What is the Legal Liability of Financial Auditors?
Concerns about the legal liability of auditors continue to grow every day. Financial auditors are highly important people because, ultimately, they are responsible for enhancing the reliability of financial statements for external users. Like other professionals, they can face civil and criminal liabilities in the performance of their duties.
Without independent and competent auditors, many fraud cases worldwide would’ve gone unnoticed, notwithstanding all the other cases that are still undiscovered. One code of professional conduct states that auditors must go about their business with due care. Due care is the “prudent person” concept.
Due care generally implies four things:
The auditor must possess the requisite skills to evaluate financial statements
The auditor has a duty to employ such skill with reasonable care and diligence
The auditor undertakes his task(s) with good faith and integrity but is not infallible
The auditor may be liable for negligence, bad faith, or dishonesty, but not for mere errors in judgment
Sources of Legal Liability for an Auditor
Let us consider the possible entities that may sue an auditor and the possible reasons for a lawsuit.
Client: Breach of Contract. Auditors obtain an engagement letter and any breach of the stated terms can be a valid reason for legal action by the company against the auditor.
Financial Statement Users: Negligence. The auditor has failed to use due care and has failed to identify a material misstatement. By not identifying a material misstatement, financial statement users are harmed, as they may rely on the published financials when making an investment decision.
Government: Fraud, also known as Gross Negligence. The auditor has knowingly issued an incorrect audit report. The government requires public company financial statements to accurately reflect the company’s actual results. If an incorrect audit report is issued, then this undermines the government’s duty to help protect investors.
The Legal Liability of Auditors to Third Parties
Who exactly are auditors responsible to? Can any third party sue an auditor, or only certain classes of parties? It is generally known that auditors are responsible to two groups of third parties: 1) known users of the financial statements, and 2) a limited class of foreseeable users who will rely on the audited financial statements.
Known users of the financial statements consist of the actual shareholders and creditors of the company. Usually, the company maintains a full list of all of these individuals by name. The second group of foreseeable users requires a bit of judgment.
For example, if the company is trying to issue new equity or get a loan from a bank, these potential investors and the potential creditor (i.e., a bank) will fall under the class of foreseeable users. Therefore, even though the auditor does not know the specific user, the auditor is aware that the client will be using the financial statements to raise bank financing or issue new shares — thus, they know the type of user.
Despite all the potential for lawsuits against auditors, many lawsuits by third parties are unjustified. For example, if a third party sues the auditor because the client (i.e., the company being audited) is no longer a viable company, that is not justified, because the auditor is not responsible for making sure that the company is viable and can continue operating in the long-term. The auditor is solely responsible for making sure that the financial statements are presented fairly against the appropriate evaluation criteria. In addition, unjustified lawsuits also may involve the phenomenon of audit risk.
Audit risk is the risk that an auditor does everything correctly to the best of his/her ability, but may still express an inappropriate audit opinion on the financial statements. Essentially, the situation deals with errors in financial statements that can remain even after the auditor has followed the auditing rules provided by the governing body.
There are simply situations where an auditor decides to pick a sample to audit. The sample turns out to not be representative of the entire population of data. The errors are unintentional and do not demonstrate an auditor’s willingness to deceive. However, if an auditor were to not comply with the general auditing standards outlined by the appropriate governing accounting body, that would be a justified reason for a lawsuit (a situation called audit failure).
Successful Lawsuits Against Auditors
In order for a third party or a client to successfully sue an auditor for negligence, it is not sufficient to just come up with some evidence and file a court case. The plaintiff must prove the following four criteria:
Auditor owed a duty of care (i.e., must fall in the known user or foreseeable user group)
Auditor breached that duty of care (i.e., audit failure)
The plaintiff suffered a loss, and the loss is a real loss (not an opportunity cost/loss)
There was a causal connection between the auditor’s negligence and the plaintiff’s loss
If any of the above criteria is not met, then the lawsuit against the auditor will likely fail.