1.

  CHANGES IN ACCOUNTANTS' LIABILITY EXPOSURE

               published in Dakota CPA, May 1996

                    James D. Hansen, CPA, Ph.D.
                       Michael J. Garrison, J.D.

       The accounting profession has faced a hostile legal
  environment in recent years, characterized by an increasing
  number of lawsuits and a wave of massive jury awards.  While
  most accountants are aware of this liability crisis, many may
  not have a complete understanding about the high-risk nature
  of their jobs.

      Under the common law, an accountant can be held liable
  for breach of contract, negligence, or even fraud.  However,
  professional negligence, particularly negligent
  misrepresentation, is the most common theory of liability.
  Professional negligence is the failure to exercise the degree
  of care that a reasonably prudent accountant would exercise
  under the same circumstances.  Negligent misrepresentation is
  the assertion of fact, which is not true, by one who has no
  reasonable ground for believing it to be true.  So, when an
  auditor fails to comply with GAAS, he may be found to be
  negligent in the conduct of the audit work.  A client who
  relies on the inaccurate audit report and suffers a loss can
  charge the auditor with negligent misrepresentation.  Note
  that compliance with GAAS does not necessarily prevent a
  lawsuit for professional negligence.  It is up to the jury to
  determine whether an accountant exercised an appropriate
  degree of care in a given case.

       At common law, accountants' liability for negligence was
  limited to their clients and primary beneficiaries of their
  work.  A primary beneficiary is a person who was the primary
  recipient of the auditor's report and who was identified to
  the auditor by name prior to the audit.  About nine states
  follow this rule.

       In recent years, a number of courts have expanded the
  third parties who can hold an accountant liable for
  negligence.  Approximately seventeen states, including
  Minnesota, follow the American Law Institute's Restatement 2nd
  of Torts rule, under which auditors are liable to foreseen
  users of their audit reports.  Foreseen users are persons the
  auditor knows will be relying on the auditor's report, though
  not specifically identified by name to the auditor.

        The New Jersey Supreme Court formulated the concept of
  foreseeable users in the case of Rosenblum Inc. v. Adler
  (1983).  Under this most expansive rule, auditors can be
  liable for negligence to all persons whom the auditor should
  "reasonably foresee" as users of the audit report.
  Foreseeable users are an unlimited class of persons including
  all creditors and shareholders as well as past and present
  investors.  Only a few states have adopted this approach.

       It is unclear as to which rule North Dakota follows.  In
  Bunge Corporation v. Eide (1974), a federal district court in
  North Dakota found that a public accounting firm was not
  liable under either the common law or the Restatement rule.
  The court suggested that the Restatement rule was the better
  one, although it speculated that the North Dakota Supreme
  Court would follow the common law rule.  Whatever rule may be
  adopted in the future, it is important for accountants to
  understand that they may be liable for negligence not only to
  their clients, but also to some third parties relying on their
  work.

       In today's litigious society accountants should expect
  that their every action may be subject to question in a court
  of law.  It is essential that accountants have a good
  understanding of their legal liability so they will be able to
  limit their exposure to costly lawsuits.
 
 
 
 
 
 
 

  ACTIONS TO LIMIT ACCOUNTANTS' LIABILITY EXPOSURE

                  published in Dakota CPA, November 1996

                        James D. Hansen, CPA, Ph.D.
                            Michael J. Garrison, J.D.

       In a prior article, we discussed accountants' legal
  liability under the common law, noting the potential for
  accountants to be sued by both clients and third parties for
  professional negligence.  This article presents a number of
  suggestions that may help accounting firms reduce the risk and
  cost of malpractice lawsuits.

       Accountants need to take measures to minimize their risk
  of litigation before any engagement is entered into or
  professional services rendered.  One of the most effective
  methods of limiting legal risks is to thoroughly screen
  clients before the engagement and deal only with clients who
  possess integrity.  For example, auditing clients with
  financial difficulties, organizational problems, and
  inadequate accounting and control systems should be avoided.
  Likewise, avoid any engagement that presents a potential
  conflict of interest.  Also, consider at the outset the
  potential third parties who will or may rely on your work
  product in deciding whether to accept an engagement.

     Once you have decided to undertake the work for a client,
  reach a clear understanding with the client regarding the
  terms of the engagement.  Use an engagement letter to confirm
  the scope and nature of your services and to establish the fee
  payment schedule.  Make sure that you understand the client's
  business and that you are qualified for the engagement. Lack
  of knowledge of industry practices leaves an accountant
  vulnerable to claims of professional negligence.

       In the performance of the engagement, follow the
  standards of the profession and keep current on those
  standards.  Remember that you will be held legally responsible
  to comply with the rules of the profession.  Faithful
  adherence to those standards also will be your best defense to
  any malpractice claim.

       Exercise caution when giving advice and do not give
  advice outside the scope of the engagement.  Be careful when
  you delegate the work to others.  Make sure that you hire
  qualified personnel, provide them with adequate training, and
  provide proper supervision by experienced professionals.

       Document your work.  Keep detailed records of the
  services you performed and all communications with your
  client.  Adequate records and working papers are essential for
  a quality engagement and provide evidence of professional work
  in a court of law.

       Keep clients fully informed as to the status of the
  engagement.  Strictly maintain the confidentiality of your
  communications with your clients.  Be independent in fact and
  in mental attitude and always maintain a healthy skepticism
  about management's assertions.

       Finally, seek legal counsel whenever serious problems
  occur in the engagement.  By following suggestions such as
  carefully choosing clients, maintaining adequate records,
  performing quality engagements, and following the standards of
  the profession, accountants should be able to minimize the
  risk of costly malpractice suits.
 
 
 
 
 
 

The "Registered Accountant"?--Skills Required for Reviews and
                              Compilations

                published in Dakota CPA, May 1995

                    James D. Hansen, CPA, Ph.D.
 
 

     The November, 1994 and January, 1995 issues of the Dakota
CPA alerted CPAs to the potential for a new accounting credential
within North Dakota that would allow those with less than a CPA
designation to perform reviews and compilations.  A question
concerning the new credential is this:  Are limited skills,
skills less than that of a CPA, satisfactory for performing
review and compilation services?  To help answer that question, a
comparison can be made of the basic characteristics of
compilation, review, and audit services.

     In a compilation, knowledge of GAAP; an understanding of SAS
59, 62, and 69; and an understanding of attestation standards is
required.  No assurances are given, but exceptions must be
disclosed and material errors must be resolved.  Evaluation is
made by reading the financial statements.  Knowledge of industry
accounting practices and a general understanding of the entity's
business is required.  Known illegal acts that have a material
effect on the financial statements must be evaluated and
resolved.

     In a review, knowledge of GAAS, SSARS, and GAAP is required.
Understanding of SAS 59, 62, and 69, and knowledge of applying
GAAS to resolve questions is required.  Limited assurance is
given that there are no material errors in the financial
statements.  Evaluation is made by performing analytical
procedures and inquiring of management.  If errors or omissions
are noted, additional audit type procedures may be necessary.  A
representation letter and GAAP footnote disclosures are required.
Knowledge of the accounting principles and practices of the
industry and an understanding of the entity's business sufficient
to enable the expression of limited assurance is necessary.
Inquiry as to the internal control structure is required.
Independence is required.  Known errors, irregularities, and
illegal acts detected through inquiry and analytical procedures
must be evaluated and resolved.

     In an audit, knowledge of GAAP and  GAAS is required.
Reasonable assurance that the financial statements are fairly
stated in all material respects in accordance with GAAP is given.
Evaluation is made by auditing competent evidential matter.  GAAP
footnote disclosures are required.  Knowledge of the accounting
principles and practices of the industry and an understanding of
the entity's organization, operations, accounting policies and
methods are necessary to plan the audit.  An understanding of the
control structure is required.  Independence is required.  The
audit must provide reasonable assurance that material errors,
irregularities, and illegal acts will be detected.

     Comparing compilation, review, and audit characteristics
reveals that the skills and knowledge required to perform each
type of engagement are similar.  The level of expertise and
competence required to perform the engagement is high for all
three types of engagements.  Limited skills, skills less than
that of a CPA, do not appear to be satisfactory for performing
review and compilation services.
 
 
 

THE SIGNIFICANCE OF CENTRAL BANK ON AUDITOR LIABILITY

                published in The Ohio CPA Journal, June 1995

                       James D. Hansen, CPA, Ph.D.
                           Michael J. Garrison, J.D.
 

Synopsis and Introduction:  A dramatic increase in the number of
lawsuits and a wave of massive jury awards against accountants in
recent years has created a liability crisis of significant
proportions for the accounting profession.  One of the major
areas of legal liability for accountants is under the federal
securities laws, particularly suits under Section 10(b) and Rule
10b-5, the antifraud provisions of the Securities Exchange Act of
1934.  In their quest to recover monies from the deep pockets of
public accounting firms, lawyers representing dissatisfied
investors of bankrupt businesses have developed a number of novel
legal theories to hold auditors responsible for their clients'
losses.  But in the recent case of Central Bank of Denver v.
Interstate Bank of Denver, the United States Supreme Court
foreclosed one of those theories, holding that an accountant or
other professional cannot be held secondarily liable for merely
assisting a client to commit a securities fraud.  The potential
impact of the decision has been addressed in a number of recent
commentaries on the case, including a recent article by Hanson
and Rockness (1994) in the Journal of Accountancy.  That article
noted the direct impact of the decision in terms of eliminating
aiding and abetting lawsuits under Section 10(b) and Rule 10b-5.
Our analysis of the opinion suggests, however, that the Central
Bank opinion will not only have more far-reaching effects on
accountants' liability under Section 10(b) but also will impact
the profession's liability exposure under other federal statutes.
The implications of the Court's Central Bank opinion to the
liability crisis facing the profession is the focus of this
article.
 

