and comment freely.
12
vii. Bookkeeping Services – If a CPA firm records transactions in the journals for
the client, posts monthly totals to the general ledger, makes adjusting entries, and
subsequently does an audit, there is some question as to whether the CPA can be
independent in the audit role. The interpretations permit a CPA firm to do both bookkeeping
and auditing for a private company audit client.
There are three important requirements that the auditor must satisfy before it is acceptable to
do bookkeeping and auditing for the client:
The client must accept full responsibility for the financial statements.
CPA must not assume the role of employee or management conducting the
operations of an enterprise.
CPA complies with GAAS in performing the audit.
The AICPA independence rules require members to adhere to more restrictive independence
rules of other regulatory bodies, such as the SEC. As a result, it is not permissible for an audit
firm to provide bookkeeping services to a public company audit client under both SEC rules
and the AICPA rules on independence.
viii. Consulting and Other Non-audit Services - CPA firms offer many other services to
attest clients that may potentially impair independence. Such activities are permissible as long
as the member does not perform management functions or make management decisions. For
example, a CPA firm may assist in the installation of a client’s information system as long as
the client makes necessary management decisions about the design of the system. Subject to
some restrictions, CPA firms may also provide internal auditing and other extended auditing
services to their clients as long as management maintains responsibility for the direction and
oversight of the internal audit function.
ix. Unpaid Fees - Under Rule 101 and its rulings and interpretations, independence is
considered impaired if billed or unbilled fees remain unpaid for professional services
provided more than 1 year before the date of the report. Such unpaid fees are considered a
loan from the auditor to the client and are therefore a violation of Rule 101. Unpaid fees
from a client in bankruptcy do not violate Rule 101.
Rule 102: Integrity and Objectivity
13
In the performance of any professional service, a member shall maintain objectivity and integrity, shall
be free of conflicts of interest, and shall not knowingly misrepresent facts or subordinate his or her
judgment to others.
Independence and objectivity are very closely bound together. If the auditor is not
independent, it is nearly impossible for him to be objective. Independence is said to be the
cornerstone of the auditing profession. Because the auditor is independent, third parties
believe that his report will be unbiased, or objective. Integrity means that the auditor will give
his own honest opinion, in spite of what the consequences might be.
A member who performs auditing, review, compilation, management consulting, tax, or other
professional services shall comply with standards promulgated by bodies designated by
Council. The rule requires compliance with:
14
Statements on Auditing Standards,
Statements on Accounting and Review Services,
Statements on Standards for Attestation Engagements, and
Management Consulting Services Standards.
Notice that the above three standards of the Code (Rule 201-203) relate to the auditor’s
adherence with the requirements of technical standards.
Contingent fees are fees to be determined upon a particular result. Basing fees on the outcome
of engagements is prohibited. CPAs are forbidden to accept contingent fees in regard to
attestation services and tax return preparation.
To illustrate the need for a rule on contingent fees, suppose a CPA firm was permitted to charge
a fee of $50,000 if an unqualified opinion was provided but only $25,000 if the opinion was
qualified. Such an agreement may tempt a practitioner to issue the wrong opinion and is a
15
violation of Rule 302. It is also a violation of Rule 302 for members to prepare an original or
amended tax return or a claim for tax refunds for a contingent fee.
Because of the special need for CPAs to conduct themselves in a professional manner, the Code
has a specific rule prohibiting acts discreditable to the profession. Accordingly Rule 501 states
that a member shall not commit an act discreditable to the profession. Some examples include:
The AICPA bylaws state that membership in the AICPA can be terminated without a hearing
for judgment of conviction for any of the following four crimes:
16
A member in public practice shall not seek to obtain clients by advertising or other forms of
solicitation in a manner that is false, misleading, or deceptive. Solicitation by the use of coercion,
overreaching, or harassing conduct is prohibited.
