Professional Documents
Culture Documents
Carl Pacini
William Hillison
Dominic Peltier-Rivest
Dave Sinason
Ratnam Alagiah
Carl Pacini ● Department of Accounting, Finance, & Business Law, Florida Gulf Coast University,
10501 FGCU Blvd. S., Ft. Myers, FL 33965-6565; Phone: 941-590-7344. William Hillison ●
Florida State University, Tallahassee, FL 32306 . Dominic Peltier-Rivest ● Department of Ac-
countancy, Faculty of Commerce and Administration, Concordia University, 1455 de Maisonneuve
Blvd. West, Montréal, Québec, Canada H3G 1M8. Dave Sinason ● Northern Illinois University,
DeKalb, IL 60115-2854 . Ratnam Alagiah ● Griffith University–Gold Coast Campus, PMB 50
Gold Coast Mail Centre, Queensland 9726, Australia.
Journal of International Accounting, Auditing & Taxation, 9(2):185–218 ISSN: 1061-9518
Copyright © 2000 by Elsevier Science Inc. All rights of reproduction in any form reserved.
186 INTERNATIONAL ACCOUNTING, AUDITING & TAXATION, 9(2) 2000
engagement evaluation, engagement letters, loss-limit clauses, and alternative dispute reso-
lution, are presented that SysTrust providers may implement to minimize litigation risk. ©
2000 Elsevier Science Inc. All rights reserved.
INTRODUCTION
How do you define a “world class” systems failure? Ask Hershey Foods,
which missed candy deliveries worth $200 million and experienced a 19%
drop in 1999 third quarter earnings because of glitches in its new $112 million
computer system (Nelson & Ramstad, 1999). Ask Halifax, the United King-
dom’s largest mortgage bank, which had its new Internet service taken off line
for a week to repair flaws in a system upgrade that had allowed customers to
access other customers’ accounts (Woodyard & Hansen, 1999). And ask Royal
Doulton, which lost £12 million in sales and experienced a 45% decrease in
share price when its newly installed software failed to deliver promised results
(Hickley, 1999).
Each of these entities would be able to provide a vivid picture of a world-
class systems failure. However, corporations have not been the only victims of
these types of events. For example, the Legal Services Board of New Zealand,
which processes claims for legal aid, ceased legal-aid payments to lawyers for
weeks because of a computer system failure (Yvonne, 1999). As another example,
the crash of a computer-betting system for interstate horse racing in Australia
resulted in the loss of hundreds of thousands of dollars (Eddy, 1999).
Information technology has spread to many areas affecting entities, differ-
entiates one entity from another, and requires increasing amounts of capital. As
business and government dependence on information technology increases, tol-
erance for system failure decreases. Users demand systems that are secure,
available when needed, and able to produce accurate information on a consistent
basis. An unreliable or ineffective system can cause a chain of events that
negatively affect a company and its customers, suppliers, shareholders, and
business partners as well as a government agency and its constituents (Ayers,
Frownfelter-Lohrke, & Hunton, 1999).
In response to concerns about unreliable systems, the American Institute
of Certified Public Accountants (AICPA) and the Canadian Institute of Char-
tered Accountants (CICA) recently launched a new assurance service called
SysTrust. It is expected that professional organizations in other nations will
eventually adopt SysTrust given the importance of information systems in
business and the willingness of accountants in Canada, Australia, New Zea-
land and the United Kingdom to provide the service to clients (Primoff,
1998).1 The objective of a SysTrust engagement is for the practitioner to issue
At the Interface of the Electronic Frontier and the Law 187
NATURE OF SYSTRUST
monwealth nations) and the U.S. In the four Commonwealth nations, the issue of
which third parties are owed a duty of care by an accountant or assurance provider
is decided at the national level. In other words, the highest national court (e.g.,
Supreme Court of Canada) has the authority and power to make a decision
binding on all courts in the country. In the U.S., the duty of care issue is decided
individually by state courts (Brecht, 1989) or state legislatures (in the form of
accountant liability statutes) (Pacini, Hillison, & Sinason, 2000). Thus, the U.S.
has 50 different jurisdictions that apply different judicial reasoning which results
in numerous rules of law that exist across the states (Pacini & Sinason, 1998).
Finally, the four Commonwealth nations often rely on cases decided in other
Commonwealth courts (Fleming, 1998). For example, a decision by the House of
Lords (the highest court of law in the UK) is, at a minimum, influential in a
Canadian, Australian, or New Zealand court (Godsell, 1991). American decisions
are cited occasionally by Commonwealth courts. Also, Commonwealth decisions
are cited occasionally by American courts but usually do not have as much
precedential value as another American court.
Currently, no legal case has yet been reported in the United States, Canada,
Australia, New Zealand, or the United Kingdom that addresses directly the
liability of accountants to third parties for negligent information system assurance
services. Each of these five nations has a case or cases that could affect accountant
liability to third parties for negligent performance of the SysTrust assurance
At the Interface of the Electronic Frontier and the Law 191
service. The focus here is on the legal environments of the United States and
Canada for three reasons:
1. The SysTrust assurance service was developed and launched by the CICA
and AICPA.
2. Almost two-thirds of Internet users are located in North America (Bour-
nellis, 1995).
3. The United States and Canada are the world’s largest trading partners
(Ivankovich, 1994).
United States
Privity Rule
The strict privity rule is the most restrictive standard. Privity requires a direct
connection or contractual relationship to exist between an accountant and a third
party for the latter to be able to sue the SysTrust practitioner. Strict privity was
first established as a legal standard in 1919 in Landell v. Lybrand.6 Today, strict
privity is the law in only Pennsylvania and Virginia.
Certainly, a nonclient would have no legal right to sue a SysTrust provider
under a strict privity rule due to a lack of a direct connection or contractual
relationship. In a strict privity state, only the client has a legal right to sue a
SysTrust provider under a negligence theory.
Near-privity Standard
The near-privity standard was first applied to define the scope of an accoun-
tant’s duty to nonclients for negligence in Ultramares Corp v. Touche.7 In that
192
INTERNATIONAL ACCOUNTING, AUDITING & TAXATION, 9(2)
FIGURE 1. Liability continuum for those states and Commonwealth countries which have direct rulings or applicable statues on accountant
2000
case, the New York Court of Appeals denied plaintiff Ultramares’ negligence
claim but fashioned an exception to strict privity that has become known as the
primary benefit rule. To prevail, the suing party must be an intended third-party
beneficiary of the contract between the accountant and the client. The court
decided that although the auditor (Touche Niven & Co.) knew that the audited
balance sheet would be shown to various unidentified creditors and stockholders,
Touche had not been hired by its client (Fred Stern and Co.) with the knowledge
that Ultramares (the plaintiff) was an intended third-party beneficiary of Touche’s
work. Even though the plaintiff failed to prevail as a third-party beneficiary, the
theory was established. Overly rigorous interpretations of Ultramares during the
years have resulted in the case incorrectly symbolizing a privity requirement for
a nonclient to recover (Gormley, 1984; Daley & Gibson, 1994).