The Liability Crisis
     Recently, much has been written about the liability crisis
that is putting the accounting profession at risk.  A position
paper by the Big Six accounting firms, a study by the Public
Oversight Board of the AICPA's SEC Practice Section, and articles
by researchers and practitioners have brought attention to the
exponential increase in litigation against accountants in recent
years.
     Many practitioners and researchers believe that a crisis has
been created by the abuse of our civil laws through the pursuit
of unwarranted lawsuits (O'Malley 1993).   The position paper of
the Big Six accounting firms states that the liability system is
evolving into a risk-transfer system vulnerable to extensive
abuse.  The liability system now
     . . . functions primarily as a risk transfer scheme in which
marginally culpable or   even innocent defendants often must
agree to coerced settlements, pay judgments totally out of
proportion to their degree of fault, and incur substantial legal
expenses to defend against unwarranted lawsuits (Arthur
Andersen & Co. et al. 1992).  This litigation epidemic is threatening to decimate the
profession.
     The Public Oversight Board (AICPA 1993) has identified
several reasons for concern.  First, there has been a significant
increase in the number of cases charging misstatements of
financial information by corporations and an increase in the
amount of damages sought.  Second, a number of multi-million
dollar judgments have been rendered in recent years against
accounting firms, and a number of very substantial settlements
have been made.  Recent cases (see Fuerman 1992) include
Miniscribe, the Lincoln Savings & Loan case, and the Standard
Chartered PLC case.  In 1990, Laventhol & Horwath declared
bankruptcy partly as a result of litigation problems.
     Thus a third concern is that a major firm could be rendered
insolvent.  In fact, runaway litigation is threatening the
survival of accounting firms of all sizes.  In 1991, total
expenditures for settling and defending lawsuits were $477
million -- 9% of all accounting and auditing revenues in the US
(Arthur Andersen & Co. et al. 1992).  In 1992 the Big Six
accounting firms lost 11% of audit revenues to liability costs
(Simonetti and Andrews 1994).
     Fourth, the litigation crisis is having a negative impact on
the profession.  Partners are leaving the profession because of
liability exposure, and firms are facing difficulties in
recruiting outstanding persons to the profession.  The litigious
practice environment is making it increasingly difficult to
attract and retain the most qualified individuals (Madonna 1993).
     Fifth, the liability crisis may result in negative social
consequences.  Socially useful services are being restricted
because
     . . . audit firms cannot afford to offer the services due to
the threat of lawsuits for    which violation of professional
standards are not central, and from which  there
can be no protection other than to restrict services (Kinney
1994).   Nelson (1992) reports on a 1990 nationwide survey of 500 mid-
sized accounting firms.  The survey found that 56% of respondents
ceased doing business with clients in industries or organizations
considered high-risk and that 80% of the firms were cutting back
services.  A survey by the Institute for Continuing Professional
Development (1992) found that because of the increase in
lawsuits, many firms plan to offer fewer services in the future,
particularly audits and reviews of financial statements.  Madonna
(1993) and Elliott (1994) believe that accountants will be
reluctant to provide assurances on forward-looking financial data
that would benefit capital markets.
     Sixth, because of the litigation crisis, small high-risk
companies will have limited access to credit and equity markets
(AICPA 1993) because accountants will practice risk reduction.
Accountants will avoid high-risk clients -- high-tech and mid-
size companies that are an important source of innovation and
jobs in our country.  Simonetti and Andrews (1994) report that
accounting firms are refusing to audit companies that are
frequent targets of abusive securities fraud suits.  These are
often high-tech companies that are the source of the country's
new jobs.  The litigious environment is undermining the financial
reporting system, the capital markets, and U.S. competitiveness.
 

Reform Is Needed
     Researchers and practitioners have identified flaws in the
liability system that have encouraged abusive and irresponsible
litigation.  Proposals to curb abusive lawsuits have been put
forth by Simonetti and Andrews (1994), Lochner (1993), Klein
(1993), and Arthur Andersen & Co. et al. (1992) among others.  In
addition, there are bills before the Senate and House of
Representatives for the reform of the securities laws.
     Simonetti and Andrews (1994) list nine legislative proposals
that would help curb abusive securities fraud suits.  Included in
their list are proposals for a tightened standard for aiding and
abetting, options to resolve 10b-5 claims earlier and more
equitably, and measures to increase shareholders' control over
the filing and resolution of rule 10b-5 class actions.  Lochner
(1993) believes that incentives to meritless litigation would be
reduced by ending joint and several liability, by limiting
punitive and other nonconventional damages so that the liability
bears some relationship to any damage actually done, and by
requiring a comparative negligence examination in all cases.
Klein (1993) suggests that a realistic cap be put on punitive
damages and that the proportionate liability standard be elevated
by requiring clear proof of a defendant's wrongdoing.
     The authors of the position paper (Arthur Andersen & Co. et
al. 1992) by the Big Six accounting firms argue for an end to
joint and several liability.  Because joint and several liability
makes each defendant fully liable for all assessed damages in a
case, regardless of the degree of fault, the result is often that
the primary contributor to financial loss is ignored while the
"deep pockets", often the accountants, are sued.  The authors
suggest that joint and several liability be replaced by
proportionate liability, which would assess damages against each
defendant based on that defendant's degree of fault.  The
position paper also calls for securities reform to curb
unwarranted litigation brought under Rule 10b-5.  The authors
believe that a small group of attorneys is reaping millions of
dollars by bringing federal securities fraud claims (under SEC
Rule 10b-5) against public companies whose only crime has been a
fluctuation in their stock price (Arthur Andersen & Co. et al.
1992).
     Simonetti and Andrews (1994) believe that Rule 10b-5 suits
are too easy to file.  They write that attorneys who specialize
in such suits file Rule 10b-5 class actions against any public
company whose stock has risen or dropped sharply, based on the
haziest allegations of fraud or misleading disclosure.  In 1991,
30% of the cases against the six largest accounting firms were
Rule 10b-5 claims (Arthur Andersen & Co. et al. 1992).  Curbing
baseless Rule 10b-5 actions should help ease the liability
problem.
     All of these issues and suggested reforms need to be
resolved.  However, one critical area of concern -- the need to
tighten the standards for liability under Rule 10b-5 -- was
partially addressed in the Central Bank opinion.  In Central
Bank, the Supreme Court held that Section 10(b) and Rule 10b-5 of
the Securities Exchange Act of 1934 do not impose secondary
liability on accountants who merely assist a client in the
commission of a securities fraud.  By precluding aiding and
abetting liability, the Court foreclosed one avenue of recovery
under Section 10(b) and Rule 10b-5.  Although other theories of
accountants' liability under Section 10(b) and Rule 10b-5 were
not directly addressed by the Court, the Court's Central Bank
opinion and its approach to interpreting the securities laws has
important implications for those liability theories under Section
10(b).
 

Accountants' Liability under Section 10(b) of the Securities
Exchange Act of 1934
     To appreciate the importance of the Central Bank decision,
one has to understand the history of civil liability under
Section 10(b) and the different theories of liability that have
been developed under that section.  Under Section 10b and Rule
10b-5, an auditor has potential liability to investors and others
who rely on the auditor's opinion on his or her client's
financial statements.  Rule 10b-5 prohibits "any untrue statement
of a material fact" or an omission of a material fact that is
made "in connection with the purchase or sale of any security."
Investors have often attempted to hold auditors liable for
misrepresentations and omissions in connection with their audit
reports, particularly in situations where the auditor's client is
bankrupt and the auditor is the only solvent defendant.  However,
the scope of that liability was severely circumscribed by the
Supreme Court in the landmark decision of Ernst & Ernst v.
Hochfelder.
     The Hochfelder Court held that liability under Section 10(b)
and Rule 10b-5 requires a showing of "scienter"  -- an
intentional or knowing misrepresentation or omission.  Mere
negligent conduct was not considered sufficient to impose civil
liability.  Thus, under Hochfelder, investors could not hold
auditors liable for a simple failure to comply with generally
accepted auditing standards.  In an attempt to catch auditors
within the securities fraud net, investors have relied on a
number of different legal theories after Hochfelder, one of which
was the aiding and abetting theory the Court repudiated in
Central Bank.
 