Solicitation consists of the various means that CPA firms use to engage new clients other than
accepting new clients who approach the firm. Examples include taking prospective clients to
lunch to explain the CPA’s services, offering seminars on current tax law changes to potential
clients, and advertising in the Yellow Pages of a phone book.
Commissions are compensation paid for recommending or referring a third party’s product or
service to a client or recommending or referring a client’s product or service to a third party.
Restrictions on commissions are similar to the rules on contingent fees. CPAs are prohibited
from receiving commissions for a client who is receiving attestation services from the CPA firm.
Commissions are permissible for other clients, but they must be disclosed. Referral fees for
recommending or referring the services of another CPA are not considered commissions and are
not restricted. However, any referral fees for CPA services must also be disclosed.
Commissions for services rendered are prohibited if the firm also performs for that client:
- An audit or review of a financial statement; or
- A compilation of a financial statement when the member expects, or reasonably might
expect, that a third party will use the financial statement and the member’s compilation
report does not disclose a lack of independence; or
- An examination of prospective financial information.
17
2.3 Legal Liability of Auditors
18
Practically for auditors, this means failure to detect a misstatement that may or may not
have been discovered by the application of GAAS.
Gross negligence – lack of minimum care. Practically, this means failure to detect a
misstatement that should have been discovered by the application of GAAS.
Fraud – intentional act of deceit, designed to obtain an unjust advantage that results in
injury to another.
Constructive fraud – reckless disregard of the facts. Fraud is assumed even without proof
of intent to deceive. Constructive fraud is also termed recklessness. Recklessness in the
case of an audit is present if the auditor knew an adequate audit was not done but still issued
an opinion, even though there was no intention of deceiving statement users. Sometimes
used interchangeably with gross negligence.
Civil liability – occurs when the rights of a specific individual or group have been violated
(torts fall under the heading of civil liability).
Criminal liability – occurs when an act, considered to be a wrong against society, is
committed.
Due diligence – adherence to GAAP and GAAS in performing the audit (auditor’s defense
in court).
The auditor and the client sign a contract (called an engagement letter), which typically has the
essential elements shown below. The things written in the contract are express. Carefully note
them.
Audit Contract
Fee: 20,000 Birr
Work to be done: Audit Financial Statements and Issue Report
Date the report is to be completed: June 30, 2000
Signed: Auditor____________ Client __________
The things implied in the contract are as important to the auditor as those that are expressed. The
implied duties are somewhat open to interpretation, but we can assume that they would at least
19
include following the code of ethics. Auditing, after all, is a profession, with a code of ethics.
Therefore, it is expected that the auditor will follow the code of ethics in doing the audit, even if
it is not written anywhere in the contract.
Also, nothing is explicitly mentioned in the contract about third parties. However, it is
recognized that one very important aspect of the auditor’s work is to give an objective view of
his client’s financial statements to third parties. The auditor has an implied duty to these third
parties.
Authorized auditors and accountants have an important role in society. Investors, creditors,
employees and other sectors of the business community as well as the government and the public
20
at large rely on professional accountants for sound financial accounting and reporting, effective
financial management and competent advice on a variety of business and taxation matters. The
attitude and behavior of professional accountants in providing such services have an impact on
the economic well being of the community. Therefore, they should accept the obligation to act in
a way that will serve the public interest, honor the public trust, and demonstrate commitment to
professionalism.
Article 374 of the commercial code of Ethiopia states that the auditors shall have duties or
responsibilities:
To audit the books and securities of the company,
To verify the correctness and accuracy of the inventories, balance sheets and profit and
loss accounts,
To certify that the report of the board and directors reflects the correct state of the
company’s affairs, and
To carry out such special duties as may be assigned to them.
Also the auditors have a legal responsibility to submit to the annual general meeting a written
report to board of directors. (Commercial code of Ethiopia Art. 375)
Besides as stated in the commercial code Art. 376/1, auditors are legally responsible to inform
directors irregularities. Thus where the auditors find irregularities or breaches of legal or
statutory requirements, they shall inform the directors and, where grave irregularities or breaches
have occurred, they shall inform the general meeting (Art 376 of commercial code of Ethiopia).
