Auditor's Legal Liability
Auditor's Legal Liability
Auditor's Legal Liability
Potential litigation is a major concern to auditors. Professionals have always had a duty to provide
a reasonable level of care while performing work for those they serve. Audit professionals have a
responsibility under common law to fulfill expressed and implied contracts with clients. They are liable to
their clients for negligence and/or breach of contracts should they fail to provide the services or not
exercise due care in their performance.
Lawsuits against auditors typically involve alleged misstatements that the auditors did not detect
in the financial statements. These misstatements are usually
(1) an improper or inadequate disclosure, or
(2) an inappropriate valuation.
Other typical lawsuits brought by clients against CPA firms involve claims that the auditor (1) did
not discover an employee defalcation (theft of assets) as a result of negligence in the conduct of the audit;
(2) did not complete the audit on the agreed on date; and (3) inappropriate withdrawal from an audit.
Most auditors believe the conduct of the audit in accordance with Standards of Auditing is all that
can be expected. Many users believe that auditors guarantee the accuracy of financial statements and
some users even believe that the auditor guarantees the financial viability of the business. Fortunately for
the profession, courts continue to support the auditor’s view. Unfortunately, the expectation gap often
results in unwarranted lawsuits which had caused significant increase in both litigation costs and liability
insurance premiums among the public practitioners.
Public accounting firms have developed procedures that some characterize as defensive auditing
to minimize risk. Also, understanding how and when auditors can be liable will be helpful.
L2. Know the auditor’s responsibility as far as client’s compliance with laws and regulations that may affect
the financial statements.
2When planning and performing audit procedures and in evaluating and reporting the results
thereof, the auditor should recognize that noncompliance by the entity with laws and regulations may
materially affect the financial statements. 3Noncompliance refers to acts of omission or commission by the
entity being audited, either intentional or unintentional, which are contrary to the prevailing laws or
regulations. 2An audit cannot be expected to detect noncompliance with all laws and regulations however,
when noncompliance is detected, the implications on the integrity of management of employees and the
effect on other aspects of the audit should be considered.
3Noncompliance includes acts and transactions entered into by management and employees in the
name or on behalf of the entity audited; and do not include personal misconduct by the entity’s
management or employees. Generally, noncompliance that are removed from events and transactions
reflected in financial statements are less likely to be recognized by the auditor. Furthermore, 4an act of
noncompliance is a legal determination and ordinarily beyond the auditor’s professional competence
although his experience and understanding of the client entity and its industry may provide a basis for
recognition that some acts coming to his attention constitute noncompliance with laws and regulations.
Management’s Responsibility for Compliance with Laws and Regulations
9Management has the responsibility to ensure that the entity’s operations are conducted within the
law and relevant regulations. The prevention and detection of noncompliance with laws and regulations
primarily rest on management as well. 10Policies and procedures that assist management in the prevention
and detection of noncompliance include:
a. Monitoring legal requirements and ensuring that operating procedures meet the requirements;
b. Instituting and operating appropriate systems of internal control;
c. Maintaining a register of significant laws the entity must comply within its particular industry;
d. Maintaining a record of complaints;
e. Engaging legal advisors to assist in monitoring legal requirements; and
f. Assigning appropriate responsibilities to an internal auditor or an audit committee.
preventing noncompliance. 12Although the audit is properly planned and performed according to PSAs, an
audit is subject to the unavoidable risk that some material misstatements are due to noncompliance with
laws and regulations and involve conduct designed to conceal the noncompliance, such as collusion,
forgery, deliberate failure to record transactions, senior management override of controls and intentional
misrepresentations being made to the auditor.
13PSA 200, ‘Objective and General Principles Governing an Audit of Financial Statements’,
instructs auditors to plan and perform the audit with an attitude of professional skepticism recognizing that
the audit may reveal conditions or events that would lead to questioning whether an entity complies with
laws and regulations. The auditor should particularly be able to recognize the laws and regulations the
noncompliance of which would cause the entity to cease operations or question the entity’s continuance as
a going concern.
The auditor should have sufficient understanding of laws and regulations to be considered when
auditing assertions related to the determination of amounts to be recorded and disclosures to be made. The
auditor should obtain a written representation from management that it has disclosed to the auditor all
known actual or possible noncompliance with laws and regulations whose effect must be considered when
preparing financial statements.
learn the nature and circumstances and gather sufficient data to evaluate its effect on the financial
statements. 27He should consider potential financial consequences, such as fines, penalties, damages,
threat of expropriation of assets, enforced discontinuance of operations and litigation. He should determine
whether the potential financial consequences need disclosure or if they are so serious as to call into
question the fair presentation of the financial statements.
28When the auditor believes there may be noncompliance, he should document his findings and
discuss them with management. Documentation of findings would include copies of records, documents,
and minutes of conversations, if appropriate. 29The auditor may consult the client entity’s lawyer or the
auditor’s own lawyers whether a violation of laws and regulations is involved and the possible legal
consequences, and what further action the auditor should take.