In 1985, the New York Court of Appeals clarified the Ultramares rule in
Credit Alliance v. Arthur Andersen & Co.8 The court set forth a legal test
containing three elements that must be satisfied for a third party to be within the
scope of an accountant’s duty for negligent accounting or assurance services: (1)
the accountant must have known that his or her work product was to be used for
a particular purpose; (2) a known party or parties were intended to be able to rely
on the accountant’s work product; and (3) there must have been some conduct
linking the accountant to the relying party. As presented in Figure 1 and Table 1,
a near-privity approach is followed by 12 states; eight by statute9 and four by
court decision.10
In general, a near-privity standard, statutory or otherwise, requires the
accountant to know that a specific person or persons intend to rely on the work
product with regard to a specific transaction. In a SysTrust engagement, both of
these conditions could be met in the cases of EDI partners and Extranet users. It
is a question of fact whether the SysTrust practitioner will know the identity of a
specific third party, such as a customer, supplier, or creditor at the time the service
is rendered. Also, it is situation specific whether a SysTrust provider would be
aware of the particular purpose (or transaction) for which the SysTrust report
would be used. Thus, unless the SysTrust provider was aware of the specific
third-party’s identity and that party’s reliance on a SysTrust report for a specific
transaction, liability exposure would likely be confined to a small group of
nonclients.
TABLE 1
Legal Standards for Accountant Liability to Third Parties for Negligence
Nation/State Statute or Case Name Legal Standard
Australia Esanda Finance Corp. Both foreseeability of harm and proximity are necessary
Ltd. v. Peat Marwick for a duty to a third party to arise. A duty of care is
Hungerfords (1997) difficult to establish unless the accountant intends to
71 A. L. J. R. 448. induce reliance on the work product by a nonclient.
Other factors, in addition to the intent to induce
reliance, may establish proximity. The High Court
outlined numerous policy factors to consider.
Canada Hercules The Supreme Court of Canada adopted the two-prong
Managements Ltd. v. Anns/Kamloops test for all types of negligent
Ernst & Young [1997] misstatement cases involving economic loss. The first
2 S. C. R. 165. prong requires: 1) that the accountant should reasonably
foresee that a third party will rely on the accountant’s
work product; and 2) that the nonclient’s reliance is
reasonable. The second part considers policy factors
that limit or negate any duty established.
New Boyd Knight v. Accountants owe no duty to present or future creditors
Zealand Purdue [1999] 2 who may be contemplating investing in a firm’s debt or
N.Z.L.R. 276. equity securities. Accountants owe a duty only to a
third person to whom they themselves show the
accounts, or to whom they know their client is going to
show the accounts. Any duty aplies only to those
transactions for which the auditors know their accounts
were required. A suing party must prove actual, specific
reliance on the auditor’s work product.
United Caparo Industries The House of Lords held that an auditor of a public
Kingdom PLC v. Dickman company, in the absence of special circumstances, owes
[1990] AC 605. no duty of care to an outside investor or an existing
shareholder who buys stock in reliance on a statutory
audit. The court fashioned a three-prong test for a duty
of care to arise: 1) foreseeability; 2) proximity; and 3) it
must be just and reasonable on a policy basis to impose
a duty. Accountant liability for negligent misstatements
is confined to cases in which it can be established that
the accountant knew his or her work would be
communicated to a nonclient, either as a member of a
limited class or individually, and the third party relied
on the work product in connection with a particular
transaction.
Arkansas Ark. Code Ann. §16- Statutory near privity rule that shields the accountant
114-302 (Michie from liability except to those third parties identified in
1998). writing by the accountant.
California Bily v. Arthur Young Restatement §552. The accountant must know, with
& Co., 834 P. 2d 745 substantial certainty, that the third party or the class to
(Cal. 1992) which the nonclient belongs will rely on the
accountant’s work product.
At the Interface of the Electronic Frontier and the Law 195
TABLE 1
(Continued)
Nation/State Statute or Case Name Legal Standard
Colorado Marquest Medical Restatement §552.
Products v. Daniel,
McKee, & Co., 791 P.
2d 14 (Colo. App.
1990).
Connecticut Near privity standard No appellate court decision has been reported. State
and Restatement §552. trial courts have split on the appropriate legal standard.
Delaware N/A No direct state court ruling or accountant liability
statute.
Florida First Florida Bank v. Restatement §552.
Max Mitchell & Co.,
558 So. 2d 9 (Fla.
1990).
Georgia Badische Corp. v. Restatement §552.
Caylor, 356 S. E. 2d
198 (Ga. 1987)
Hawaii Kohala Agriculture v. Restatement §552.
Deloitte & Touche,
949 P. 2d 141 (Haw.
Ct. App. 1997).
Idaho Idaho Bank & Trust Near privity standard (Credit Alliance rule).
Co. v. First Bancorp,
772 P. 2d 720 (Idaho
1989).
Illinois 225 ILL. COMP. Statutory near privity rule. Identical to the Arkansas
STAT. 450/30.1 statute but a court has held that a nonclient may state a
(1998). valid claim under the statute without a writing. If no
writing from the accountant exists, the nonclient must
prove the client’s intent and the accountant’s knowledge
of that intent.
Indiana N/A No direct state court ruling or accountant liability
statute.
Iowa Ryan v. Kanne, 170 Restatement §552.
N. W. 2d 395 (Iowa
1969); Eldred v.
McGladrey,
Hendrickson &
Pullen, 468 N. W. 2d
218 (Iowa 1991).
Kansas KAN. STAT. ANN. Statutory near privity rule.
§1-402 (1998).
Kentucky N/A No direct state court ruling or accountant liability
statute.
Louisiana La. Rev. Stat. Ann. Statutory near privity standard.
§37.91 (West 1999).
196 INTERNATIONAL ACCOUNTING, AUDITING & TAXATION, 9(2) 2000
TABLE 1
(Continued)
Nation/State Statute or Case Name Legal Standard
Maine N/A No direct state court ruling or accountant liability
statute.
Maryland N/A No direct state or court ruling or accountant liability
statute.
Massachusetts Nycal Corp. v. KPMG Restatement §552.
Peat Marwick, 688
N. E. 2d 1368
(Mass. 1998)
Michigan MICH. COMP. Statutory near privity law.
LAWS §600.2962
(1998).
Minnesota Bonhiver v. Graff, 248 Expansive version of Restatement §552.
N. W. 2d 291
(Minn. 1976).
Mississippi Touche Ross v. Reasonable foreseeability rule.
Commercial Union
Insurance Co., 514
So. 2d 315 (Miss.
1987).
Missouri MidAmerican Bank & Restatement §552.
Trust Co. v.