On the other hand, auditors are legally liable for violation of professional responsibilities and
legal responsibilities. Supporting this, Art 380 of commercial code of Ethiopia, state that
auditors shall be civilly liable to the company and third parities for any fault in the exercise of
their duties which occasioned loss. Besides an auditor who knowingly gives, or confirms an
untrue report concerning the position of a company or fails to inform the public prosecutor of an
offence which he knows to have been committed shall be punished under Art 438 or Art 664 of
penal code as the case may be.
21
Of course, as stated in the commercial code of Ethiopia, Art 373, Auditors shall be liable to
penalties prescribed in Art 407 of the penal code for breaches of professional secrecy, i.e.
professional and legal responsibilities.
Auditors should strictly follow code of ethics in examining entity's books of accounts as well as
in reporting audited financial statements to users. Thus, failure to comply with these regulations
has legal liability to their clients and the law of the land.
The auditor is responsible for his report. He/she is not responsible for either the financial
statements or the notes to the financial statements. Those are the responsibility of the
management of the client. This is a KEY CONCEPT in the auditor's legal liability.
There are a number of things that can cause financial statements not to be fairly stated. If the
auditor does not find them and report on them, we can say that the auditor has failed. These
causes of failure can occur in three basic areas – 1) the mechanics of accounting (e.g.
arithmetic, posting, etc); 2) accounting estimates (accruals, etc); and 3) application of accounting
principles (GAAP). In each of these three areas, two types of misstatement are possible – honest
and dishonest. Honest or careless misstatements are called errors. Dishonest or intentional
misstatements are called irregularities (fraud).
The seriousness of a misstatement is determined by its size and its motivation. A large
misstatement is more serious than a small one. A misstatement motivated by intentional deceit is
more serious than one motivated by simple carelessness.
22
Table 2.1: Misstatement of Financial Statements
Type of Misstatement Example of Material Auditor Auditor In event of
that type of amount, did not discovered loss,
misstatement but is discover, but took no accused by:
relatively so is action, so is (Likely,
accused accused of: Probable,
of: Possible)
Employee mistake adding the Small Probably Ordinary Privity
depreciation Nothing Negligence
schedule
wrongly
23
investors Third
Parties,
Society
(Govt)
Many accounting and legal professionals believe that a major cause of lawsuits against CPA
firms is financial statement users’ lack of understanding of two concepts:
1. The difference between a business failure and an audit failure
2. The difference between an audit failure and audit risk
A business failure occurs when a business is unable to repay its lenders or meet the expectations
of its investors because of economic or business conditions, such as a recession, poor
management decisions, or unexpected competition in the industry.
Audit failure occurs when the auditor issues an incorrect audit opinion because it failed to
comply with the requirements of auditing standards. An example is a firm assigning unqualified
assistants to perform certain audit tasks where they failed to notice material misstatements in the
client’s records that a qualified auditor would have found.
Audit risk represents the possibility that the auditor concludes after conducting an adequate
audit that the financial statements were fairly stated when, in fact, they were materially
misstated. Audit risk is unavoidable, because auditors gather evidence only on a test basis and
because well-concealed frauds are extremely difficult to detect. An auditor may fully comply
with auditing standards and still fail to uncover a material misstatement due to fraud.
Accounting professionals tend to agree that in most cases, when an audit has failed to uncover
material misstatements and the wrong type of audit opinion is issued, it is appropriate to question
whether the auditor exercised due care in performing the audit. In cases of audit failure, the law
often allows parties who suffered losses to recover some or all of the losses caused by the audit
failure. In practice, because of the complexity of auditing, it is difficult to determine when the
24
auditor has failed to use due care. Also, legal precedent makes it difficult to determine who has
the right to expect the benefit of an audit and recover losses in the event of an audit failure.