Aiding and Abetting
     Persons who actively participate in securities fraud, either
by making false material statements or failing to disclose
material facts when they are under a duty to do so, are liable as
primary violators of Section 10(b) and Rule 10b-5.  Prior to
Central Bank, those who knowingly and substantially assisted
another in perpetrating a securities fraud had been held liable
under a theory of aiding and abetting or secondary liability.
Under this theory of liability, accountants, attorneys and other
professionals could be held liable for assisting their clients in
the commission of a securities fraud even though they did not
personally commit any fraudulent representation or omission.
     Although aiding and abetting was a distinct theory of
liability under Section 10(b) and Rule 10b-5, it was sometimes
difficult to distinguish an accountant's primary liability from
his or her secondary liability, and accountants were frequently
sued under both theories.  For example, in a case of securities
fraud involving misleading financial statements, an auditor could
be held primarily liable for misrepresentations in the audit
report or for fraudulent omissions concerning a client's
financial condition.  Alternatively, such situations could be
viewed as aiding and abetting, i.e., the auditor had knowingly
and substantially assisted his or her client in committing
securities fraud.  But after Central Bank, plaintiffs can no
longer rely on a theory of secondary liability.
Central Bank of Denver v. First Interstate Bank
     Central Bank involved the issuance of bonds and the
secondary liability of an indenture trustee for securities fraud.
To finance improvements to Stetson Hills, a development in
Colorado Springs, the Colorado Springs-Stetson Hills Public
Building Authority issued $15 million in bonds in 1986 and
another $11 million in bonds in 1988.  When the authority
defaulted on the bonds, First Interstate Bank and another
investor who had purchased $2.1 million in bonds sued the
authority and others for violating Section 10(b) and Rule 10b-5.
Central Bank, the indenture trustee, was also sued for its part
in aiding and abetting the securities fraud committed by the
other defendants.
     The Supreme Court in its Central Bank opinion held that
Section 10(b) and Rule 10b-5 do not impose civil liability for
aiding and abetting.  In doing so, it rejected both legal and
policy arguments for imposing secondary liability and rebuffed
the position asserted by the Securities and Exchange Commission,
the regulatory agency responsible for enforcing the securities
laws.  The Court considered the issue one of determining the
proper "scope of conduct prohibited by § 10(b)," an issue that it
considered governed by the "text of the statute."  Since Section
10(b) does not expressly impose liability for aiding and
abetting, the Court concluded that the text of the statute was
not broad enough to impose liability on those who merely assist
in the commission of a securities fraud.
     Although the Court held that the language of the section
resolved the issue, it also concluded that its interpretation was
consistent with Congressional intent.  It believed that had
Congress wanted to impose aiding and abetting liability under
Section 10(b), it would have done so expressly.  Moreover, it
held that there is no general presumption of aiding and abetting
liability simply because a statute allows suit against certain
primary parties.  Thus, the Court chose not to accept the
argument that Congress passed the law recognizing that secondary
liability would be imposed.
     The Court also rejected policy arguments advanced in favor
of aiding and abetting liability.  The majority noted that
imposing secondary liability did not necessarily serve the
purpose of the law to maintain efficiency and fair dealing in the
capital markets.  The Court reasoned that aiding and abetting
creates uncertainties which may cause firms to be risk adverse in
their business decisions.  Also, this may encourage vexatious
litigation and the payment of unreasonable settlements simply to
avoid costly and risky litigation.  The end result, the Court
believed, would be to drive up the costs of capital and restrict
the availability of capital to new firms.  Investors, the primary
beneficiaries of the securities laws, might ultimately suffer as
a result of the costs created by a regime of secondary liability.
Implications for Auditors and Impact on the Liability Crisis
     Central Bank is a major victory for the accounting
profession in its push to reduce its liability exposure. It has
significant implications for the future of accountants' liability
under Section 10(b) and under other federal statutes.
     First, auditors, attorneys and other professionals who are
only remotely or indirectly involved in securities fraud
committed by their clients are now immune from liability under a
theory of aiding and abetting.  One of the theories of liability
under Section 10(b) and Rule 10b-5 has now been foreclosed by the
Supreme Court.  It should be recognized, however, that auditors
can still be held primarily liable for misrepresentations and
omissions in connection with a securities sale.  The Central Bank
Court stated, "Any person or entity, including a lawyer,
accountant, or bank, who employs a manipulative device or makes a
material misstatement (or omission) on which a purchaser or
seller of securities relies may be liable as a primary violator
under 10b-5...."  Since many Section 10(b) suits involve
auditors and statements made in connection with the audit work,
and injured investors have often asserted both secondary and
primary liability in the past, the number of suits directly
affected by the Central Bank is unclear.  Post-Central Bank
decisions of the federal courts should clarify the direct impact
of the decision.
     Second, the Court's opinion is also significant in terms of
the Court's analytical approach to future issues regarding the
scope of liability under Section 10(b) and Rule 10b-5.  The
Supreme Court took a restrictive approach to the interpretation
of the 1934 Act.  In resolving the issue of aiding and abetting
liability, it focused its attention on the text or language of
the statute, rather than on the remedial purpose of the law to
protect investors.  This approach resulted in a conservative
interpretation of Section 10(b) and the ultimate conclusion that
the text did not prohibit aiding and abetting.
     This restrictive interpretative approach has implications
for other theories of liability under Section 10(b).   As the
Central Bank dissent noted, for example, this would appear to
preclude any liability for a conspiracy to commit securities
fraud, a theory that has been asserted in auditor liability
cases.  More importantly, however, the Court's approach casts
serious doubt on some federal court decisions that have imposed a
broad duty of disclosure on auditors.
     Although some courts have categorically rejected the notion
that auditors are liable for failing to blow the whistle on their
clients, other courts have imposed a duty on accountants to
disclose their client's fraudulent conduct or financial
difficulties outside of the audit context.  As with aiding and
abetting liability, however, the question of liability for
fraudulent omissions involves the scope of liability under
Section 10(b), an issue that is to be resolved by the text of the
section.  And the Central Bank Court cited to its decision in
Chiarella v. United States for the proposition that Section
10(b) is only violated when a person has an independent duty to
disclose information, a duty that arises out of a fiduciary
relationship between the parties.  Extending that rationale to
the auditing context, and applying the restrictive approach to
the scope of Section 10(b) adopted in Central Bank, a strong case
can be made that auditors are not under a duty to disclose
financial information of or fraudulent conduct by a client
outside of the auditing context.  The text of Section 10(b)
imposes no specific duty on accountants to divulge fraud by their
clients to investors.  Moreover, the auditor has no independent
fiduciary duty to the investors arising under contract or under
professional standards.  The auditor's professional duty to the
public exists in connection with the performance of the
independent audit, not outside of that audit engagement.  Thus,
it can be contended that the auditor has no broader duty of
disclosure under Section 10(b) than under the common law.
     This conclusion is further bolstered by the Court's
discussion of the policy implications of its opinion.  The Court
was clearly sympathetic (or at least sensitive) to the policy
arguments that have been advanced by the profession in its
attempts to restrain the civil liability system.  And although it
noted that contrary arguments could be advanced in support of
aiding and abetting liability, it realized the potential social
costs associated with excessive securities litigation.  It also
noted the twin goals of "efficiency and fair dealing" that
undergird the securities laws.  The emphasis on efficiency of the
securities markets coupled with the potential social costs of
vexatious securities litigation provides a powerful policy focus
for those, like the accounting profession, who want to limit
liability under Section 10(b) and Rule 10b-5.   This policy
argument also supports a limited duty of disclosure for auditors
under Section 10(b).
     Third, the Central Bank Court's analysis of the aiding and
abetting issue has implications for theories of accountants'
liability under other federal statutes.  For example, auditors
have been sued under the Racketeer Influenced and Corrupt
Organizations Act (RICO) for aiding and abetting a RICO
violation.  In Reves v. Ernst & Young, the Supreme Court
recently adopted a narrow interpretation of RICO in a lawsuit
against an auditor arising out of a fraudulent securities sale.
But the Reves Court did not directly address an accountant's
liability under RICO for aiding and abetting, leaving open the
possibility of suits for secondary liability.  The Central Bank
opinion would appear to preclude secondary liability under RICO.
Under Central Bank, the mere fact that civil liability is imposed
on RICO violators does not implicitly mean that secondary actors
are also liable.  Aiding and abetting liability depends upon the
text of the statute.  Like Section 10(b), the liability section
of RICO does not impose secondary liability for aiding and
abetting a RICO violation.  Thus, the Supreme Court would likely
hold that the absence of any provision imposing secondary
liability under RICO is determinative of the issue, and that
accountants cannot be held secondarily liable for RICO violations
committed by their clients.
Summary
     Central Bank is a landmark decision that will help stem the
tide of rising litigation against accountants.   Although the
direct impact of the decision will be to halt Rule 10b-5 suits
against accountants for aiding and abetting, the Court's opinion
signals an important change in direction in the judicial
interpretation of the securities laws and other federal statutes
imposing civil liability.  This conservative approach will most
likely result in the elimination of other theories of liability
under Section 10(b) and of aiding and abetting liability under
RICO.  This in turn should have a significant effect on
accountants' liability exposure under federal law.  The change in
legal standards under Central Bank and other needed reforms of
the civil liability system should ease the liability crisis
facing the profession.
 

References

AICPA, SEC Practice Section, Public Oversight Board. 1993. Issues
Confronting The Accounting Profession. AICPA, Stamford, CT.

Arthur Andersen & Co., Coopers & Lybrand, Deloitte & Touche,
Ernst & Young, KPMG Peat Marwick, and Price Waterhouse.
1992. The Liability Crisis in the  United States: Impact on the
Accounting Profession. Journal of Accountancy  (November): 19- 23.

Elliott, R.K. 1994. The Future of Audits. Journal of Accountancy
(September): 74-82.

Fuerman, R.D. 1992. The Accounting Profession's Litigation
Crisis. The Ohio CPA  Journal 51(October): 39-40.

Hanson, R.K. and J.W. Rockness. 1994. Gaining a New Balance in
the Courts. Journal  of Accountancy (August): 40-44.

Institute for Continuing Professional Development. 1992. CPAs
Concerned About Legal Liability. The Practical Accountant
25(October): 8.