Harrison, 851 S. W.
2d 563 (Mo. App.
1993)
Montana Thayer v. Hicks, 793 Near privity rule.
P. 2d 784 (Mont.
1990).
Nebraska Citizens National Near privity rule.
Bank of Wisner v.
Kennedy & Coe,
441 N. W. 2d 180
(Neb. 1989).
Nevada N/A No direct state court ruling or accountant liability
statute.
New Spherex, Inc. v. Restatement §552.
Hampshire Alexander Grant &
Co., 451 A. 2d
1308 (N. H. 1982);
Demetracopoulos v.
Wilson, 640 A. 2d
279 (N. H. 1994).
New Jersey N. J. STAT. ANN. Statutory near privity rule that is quite similar to the
§2A:53A–25 (West Credit Alliance standard.
1998).
New N/A No direct state court ruling or accountant liability
Mexico statute.
At the Interface of the Electronic Frontier and the Law 197
TABLE 1
(Continued)
Nation/State Statute or Case Name Legal Standard
New York Credit Alliance v. Near privity rule.
Arthur Andersen &
Co., 483 N. E. 2d 110
(N. Y. 1985).
North Raritan River Steel v. Restatement §552.
Carolina Cherry et al., 367 S.
E. 2d 609 (N. C.
1988)
North N/A No direct state court ruling or accountant liability
Dakota statute.
Ohio Haddon View Restatement §552.
Investment Co. v.
Coopers & Lybrand,
436 N. E. 2d 212
(Ohio 1982).
Oklahoma N/A No direct state court ruling or accountant liability
statute.
Oregon N/A No direct state court ruling or accountant liability
statute.
Pennsylvania Landell v. Lybrand, Privity rule.
107 A. 783 (Pa.
1919); Raymond
Rosen & Co. v.
Seidman & Seidman,
579 A. 2d 424 (Pa.
Super. Ct. 1990).
Rhode N/A No direct state court ruling or accountant liability
Island statute.
South M-L Lee Acquisition Restatement §552.
Carolina Fund v. Deloitte &
Touche, 463 S. E. 2d
618 (S.C. Ct. App.
1995), aff’d 489 S. E.
2d 470 (S. C. 1997).
South N/A No direct state court ruling or accountant liability
Dakota statute.
Tennessee Bethlehem Steel Corp. Restatement §552.
v. Ernst & Whinney,
822 S. W. 2d 592
(Tenn. 1991).
Texas Blue Bell, Inc. v. Peat, Expansive version of Restatement §552.
Marwick, Mitchell &
Co., 715 S. W. 2d 408
(Tex. App. 1986).
Utah UTAH CODE ANN. Statutory near privity rule.
§58-26-12 (1998).
198 INTERNATIONAL ACCOUNTING, AUDITING & TAXATION, 9(2) 2000
TABLE 1
(Continued)
Nation/State Statute or Case Name Legal Standard
Vermont N/A No direct state court ruling or accountant liability
statute.
Virginia Ward v. Ernst & Privity rule.
Young, 435 S. E. 2d
628 (Va. 1993)
Washington Haberman v. Public Restatement §552.
Power Supply System,
744 P. 2d 1032
(Wash. 1987).
West First National Bank of Restatement §552.
Virginia Bluefield v. Crawford,
386 S. E. 2d 310 (W.
Va. 1989).
Wisconsin Citizens State Bank v. Reasonable foreseeability rule.
Timm, Schmidt &
Co., 335 N. W. 2d
361 (Wisc. 1983).
Wyoming WYO. STAT. ANN. Statutory near privity standard.
§33-3-201 (1998).
intends the information to benefit if (1) that person justifiably relies on the
information in a transaction that the accountant or client intends the information
to influence; and (2) such reliance results in a pecuniary loss for the person (Daley
& Gibson, 1994). No liability exists, however, to parties whom the accountant had
no reason to believe the information would be made available, or when the client’s
transaction, as represented to the accountant, changes so as to materially increase
audit risk.
The major difference between the primary benefit or Ultramares rule and the
Restatement standard is that the latter does not require the identity of specific
parties be known to the accountant, only that they be members of a limited group
known to the accountant (Gossman, 1988). The Restatement standard enlarges the
class of persons to whom the accountant owes a duty to intended identifiable
beneficiaries and to any unidentified members of the intended class of beneficia-
ries.
SysTrust practitioners should note that Minnesota and Texas have adopted
expansive versions of the Restatement standard. This means that appellate courts
in those states have applied the legal standard in such a broad fashion that the class
of third parties to whom an accountant owes a duty is almost as wide as the
reasonably foreseeable users’ rule (discussion follows) (Pacini & Sinason, 1998).
In general, the Restatement standard indicates that an accountant owes a duty
to any person or one of a limited group of persons who justifiably relies on
information in a transaction that the accountant or client intends the information
At the Interface of the Electronic Frontier and the Law 199
to influence. Although a SysTrust provider need not know the exact identity of a
SysTrust third-party user, a duty is owed only to those persons, or the limited class
of persons, whom the SysTrust provider is actually aware of will rely on the
SysTrust report. This could include all EDI partners that the client had identified
and, possibly, many Extranet users disclosed to the provider by the client. Thus,
the SysTrust provider could be liable to intended identifiable beneficiaries, but not
an unknown, large group of unidentified users of the SysTrust report.13 Moreover,
the SysTrust provider must actually be aware of the transaction or purpose for
which the SysTrust report will be used. The suing party must also justifiably rely
on the SysTrust report to be owed a duty by the provider. In Texas and Minnesota,
however, a SysTrust provider could owe a duty to a larger class of third parties
than in other Restatement jurisdictions.
In sum, more third parties have the legal right to sue the SysTrust provider
under the Restatement standard than the near-privity standard. However, potential
liability is circumscribed because the Restatement rule provides the SysTrust
practitioner with sufficient knowledge of which third parties will rely on the
SysTrust report to allow the practitioner to obtain liability insurance, set higher
fees, or adopt other protective measures.
Canada
The most significant case that could govern the negligence liability of
SysTrust providers to third parties is Hercules Managements Ltd. v. Ernst &
Young decided in 1997.15 Before this landmark decision, the law relating to
accountant liability for negligence had remained static since the Haig v. Bam-
ford16 decision in 1977 (Deturbide, 1998). Plaintiffs in Hercules were sharehold-
ers in Northguard Acceptance Ltd. (NGA) and Northguard Holdings Ltd. (NHL),
companies engaged in commercial and real estate lending. Ernst & Young (E&Y)
was originally hired by the Northguard firms to render annual financial statement
audits. In 1984, both Northguard companies went into receivership. In 1988, a
number of shareholders in the Northguard firms brought suit against E&Y
contending that the 1980 –1982 audit reports, on which they relied, were prepared
negligently.
