Auditors are increasingly targeted as an attractive "deep pocket" to pay for harm caused by their clients' actual or perceived misdeeds. In the wake of corporate scandals such as Enron and WorldCom, the accounting profession has met harsh criticism. This increased negative public perception can be expected to result in increased claims against accounting firms, including lawsuits by non-clients who claim that the audit led to their losses. See W. Joseph Nielsen, Defending Accounting Malpractice Actions in Connecticut: An Increasingly Difficult Task, Connecticut Bar Journal (September 2004).
This shift in the public perception creates a possibility of relaxation of limitations that have traditionally protected auditors. Traditionally, auditors have not faced liability except to those parties with whom they had contracted. However, audited financial statements are used not only by the client, but also by the public at large. Investors, creditors, customers and suppliers utilize audited financial statements in various ways. Absent limitations on the scope of the auditor's duty, the array of potential plaintiffs claiming loss caused by a negligent audit is broad and the potential liability is catastrophic. See Hannesson I. Murphy, Accountant Liability for Negligence in the Absence of Privity, Trial Advocate Quarterly(Fall 2005).
This article examines the borders within which claims by non-clients may be recognized. It does not focus on the more traditional malpractice claims between the accountant and client, although the questions of negligent performance are the same.
Typically, the non-client will frame its claim against the auditor as one for negligent misrepresentation. Dan L. Goldwasser, Accountant's Liability § 4.2[a] (1996). The elements of such a claim generally are: (1) the auditor owed a duty to the plaintiff; (2) that duty was breached; (3) the plaintiff justifiably relied on information prepared by the auditor; and (4) such reliance was an actual and proximate cause of the plaintiff's damages. The scope of an auditor's duty has been historically restricted. As the scope of duty expands, the defense emphasis shifts to questions of reasonable reliance and proximate cause. The standard of care is largely set by the accounting profession itself, which fosters self-policing and has adopted a set of professional standards known as the generally accepted auditing standards (GAAS). Those standards include few specific proscriptions and procedures. Rather, they express general principles embodying the requirement that the auditor must develop a reasonable evidential basis on which its audit opinion is based. The standards vest the auditor with significant judgment in implementing the standards. The GAAS standards are themselves under significant review, including tightening requirements regarding evidence that must be developed and maintained to allow review of the auditor's work upon which the audit opinion is based.
The Element of Duty
Jurisdictions have varied in their approach to balancing the traditional notion of tort liability for all foreseeable consequences of a negligent act against the public policy concern that an auditor's broad liability would adversely affect the vital role of audits in the financial world. A non-client's claim may then depend heavily on the forum or applicable choice of law.
Case law on the scope of the auditor's duty to non-clients may be distilled into three standards: (1) the "privity or near-privity" approach; (2) the "foreseeability" approach; and (3) the "Restatement" approach. 20 Am. Jur. POF 3d 289, Accountant's Negligence to Third Party Not in Privity with Accountant § 8 (2005). The "privity or near-privity" standard is the most restrictive; the "foreseeablity" approach is the broadest. The "Restatement" approach is the majority approach and seeks to relax the requirement of privity while still limiting the scope of an auditor's duty by imposing a more specific standard of foreseeability coupled with a limitation on recoverable damages.
The "Privity or Near Privity" Approach
Traditionally, an auditor could not be liable to an investor or any other non-client unless the parties were in privity of contract. Christine M. Guerci, Annotation, Liability of Independent Accountant to Investors or Shareholders, 48 A.L.R. 5th 389 (1997). In the seminal case of Ultramares Corp. v. Touche, 174 N.E. 441 (N.Y. 1931), Chief Judge Cardozo held that an auditor must be in privity of contract with a plaintiff or there must have been "[a] bond . . . so close as to approach that of privity." Id. at 446. Under Ultramares, a non-client must prove either that: (1) the auditor defrauded the non-client, or (2) the auditor had actual knowledge that the non-client would rely on the financial statements. Id. at 444.
Judge Cardozo explained:
If liability for negligence exists, a thoughtless slip or blunder, the failure to detect a theft or forgery beneath the cover of deceptive entries, may expose accountants to liability in an indeterminate amount for an indeterminate time to an indeterminate class.
174 N.E. at 444. Thus, the New York Court of Appeals utilized public policy to reject application of the tort principle that a tortfeasor should be liable to all reasonably foreseeable victims. Richard P. Swanson, Accountants' Liability Theories of Liability, SL064 ALI-ABA 27 (Feb. 16-17, 2006).