Nevertheless, an auditor’s failure to follow due care often results in liability and, when
appropriate, damages against the CPA firm.
In order for the auditor to be liable, proof of the following items is usually necessary.
1) The auditor had a duty to do something.
2) He did not do his duty.
3) Someone relied on his work.
4) The person relying on his work suffered a loss as a result.
In the case of fraud, intent to deceive those relying on the auditor’s work should be proved in
place of # 2.
In a civil action, if the defendant (the accused) is judged to have caused injury, he/she normally
must pay damages to the plaintiff (the one who complained against him). In a criminal action, if
the defendant is found guilty, he/she would be required to “pay a debt to society,” by paying a
fine or serving time in jail, etc. Normally, actions brought against auditors fall under civil
action. That means that the auditor is accused by a person or persons as having failed that
particular individual or group.
The most common source of lawsuits against auditors is from clients. The auditor’s liability to
his client is generally civil liability, either for breach of contract or for a tort. Breach of
contract applies whether the auditor fails in the express or in the implied duties of the contract.
Breach of contract is relevant only for those with privity of contract – especially the auditor and
the client, although it can be extended to third parties. Torts for ordinary negligence are generally
relevant for those with privity of contract. Torts for gross negligence and fraud are relevant for
almost any third party who can prove harm which resulted from relying on audited financial
statements.
25
The most clear-cut type of case, of course, is the failure or breach of an express duty of the
contract. For example, if the auditor does not complete the work by the agreed time, he would
be liable to return at least a portion, if not all, of the fee.
The next level is a breach of an implied duty. If the implied duties are considered to be the code
of ethics, let us consider the second and third ethical standards. Suppose the auditor does not find
an on-going theft by one of the client’s employees. The auditor could be accused of not
exercising due care in the conduct of the audit. Or perhaps the auditor let some confidential
information about the client slip out. The auditor could then be accused of breaching his implied
responsibility to the client. In either of these cases, the client might sue to recover the fee paid,
based on the breach of contract.
Tort action is less clear-cut. A tort action involves some injury or damage to one person that
stems from another person’s negligence.
For example,
a) if a client felt he had been somehow harmed by the auditor’s negligence in failing to
discover an on-going employee theft, or in broadcasting confidential information;
b) the client might have paid a dividend out of overstated profits, and blame the auditor for
not finding the overstatement; or
c) it is even possible that the client might allege that he had been denied a loan and therefore
harmed by the auditor’s failure to deliver the audit report on the agreed on date, then he
might sue the auditor to be compensated for the harm.
The audit firm normally uses one or a combination of four defenses when there are legal claims
by clients: lack of duty to perform the service, non-negligent performance, contributory
negligence, and absence of causal connection.
Lack of Duty - The lack of duty to perform the service means that the audit firm claims that
there was no implied or expressed contract. For example, the audit firm might claim that
misstatements were not uncovered because the firm did a review service, not an audit. The audit
26
firm use of an engagement letter provides a basis to demonstrate a lack of duty to perform.
Many litigation experts believe that a well-written engagement letter significantly reduces the
likelihood of adverse legal actions.
Non-negligent Performance- For non-negligent performance in an audit, the audit firm claims
that the audit was performed in accordance with auditing standards. Even if there were
undiscovered misstatements, the auditor is not responsible if the audit was conducted properly.
The prudent person concept establishes in law that the audit firm is not expected to be infallible
(perfect). Similarly, auditing standards make it clear that an audit is subject to limitations and
cannot be relied on for complete assurance that all misstatements will be found. Requiring
auditors to discover all material misstatements would, in essence, make them insurers or
guarantors of the accuracy of the financial statements. The courts do not require that.
Example:
Suppose a client claims that an audit firm was negligent in not uncovering an employee’s
theft of cash. If the audit firm had notified the client (preferably in writing) of a
deficiency in internal control that would have prevented the theft but management did not
correct it, the audit firm would have a defense of contributory negligence.
