AUDITING: A RISK

ANALYSIS APPROACH
5th edition

Larry F. Konrath

Electronic Presentation
by Harold
O. Wilson
1
CHAPTER 3

2
KEY CONCEPTS OVERVIEW
■ Maintenance of the quality of service
(monitoring, disciplining)
■ Regulation (self-regulation--AICPA &
State Boards of Accountancy;
external regulation--SEC & Courts)
■ Legal Liability (ordinary negligence,
gross negligence, and fraud)
■ Prevention & Defenses

3
 GENERAL TOPICS
■ Monitoring of professional practice;
Ensuring that the defined level of quality
is maintained.
■ Managing risk: plans and procedures for
tests of transactions, and substantive testing
■ Identifying departures from quality (via
internal actions by AICPA, Boards of
Accountancy, & external actions of the
SEC, & the courts).
■ Sources of liability: Civil law; Statutory law
4
 LEARNING
OBJECTIVES
■ Recognize the means by which the profession
regulates itself & maintains quality.
■ Understand the impact of external regulation on
quality maintenance.
■ Define the expectations gap; recognize the
import of self-regulation (to narrow the gap).
■ Identify & anticipate the types/relationships of
auditor legal liability.
■ Describe classic cases involving CPA firm liability.
■ Plan to prevent legal actions.
5
 INTRODUCTION
■ AICPA monitors (Bylaws, Trial Board, Quality
Control, Standards Committee, etc.).
■ State Boards of Accountancy regulates (CPA
exams, CPE, issuing/revoking licenses, etc.).
■ Securities & Exchange Commission regulates
& monitors the accountancy by legislation.
■ Classic legal cases define CPA liabilities (for
audits and unadited financial statements).
■ CPAs must consider preventing lawsuits and
defenses when lawsuits arise.
6
 SELF-REGULATION:
The AICPA
■ The AICPA bylaws--a Trial Board disciplines
those found in violation of the the Code of
Professional Conduct. (admonishment,
suspension, expulsion).
■ Rule 202 (broad)): Covers virtually all forms
of auditing, accounting, consulting
services rendered by CPAs.
■ QCS Committee; SQCSs; Division of CPA
firms; POB; ISB; IIC, and ...
7
SELF-REGULATION:
The AICPA Peer Reviews
The AICPA/GAAS Quality Control Standards
Committee standards require firms to design and
implement quality control systems [QCS] if
rendering attestations, reviews, compilations, etc.

QCS: "the firm's organizational structure and

the policies adopted and procedures established
to provide the firm with reasonable assurance of
conforming with
professional standards [i.e., GAAS] "
8
Quality Control Standards
In 1979, Statement on Quality Control Standards
No. 1 (SQCS-1) was issued, detailing the broad
elements defining appropriate QCS:
– maintaining independence, integrity, and
objectivity; managing personnel;
– establishing guidelines for accepting and
continuing with clients, and performing
engagements;
– monitoring the quality control policies.

9
Quality Control Standards
■ Advance planning for assigning qualified
personnel to areas/levels of an engagement.
■ Reviewing all working papers by
supervisory/technical personnel.
■ Ensuring proper “client selection.”
– Present clients reviewed for integrity, continuance.
– Prospective clients reviewed for acceptance
(inquiries of prior auditor, bankers, attorneys).

10
REGULATION:
STATE BOARDS

AICPA Membership is voluntary; its authority

only extends to its members, but CPAs
also meet State Board requirements.
The legal right to practice is obtained through
a license granted by the state.
CPAs must abide be state laws, including CPE
requirements. Violations may lead to
certificate suspension or revocation.

11
A Most Valid Defense if challenged...

“The State Board of Accountancy,

Accountancy
not their employer, granted the

CPA Certificate to these

members of our staff, who meet
vital educational & professional
standards, and passed a
rigorous professional
examination!” 12
EXTERNAL REGULATION:
The SEC
■ Absolute regulatory power over the accounting
profession and auditing standards is granted to
the Commission through the Securities Acts.
■ Chief Accountant of the SEC investigates
“audit failures;” sponsors sanctions.
■ SEC regulates reporting (it does not “approve”
securities); often questions independence.