Kinney, W.R.,Jr. 1994. Audit Litigation Research: Professional
Help is Needed.  Accounting Horizons 8(June): 80-86.

Klein, K.Y. 1993. Legal Liability: The Problems and Solutions for
Texas. Today's CPA  18(March/April): 38-39.

Lochner, P.R.,Jr. 1993. Accountants' Legal Liability: A Crisis
that Must be Addressed.  Accounting Horizons 7(June): 92- 96.

Madonna, J. 1993. The Liability Squeeze. World No. 1: 42-43.
Nelson, Mark. 1992. Accountant Advise Thyself!: Report Finds CPAs
Unaware of Professional Hazards. Outlook 59(Winter): 30-32, 34+.

O'Malley, Shaun, F. 1993. Legal Liability is Having a Chilling
Effect on the Auditor's  Role. Accounting Horizons 7(June): 82- 87.

Simonetti,G.,Jr. and A.R. Andrews. 1994. Limiting Accountants'
Personal Liability  Won't Solve the Country's Liability Crisis!
Journal Of Accountancy (April): 45-54.
 
 
 
 

An Analysis of the Exposure Draft Comment Letters to SAS no. 82
     and the Effects of the New Fraud Detection Standard on the
                Expectation Gap and Auditor Liability

published in Commentaries On The Law Of Accounting & Finance: 1997 Yearbook, 1998

                       James D. Hansen, CPA, Ph.D.
                           Michael J. Garrison, J.D.
 

                                ABSTRACT

     The new fraud detection standard, SAS no. 82, Consideration
     of Fraud in a Financial Statement Audit, intended to enhance
     auditor performance and close the expectation gap, has
     important policy implications for the profession.  Questions
     concerning the effect of the standard on the audit of small
     businesses, on the litigation environment, and on the
     expectation gap, have been raised by practitioners and other
     commentators.  An analysis of the comment letters to the
     exposure draft to SAS no. 82 reveals that a majority of the
     small and medium sized firms opposed the issuance of the new
     standard in contrast to the Big Six firms who favored its
     issuance.  Practitioners were concerned that small and
     medium sized companies would have most of the fraud risk
     factors listed in SAS no. 82, and that the laundry list of
     risk factors could lead auditors to adopt a checklist
     mentality resulting in more intensive and expensive audit
     procedures for small enterprises.  In response, the Auditing
     Standards Board made some significant changes in the final
     version of the standard to clearly indicate that the risk
     factors were only examples and must be viewed in the context
     of the company’s size, ownership, and industry
     characteristics.
     Some commentators believe that SAS no. 82 will create more
     litigation against accountants for failures to discover
     fraud.  It was also suggested that the standard will create
     an unrealistic perception concerning an auditor’s ability to
     discover fraud, thereby widening the expectation gap.  Our
     analysis suggests that the new standard will probably not
     increase the profession’s liability exposure nor will it
     affect the expectation gap.  SAS no. 82 does not mandate a
     higher level of care in audit engagements, the language in
     the new standard is more specific and no more ambiguous than
     under SAS no. 53, and the auditor’s responsibility to detect
     fraud is still limited by traditional notions of materiality
     and reasonable assurance.   Rather than increase legal
     liability, the standard may actually decrease liability by
     providing the profession with a more viable compliance-with-
     professional-standards defense and enhancing audit
     performance in the detection of fraud.  However, for the
     standard to be effective, auditors must be trained in
     forensic accounting techniques and experienced personnel
     will need to be on audit teams.  Because few auditors are
     experienced in fraud detection and some of the risk factors
     are not auditable using traditional approaches, education
     and training in forensic accounting may be the key to the
     effective implementation of the new standard.
 

     SAS no. 82, Consideration of Fraud in a Financial Statement
Audit, which superseded SAS no. 53, The Auditor's Responsibility
to Detect and Report Errors and Irregularities, is intended to
enhance auditor performance and provide auditors with additional
guidance on the consideration of material fraud in conducting a
financial statement audit.  It is also an attempt to close the
expectation gap by clarifying the independent auditor's duty to
plan and perform the audit to obtain reasonable assurance that
financial statements are free of material misstatement caused by
fraud.
     Although the new standard seeks to clarify an auditor's
responsibility to detect fraud, it also raises a number of
questions.  Will the new standard increase an auditor's
responsibility to detect fraud or is it simply a restatement of
existing standards?  Does it mandate additional audit procedures
and documentation that will increase the cost of audit work?  How
will it affect the audit of small businesses?  Will it increase
the audit profession’s legal liability exposure?  Are the costs
of complying with the new standard justified by improved audit
performance in the detection of fraud?  These were some of the
issues raised by practitioners and other interested parties in
comment letters to the SAS no. 82 Exposure Draft (ED).  In this
article we summarize the requirements of SAS no. 82, present an
analysis of the comment letters to the ED, describe the changes
made to the ED, and discuss the possible effects of the new
standard on the expectation gap and the legal liability
environment.
Requirements of SAS no. 82
     To clarify an auditor's responsibility for fraud, SAS no. 82
superseded SAS no. 53, and amended SAS no. 1, Professional
Standards, vol. 1, AU sec. 110, par. 2 as follows:
     The auditor has a responsibility to plan and perform the
     audit to obtain reasonable assurance about whether the
     financial statements are free of material misstatement,
     whether caused by error or fraud.  Because of the nature of
     audit evidence and the characteristics of fraud, the auditor
     is able to obtain reasonable, but not absolute, assurance
     that material misstatements are detected.  The auditor has
     no responsibility to plan and perform the audit to obtain
     reasonable assurance that misstatements, whether caused by
     errors or fraud, that are not material to the financial
     statements are detected.
The amended SAS no. 1 now parallels the auditor's standard
report, SAS no. 58--Reports on Audited Financial Statements
(middle paragraph), ". . . standards require that we plan and
perform the audit to obtain reasonable assurance about whether
the financial statements are free of material misstatement."
Material misstatement can result from material errors (described
in the amended SAS no. 47--Audit Risk and Materiality in
Conducting an Audit), material fraud (described in SAS no. 82),
and certain illegal acts defined in SAS no. 54--Illegal Acts by
Clients.
     The new standard requires auditors to specifically assess
the risk of material misstatement of the financial statements due
to fraud and identifies two types of fraud: misstatements arising
from fraudulent financial reporting (management fraud) and
misstatements arising from the misappropriation of assets
(employee fraud). It provides a list of 37 fraud risk factors,
"red flags" that indicate an increased risk of fraud that an
auditor should consider.  Three categories of risk factors
relating to fraudulent financial reporting are: 1) managements's
characteristics and influence over the control environment, 2)
industry conditions, and 3) operating characteristics and
financial stability.  The two categories of risk factors relating
to misappropriation of assets are susceptibility of assets to
misappropriation and controls.  Thirteen examples of other
conditions that may be identified during field work that change
or support the risk assessment are also given.  In addition to
considering the fraud risk factors, the auditor should inquire of
management to obtain management's understanding regarding the
risk of fraud in the entity and to determine if they have
knowledge of fraud that has been perpetrated on or within the
entity.
     The auditor should use professional judgment to respond to
the results of the assessment.  The auditor may conclude that
planned procedures are sufficient to respond to the risk factors
or, in other circumstances, the auditor may conclude that there
is a need to modify procedures.  If it is not possible to modify
procedures, withdrawal from the engagement with communication to
the appropriate parties may be appropriate.

     Response to the risk of material misstatement due to fraud
may affect the audit in several ways.  The auditor may need to
heighten his/her attitude of professional skepticism.  The
auditor should make sure that the knowledge, skill, and ability
of personnel assigned to the engagement is commensurate with the
assessment of the level of risk.  Management's choice of
accounting principles may need further consideration.  Risk
factors that have control implications may negate the ability of
the auditor to assess control risk below the maximum.  Also, the
nature, timing, and extent of procedures may need to be modified.
     If the auditor detects misstatements due to fraud that have
an immaterial effect on the financial statements the auditor
should refer the matter to an appropriate level of management and
be satisfied that implications for other aspects of the audit
have been adequately considered.  For fraud with a material
effect on the financial statements or for which the auditor is
unable to determine potential materiality, the auditor should
consider implications for other aspects of the audit; discuss the
matter with an appropriate level of management at least one level
above those involved; attempt to determine whether material fraud
exists; and if appropriate, suggest that the client consult with
legal counsel.  If the auditor's consideration of the risk of
material misstatement due to fraud and the results of audit tests
indicate a significant risk of fraud, the auditor should consider
withdrawing from the engagement and communicating the reasons for
withdrawal to the audit committee or others with equivalent
authority and responsibility.
     The standard requires that the auditor document in the
workpapers those risk factors identified as present and the
auditor's response to them.  If other risk factors are identified
during the audit that cause the auditor to believe that an
additional response is required, the auditor should document
those risk factors or other conditions and any further response
that the auditor concluded was appropriate.
     If the auditor discovers any fraud involving senior
management or any fraud that is material to the financial
statements, this should be reported to the audit committee.
Immaterial fraud should be reported to management one level above
those perpetrating the fraud.  When the auditor identifies fraud
risk factors that have continuing control implications, the
auditor should consider whether these risk factors represent
reportable conditions that should be communicated to senior
management.
 

Analysis of Comment Letters to the SAS no. 82 Exposure Draft
     The new fraud standard raised a number of questions and is
being received with some anxiety from practitioners and others.
This was borne out in the comment letters to the SAS no. 82 ED.
In this section we present an analysis of those comment letters.