31The auditor should consider the implications of noncompliance to other aspects of the audit,
particularly the reliability of management representations. In noncompliance not detected by internal
controls, he should consider the relationship of perpetration and concealment, the relevant internal control
procedure, and the level of management or employees involved.
Reporting of Noncompliance
32As soon as practicable, the auditor should communicate to management: the audit committee,
the board of directors, and senior management, or obtain evidence that they are appropriately informed
regarding the noncompliance that has come to his attention. 33If he believes noncompliance is intentional
and material, he should communicate his findings without delay. 34If he suspects senior management is
involved, he should report the noncompliance to the next higher level of authority.
35If the auditor concludes that the noncompliance has a material effect on the financial statements
and has not been properly reflected therein, he should express a qualified or an adverse opinion. 36If the
auditor was precluded by the client entity from obtaining sufficient appropriate evidence to evaluate
noncompliance, he should express a qualified or a disclaimer of opinion on the financial statements on the
basis of a limitation on the scope of the audit.
38Incertain circumstances, the auditor are required to report noncompliance by financial institutions
to the supervisory authorities. The auditor’s duty of confidentiality would ordinarily preclude him from
reporting noncompliance to a third party; however, confidentiality is overridden by statute or by court of law.
He should seek legal advice and give consideration to his responsibility to the public interest.
the circumstances, and when the auditor concludes the implication of involvement of highest authority
within the entity, thus affecting reliability of management’s representation; the auditor should seek legal
advice and withdraw from the engagement.
L3. Know the sources of legal liability of the independent auditor. Princess Hannah P. Noble
The auditor’s legal liability arises primarily from his failure to exercise due professional care in the
performance of an audit and in the preparation of the audit report. The auditor is expected to exercise the
due care that a prudent person and others in the profession would perform under similar circumstances.
The courts understand that the auditor is not infallible and he does not guarantee financial
statement accuracy; however, the auditor is expected to discover material and pervasive misstatements
that can be uncovered by the examination of sufficient and competent evidence and the exercise of due
professional care in the audit of financial statements.
b) Sources of responsibility
The auditor’s legal responsibilities are established by common law that had been developed by
court decisions and by statutory laws that were passed through government statutes and by legislative
bodies. The auditor has legal responsibilities to users of financial statements who relied on the opinion he
expressed thereon. Banks and financial institutions rely on the audited financial statements in granting
loans and the auditor is legally liable if he has failed to discover pervasive and material misstatements
contained in the financial statements.
c) Degree of wrongdoing
The auditor’s legal liability depends upon the degree of omission or commission attributable to him.
He may be guilty of negligence, gross negligence or constructive fraud, and of intentional fraud in issuing
an audit report aware that the financial statements are misstated and users would be deceived. Ordinary
negligence implies absence of reasonable care expected under the circumstances. The auditor is guilty of
gross negligence if he consistently fails to follow the standards of the profession in the conduct of an audit.
Deliberate fraud is the worst fault with the maximum penalty from the courts.
The auditor shall not disclose any confidential information without the specific consent of the client.
The courts may subpoena working papers and disclosure does not need permission of the client. Legally,
information is called privileged if legal proceedings cannot require a person to provide information, even if
there is a subpoena. Information obtained by the CPA from clients and confidential discussions between
the client and the auditor cannot be withheld from the courts.
The partners in a public accounting firm are jointly liable for civil actions against a partner; for the
work of their employees; and for the work of other CPAs and non-accountants/experts called upon to do
part of the audit work or provide technical information.
A professional accountant should ensure that the client/employer is aware of the limitations attached to
tax advice and services, and does not misinterpret an expression of opinion as an assertion of fact. The
professional accountant should advise the client/employer that the tax returns are properly prepared on
the basis of information received but the responsibility for the contents of the tax returns rests primarily
with the client/employer.
L5. Identify the auditor’s defenses against client suits as well as third-party lawsuits.
L6. Know how to minimize an auditor’s exposure to legal liability. Mary Therese A. Alcozero
L7. Know the auditor’s responsibility to communicate audit matters with those charged with governance.
The auditor should determine the relevant persons charged with governance, to whom audit
matters of governance interest are to be communicated; as the Board of Directors; and the entity’s
governance structure, as the Audit Committee or any supervisory body.
The auditor’s communication of audit matters of governance interest to those charged with
governance may be made orally or in writing, depending upon the nature and sensitivity of the audit matters
to be communicated; the size, operations, legal structure and communication processes of the entity;
arrangements made with respect to periodic meeting or reporting of audit matters; and amount of on-going
contact with those charged with governance. The auditor should consider the obligation of confidentiality in
communicating audit matters of governance interest to those charged with governance.
References:
Cabrera, Ma. Elenita B., Public Accountancy Profession: Assurance Principles, Professional Ethics
and Good Governance. 2013-2014. Manila. GIC Enterprises & Co., Inc.
Galanza, Raquel M., Auditing: Assurance Principles, Professional Ethics, and Good Governance.
2015. Quezon City. Rex Printing Company, Inc.
Cabrera, Ma. Elenita B., Auditing Theory. 2017. Manila. GIC Enterprises & Co., Inc.