Emphasis: To protect investors & creditors!

13
EXTERNAL REGULATION:
The SEC
■ SEC reports include annual 10-K,
quarterly 10-Q reports, Form 8-K
(when auditors are changed), etc..
■ SEC Accounting Series Releases (ASRs)
and other SEC pronouncements &
rulings impact the CPA-auditor!
■ SEC Acts are statutory laws!

See http://www.sec.gov/

14
 FAQ?
“Expectation Gap:” Does the public expect
too much, or the profession provide too little,
or both? Considerations: SEC, fairness,
fraud, CPE, “going concern,” sampling,
management pressures, etc.
One’s answer is based on perceptions.
Audits are not in real-time, and must be
based on [sample] evidence of historical
events. Audits do have deadlines!
15
Remember...

Professional Skepticism is a way of life,

and official pronouncements cloak CPAs
with responsibilities to detect fraud as well
as misstatements under GAAP!
Note : The EITF (17 members) studies
“preferences” in GAAP, one of its
objectives being cooperation with the
SEC and enhancement of financial
accounting reporting.
16
EXTERNAL REGULATION:
The COURTS
CLIENTS in contract
(in privity) with auditors.
THIRD PARTIES not in
privity (that is, not in a
contractual relationship
with auditor).

Lawsuits for negligence/fraud:

The CPA may be the “fall guy!”
17
The COURTS intend to protect
the public, and judge...
■ GAAS compliance: Auditor skills,
knowledge, , independence, judgment,
vigilance, controls, evidence,
relationships, PLUS…
■ Accounting standards/GAAP applications!
■ Perceptions of the above do matter.

See SAS 69
18
AUDITOR LIABILITY under
CIVIL LAW & STATUTES
?

■ Breach of contract
■ Fraud (intentional deceit)
■ Negligence
■ “Deficiencies” in ethics,
working papers, reports,
competence

19
 FAQ?
What is the difference in ordinary vs. gross
negligence (given defined circumstances)?
Ordinary negligence is a lack of usual,
reasonable care (e.g., departure from
GAAS); whereas, gross negligence is a
lack of even minimal care when
performing services (e.g., reckless
departure from GAAS).

20
But …
in some cases, negligence may be so
flagrant as to border on deceit. The
courts have termed this level of
negligence (i.e., ignoring the obvious)
as “constructive fraud.”

Fraud is usually linked with

“intent” or complicity to
deceive, conceal, or injure.
21
Burden of Proof: Negligence
Plaintiff must prove ...
■ Financial Statements contained
material misstatement(s).
■ Plaintiff relied on such.
■ Plaintiff was injured by reliance.
■ A proper application of GAAS
would likely have detected
the misstatement(s) [or fraud].

22
Burden of Proof: Negligence
Auditor might assert...
■ Contributory negligence or
collusion by client!
■ Strong defense if irregularity was
– at top levels of management
– due to overrides of controls
– caused by management, per se

Note: Auditors are not generally liable to third

parties for ordinary negligence.
23
AUDITOR LIABILITY:
Observations
■ “Management misrepresentation fraud”
is presumed to be material, and...
■ “Material misstatements/frauds” are more likely
to be detected than the immaterial, and...
■ Note: The aggregate of immaterial misstatements
may be material. “Standard procedures” may
be unlikely to detect.

Observe: If all “errors” are in one direction, the

“errors” are not random events!
24
AUDITOR LIABILITY:
Observations
■ CPA Firms--always liable for gross negligence, but
not always liable for ordinary negligence!
■ If the CPA detects important internal control
weaknesses, some change in the planned audit
procedures must be made (e.g., more testing)!
■ The degree of deviation from prescribed controls
impacts on the odds of “error” detection!
Given a low probability of detection, the courts may
well construe a case as one of ordinary (rather
than gross) negligence by the CPA. 25
CIVIL LAW:
Common Law; Clients
■ Clients may allege breach of contract
(e.g., violations of GAAS, or ethics
violations).
■ Clients (tort action) may allege
a wrongful act that resulted
in injury (due to negligence,
gross negligence, or fraud).