The Supreme Court of Canada, in a unanimous decision, dismissed the
negligence claim. The court reached its finding by application of the two-pronged
Anns/Kamloops test.17 The first part of the test examines proximity, in which it is
decided whether the wrongdoer’s carelessness might reasonably cause damage to
the person harmed. If this question is answered affirmatively, part two of the test
analyzes policy considerations that could curtail or eliminate any duty of care
owed by the accountant to the plaintiff (Deturbide, 1998).
Significantly, the court endorsed the use of the Anns/Kamloops test for all
types of negligent misrepresentation actions regardless of the type of economic
loss or the nature of the defendant.18 The court rejected the proposition that
accountants should be subjected to a broader range of liability than other profes-
sionals (Rafferty, 1998). The unanimous opinion emphasized the need for some
control device, using the second prong of the Anns/Kamloops test, to combat the
danger of indeterminate liability for accountants and others (Rafferty, 1998).
With regard to the first prong of the test, CAs and CPAs should note that the
term “proximity” means that the assurance provider has an obligation to be
mindful of the SysTrust report user’s “legitimate interests.” Proximity can be said
to exist when the SysTrust provider:
1. Should reasonably foresee that a third party will rely on the SysTrust
report: and
2. Reliance by the third party is reasonable
The court noted, however, that even if the accountant knows that the third party
is relying on information supplied by the accountant, no duty of care will arise
unless it is reasonable for the nonclient to rely on the accountant under the
circumstances. In most instances involving SysTrust engagements, the CA would
probably be deemed to owe a duty to nonclients under the proximity test because
they are foreseeable.19
At the Interface of the Electronic Frontier and the Law 201
Australia
Australia also has no reported case that addresses directly the liability of a
CA to third parties for performing negligent information system assurance ser-
vices. However, in 1997, the High Court of Australia issued a ruling in Esanda
Finance Corp. Ltd. v. Peat Marwick Hungerfords22 that could have a bearing on
the negligence liability of SysTrust assurance providers to third parties. Esanda
Finance provided financing to Excel Finance Corp. and a number of its subsid-
iaries. Excel guaranteed all debt financing provided by Esanda. When Excel went
into bankruptcy, Esanda filed suit against Peat Marwick claiming losses as a result
of a negligent audit.
202 INTERNATIONAL ACCOUNTING, AUDITING & TAXATION, 9(2) 2000
In summary, the Esanda ruling gives some cause to expect that the trend in
Australian law will be toward contraction rather than expansion of the scope of
the negligence liability of assurance providers (Swanton & McDonald, 1997).
However, as in Canada, EDI and Extranet users might be considered a limited
class of user who relies on a SysTrust report for a known specific purpose or
transaction. Thus, assurance providers need to be aware of potential litigation risk
and adopt strategies to minimize that risk.
New Zealand
United Kingdom
a third party or known, limited, third-party class who suffered actual damage from
relying on such reports.
If applied to a SysTrust provider, the Caparo approach would limit any
potential negligence liability to third parties. An unknown user of a SysTrust
report would be outside the scope of an assurance provider’s duty of care because
the purpose of SysTrust is to increase the comfort of management and third-party
users with an entity’s information system(s). A SysTrust provider would have to
be aware of the actual reliance on a SysTrust report by a member of a known,
fixed, and definite class of third-party users for a specific purpose for a duty of
care to arise. It is possible that the Caparo standard can be satisfied in certain EDI,
Extranet, or Internet situations. Thus, assurance providers need to adopt litigation
risk minimization strategies at the onset of systems reliability assurance engage-
ments.
blurred and lack uniformity (Ebke, 1984). Foreign courts have significant leeway
in deciding which body of law to apply to an American or Canadian accounting
firm. Being subjected to the application of another country’s laws in that nation’s
courts, however, may not pose as much risk to a U.S., Canadian, Australian, New
Zealand, or U.K. accounting firm as it would to a firm subjected to American law
in an American court (Miller & Young, 1997).
Various procedural aspects of foreign law may make a foreign court more
hospitable to a SysTrust provider than an American court. First, as a general rule,
except in Canada, class action lawsuits may not be filed under the laws of most
other nations (Ebke, 1984). This is a significant procedural deterrent to the filing
of a claim against a SysTrust provider by a group of aggrieved third parties
composed of suppliers, customers, trading partners, and/or other third parties.
Contingent fees (i.e., fees dependent on a particular outcome) are not permitted in
most countries outside of the U.S. and Canada (Silva, 1993). The absence of
contingent fees means that one who files a legal claim against a SysTrust provider
must pay his or her lawyer out-of-pocket as the case progresses (regardless of
outcome). Third, many countries, as in Canada and the UK, follow the “English
rule” with regard to the payment of legal fees (Hill, Metzger, & Schatzberg,
1993). Under this rule, the loser must pay the winner’s legal fees. Such a rule is
a disincentive to the filing of frivolous lawsuits. Also, accountant liability lawsuits
outside the U.S. do not offer the prospect of large jury awards because most
foreign jurisdictions do not permit jury trials or punitive damage awards (Smit,
1996; Ebke, 1984). In Canada, punitive damage awards are possible, although no
such cases were found involving accountants as defendants.
Even if a business or other entity or consumer obtains a judgment in a foreign
court against an American or Canadian SysTrust provider, however, the judgment
often must be enforced in an American or Canadian court. Such enforcement is
necessary if a foreign business, other entity or consumer seeks to levy on assets
in the U.S. or Canada owned by the SysTrust provider. Foreign judgments are
usually enforced in American or Canadian courts (Potter, 1997; Ivankovich,
1994), but an additional court proceeding increases the burden on a foreign
business suing in a foreign jurisdiction.
1. Identifying the risks—Who are the parties that can bring suit? What are
the legal grounds for bringing suit?
2. Evaluating the risks—What are the costs and benefits to be derived? and
3. Quantifying the risks—What is the likelihood of loss and what are the
dollar ranges of loss?
If, after evaluating all service offerings, the accounting firm decides the potential
litigation risk posed by the SysTrust service is acceptable, then client acceptance/
rejection decisions must be made.
The importance of the decision to accept a SysTrust client or continue to
offer the service to an existing client is reflected in the inclusion of acceptance and
continuance of clients as one of the five quality control elements for U.S. CPA
firms (AICPA, 1997). The steps involved in the SysTrust engagement evaluation
process include:
Many American and Canadian accounting firms enter into written engage-
ment agreements with audit clients. A firm should make a comparable arrange-
ment with a SysTrust client. Some of the more important provisions that should
be considered in a SysTrust engagement letter include:
specify that the client will indemnify the SysTrust provider against claims by third
parties. In short, such a clause or provision attempts to limit the amount for which
a CPA can be sued. (However, gross negligence and intentional misrepresentation
by the SysTrust provider nullify such agreements).