     The authors independently read each of the 69 comment
letters to identify the letter as favoring, being neutral, or
opposing the issuance of SAS no. 82.  We were in agreement as to
the three categories for 60 of the letters.  For the 9 letters
that we did not independently agree on when assigning a category,
we discussed the content of the letter and mutually agreed on a
final classification.
     Table 1 displays the results of our analysis.  Thirty-four
of the letters favored, 11 were neutral, and 24 opposed the
issuance of the new fraud standard.  A majority of the small
firms (firms with only one office listed on their letterhead) and
medium firms opposed the issuance of the new standard, while all
of the Big Six firms favored the standard.  A majority of the
comment letters from state societies and government auditors also
favored issuing the new standard.  Together educators and others
were divided evenly in favor of or in opposition to the new
standard.
 
 
 
 

Table 1
Analysis of Exposure Draft Comment Letters

                             Audit Firm Size                  State      Government
                     Small       Medium     Big 6         Society       Auditor     Educator      Other         Total
 Favor              4               0              6                9               10                3              2              34

Neutral             4               1              0                3                0                 2              1              11

Oppose           12               2              0                3                2                 2              3              24

Total                 20               3              6              15               12                 7              6              69
 
 
 

     Fifty-one of the authors of the comment letters, whether
favoring, opposing, or remaining neutral, suggested some changes
in the exposure draft, and the Auditing Standards Board (ASB)
incorporated many of the suggestions in the final draft.
Comments ranged from suggesting minor changes in sentence
structure to expressing concern that the new standard may create
more litigation with regard to fraud detection.
     Table 2 lists the most recurrent statements from the comment
letters. There were four predominant concerns expressed in the
comment letters.  The concern expressed most often was that small
and medium sized companies would have most of the risk factors
listed in SAS no. 82.  The laundry list of risk factors could
lead auditors to adopt a checklist mentality resulting in more
intensive and expensive audit procedures for small enterprises
than for large firms.
     Of equal concern was that the standard would create a
perception that auditors will find all errors and fraud.  So,
instead of closing the expectation gap between the profession and
the public, some commentators believed that SAS no. 82 would
instead widen the gap.  In contrast nine authors made the
argument that since the new standard clarifies the auditor's
responsibility for fraud detection, it should reduce the
expectation gap.
 

Table 2
Comments from Letters to the Exposure Draft
 

16
Small and medium sized companies have most of the risk factors given in paragraphs
15-19; the language in the paragraph is subject to a wide disparity in interpretation; too
much ambiguous wording; should not have a laundry list of risk factors.

16
The standard will create a perception with the public that the auditor will find all
errors and fraud; the standard appears to create obligations for additional auditing
when none exist; clearly explain the potential that frauds may still not be detected due
to acts such as collusion; make distinction between fraud that an auditor can
reasonably detect and fraud which cannot be reasonably detected.

14
The standard will create more litigation against accountants with regard to fraud; will
increase liability exposure.

12
The standard is redundant of SAS 53--creates additional exposure to clients and third
parties;  standards should not enhance performance--continuing ed and peer reviews
should do this;  the guidance should be given in an industry audit guide.

 9
The standard clarifies the auditor's responsibility for fraud detection; has the potential
to reduce expectation gap; will get auditors to think more about fraud indicators.

 4
More guidance should be given for testing internal controls;  more guidance in EDP
for evaluating the risk of fraud.

 4
Standard should indicate that management is primarily responsible for prevention and
detection of fraud.

 3
Who does the auditor report fraud to in a sole proprietorship or closely held company?

 3
Fraud risk assessment is a duplication of the existing inherent and internal control risk
assessment.

 3
Paragraph 17 - risk factors relating to employee relationships or pressures appear to be
beyond the skills of the auditor;  how can it be observed;  the auditor is only on site
for a short period of time.

 2
Small privately owned businesses should not be subjected to this standard

The numbers indicate the number of comment letters that expressed the theme of the commentary.

     A third issue was that SAS no. 82 would create more
litigation against accountants for failures to uncover or
discover fraud.  A related concern was that the new standard is
redundant of SAS no. 53 and will create additional exposure to
clients and third parties.  Any specific guidance on the
detection of fraud, it was argued, should be in an audit guide,
not in a new standard.  Auditor liability and expectation gap
issues are discussed in a subsequent section of the paper.
Changes Made to the Exposure Draft
      Based on suggestions made in the comment letters, some
significant changes were made to the final version of the
standard.  Four letters suggested that more emphasis should be in
the statement regarding management's responsibility for the
prevention and detection of fraud.  In response, Paragraph 2 and
footnote 2 of the introduction section of the standard were added
to emphasize that "management is responsible for the prevention
and detection of fraud."  This was part of the background
information provided in the summary of the ED but was not
included in the main text of the draft. Also, requirement (b) was
added to paragraph 13 stating that the auditor "should inquire of
management . . . to determine whether they have knowledge of
fraud that has been perpetrated on or within the entity."
     The ASB also responded to the concern of practitioners that
small businesses would invariably have many of the fraud risk
factors and therefore be subject to heightened audit scrutiny.