Since Ultramares, other states have adopted or expanded the privity or near privity approach. Accountants' Liability§ 4.2[A].Generally, in states that follow this approach, an auditor has a duty to a non-client if: (1) the auditor was actually aware that the report was to be used for a particular purpose; (2) a known third party was intended to rely on the report to further that purpose; and (3) there exists some conduct by the auditor linking it to the third party. See Credit Alliance Corp. v. Arthur Anderson & Co., 483 N.E.2d 110, 118 (N.Y. 1985); see also Nycal Corp. v. KPMG Peat Marwick LLP, 688 N.E.2d 1368 (Mass. 1998). While strict privity might not be required, there must be "a relationship sufficiently intimate to be equated with privity." 483 N.E.2d at 112.
The "linking conduct" element requires that an auditor have direct contact with the non-client. Securities Investor Protection Corp. v. BDO Seidman, LLP, 222 F.3d 63, 74 (2d Cir. 2000), aff'd, 245 F.3d 174 (2d Cir. 2001). The extent of contact required varies among the jurisdictions. The courts following this approach have made clear that the near privity standard is a demanding one. Accountants' Liability § 4.2[A]. Casual conversations do not satisfy the requirement, and the plaintiff must be an intended beneficiary of the auditor's work. See William Iselin & Co, Inc. v. Landau., 522 N.E.2d 21 (N.Y. 1988). Stated otherwise, the linking conduct must indicate "an affirmative assumption of a duty of care" to the non-client. Id.
The following states have adopted the privity or near privity approach through court decisions:
- Nebraska; and
Hurson at 29. In addition, the New Jersey Legislature adopted the privity or near privity approach by statute, overruling a contrary court decision. Swanson at 46.
- The "Foreseeability" Approach
The restrictive nature of the privity or near privity has been criticized as giving the accounting profession unfair protection. The United States Supreme Court has suggested that this approach may be outdated in light of the role that audited financial statements play in today's financial world. See United States v. Arthur Young & Co., 465 U.S. 805 (1984). In response, a small minority of states have adopted a traditional "foreseeability" approach, where cases by non-clients against auditors are governed by general tort duty principles.
The foreseeability approach is grounded on "the fundamental principle . . . that a tortfeasor is fully liable for all foreseeable consequences of his act." Citizens State Bank v. Timm, Schmidt & Co., S.C., 335 N.E.2d 366 (Wisc. 1983). It discounts or disregards policy considerations that fear the consequences of broadened liability. Swanson at 45. Under the foreseeability approach, "auditors owe a duty of care to all parties who are reasonably foreseeable recipients of financial statements for business purposes, provided the recipients rely on the statements pursuant to those business purposes." Scottish Heritage Trust v. KPMG Peat Marwick, 81 F.3d 606, 611 (5th Cir. 1996). The defense of claims under this standard obviously shifts the focus to an attack on the plaintiff's reasonable reliance.
There have been several different rationales for the foreseeability approach: (1) the general trend in the law away from a privity requirement; (2) a perception that auditors are able to spread the cost of the liability through insurance or the pricing for their services; (3) the prevalence of reliance on audit reports by investors, creditors and others; and (4) an incentive to deter negligent conduct by auditors. Accountants' Liability § 4.2[A][a].
Currently, only two states follow the foreseeability approach:
- Wisconsin; and
See Citizens State Bank at 366; Touche, Ross & Co. v. Commercial Union Insurance, 514 So. 2d 315 (Miss. 1987). In addition, the Supreme Court of New Jersey had also rejected Ultramares in favor of the foreseeability approach in H. Rosenblum, Inc. v. Adler, 461 A.2d 138 (N.J. 1983). But in 1995, the New Jersey Legislature reinstated the privity or near privity approach by statute. N.J. Stat § 2A:53A-25.
- The "Restatement" Approach
The Restatement (Second) of Torts establishes a middle ground between the privity or near privity and the foreseeability standards. Under the Restatement, an auditor can be liable to a non-client if: (1) he knows that the person, or one of a limited group of persons, is going to rely on the auditor's work, or (2) he knows that his client intends to supply the information to the person, or one of a limited group of persons. Specifically, section 552 of the Restatement (Second) of Torts provides that an auditor has a duty to any "person or one of a limited group of persons for whose benefit and guidance [the auditor] intends to supply the information or knows that the recipient intends to supply it." Restatement (Second) of Torts § 552 (1977). Under this approach, an auditor "owes a duty not only to the client but to any other person or one of a group of persons, whom the accountant or his client intends the information to benefit." Raritan River Steel Corp. v. Cherry, Bekaert & Holland, 367 S.E.2d 609, 614 (N.C. 1988).
The Restatement standard seeks to "balance . . . the need to hold accountants to a standard that accounts for their contemporary role in financial world with the need to protect them from liability that unreasonably exceeds the bounds of their real undertaking." Id.at 617. The Restatement approach differs from the privity or near privity approach in that it does not require the auditor to know the precise identity of the non-client who is relying on its work; it differs from the foreseeability approach by requiring that the auditor's work be performed for the benefit of the non-client. Accountants' Liability § 4.2[A].