Excellence in Engagement Letters is very advisable!

26
 The Cenco Case

■ Seidman & Seidman, CPAs, not guilty!

■ “Management override” of controls
($25 M inventory fraud).
■ Judge: Auditors cannot be expected to
detect [frauds] when management
turns the company “...into an engine
of theft against outsiders.”
■ Auditors did not “contrive to conceal.”
27
 A caution under GAAS... I have no
opinion?

A CPA cannot elect to issue a Disclaimer

of Opinion in cases where there is knowledge
of misrepresentation or fraud. (The auditor
would have formed an opinion--POSSIBLY
an adverse opinion!)

28
CIVIL LAW:
Common Law; Non-Clients
■ Suit may be by third parties
(often allege wrongful act
or tort, resulting in injury).
■ Third party primary beneficiaries are
ordinarily identified by auditor
(e.g., a bank), and there are...
■ Foreseen third parties not specifically
known to auditor (anticipated user).
29
 The Ultramares Case
■ Civil liability law
■ Doctrine of privity upheld.
■ Burden of proof on Third Party
■ Bypassed liability for ordinary negligence.
■ Auditor “accepted” receivables without
evidence of same.
■ Auditor liable for constructive fraud--
gross negligence!
30
STATUTORY LAW:
[Unknown] Third Parties
■ Securities Act [1933]: Possible federal
statutes violations (e.g., a purchaser of
securities alleging reliance on an
improper SEC registration, etc.).
■ Securities Act [1934]: Plaintiff may be any
person
purchasing or selling publicly traded
securities.
31
 Responsibilities: Securities Acts
Auditor may be liable for involvement with...
■ Registrations & securities purchasers (1933)

■ Plaintiff must show damage due to material

false/misleading statements. , but burden
of proof of “Due diligence” defense is on
auditor!
■ Filings & purchasers AND sellers (1934)
The 1934 Act shifted burden to plaintiff
to prove auditor negligence.
32
Responsibilities: Securities Acts
■ “Effective Registration” (year or more);
auditor liability extends to such.
■ Auditor’s work must include “subsequent
events” reviews (S-1 report).
■ Auditor’s work extends to “Comfort
Letters,” and certain unaudited data.
■ CPA may be liable to third parties for
gross AND ordinary negligence.
33
 The Securities Act of 1934
■ Liability extends to any alleged false
statement, filed or not filed with SEC.
■ Court held plaintiff to prove scienter--
intent to deceive--but, “gross negligence”
may well be construed to be “intent.”
■ Hochfelder case: Auditor held not liable!
No intent to deceive or defraud (under
ordinary negligence), even with poor
internal controls & embezzlement.

34
 The BarChris Case
■ Client under financial pressure
■ Inexperienced non-CPA “In Charge”
■ Material subsequent events undisclosed
■ “Due diligence” defense rejected
■ Affirmed liability for ordinary negligence

SAP #47: Subsequent Events issued!

35
 FAQ?
Are there specific “cautions” for services
on unaudited financial statements?

ABSOLUTELY! Engagement Letters

need to use precise terms and specificity.
Certain minimal audit-type procedures
may be expected (1136 Tenants case).
See the SSARS pronouncements.

36
 “Fraud on the Market”
Theory
■ Under common law, plaintiffs must show that
reliance caused damage. Under the 1934 Act,
the fraud on the market theory may impute
fraud to management/auditors even if the
plaintiff did not rely directly on fraudulent
financial statements.
■ Logic: A security’s market price reflects all
public information; thus, if fraudulent acts or
financials cause improper market reactions, the
parties responsible for the fraud and/or its
impact can be liable to investors relying on an
“accepted” efficient market theory.
37
The Private Securities Litigation
Reform Act (1995)
■ Sanctions against frivolous lawsuits, etc..
■ Imposes proportionate liability (among
defendants), but there are many
important exceptions which broaden
the liability of defendants.