The ASB addressed this issue by adding paragraphs 14 and 15 to
the final release to make clear that the risk factors were only
examples and that not all of the examples would be relevant in
all circumstances.  Paragraph 14 emphasizes that the auditor
should use professional judgment when assessing the various fraud
risk factors.  Paragraph 15 provides examples in which the
presence of fraud risk factors in a small entity may not always
indicate the risk of material misstatement.  Under SAS no. 82,
the risk factors should be viewed in the context of the company's
size, ownership, and industry characteristics and the auditor
should use professional judgment when assessing the significance
of any risk factor.
     The ASB modified the language in some of the "red flags" and
added other relevant risk factors.  The final version included
"An interest by management in pursuing inappropriate means to
minimize reported earning for tax-motivated reasons" as a fraud
risk factor.  The ASB also expanded other risk factors.  The risk
factor relating to an "ineffective" accounting staff was changed
to read "an ineffective accounting, information technology, or
internal auditing staff."  The "red flag" relating to declining
industries with "increasing business failures" now includes those
with "significant declines in customer demand."   The wording "or
hostile takeover" was added to the risk factor "Threat of
imminent bankruptcy or foreclosure."  Finally, the phrase
"especially involving attempts to influence the scope of the
auditor's work" was added to the risk factor "Domineering
management behavior in dealing with the auditor."
     The ED emphasized that employee relationships or pressures
should be considered by the auditor as a risk factor relating to
misappropriation of assets.  Some authors of comment letters felt
that the consideration of such risk factors was beyond the skills
of the auditor.  The final standard was changed to state that the
auditor need not plan the audit to discover information that is
indicative of financial stress of employees, but if such
information comes to the auditor's attention, it should be
considered in assessing the risk of material misstatement arising
from misappropriation of assets.
     Although the final version of SAS no. 82 addressed many of
the suggestions in the comment letters, questions remain about
the effect of the standard on the expectation gap and about the
potential for increased litigation.
The New Standard, The Expectation Gap, And Auditor Liability
     A major concern expressed in the comment letters was the
likelihood of an increase in the profession’s liability exposure
resulting from the requirements of SAS no. 82.  Of particular
concern was the listing of and the ambiguous language in the "red
flags." The listing of fraud risk factors was considered a
litigation road map for plaintiffs’ attorneys, tantamount to
"constructing a rope to hang ourselves with."  This risk was
compounded, argued the critics, by the use of open-ended phrases
such as "ineffective accounting staff," "domination of
management," "significant disregard of regulatory authorities,"
unclear terminology subject to varying interpretations.
Moreover, rather than close the expectation gap and enhance
performance, some commentators believed that the new standard
would heighten expectations relative to an auditor’s obligation
and ability to uncover fraud, thereby widening the expectation
gap and further exposing the profession to civil liability.
     To analyze the likely effects of SAS no. 82 on the liability
environment, one must understand the effect that professional
standards have on legal liability.  A failure to perform an audit
with reasonable care constitutes negligence and gives rise to
common law liability and some potential statutory liability.  The
professional standards set the minimum legal standard to which an
auditor must comply.  Although failure to comply with GAAS is
strong evidence of negligence, compliance with GAAS is not a
conclusive defense.  A jury is allowed to determine the
appropriate degree of care in a given case, which may be higher
or more demanding than prevailing professional rules.  Thus,
professional standards are important in determining the requisite
level of care but they are not determinative of the due care
issue.
     The new standard could increase auditors’ legal liability in
a number of ways. First, if SAS no. 82 is more demanding than SAS
no. 53 in terms of the level of care required in an audit, there
will be greater liability exposure because the minimum legal
standard of care has actually been raised.  Second, if the new
standard is more ambiguous than the prior standard or otherwise
lacks clarity, application of the standard may be subject to
interpretation and argument, and this uncertainty may lead to an
increase in legal liability.  Finally, if the new standard
heightens public expectations regarding an auditor’s duty and
capacity to detect fraud, there is the possibility that juries
will set the standard of care well above the minimum level of SAS
no. 82, potentially exposing the profession to greater legal
liability than under SAS no. 53.
     In terms of a substantive change in SAS no. 82, the
proponents have characterized SAS no. 82 as a "clarification" of
the auditor’s fraud detection responsibility rather than as a
change in the auditor’s obligation to uncover wrongdoing.  A
careful examination of SAS no. 82 indicates that the standard
does not substantially alter the basic obligations under SAS no.
53.  The auditor’s overriding obligation remains the same, i.e.,
to assess the risk of fraud (irregularities under SAS no. 53) and
to design and perform the audit to obtain "reasonable assurance"
that the financial statements are free of "material"
misstatements.  Despite the calls by some for a higher level of
assurance regarding fraud, the auditor’s duty continues to be
limited by traditional concepts of materiality and reasonable
assurance.  SAS no. 82 does provide more specific guidance on the
detection of fraud by expanding the list of fraud risk factors
identified in SAS no. 53.  It also expands to some extent the
auditor’s obligation relative to the assessment of the risk of
fraud.  For example, the new standard requires auditors to make
inquiries of management as to evidence of fraud and to more
thoroughly document the assessment of fraud and the auditor’s
response to that assessment.  Overall, however, the auditor’s
fundamental obligation to detect fraud and the level of assurance
given remain the same under SAS no. 82; thus, the minimum level
of care from a legal perspective has not significantly changed
with the adoption of SAS no. 82.
     Whether the new standard creates greater uncertainty was a
second concern raised by those who responded to the exposure
draft.  It is true that language in some of the risk factors is
subject to conflicting interpretations and differing professional
judgments.  Although the final draft tightens up this language,
some of the ambiguity remains in SAS no. 82.  For example, among
the fraud risk factors are management having an "excessive
interest" in the entity’s stock price and setting "unduly
aggressive" financial targets.  However, SAS no. 53 employed
similar terminology, e.g., management placing "undue emphasis on
meeting earnings projections."  Additionally, in comparison to
SAS no. 53, SAS no. 82 is more specific and detailed, and it
provides relevant guidance to practitioners facing particular
problematic situations.  For example, to reenforce the notion
that the assessment of fraud risk is an on-going process, SAS no.
82 identifies factors discovered during fieldwork, such as
missing documents and discrepancies in accounting records, that
should change the initial fraud risk assessment.  It also
provides examples of appropriate responses to specific problems
such as improper revenue recognition that have been a common
source of litigation in the past.  Thus, whether SAS no. 82 is
any more ambiguous than SAS no. 53 is open to question.  Because
it would appear that the attempt to clarify and to provide more
specific guidance was successful, it is questionable whether the
inevitable ambiguity in the standard will result in an increase
in legal liability.
     The issue of heightened expectations is an important one
since the underlying purpose of the standard was to close the
expectation gap.  Obviously, there is the continuing risk under
SAS no. 82 that juries will assume that an auditor was at fault
simply because the auditor failed to uncover fraud.  By doing so
in the past, juries have set the legal liability standard above
the professional standard of due care.  The question is whether
juries will set the "bar" even higher under SAS no. 82.  In a
break with traditional terminology, the standard does use the
dreaded word "fraud" in the title of the standard, signaling a
departure with the past when some in the profession refused to
acknowledge any obligation to detect fraud.  And some of the
coverage of the standard in the business media has suggested that
the professional standards have become more demanding.  One Wall
Street Journal article suggested that audit costs could increase
20% as a result of the new standard.  On the other hand, the
standard itself contains qualifying language regarding the
obligations of management, the limitations of the audit process,
and the difficulty of uncovering fraud.  Also, public
pronouncements by the AICPA have consistently described the new
standard as a mere clarification of existing rules or as
providing additional guidance to the profession on the detection
of fraud.  Therefore, it is difficult to substantiate the
argument that the standard will widen the expectation gap.  The
most likely scenario is that the standard will have little or no
effect on the expectation gap -- neither closing nor widening the
gulf that exists between the realities of the audit process and
the perceptions of the general public.
     Rather than increase legal liability, it is more likely that
the new standard will have no significant effect on the
profession’s liability exposure.  It is even possible that SAS
no. 82 will result in a decrease in auditor liability.  For
example, the standard may provide the profession with a more
viable compliance-with-professional-standards defense.  Although
the inclusion of the "red flags" in the standard has been
criticized, they may be used as a defensive tool in future cases.
Rather than merely argue to the jury that it is difficult to
uncover fraud, or that an audit is not designed to uncover fraud,
auditors strictly complying with SAS no. 82 will have a different
and perhaps more effective argument.  That is, the auditor will
be able to claim that he or she assessed the risk of fraud,
conducted an examination commensurate with that risk, but the
fraud was concealed by management or otherwise undiscoverable.
Also, the "red flags" give the appearance of a degree of
concreteness and objectivity to the often subjective materiality
judgments characteristic of audit work.  Although the "red flags"
were never intended to be a checklist for auditors, auditors
should carefully consider these factors in the future, and in the
determination of whether any one of the factors is present,
auditors should err on the side of finding a particular risk
factor.  At the same time however, auditors must be sensitive to
other industry-specific or business-specific factors that should
be considered under SAS no. 82.  Just as complying with
professional standards may not be legally sufficient, simply
following the "checklist" will not be enough under SAS no. 82.
     It is hoped that the implementation of SAS no. 82 will
result in fewer audit failures and fewer lawsuits in cases
involving internal fraud.  Any positive impact from enhanced
performance will depend on a number of factors related to the
implementation of the standards as well as the profession’s
continuing response to the expectation gap.  The standard should
sensitize practitioners to the need for an assessment of fraud
and make them more aware of the signs of fraud.  But in order for
the standard to be effective, auditors must be trained in
forensic accounting techniques and experienced personnel will
need to be on audit teams since few auditors are experienced in
fraud detection and some of the risk factors are not auditable
using traditional approaches.  Education and training in forensic
accounting may be the key to the effective implementation of the
new standard.  Similarly, continuing efforts on the part of the
profession to educate the general public on the nature of
auditing may be the most effective means of closing the
expectation gap.
 
 

USING THE ENGAGEMENT LETTER TO LIMIT AUDITORS' PROFESSIONAL LIABILITY EXPOSURE

published in The Ohio CPA Journal, July-September, 1999

MICHAEL J. GARRISON
JAMES D. HANSEN
 

ABSTRACT
 

 This paper discusses the importance of the engagement letter on auditor liability in light of the new auditing standard on engagement letters.  Statement on Auditing Standards no. 83, Establishing An Understanding With The Client, requires auditors to establish an understanding with the client regarding the services to be performed under the engagement.   Our paper examines the most recent developments in the legal environment of auditing and suggests that carefully drafted engagement letters can be used to shield the profession from legal liability.
 

 A recent survey of Ohio CPAs by Lindeman and Duvshinikov that was published in the Ohio CPA Journal found that most CPA firms regularly use engagement letters for audit engagements.  Respondents also viewed engagement letters as very important in their client relationships.  On the other hand, a majority believed that engagements letters do not provide substantial legal protection.  Whether this perception is accurate is open to question.
 The purpose of this paper is to analyze whether engagement letters can provide auditors protection from legal liability. The first section of the paper discusses the importance of engagement letters from a professional perspective and the new auditing standard on engagements.  Statement on Auditing Standards no. 83, Establishing An Understanding With The Client, requires auditors to establish an understanding with the client regarding the services to be performed under the engagement.  The Auditing Standards Board believes that such an understanding will reduce the risk that either the auditor or the client could misinterpret the needs or expectations of the other party.
 The next section gives an overview of some important recent developments in the legal environment of auditing, including auditor liability under Ohio law.  The developing rules in two areas of auditor liability -- common law liability to third parties and securities fraud -- are analyzed to determine whether engagement letters can be effectively used to shield the profession from legal liability.
 In the final section of the paper, we discuss how engagement letters can be used in a defensive manner to limit the profession's liability exposure.  Terms in the engagement contract  indicating the purpose of the audit and the persons to whom the audit report will be provided may be one of the most effective means of limiting an auditor's common law liability to third parties. Alternative dispute resolution provisions (e.g., mandatory arbitration) may be another method of limiting auditor liability to clients.

ENGAGEMENT LETTERS IN AUDITS AND THE NEW ENGAGEMENT STANDARD
 An engagement letter documents the accountant's understanding with the client as to the objectives of the engagement, the responsibilities of management and the auditor, and any limitations of the engagement.  Statement on Auditing Standards (SAS) no. 83, Establishing an Understanding With the Client was issued to provide guidance to CPAs for establishing an understanding with a client when providing auditing and other attestation services.
 Historically, engagement letters have not been required in an audit engagement.  However, most CPAs have understood the need to establish an understanding with the client and have used engagement letters when providing audit services.  With the issuance of Statement on Quality Control Standards (SQCS) no. 2, firms are required to have policies and procedures for obtaining an understanding with the client regarding the services to be performed.  SAS no. 83 was issued to help firms comply with SQCS no. 2.
 SAS no. 83 requires the CPA to establish an understanding with the client for each engagement and to document that understanding in the working papers, preferably through a written communication with the client.  The required elements of an understanding with the client include:

 Objective of the Engagement
  -the expression of an opinion on the financial statements.

 Management's Responsibility
  -responsible for the entity's financial statements,
  -responsible for establishing and maintaining effective internal control over financial reporting,
  -responsible for complying with applicable laws and regulations,
  -responsible for making all financial records and related information available to the auditor,
  -to provide the auditor with a letter that confirms certain representations made during the audit.

 Auditor's Responsibility
  -responsible for conducting the audit in accordance with generally accepted auditing standards,
  -responsible for informing the audit committee or equivalent of any reportable conditions that come to the auditor's attention.