Currently, an AICPA ethics interpretation allows a practitioner to add loss-
limiting clauses to engagement letters to cover situations in which a loss arises
from an intentional misrepresentation by the client (AICPA, 1999c). However,
AICPA guidelines are silent on whether a loss-limiting clause impairs a CPA’s
independence in an audit engagement. The SEC, however, considers a loss-
limiting clause as an impairment to independence (AICPA, 1998). Moreover, the
legal effect of such clauses may vary by country. In sum, loss-limiting clauses
present the SysTrust provider with a means to control litigation risk, but their use,
at best, is quite restricted. CPAs/CAs offering SysTrust services should consult
legal counsel before using a loss-limiting clause or hold-harmless provision in an
engagement agreement.
Another option is to consider including an alternative dispute resolution
(ADR) provision in the engagement letter. ADR refers primarily to arbitration
(in which the decision of an arbitrator is binding) and mediation (in which a
mediator assists in reaching a settlement). The courts and legislatures of
leading countries have enunciated strong public policy favoring the resolution
of international commercial disputes by arbitration (Marinelli, 1998). How-
ever, ADR is aimed at disputes with clients, not third parties. Primary benefits
of ADR are avoidance of uncertainties (for example, deciding in which venue
a dispute will be heard), and reduction of delays and the expense of the
judicial system. A disadvantage of ADR is that its low cost may encourage
grievances by clients who would not otherwise commence litigation. Accoun-
tants should check their insurance because some insurance policies limit use
of ADR. ADR does have its limitations, so the SysTrust provider should
consult legal counsel before using an ADR clause.
CONCLUSION
NOTES
1. There are differences between the CPA/CA SysTrust service and the CPA/CA WebTrust.
These differences relate to both the nature of the systems being addressed and the nature of
the assurance being provided. WebTrust focuses only on Internet-based systems; SysTrust
applies to numerous types of systems (Boritz, Mackler, & McPhie, 1999). CPA/CA WebTrust
is designed to instill confidence in consumers and entities that conduct business over the
Internet. Increased consumer trust and confidence in e-commerce is to be achieved by CPAs
and CAs evaluating and monitoring business website practices, procedures, and controls.
SysTrust, on the other hand, focuses specifically on the reliability of systems themselves
(Boritz, Mackler, & McPhie, 1999).
2. In the U.S., in 1993, the Big 6 (now Big 5) accounting firms’ expenditures for settling and
defending lawsuits were $1.1 billion or 11.9% of domestic auditing and accounting revenue
(Dalton, Hill, & Ramsay, 1994). In 1994, the Big 6 firms claimed that a tidal wave of liability
lawsuits threatened their existence (Marino & Marino, 1994). Large settlements have contin-
ued in the U.S. including a $125 million payment by Price Waterhouse Coopers and Ernst &
Young stemming from the collapse of the Bank of Credit and Commerce International (Trapp,
210 INTERNATIONAL ACCOUNTING, AUDITING & TAXATION, 9(2) 2000
1999) and a $335 million payment by Ernst & Young to shareholders of CUC International
over the audit of that firm (Peel, 1999). In the United Kingdom, the Big 6 accounting firms
faced 627 outstanding legal cases claiming damages of £20 billion by mid-1994 (Beckett,
1994). The largest firms in the U.K. are paying as much as 8% of their auditing and accounting
fee income on professional liability insurance (Napier, 1998). UK accountants are concerned
that they could be heading toward an environment as litigious as the U.S. (Peel, 1999). By
1994, at least $1.3 billion (Canadian) of unresolved claims were pending against Canadian
accountants (Jeffrey, 1994). In Australia, accountants have faced an unprecedented litigation
problem (Cooper & Barkoczy, 1994). It is estimated that the total amount of negligence claims
that have been brought against Australian accountants accumulated to approximately A$8
billion (Miller, 1999). In New Zealand, a significant number of accounting firms have faced
litigation and the cost of defending such lawsuits has been recognized as a major business
problem (Lepper, 1992; Porter, 1993).
3. The degree to which accounting rules are legislated can affect the nature of an accounting
system. In code law countries, laws stipulate minimum requirements, and accounting rules
tend to be highly prescriptive and procedural. In common law countries, laws establish limits
beyond which it is illegal to venture, and within those limits experimentation is encouraged
(Meek & Saudagaran, 1990).
4. SysTrust services are performed in the United States under the AICPA’s Statement on
Standards for Attestation Engagements No. 1 (AT §100)(AICPA 1999a). In Canada, SysTrust
services are conducted under the CICA’s Standards for Assurance Engagements (§5025)
(CICA, 1999). Moreover, in the U.S. quality control standards apply to SysTrust engage-
ments. Quality control standards assure that attestation standards are applied to covered
engagements. Statement on Quality Control Standards No. 2, “System of Quality Control for
a CPA Firm’s Accounting and Auditing Practice,” requires that a firm have a comprehensive
and suitably designed quality control system, encompassing the firm’s organization structure,
internal policies, and procedures. The four Commonwealth nations also have quality standards
that apply to SysTrust services.
5. One prime example of such a situation occurred in Performance Motorcars v. Peat Marwick,
643 A.2d 39 (N. J. Super., 1994). Performance Motorcars, Inc., a New York business, sued
Peat Marwick in a New Jersey court, alleging that it suffered losses after one of its customers,
Coated Sales, Inc., went bankrupt. Performance conceded that if New York law applied, it
would not be able to sue Peat Marwick. Ultimately, an appeals court held that New Jersey law
applied giving Performance a legal right to sue under New Jersey law applicable at the time
of the suit. In 1995, the New Jersey legislature passed a statute that changed state law to a
stricter standard (i.e., near privity) than the one applied in Performance Motorcars (i.e.,
reasonable foreseeability rule) for determining the scope of an accountant’s duty to nonclients.
6. 107 A. 783 (Pa. 1919)
7. 174 N. E. 441 (N.Y. 1931)
8. 483 N. E. 2d 110 (N.Y. 1985)
9. The eight states include Arkansas, Illinois, Kansas, Louisiana, Michigan, New Jersey, Utah,
and Wyoming.
10. The four states are Idaho, Montana, Nebraska, and New York
11. 284 F. Supp. 85 (D. R. I. 1968)
12. Restatements of the Law are a product of attorneys working under the aegis of the American
Law Institute. Restatements are not binding authority on courts but represent a synthesis of
common law rules.
13. Badische Corp. v. Caylor, 356 S. E. 2d 198 (Ga. 1987)
14. 461 A. 2d 138 (N. J. 1983)
15. [1997] 2 S. C. R. 165
16. [1977] 1 S. C. R. 466
At the Interface of the Electronic Frontier and the Law 211
17. Anns v. Merton London Borough Council, [1978] A. C. 728; Kamloops v. (City of) Nielson,
[1984] 2 S. C. R. 2.