The Act did not address fraud; thus, joint-

and-several liability in frauds is retained.

38
 The Continental Vending
Case
GAAP instructs what to do in the usual
cases; but, once there is reason to doubt that
the affairs are being honestly conducted, an
entirely different situation exists.

Compliance with “due diligence” is not

sufficient in criminal cases!

39
 Detection of errors or fraud
should lead to ...
■ Request for client to correct
■ Consideration of extent and nature of risk
of more of the same
■ Revision(s) in current audit program and
future audit program(s)
■ Management Letter comments to improve
controls and/or surveillance
■ Consideration of impact on audit report

40
 PREVENTATIVE
MEASURES
FIRST GOAL: Removing the basis for lawsuits!
■ Be ethical! Take confidentiality and
“independence in fact” very seriously!
■ Realize “failure to supervise” is a very
serious charge. Display personal integrity.
■ Promote GAAP! Expect SEC “policing” of
managed earnings, “cookie-jar” reserves,
R&D practices, abuses (e.g., “bath years”).

41
 FAQ?
Pending changes may or may not reduce the
number of undetected frauds, the latter being (by
definition) impossible to research.

Increased awareness of fraud prevention and

detection, and the using of audit procedures to
reduce auditor liability, will reduce fraud.

What is your interpretation

of these two statements?
42
PREVENTATIVE MEASURES
■ Avoid clients whose integrity is in doubt!
■ Be vigilant, considering Risk-based
auditing (analyze the entity & existing
internal controls; identify high risk areas,
assign resources appropriately).
■ Confer often with audit committees.
■ Let audit objectives override time, client, or
even partner pressures.
■ Carry professional liability insurance.

43
 DEFENSE MEASURES: Statements
auditors should be able to
make!
■ The Engagement Letter supports our work!
■ Auditing is based on tests & samples, not
100% verifiable data; there is always
some probability of materially
misleading financial summaries.
■ Documentation (CPE, plans, files, control
questionnaires, audit programs, working
papers, etc.) clearly supports our full
conformity with GAAS.
■ Collusion is possible! (A poor defense!)
44
 The COURTS judged ...
■ Phar-Mor ■ Nat’l Student Marketing
■ Comptronix ■ Credit Alliance Corp..
■ Lincoln Savings & Loan ■ Waste Management
■ Crazy Eddie ■ Rusch Factors
■ Mindis Acquisition Corp.. ■ Cenco
■ Kent International Assoc.. ■ BarChris
■ Continental Vending ■ Ultramares
■ MiniScribe ■ Equity Funding
■ Hochfelder ■ McKesson-Robbins (1939)

Most settled out-of-court; avoids high costs, bad press!

45
Final Observations...
“Removing the basis of lawsuits” could refer to
being able to camouflage the tracks that could trigger
lawsuits, OR it could be an encouragement to be totally
competent and ethical, minimizing the chance of a
successful challenge to competent professionalism.
An “immaterial fraud” cannot be ignored, because
the opportunity for “material fraud” has been discovered!
“A step in the wrong direction, a little at the time,
is still a step in the wrong direction.”
- The late Perry W. Caraway,
Successful Alabama Warehouseman
46
 CRITICAL TERMS REVIEW
■ AICPA QCS Committee
■ Chief Accountant (SEC)
■ Civil law / liability
■ Code of Ethics
■ Audit Risk
■ Comfort Letter
■ Contributory negligence
■ Expectations gap
■ Due professional care
■ Professional skepticism
■ IIC & ISB
■ Ordinary negligence
■ Gross negligence
■ Engagement Letter
■ Independence
■ Peer (quality) Review
■ Division of CPA Firms
■ Privity of contract
■ Statutory law / liability
■ Subsequent events review
47
End of Chapter 3

48