 Limitation of the Engagement
  -generally accepted auditing standards require that the auditor obtain reasonable, rather than absolute, assurance that the financial statements are free of material misstatement, whether caused by error or fraud.  Accordingly, a material misstatement may remain undetected.  Also, an audit is not designed to detect error or fraud that is immaterial to the financial statements,
  -if the auditor is unable to form or has not formed an opinion, the auditor may decline to express an opinion or decline to issue a report as a result of the engagement,
  -an audit includes obtaining an understanding of internal control sufficient to plan the audit and to determine the nature, timing and extent of audit procedures performed.  An audit is not designed to provide assurance on internal control or identify reportable conditions.

 SAS no. 83 also lists additional matters that may be included in the engagement letter, such as:
 -arrangements regarding the conduct of the engagement (timing and client assistance),
 -arrangements concerning involvement of specialists or internal auditors,
 -arrangements involving a predecessor auditor,
 -arrangements regarding fees and billings,
 -any limitations of or other arrangements regarding the liability of the auditor or the client, such as indemnification to the auditor for liability arising from knowing misrepresentations to the auditor by management,
 -conditions under which access to the auditor's working papers may be granted, and
 -additional services to be provided.
 

 The engagement letter is important from a professional perspective because it serves a two-fold purpose.  First, it is a method of clearly communicating to the client about the nature of the professional services to be rendered and the inherent limitations in the audit process.  Second, it serves as a way of reaching a concrete understanding with the client as to the work to be performed, the responsibilities of the auditor and management, and the degree of assurance given by the auditor in the audit report.   The engagement is also important from a legal perspective since it establishes the parameters of the contract between the parties.  In this way, the engagement letter naturally serves as a form of legal liability protection, one that is superior to an undocumented, oral understanding between auditor and client.  We believe that careful drafting of the engagement letter can provide additional benefits in terms of liability protection, particularly in the area of common law third party liability which is discussed in the next section.

AUDITORS' COMMON LAW LIABILITY TO THIRD PARTIES FOR PROFESSIONAL NEGLIGENCE
 One area of auditor liability in which auditors have significant exposure is common law liability to third parties for professional negligence -- suits by creditors, investors, and others who may rely on an auditor's work product.  The rules relating to an auditor's liability to third parties for professional negligence have changed dramatically over the last 20 years.   The traditional privity rule that barred suits by third persons not in a relationship of  privity announced in the landmark case of Ultramares Corp. v. Touche  is no longer the majority rule, although a modified Ultramares rule still remains the law in some jurisdictions.  Today, there are about 15 states still following an approach similar to the privity requirement of Ultramares, either by statute or by court decision.  This modified privity rule, called the near privity rule or the primary beneficiary rule, limits auditor liability to clients and identified third party beneficiaries of an auditor's work product.
 In abandoning Ultramares,  a few states have adopted the foreseeable users rule which allows suit by any third party the auditor should have known would be relying on the audit report. However, the prevailing view today is the known (or foreseen) class of users rule of Section 552 of the Restatement (Second) of the Law of Torts.  The Restatement approach permits suit by persons within a class of users when the class is known to the accountant to be relying on the audit report in connection with a particular transaction.   This approach is more liberal than the near privity rule because the third party need not be a specifically identified third party beneficiary.  The rule requires only that the auditor have knowledge of the class of persons relying on the audit report and of the nature of the transaction for which the audit report would be used.
 Ohio follows the Restatement approach.  In Haddon View Investment Co. v. Coopers & Lybrand,  the Ohio Supreme Court addressed the issue of third party liability in connection with a suit by limited partners against the auditor of the limited partnership for professional negligence.  The court recognized that third parties often rely on audit reports in the ordinary course of their business and should be protected when their reliance on an auditor's report is "specifically foreseen." Thus,  "the accountant's duty to prepare reports using generally accepted accounting principles extends to any third person to whom they understand the reports will be shown for business purposes."  The limited partners were held to be such a limited class whose reliance was known by the auditing firm.

 Cases after Haddon View have clarified the Ohio approach to the issue.   In BancOhio National Bank v. Schiesswohl, BancOhio sued Henretta & Associates, the auditor for Northern Ohio Tractor, Inc., claiming damages for its reliance on the audited financial statements of Northern.  BancOhio was the largest single creditor of Northern, and had required Northern to submit audited financial statements upon which it relied in providing financing to Northern.  The suit brought after the business failed and went into bankruptcy was dismissed.
 The Ohio Court of Appeals found that the bank did not fall within a foreseen class of users.  Although the auditors knew that BancOhio was Northern's largest creditor, and that BancOhio had the power to demand audited financial statements, there was no proof that the accountants knew that the bank was exercising that power and requiring the submission of audited financial statements.  The court also dismissed the testimony of one of the auditors that he assumed that BancOhio had relied upon the financial statements.  The court reasoned that this did not prove that the auditors knew that the financial statements would be submitted to BancOhio "at the time they were preparing the statements."
 BancOhio is important for several reasons.  It makes it clear that Haddon View focuses on the knowledge of the auditors as to the class of third party users, rather than what the auditors  should have known or could have assumed under the circumstances.  Certainly, given BancOhio's status, the auditors could have and perhaps should have assumed that the bank was relying on the financial statements.  However, it had no knowledge that the financial statements were being provided to the bank.   Just as important is the timing of that knowledge.  Under the known class of users rule, the critical point in time is when the auditors are preparing the financial statements, not after they have been prepared and provided to the client.

AUDITOR LIABILITY FOR FEDERAL SECURITIES FRAUD
 Another area of auditor liability in which the engagement letter might be used in an attempt to protect auditors from liability is federal securities fraud.  Securities fraud is one of the most commonly asserted theories of auditor liability.  Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5 provide the legal basis for injured investors to pursue claims against auditors, particularly in connection with misrepresentations and omissions in audited financial statements.  Recent changes in the law have narrowed the scope of auditors' liability under the federal securities laws.  In 1995, Congress passed a major overhaul of the securities laws, the Private Securities Litigation Reform Act.  Although the impact of the statute on securities claims, and in particular claims against auditors is unclear, the Act imposes substantial procedural and substantive impediments on securities fraud suits against auditors.
 Prior to the Reform Act, the Supreme Court also limited auditor liability suits under the securities fraud provisions of federal law. In the landmark decision of Central Bank of Denver v. Interstate Bank of Denver,   the Court eliminated aiding and abetting as a basis for securities fraud liability under Rule 10b-5.  Before Central Bank, a defendant who knowingly and substantially assisted another in committing a securities fraud was guilty of aiding and abetting and liable along with the primary violator.  This theory of "secondary liability" was used by plaintiffs to sue auditors, attorneys, and other ancillary third parties.  Because the line between primary and secondary liability under the securities laws was unclear, and the distinction without legal significance, plaintiffs would usually assert both theories of liability in cases involving auditors.  After Central Bank, the distinction between primary and secondary liability has become critically important, and the federal courts have addressed this issue in a series of cases  applying Central Bank in securities fraud lawsuits against auditors.
 Some courts have adopted a "significant role" test for primary liability.  Under this rule, not only is an auditor subject to primary liability for his or her own fraudulent misrepresentations in connection with a securities sale, but an auditor who has some substantial involvement in the preparation or dissemination of fraudulent statements made by others is also primarily liable for securities fraud.  This liberal view of primary liability was adopted by the Ninth Circuit in In re Software Toolworks, Inc.    Deloitte & Touche, the auditor of Software Toolworks, was sued by investors who claimed that the auditors violated  Rule 10b-5 by participating in the drafting of two false letters sent to the SEC by Toolworks regarding the financial condition of the company.  One of the letters indicated that it was prepared after consultation with and review by the auditors and specifically referred questions to two Deloitte partners.  Given the evidence that the auditors played a "significant role" in the preparation of the letters, the Ninth Circuit found a basis for primary liability under Rule 10b-5.
 Other courts have rejected this formulation of primary liability as a mere restatement of aiding and abetting and have adopted a more restrictive view of primary liability that limits auditor liability to situations in which the auditor makes a misleading misrepresentation or omission.  The leading case is the Tenth Circuit's decision  in Anixter v. Home-Stake Production.  There, the auditor was sued in part for assisting the auditor's client in preparing a misleading prospectus.  Relying on the Central Bank opinion, the court reasoned that the "critical element separating primary liability from aiding and abetting is the existence of a representation, either by statement or omission, made by the defendant to the plaintiff.  Reliance only on representations made by others cannot itself from the basis of liability."   Recently, the Second Circuit followed Anixter in Shapiro v. Cantor, a securities fraud suit was brought by limited partners who invested in seven limited partnerships set up to operate a chain of video rental stores.  Among the various defendants was Touche Ross, the plaintiffs alleging that the firm participated in a fraudulent securities scheme by providing accounting and financial analysis in preparation of the offering memoranda.  The Second Circuit upheld the dismissal of the auditor liability claim holding that a defendant must make a material misstatement or omission to be liable for securities fraud.
 The restrictive approach to primary liability adopted in Anixter and Shapiro appears to represent the prevailing rule on the issue.   The court in Anixter stated the rule as follows: "[F]or an accountant's misrepresentation to be actionable as a primary violation, there must be a showing that he knew or should have known that his representation would be communicated to investors."  This formulation of primary liability is similar to the requirement for third party liability under the known class of users rule.  It is broader, however, because it imposes liability for misrepresentations that the auditor should have known would be communicated to investors in connection with a securities sale.