18. The two-stage approach has been applied by the Supreme Court of Canada in the context
of various types of negligence actions, including cases involving claims for different
forms of economic loss. It was endorsed implicitly in the context of an action for
negligent misrepresentation in Edgeworth Construction Ltd. v. N. D. Lea & Associates
Ltd. [1993] 3 S. C. R. 206.
19. Some Canadian legal commentators urge that foreseeability of harm cannot be the sole
determinant of liability. The predication of liability upon pure foreseeability of economic
harm is incompatible with a competitive economic system. A free market system treats many
types of losses as legitimate and even beneficial; the economically inefficient deserve to incur
certain losses. Once foreseeability of harm is established, to answer the duty question in any
given situation really involves an inquiry into two broad areas. First, does it make economic
sense to shift this type of loss? Second, what do community expectations have to say about
whether the plaintiff is reasonably entitled to rely on the accountant or other defendant to
protect him or her from harm in the particular situation? Such questions are unavoidable and
are matters of policy (Cherniak & Stevens, 1992). This argument points out the overriding
importance of the second prong of the Anns/Kamloops test.
20. The quoted language is from Justice Cardozo’s famous opinion in Ultramares v. Touche, 174
N. E. 441 (N.Y. 1931). The Supreme Court of Canada cited Ultramares with approval.
21. The “limited class of users test” requires the accountant to have actual knowledge of the
limited class of users who will use and rely on the accountant’s work product. The Supreme
Court of Canada first applied an expanded version of the test to accountant liability in Haig
v. Bamford [1977] 1 S. C. R. 466. One of the most important considerations in application of
the limited class of users test is the nature of the intended transaction(s) that are the subject
of the accountant’s work product (Ish, 1977). It is one thing, in a relatively simple situation,
to identify a small and discreet group of individuals who are or can be identified as relying
directly on the judgments of professionals (e.g., a SysTrust provider) with whom they have no
direct contractual or fiduciary relationship. It is another question altogether, in more complex
cases, to contemplate the dimensions of the liability for negligence that may arise where it is
known that the opinions of an accountant or other professionals are to be widely disseminated
and relied on by a broad class of persons (Brown, 1977).
22. (1997) 71 A. L. J. R. 448
23. One Australian legal commentator has argued that it will be seldom, if ever, that an accountant
will perform services intending to induce third parties to rely on them or have any reason for
wanting third parties to so rely (Davies, 1991).
24. Certain factors may be identified by the fact that the High Court stressed their absence from
pleadings in the case. These factors are: (1) The maker of a statement may possess skill and
competence in the area that is the subject of communication; (2) The maker of a statement has
an interest in the recipient of the statement acting in a certain way; or (3) The provider of
information may warrant the correctness of the information supplied to a third party (Swanton
& McDonald, 1997).
25. [1999] 2 N. Z. L. R. 276
26. [1990] 2 A. C. 605
27. The three conditions that must be met to satisfy the proximity element make the Caparo test
quite similar to the U.S. Restatement standard. The one aspect of the Caparo test not formally
outlined in the Restatement standard is imposing liability from a policy standpoint on a “just
and reasonable” basis. Ironically, U.S. courts often engage in open policy discussions when
addressing the scope of an accountant’s duty to third parties for negligence.
212 INTERNATIONAL ACCOUNTING, AUDITING & TAXATION, 9(2) 2000
The entity utilizes procedures, people, ● System availability features are regularly tested and
software, data, and infrastructure to variances are recorded.
achieve system availability objectives ● A risk assessment is prepared and reviewed on a
in accordance with established regular basis and considers fire, flood, dust,
policies and procedures. excessive heat, humidity, and labor problems.
● Vendors warranty specifications are complied with
and tested.
● Disaster recovery and contingency plans are
documented and tested.
● Backup data processing capability is available. Data
and software are regularly backed up offsite.
● Physical and logical security controls exist to reduce
unauthorized actions by users.
● Competent personnel responsible for availability
have relevant experience and receive training.
The entity monitors the system and ● The internal audit function includes system
takes action to achieve compliance availability reviews in its annual audit plan.
with system availability objectives, ● Problem logs are reviewed and trends are analyzed
policies, and standards. to identify impact on system availability.
● Procedures exist for the documentation, resolution,
and review of problems.
● System component changes are assessed for impact on
system availability, objectives, policies, and standards.
Security Illustrative Controls
The system security requirements of ● Objectives, policies, and standards exist that support
authorized users, and system security the implementation, operation, and maintenance of
objectives, policies, and standards are security measures.
identified, documented, and ● Security levels are defined for each of the data
communicated to users. classifications identified above the level of “no
protection required.”
● A risk assessment approach has been established that
focuses on an examination of elements of risk such
as threats, vulnerabilities, safeguards and consequences.
At the Interface of the Electronic Frontier and the Law 213
Appendix A. Continued
Security Illustrative Controls
● A security awareness program communicates the
information technology security policy to each user.
Responsibility and accountability for ● Responsibility for the logical and physical security
system security have been assigned. of the entity’s information assets is assigned to
appropriate individuals.
The entity utilizes procedures, people, ● The access control and operating system facilities
software, data and infrastructure to have been appropriately installed, including
achieve system security objectives in implementation of parameters to restrict access in
accordance with established policies accordance with policies.
and standards. ● The operators, users, and custodians of system
components implement and comply with procedures
and controls that meet security objectives, policies,
and standards.
There are procedures to identify and ● All paths that allow access to significant information
authenticate all users authorized to resources are controlled by the access control system
access the system. facilities.
● Unique user IDs are assigned to individual users.
Passwords are used to validate IDs.
● Data owners are responsible for authorizing access to
data and systems, and proper segregation of duties is
considered in granting authorization.
● Access to utility programs that can read, add,
change, or delete data or programs is restricted to
authorized individuals.
There are procedures to restrict access ● Processing outputs and off-line storage media are
to computer processing output and files stored in an area that reflects information classification.
on off-line storage to authorized users.
There are procedures to protect ● If connection to the Internet or other public networks
external access points against exist, adequate firewalls or other procedures are
unauthorized logical access. operative to protect against unauthorized access.
There are procedures to protect the ● There are periodic checks of the entity’s computers
system against infection by computer for unauthorized software.
viruses, malicious codes, and
unauthorized software.
214 INTERNATIONAL ACCOUNTING, AUDITING & TAXATION, 9(2) 2000
Appendix A. Continued
Security Illustrative Controls
There are procedures to segregate ● An assignment of responsibility is maintained that
incompatible functions within the ensures that no single individual has the authority to
system and to protect the system read, add, change, or delete an information asset
against unauthorized physical access. without an independent review.
● Access to computers, disk, and tape storage devices,
communications equipment, and control console is
restricted to authorized personnel.
The entity monitors the system and ● The internal audit function includes system security
takes action to achieve compliance reviews in its annual audit plan.
with system security objectives,
policies, and standards.