Suppose an audit firm failed to determine that certain accounts receivable were
uncollectible and, in reviewing collectability, the auditors were lied to and given false
documents by the credit manager. In this circumstance, assuming the audit of accounts
receivable was done in accordance with auditing standards, the auditor can claim a
defense of contributory negligence.
Absence of Causal Connection- To succeed in an action against the auditor, the client must be
able to show that there is a close causal connection between the auditor’s failure to follow
auditing standards and the damages suffered by the client.
27
Example:
Assume that an auditor failed to complete an audit on the agreed-upon date. The client
alleges that this caused a bank not to renew an outstanding loan, which caused damages.
A potential auditor defense is that the bank refused to renew the loan for other reasons,
such as the weakening financial condition of the client. This defense is called an absence
of causal connection.
In addition to being sued by clients, auditors may be liable to third parties under common
law/civil law. Third parties include actual and potential stockholders, vendors, bankers and other
creditors, employees, and customers. An audit firm may be liable to third parties if a loss was
incurred by the claimant due to reliance on misleading financial statements. A typical suit occurs
when a bank is unable to collect a major loan from an insolvent customer and the bank then
claims that misleading audited financial statements were relied on in making the loan and that
the audit firm should be held responsible because it failed to perform the audit with due care.
i. Breach of Contract
Suits for breach of contract are possible by anyone who has been granted privity of contract.
These suits would be less frequent by those with implied or extended privity of contract (e.g.
third parties) than those with express privity (e.g. clients). Why? A financial statement user
other than the client would normally bring court action only if he/she felt injured in some way.
An injury, of course, would open the door for tort action, which generally receives a larger
settlement than mere breach of contract.
A tort action would generally arise if a user relies on a financial statement to make a decision,
usually for a loan or an investment. If the business which receives the loan or investment fails
and is unable to perform its obligation, and the audited financial statements are found to have a
material error, the banker or investor might consider that he had been harmed by relying on the
auditor’s opinion. He could then seek compensation through the courts to rectify the harm. If the
user was granted privity of contract by the court, he could possibly collect if the auditor were
28
simply negligent in his duties. However, if he were not given privity of contract, then he could
probably collect only if the auditor were found grossly negligent. How is gross negligence
differentiated from ordinary negligence? Practically speaking, if the financial statements contain
a significant undetected error, simple negligence is presumed. However, if the auditor failed to
apply GAAS in the conduct of the audit, and a significant error is later discovered, then gross
negligence may be presumed.
Three of the four defenses available to auditors in suits by clients are also available in third-party
lawsuits: lack of duty to perform the service, non-negligent performance, and absence of causal
connection. Contributory negligence is ordinarily not available because a third party is not in a
position to contribute to misstated financial statements.
A lack of duty defense in third-party suits contends lack of Privity of contract. The extent to
which Privity of contract is an appropriate defense and the nature of the defense depend heavily
on the approach to foreseen users in the state and the judicial jurisdiction of the case.
If the auditor is unsuccessful in using the lack of duty defense to have a case dismissed, the
preferred defense in third-party suits is non-negligent performance. If the auditor conducted the
audit in accordance with auditing standards, that eliminates the need for the other defenses.
Unfortunately, non-negligent performance can be difficult to demonstrate to a court, especially in
jury trials when laypeople with no accounting experience make up the jury.
Absence of causal connection in third-party suits often means non-reliance on the financial
statements by the user. Assume that the auditor can demonstrate that a lender relied on an
ongoing banking relationship with a customer, rather than the financial statements, in making a
loan. In that situation, auditor negligence in the conduct of the audit is not relevant. Of course, it
is difficult to prove non-reliance on the financial statements. Absence of causal connection can
be difficult to establish because users may claim reliance on the statements even when
investment or loan decisions were made without considering the company’s financial condition.
29
30