The Restatement approach has been adopted by the following states:
- New Hampshire;
- North Carolina;
- North Dakota;
- Rhode Island;
- South Carolina;
- Washington; and
- West Virginia.
Hurson at 28.
The Standard of Care in Measuring Breach of Duty
An accountant is required to exercise a reasonable degree of care and competence in the performance of professional services. Elizabeth Williams, 15 COA2d 395, Cause of Action Against Accountant for Negligent Performance of Professional Services § 11 (2005). More specifically, an accountant performing an audit must "use that degree of knowledge, skill and judgment usually possessed by members of the profession in a particular locality." Snipes v. Jackson, 316 S.E.2d 657, 662 (N.C. Ct. App. 1984). See generally Williams § 11.
The courts generally accept GAAS as the expression of an auditor's standard of care. See generally 1 Am. Jur. 2d, Accountants § 13. Some courts have ruled that an auditor's compliance with GAAS conclusively discharges the auditor's duty. Williams at § 12. However, recognizing GAAS as the source of the standard of care does not eliminate significant contests as to how these standards are satisfied. The GAAS standards are subject to broad interpretation; some may even argue they are ambiguous.
Contrary to some public perception, the auditor's favorable opinion that financial statements are fairly stated does not equate to a guarantee that the financial statements contain no material error. AU § 230.13. The opinion rather asserts that the auditor has a reasonable basis, based on sufficient competent evidential matter, to opine that the financial statements are presented fairly in all material respects in accordance with generally accepted auditing principles. AU § 326. GAAS recognizes that the financial statements themselves are the responsibility of management. AU § 110.03. The auditor is required to perform tests to obtain reasonable, not absolute, assurance that the financial statements are presented fairly. GAAS also indicates that a client's fraud may, but does not necessarily, insulate the auditor from liability, and that some fraud may go undetected by a GAAS compliant audit. AU § 316.10.
Application of GAAS standards is then fact specific. More specific GAAS standards are based on ten general standards codified in AU section 150, which provide the overall framework for the proper performance of an audit.
- The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor.
- An independence in mental attitude is to be maintained by the auditor.
- Due professional care is to be exercised in the performance of the audit and the preparation of the report.
- The work is to be adequately planned and assistants are to be properly supervised.
- A sufficient understanding of internal control is to be obtained to plan the audit and to determine the nature, timing and extent of tests to be performed.
- Sufficient competent evidential matter is to be obtained to afford a reasonable basis for an opinion regarding the financial statements.
- The report shall state whether the financial statements are presented fairly in accordance with generally accepted accounting principles.
- The report shall identify those circumstances in which such principles have not been consistently observed in the current period in relation to the preceding period.
- Informative disclosures in the financial statements are to be regarded as reasonably adequate unless otherwise stated in the report.
- The report shall contain either an expression of opinion regarding the financial statements, taken as a whole, or an assertion to the effect that an opinion cannot be expressed. When an overall opinion cannot be expressed, the reasons therefor should be stated.
With limited exceptions, GAAS affords the auditor significant discretion in determining how to design and implement audit procedures to gather the evidential support for the expression of the audit opinion under these standards. While the auditor is expected to maintain work papers that reflect that evidential support, the defense is aided by the fact that a plaintiff may have substantial difficulty years after the audit in proving what materials beyond those preserved as work papers were actually presented to the auditor. The GAAS standards are evolving toward tightened requirements to preserve the evidential material in audit work papers. Compare AU § 339 and AU § 339A (AU § 339 governs audits of financial statements for periods beginning on or after May 2002; AU § 339A, governs audits of financial statements for periods ending before May 2002.).
The Significance of a Non-Client's Justifiable Reliance
The negligent misrepresentation claim requires the plaintiff to prove he or she reasonably relied on the auditor's work. Whether reliance is justified is fact specific and cannot be reduced to a concise test. However, courts have given guidance on certain specific situations where reliance was not justified. The following factors have been considered in court decisions:
- The type of report prepared by the auditor. Accountants provide several different services to their clients, all of which provide varying degrees of assurance as to the accuracy of financial statements. These services include compilations, special procedures, comfort letters and full audits. Jurisdictions differ on whether reliance on anything less than a full audit report can ever be justified. Compare Liberty Finance Co. v. BDO Sediman, 473 S.E.2d 13, 14 (N.C. Ct. App. 1996) (concluding that whether a plaintiff justifiably relied on reviewed, as opposed to audited, financial statements was a question of fact for the jury) and Evans v. Israeloff, Trattner & Co., 208 A.D.2d 891, (N.Y. 1994) (concluding that reliance on unaudited financial statements compiled by an accountant is unjustified as a matter of law).