Environmental and technological ● A risk assessment has been prepared and is reviewed
changes are monitored and their on a regular basis or when a significant change
impact on system security is occurs in either the internal or external environment.
periodically assessed on a timely
basis.
Integrity Illustrative Controls
The entity has defined and ● Procedures exist to identify and document authorized
communicated performance users of the system and their integrity requirements.
objectives, policies, and standards for
system processing integrity.
Documented system processing ● Procedures exist to log and review requests from
integrity objectives, policies, and authorized users for changes to system processing
standards have been communicated to integrity objectives, policies, and standards.
authorized users.
The entity utilizes procedures, people, ● System processing integrity features are regularly
software, data, and infrastructure to tested and variances are recorded and followed up.
achieve system processing integrity ● Hardware and software acquisitions and
objectives. implementations are subjected to extensive testing
prior to acceptance in production
● Input form design should help assure that errors and
omissions are minimized.
● The entity has procedures that all authorized source
documents are complete and accurate, properly
accounted for, and transmitted in a timely manner.
● Transaction data entered for processing are subjected
to a variety of controls to check for accuracy,
completeness, and validity.
Appendix A. Continued
Integrity Illustrative Controls
● Files received from users are balanced to control
totals, record counts, etc. and are subject to the same
edit and validation checks as on-line submissions.
● The entity ensures that adequate protection from
unauthorized access, modification and misaddressing
of sensitive information is provided during
transmission and transport.
● All new personnel are subjected to background
checks, validation, etc.
There are procedures to enable ● System logs record all system-related events with a
tracing of information inputs from unique transaction identifier.
their source to their final disposition
and vice versa.
The entity monitors the system and ● The internal audit function includes system
takes action to achieve compliance processing integrity reviews in the annual audit plan.
with system processing integrity ● Problem logs are reviewed and include tests of data
objectives, policies, and standards. acceptance and validation routines to identity
potential sources of corrupt data.
Environmental and technological ● The entity maintains an R&D group whose charter is
changes are monitored and their impact to assess the impact of emerging technologies.
on system processing integrity is
periodically assessed on a timely basis.
Maintainability Illustrative Controls
The entity has defined and ● There is routine and periodic hardware maintenance
communicated performance to reduce the frequency and impact of performance
objectives, policies, and standards for failures.
system maintainability.
Documented system maintainability ● There is a “help” desk function that provides user
objectives, policies, and standards are support.
communicated to authorized users. ● There is a budget allocation for emergency or
unanticipated maintenance requirements.
The entity utilizes procedures, people, ● Hardware and infrastructure requirements are
software, data, and infrastructure to periodically evaluated to provide adequate resources
achieve system maintainability for maintenance activities.
objectives in accordance with ● Procedures exist to initiate, review, and approve
established policies and standards. change requests.
● Changes to system infrastructure and software are
developed and tested in a separate development/test
environment prior to implementation.
● Correct software elements are distributed to the right
place, with integrity, in a timely manner, and with
adequate audit trails.
216 INTERNATIONAL ACCOUNTING, AUDITING & TAXATION, 9(2) 2000
Appendix A. Continued
Maintainability Illustrative Controls
There are procedures to ensure that ● A segregation of duties is maintained between these
only authorized, tested, and functions: operation, network management, system
documented changes are made to the administration, system development, change
system and related data. management, and security administration.
● There is adequate off-site storage of maintenance
resources, particularly program libraries, to enable
reconstruction in the event of on-site loss.
● An assignment of responsibility is used that ensures no
single individual has the authority to read, add, change,
or delete an information asset without review.
The entity monitors the system and ● The internal audit function includes system
takes action to achieve compliance maintainability reviews in an annual audit plan.
with maintainability objectives, ● Problem logs are reviewed and trends are analyzed
policies, and standards. to identify the potential impact on system
maintainability objectives.
● At least annually, users are involved in assessing
whether specific systems meet their current and
anticipated needs.
REFERENCES
American Institute of Certified Public Accountants (AICPA). 1997. System of quality control for a
CPA firm’s accounting and auditing practice. New York: AICPA.
. 1998. Assurance service liability. Http://www.aicpa.org/assurance/scas/majtheme/svcliab.
. 1999a. Statements on standards for attestation engagements. New York: AICPA.
. 1999b. SysTrust principles and criteria for systems reliability. Http://www.aicpa. org/
assurance/stintro.htm.
. 1999c. AICPA professional standards, Vol. 2, ET §191.188. New York: AICPA.
American Law Institute. 1987. Restatement (third) of the foreign relations law of the United States
§421. New York: American Law Institute.
Ayers, S., Frownfelter-Lohrke, C., & Hunton, J. 1999. Opportunities in electronic commerce
assurance for information systems auditors. IS Audit & Control Journal, VI: 34 –39.
Beckett, M. 1994. Accountants debate move to limited liability. Daily Telegraph, 28 (June): 28.
Boritz, E., Mackler, E., & McPhie, D. 1999. Reporting on systems reliability. Journal of Accoun-
tancy, 188 (5): 75– 87.
Bournellis, C. 1995. Internet ’95. Internet World, 6 (November): 47–50.
Boynton, W., & Kell, W. 1996. Modern auditing. New York: John Wiley & Sons, Inc.
Brecht, H. D. 1989. Auditors’ duty of care to third parties: A comment on the judicial reasoning
underlying US cases. Accounting and Business Research, 19: 175–178.
Brown, R. D. 1977. Haig v. Bamford. Osgoode Hall Law Journal, 15 (2): 474 – 484.
At the Interface of the Electronic Frontier and the Law 217
Canadian Institute of Chartered Accountants (CICA). 1999. CICA handbook, Section 5025. Toronto,
Canada: CICA.
Causey, D. 1987. Accountants’ liability in an indeterminate amount for an indeterminate class: An analysis of
Touche Ross & Co. v. Commercial Union Ins. Co. Mississippi Law Journal, 57: 379–416.
Cherniak, E., & Stevens, K. 1992. Two steps forward and one step back? Anns at the crossroads in
Canada. Canadian Business Law Journal, 20: 164 –179.
Cooper, B. J., & Barkoczy, M. L. 1994. Third-party liability: The auditor’s lament. Managerial
Auditing Journal, 9 (5): 31–36.
Daley, B. A., & Gibson, J. M. 1994. The delineation of accountants’ legal liability to third parties:
Bily and beyond. St. John’s Law Review, 68 (Summer): 609 – 641.
Dalton, O., Hill, J., & Ramsay, R. 1994. The big chill. Journal of Accountancy, (November): 53–56.
Davies, M. 1991. The liability of auditors to third parties in negligence. UNSW Law Journal, 14 (1):
171–197.
Deturbide, M. 1998. Liability of auditors. Canadian Bar Review, 77 (March/June): 260 –264.
Ebke, W. F. 1984. In search of alternatives: Comparative reflections on corporate governance and
the independent auditor’s responsibilities. Northwestern University Law Review, 79 (Novem-
ber): 663–720.