USING THE ENGAGEMENT LETTER AS A DEFENSIVE TOOL
 Any audit engagement letter should be constructed in light of Haddon View, BancOhio, and the known class of users rule of the Restatement. Also, given the formulation of primary liability in Anixter and Shapiro, the engagement letter should be drafted in a way as to minimize the risk of securities fraud claims.  Under the Restatement, the critical issue is the auditor's knowledge of third party users at the time of the engagement.   Similarly, under Anixter and Shapiro, the critical issue is whether the auditor made any representations and whether the auditor should have known that any statement he made would be disseminated to investors in connection with a securities sale.
 Given the importance of the auditor's knowledge of third party users, an auditor should have a clear understanding with his client as to whom the financial statements will be submitted and the purpose for which they will be used.  Language in the engagement letter should clearly indicate that purpose and any third persons to whom the audit report will be provided.  This clause should also include an agreement on the part of the client not to disseminate the report to other unidentified third parties.  It should specifically preclude dissemination of the auditor's report and any related representations the auditor made to investors or others in connection with a securities offering.  If third parties not disclosed in the engagement letter sue the auditor, the terms of the engagement letter can be used to establish the knowledge of the auditor at the time of the engagement (as well as what the auditor should have known) and that the auditor had no knowledge of the undisclosed third parties and their reliance on the report.  The engagement letter should also include an "integration" clause, indicating that the letter constitutes the full, final, and complete agreement between the parties and that there are no other side agreements relating to the engagement.
 A recent case out of California demonstrates the importance of drafting the engagement letter so as to minimize potential legal liability.   In Software Design v. Price Waterhouse, Software Design and Application, Ltd. and its owner, Manu Chatterjee, invested monies in Embrace Systems Corporation.  Price Waterhouse audited the company's financial statements and had issued a report to the Board and shareholders of Embrace upon which Chatterjee claimed he relied in investing in Embrace.  The investors sued Price Waterhouse for its alleged inaccurate audit report contending that they were third party beneficiaries of the engagement contract.  The investors supported this claim with testimony from another defendant, Patrick McDonald, who claimed that Price Waterhouse orally agreed that the investors would be third party beneficiaries of the engagement contract.
        The California Court of Appeals concluded that the plaintiffs were not third party beneficiaries based on the unambiguous terms of the engagement letters.  The investors were not identified or even alluded to in the engagement letters signed by Price Waterhouse and acknowledged by Embrace.  Therefore, the written contract was clear and any evidence to the contrary based on an oral side agreement was not admissible under a rule of contract law called the "parol evidence" rule.
 Although Software Design involved a claim of third party beneficiary status, similar arguments could have been made had the case turned on the status of the plaintiffs as foreseen third parties.  The case would have been stronger, however, if the engagement letter contained language as we suggest that identifies any third party beneficiaries and specifically prohibits the dissemination of the report to third party investors.  The auditor's position would also have been enhanced if the engagement letter contained an "integration" clause.
 Auditors should also consider alternative dispute resolution clauses in their engagement letters.  Arbitration, mediation, and other forms of alternative dispute resolution are generally recognized as having some distinct benefits over litigation.  Arbitration is a non-judicial process whereby the parties present their case to an arbitration panel whose decision is generally binding and not subject to appeal.  In mediation, a neutral mediator facilitates discussion between the parties so as to reach a negotiated settlement.

 Alternative dispute resolution may be faster than the time-consuming process of civil litigation, thereby providing a speedier resolution of disputes.  It can also reduce some of the costs associated with discovery and jury trials.  Mediation can result in settlements satisfactory to both parties, thereby preserving the business relations between accountant and client.  It has also been argued that arbitration may result in dispositions that are more objective and less influenced by emotion than civil jury trials. Finally, the secrecy and lack of publicity associated with alternative dispute resolution is a distinct advantage for business defendants seeking to protect their reputation.
 Arbitration does, however, have some drawbacks.  First, discovery will be limited unless a discovery provision is included in the engagement letter.  Second, AICPA ethics rulings provide that binding arbitration may cause a loss of independence for the CPA.  Third, professional liability coverage may be limited or denied to a policyholder entering into an agreement that affects an insurer's rights in defending the policyholder.  Fourth, controversy with a client may be settled in arbitration while a third party may seek a remedy in the courts.
  A recent Ohio case demonstrates the use of the engagement letter to control the dispute resolution process. In Sasaki v. McKinnon, the shareholders of ABS Industries, Inc., brought a shareholder derivative action against Ernst & Young, the auditor for the firm, alleging accounting malpractice and fraud.  The trial court stayed the action pending arbitration pursuant to the engagement letter between ABS and Ernst & Young.  That clause in the Retention Letter provided in relevant part as follows:

 Any controversy or claim arising out of the services covered by this letter...shall be submitted first to voluntary mediation, and if the mediation is not successful, then to binding arbitration, in accordance with the dispute resolution procedures set forth in Exhibit I to this letter.

 On appeal, the Ohio Court of Appeals upheld the binding arbitration clause in the contract.  The court categorically rejected the argument that shareholder derivative suits should not be subject to arbitration because arbitrators are not equipped to handle such disputes.  "To the contrary, it would appear that in matters of complex litigation involving securities and investments, a panel of arbitrators versed in the issues common to that industry is better suited to review the litigation than a general jurisdiction trial court or jury panel drawn form the general population who is, more likely than not, untrained in the intricacies of the financial markets, sophisticated corporate accounting and their governing regulations."   The court also found that the president/CEO of ABS did have authority to enter into the arbitration agreement despite the argument that he was plotting with Ernst & Young to cover up alleged financial irregularities in ABS.
 Sasaki reflects recent trends in both state and federal courts in favor of alternative dispute resolution and suggests that ADR clauses in audit engagement will usually be enforced in Ohio.  Although ADR clauses are binding only upon the auditor's client and not third party plaintiffs, they provide another means of minimizing an auditor's liability exposure.  However, given some of the drawbacks to arbitration, practitioners should consult with counsel and their insurance carrier before inserting binding arbitration clauses in their standard engagement letters.
 
 

CONCLUSION
 Audit professionals should be aware that the engagement letter can be used as a means of shielding auditors from liability suits.  A carefully drafted engagement letter is, therefore, important not only for client relations but also in terms of minimizing potential legal claims.  Obviously, engagement letters cannot eliminate auditor liability suits.  However, our analysis suggests that engagement letters may be particularly effective in common law suits by third parties against auditors for professional malpractice.  To a lesser extent, statutory liability under the securities laws may be impacted by the terms of the engagement.   ADR clauses are effective in auditor liability suits by clients and should also be considered by practitioners.
 
 
 
 

SAS 82 and the Audit of Small Businesses

published in Dakota CPA, November 1998

James D. Hansen, CPA, Ph.D. and Michael J. Garrison, J.D.
 

 SAS no. 82, Consideration of Fraud in a Financial Statement Audit, is intended to enhance auditor performance and provide auditors with additional guidance on the consideration of material fraud in conducting a financial statement audit.  It requires a specific assessment of the risk of material misstatement due to fraud and identifies a list of 37 fraud risk factors that an auditor should consider.

 How the new standard will affect the audit of small businesses was one of the issues raised by practitioners in comment letters to the SAS no. 82 Exposure Draft.  An examination of the sixty-nine comment letters revealed that a majority of practitioners from small and medium-sized firms opposed the issuance of the new standard.  Fifty-one of the authors of the comment letters suggested changes in the exposure draft which resulted in some significant modifications to the final version of the standard.

 The concern expressed most often in the comment letters was that small and medium-sized companies would have most of the risk factors listed in SAS no. 82.  The Auditing Standards Board responded to this concern by making clear that the risk factors were only examples and that not all of the examples would be relevant in all circumstances.  Thus, the presence of fraud risk factors in a small entity may not always indicate the risk of material misstatement.  Risk factors should be viewed in the context of the company's size, ownership, and industry characteristics and the auditor should use professional judgment when assessing the significance of any risk factor.

 Auditors should develop a list of risk factors tailored to smaller entities.  For example, it is not unusual for a single individual to dominate management in a small business, so auditors should focus on management's motivation to misstate financial statements.  The threat of bankruptcy or other adverse consequences if poor financial results are reported are examples of motivation to overstate income or assets.  Auditors should also be aware of situations in which management may be motivated to under-report income or assets.

 Other risk factors of smaller entities might include a declining or rapidly changing industry, unusual or complex transactions, an inability to generate cash flows, and unusually rapid growth. (See the AICPA practice guide, Considering Fraud in a Financial Statement Audit: Practical Guidance for Applying SAS no. 82, for a more completelist of risk factors in a small business.)

 Auditors must also assess the risk of misstatement arising from the misappropriation of assets.  Risk factors in this category would include a lack of segregation of duties, inadequate record keeping of assets, poor physical safeguards over assets, inadequate job applicant screening, and the lack of a mandatory vacation policy.

 Practitioners were also concerned about the possibility of increased legal liability exposure with the issuance of SAS no. 82.  Since the new standard does not mandate a higher level of care in audit engagements, and since the language of SAS no. 82 is more specific and no more ambiguous than under SAS no. 53, and since the auditor's responsibility to detect fraud is still limited by traditional notions of materiality and reasonable assurance, it is likely that SAS no. 82 will have no significant effect on the profession's liability exposure.  To minimize the potential for legal liability, auditors should be trained in forensic accounting techniques and experienced personnel will need to be on audit teams.