- The degree to which the person who relied on the audit opinion studied the underlying financial statements. In some jurisdictions, it may be insufficient to rely solely on the accountant's audit opinion without analyzing the underlying financial statements. See Raritan River, 367 S.E.2d at 613; see also Touche Ross v. Commercial Union Ins., 514 So. 2d 315 (Miss. 1987); H. Rosenbluem, Inc. v. Adler, 461 A.2d 138 (N.J. 1983).
- The timing of the transaction in relation to the issuance of the audit opinion. Because an audit opinion is not finalized and issued until months after the date of the financial statements, an auditor may prepare draft audited financial statements. There is a conflict in the case law about whether reliance on such draft audit reports can ever be justified. Compare NCNB v. Deloitte & Touche, 458 S.E.2d 4 (N.C. Ct. App. 1995) with Esca Corp. v. KPMG Peat Marwick, 135 Wash. 2d 820 (1998).
Consideration of the Elements of Causation and Damages
A full analysis of the law of causation and damages in auditor liability cases is beyond the scope of this paper, but as in any commercial dispute, causation and damages issues often provide strong defense opportunities. Two specific issues, however, deserve special note.
First, a doctrine first developed in the context of securities law violations has sometimes been applied to common law claims for negligent misrepresentation. See Bastian v. Petren Resources Corp., 892 F.2d 680, 682 (7th Cir. 1990). Under this doctrine, a plaintiff must prove that the alleged misrepresentation caused not only the plaintiff's conduct, but also the resulting loss. See Dura Pharmaceuticals, Inc. v. Broudo, 544 U.S. 336, 343 (2005). In extending this doctrine to common law negligent misrepresentation claims in the audit context, some courts have equated "loss causation" and "proximate causation." Arthur Andersen & Co. v. Perry Equipment Corp., 945 S.W.2d 812 (Tex. 1997).
If a court chooses to apply the doctrine of "loss causation" in an action against an auditor for the negligent performance of an audit, the plaintiff may have difficulty in proving that the auditor caused the amount of the loss the plaintiff seeks to recover. For example, the value of a company may decline for a multitude of reasons, including market forces, poor management and fraud beyond that which the auditor may be expected to have uncovered. An auditor's failure to detect misstatements in the financial statements may not prove to have been the cause of the company's decline in value.
A second issue with respect to damages arises in those jurisdictions that follow the Restatement approach. Section 552 includes a specific limitation of damages, drawing a distinction between out-of-pocket loss and loss of the benefit of plaintiff's perceived bargain. A plaintiff's overall investment expectation may well fall outside of recoverable damages. Under section 552B, the damages recoverable for a negligent misrepresentation include only: "(a) the difference between the value of what he has received in the transaction and its purchase price or other value given for it; and (b) pecuniary loss suffered otherwise as a consequence of the plaintiff's reliance upon the misrepresentation." Restatement (Second) of Torts § 552B (1977). The recoverable damages "do not include the benefit of the plaintiff's contract with the defendant." Id. Thus, damages for a negligent misrepresentation are limited to the plaintiff's out-of-pocket loss and any consequential damages. William L. Prosser, Prosser & Keeton on the Law of Torts § 110 (5th ed. 1988).
In order to recover purely economic damages such as "lost profits," a plaintiff must show that these damages amount to "consequential" damages rather than "benefit of the bargain" damages. See Bokma Farms, Inc. v. State, 14 P.3d 1199, 1201 (Mont. 2000). In the case of a third-party investor or lender, these "lost profits" are oftentimes the only recovery that would justify the cost of litigation. Otherwise, the third-party investor's recovery is limited to nothing more than the difference between the amount of money invested and the current value of the investment.
Although it is true in today's world that auditors are being sued more frequently than ever, it is also true that a lawyer has many tools to frame an effective defense. With an understanding of the law of auditors' liability, the GAAS standards, and the facts of each case, the defense lawyer can frame a defense that will, hopefully, allow his or her client to obtain a favorable outcome. Counsel defending a claim against an auditor by a non-client should:
- Determine the controlling law and seek to impose the law of a state with a more restrictive standard.
- Develop facts that highlight the auditor's lack of a relationship with the plaintiff. Even in jurisdictions that follow the foreseeability approach, these facts can support an argument the plaintiff's reliance on the audit opinion was unjustified.
- Understand GAAS, and using those standards, educate the trier of fact about the purpose of an audit and the limitations on the auditor's responsibility. The jury will have a preconceived notion that the purpose of an audit is to uncover any fraud. Defense counsel must convince the jury that the auditor is not an insurer of the accuracy of the financial statements.
Copyright 2007, DRI For The Defense. Reprint permission granted.