Eddy, A. 1999. Tabcorp bets off as computer fails. Australian Business Intelligence, 2 (October): A3.
Fleming, C. 1998. After Kripps and Hercules. Accountancy, 12 (February): 62– 64.
Godsell, D. 1991. Auditors’ legal liability and the expectation gap. Australian Accountant, 61
(February): 22–28.
Gonzalo, J. 1997. The role, the position, and the liability of the statutory auditor within the European
Union. Accounting Horizons, 11 (March): 164 –172.
Gormley, R. 1984. The foreseen, the foreseeable, and beyond–Accountants’ liability to nonclients.
Seton Hall Law Review, 14: 528 –572.
Gosnell, C. 1998. Jurisdiction on the net: Defining place in cyberspace. Canadian Business Law
Journal, 29: 344 –363.
Gossman, T. 1988. 1988. The fallacy of expanding accountants’ liability. Columbia Business Law
Review, 1: 213–241.
Hickley, M. 1999. Hi-tech hitch makes sales go to pot for Doulton. Daily Mail, 11 (November): 20.
Hill, J., Metzger, M., & Schatzberg, J. 1993. Auditing’s emerging legal peril under the National
Surety doctrine: A program for research. Accounting Horizons, 7 (March): 1–28.
Ish, D. 1977. Liability arising out of negligent misrepresentation. Saskatchewan Law Review, 42 (1):
147–153.
Ivankovich, I. F. 1991. Accountants and third-party liability–Back to the future. Ottawa Law
Review, 23: 505–531.
. 1994. Enforcing U.S. judgments in Canada. Northwestern Journal of International Law &
Business, 15 (Fall): 491–524.
Jeffrey, G. 1994. Accountants want relief from legal nightmare. Financial Post, 29 (April): 12.
Lepper, J. 1992. NZ auditors straining under litigation threat. Accountant, (March): 8.
Marinelli, A. 1998. Choice of law and alternative dispute resolution in international contracts.
Journal of Legal Studies in Business, 6 (1): 79 – 88.
Marino, S., & Marino, R. 1994. An empirical study of recent securities class action settlements involving
accountants, attorneys, or underwriters. Securities Regulation Law Journal, 22: 115–174.
Marshall, P. 1990. Auditors’ duties: A narrow approach. Lloyd’s Maritime and Commercial Law
Quarterly, (November): 478 – 481.
Meek, G., & Saudagaran, S. 1990. A survey of research on financial reporting in a transnational
context. Journal of Accounting Literature, 9: 145–213.
Miller, M. 1999. Auditor liability and the development of a strategic evaluation of going concern.
Critical Perspectives in Accounting, 10: 355–375.
218 INTERNATIONAL ACCOUNTING, AUDITING & TAXATION, 9(2) 2000
Miller, R., & Young, M. 1997. Financial reporting and risk management in the 21st century.
Fordham Law Review 65, (April): 1987–2064.
Morris, G. 1991. The liability of professional advisers: Caparo and after. Journal of Business Law, 36–48.
Murphy, J. 1996. Expectation losses, negligent omissions, and the tortious duty of care. Cambridge
Law Journal, 55 (March): 43–55.
Napier, C. 1998. Intersections of law and accountancy: Unlimited auditor liability in the United
Kingdom. Accounting, Organizations and Society, 23: 105–128.
Nelson, E., & Ramstad, E. 1999. Hershey’s biggest dud has turned out to be its new technology.
Wall Street Journal, 29 (October): A1.
Nicholson, K. 1991. Third-party reliance on negligent advice. International and Comparative Law
Quarterly, 40: 551–582.
Pacini, C., Hillison, W., & Sinason, D. 2000. Three’s a crowd: An examination of state statutes and
court decisions that narrow accountant liability to third parties for negligence. Advances in
Accounting, 17: 151–185.
Pacini, C., Martin, J., & Hamilton, L. 2000. At the interface of law and accounting: An examination
of a trend toward a reduction in the scope of auditor liability to third parties for negligence in
the common law countries. American Business Law Journal, 37 (2): 171–235.
Pacini, C., & Sinason, D. 1998. Gaining a new balance in accountants’ liability to nonclients for negligence:
Recent developments and emerging trends. Commercial Law Journal, 103 (Spring): 15–66.
Pacini, C., Sinason, D., & Peltier-Rivest, D. 1999. Assurance services and the electronic frontier:
The international legal environment of the CPA/CA WebTrust. Advances in International
Accounting, 12: 227–259.
Peel, M. 1999. Auditors find lawsuits no laughing matter. Financial Times, 21 (December): 26.
Porter, B. 1993. An empirical study of the audit expectation-performance gap. Accounting and
Business Research, 24: 49 – 68.
Potter, R. 1997. The role of ADR clauses in avoiding foreign litigation entanglements. Canadian
Business Law Journal, 28: 415– 429.
Primoff, W. 1998. Electronic commerce and webtrust. The CPA Journal, (November): 14 –22.
Rafferty, N. 1998. Recent professional negligence decisions from the Supreme Court of Canada.
Professional Negligence, 14 (2): 67–74.
Salter, S., & Doupnik, T. 1992. The relationship between legal systems and accounting practices: A
classification exercise. Advances in International Accounting, 5: 3–22.
Schwartz, K., & Menon, K. 1985. Auditor switches by failing firms. The Accounting Review, 60
(April): 248 –261.
Silva, E. J. 1993. Practical views on stemming the tide of foreign plaintiffs and concluding
mid-Atlantic settlements. Texas International Law Journal, 28 (Summer): 479 – 499.
Smit, H. 1996. The explosion in international litigation. Metropolitan Corporate Counsel, (Octo-
ber): 59 – 65.
Swanton, J., & McDonald, B. 1997. Common law–The reach of the tort of negligence. Australian
Law Journal, 71 (November): 822– 829.
Trapp, R. 1999. PWC faces pounds 400m lawsuit over Maxwell failure. The Independent 3 (February): 16.
Ward, B. 1999. Auditors’ liability in the UK: The case for reform. Critical Perspectives in
Accounting, 10: 387–394.
Willekens, M., Steele, A., & Miltz, D. 1996. Audit standards and auditor liability: A theoretical
model. Accounting and Business Research, 26 (3): 249 –264.
Wilske, S., & Schiller, T. 1997. International jurisdiction in cyberspace: Which states may regulate
the Internet? Federal Communications Law Journal, 50 (December): 117–176.
Witmer, R. 1996. SEC’s Wallman describes view of technology’s impact on accounting. Securities
Regulation and Law Reporter, 28: 1531–1532.
Woodyard, C., & Hansen, B. 1999. When computers fail. USA Today, 7 (December): A1.
Yvonne, M. 1999. Computer fault stops legal-aid money. The Press, (Christchurch), 22 (October): 3.