Chapter 6 Discussion Questions
1. Distinguish between common-law liability and statutory liability for auditors. What is the basis for the difference in liability?
Common law liability arises from legal opinions issued by judges in deciding cases. These opinions become legal precedent and guide other judges in deciding on similar cases in the future. Common law cases are civil suits. Statutory liability reflects legislation passed at the state or federal level; the legislation establishes certain courses of conduct. Statutory law can either result in civil liability or criminal liability. A good example of statutory law is the SEC securities acts that establish liabilities for auditors in conducting an audit in accordance with GAAS and responsibilities with respect to material misstatements in the financial statements. Auditors have liabilities for ordinary negligence; gross negligence (constructive fraud); and fraud.
2. Explain the difference between the ethical responsibilities of auditors and auditor legal obligations.
Auditor legal obligations are a minimum requirement. The securities acts establish statutory liabilities and common law decisions establish civil liability. The law establishes minimum requirements for ethical conduct. The problem is when auditor responsibilities are not clear it is the ethical standards of the profession in the form of the Principles of Professional Conduct embodied in the AICPA Code that should guide auditors. Auditor ethical responsibilities will often go beyond what is required by law because the law cannot cover every situation an auditor might encounter. When the facts are unclear and the legal issues uncertain, an ethical person should decide what do on the basis of well-established standards of ethical behavior. In addition to the AICPA ethical standards that mirror Josephson’s Six Pillars of Character and virtues discussed in chapter 1, ethical standards require the auditor to reason through ethical conflicts weighing the effects on stakeholders and placing the public interests above all others. An ethical auditor will often do less than is permitted by the law and more than is required.
3. Is there a conceptual difference between an error and negligence from a reasonable care perspective? Give examples of each of your response.
Errors are unintentional mistakes or omissions. Error may involve mistakes in gathering or processing data or testing, misinterpretation of facts, mistakes in the application of GAAP or GAAS. A simple error is transposing numbers when entered into the data-base system (i.e., $492 recorded as $429). There can be errors in math, disclosure, and even in interpreting GAAP. In the latter case, an error is distinguished from fraud by intent. If the intent of the “error” was to deceive another party, it is fraud not an error.
Negligence is a violation of a legal duty to exercise a degree of care that an ordinarily prudent person would exercise under similar circumstances. Negligence would be deciding that the accounts receivable confirmations are unnecessary since they take too much time and normally do not change the balance sheet accounts in a significant amount.
4. Distinguish between the legal concepts of actually foreseen third-party users and reasonably foreseeable third-party users. How does each concept establish a basis for an auditor’s legal liability to third parties?
Actually foreseen third party users are a limited range of individuals or organizations that the client intends the information to benefit. The auditor need not know the exact identity of the third party. However, it owes a duty to persons who the professional knows will rely on the information. The auditor would be liable to any plaintiff that justifiably relied on the information and suffered a loss from that reliance. An example would be if the client informs the auditor that it will be using the audited financial statements to obtain a bank loan, without naming any specific bank. Under the (actually) foreseen third party doctrine, any bank would have relied on the audited financial statements in making lending decisions and may have a legal right to sue.
Foreseeable third party users are individuals or organizations that the client intends the information to benefit. The reasonably foreseeable third party user group would also include a limited class of potential users that the accountant could reasonably foresee (but may not be known to the auditor at the time of the audit) relying on the auditors’ work. Reasonably foreseeable parties may sue for ordinary negligence. Examples would include creditors, investors, potential investors, local banks and regular suppliers. The reasonably foreseeable third parties approach is used presently in only two states, Mississippi and Wisconsin.
5. Describe what the law requires with respect to the legal ruling in Credit Alliance v. Arthur Andersen & Co. Do you think the ruling establishes a fair basis for an auditor’s legal liability to third parties?
Credit Alliance establishes the criteria of a near privity relationship. Near privity is a relationship so close to privity, as to approach privity. A three point test was established by the court in Credit Alliance v. Arthur Andersen & Co.:
1. The auditor knew the audited financial statements would be used for a specific purpose by a particular third party;
2. The auditor knew the specific third party would rely on the statements; and
3. Some action by the auditor showed that auditor understood that the statements would be relied upon by the specific third party.
The ruling and three point test is seen as a way of limiting auditors’ liability to third parties closer to the primary beneficiary criteria of Ultramares. This seems to be a fair basis for establishing legal liability of auditors since it is limited to situations where the auditor know that a specific third party would rely on the statements rather than open up such liability to third parties that the auditor questionably did or did not foresee as users.
6. Explain the legal basis for a cause of action against an auditor. What are the defenses available to the auditor to rebut such charges? How does adherence to the ethical standards of the accounting profession relate to these defenses?
A client or a third party must prove that (1) the CPA accepted a duty of professional care to exercise skill, prudence, and diligence; (2) the CPA breached his/her duty of due professional care through negligence; (3) the client or third party suffered losses; and (4) the damages were caused (causation or proximate cause) by the CPA’s negligence. If the CPA performs the audit with due care and high level of professional performance, the CPA has a defense against (1), (2), and (4). The ethical standards of the accounting profession relate most directly to these defenses through the competence (due care) rule 201. One could say that objectivity (rule 102) also is involved because of its link to due care and due care encompasses professional skepticism.
7. A subsequent event is one that occurs after the date of the financial statements (i.e., December 31, 2013) but prior to the auditor having dated (or possibly issued) the audit report (i.e., March 15, 2014). One type of subsequent event is where additional evidence becomes available before the statements have been issued that sheds light on certain estimates previously made in the statements. A good example is additional evidence about the collectibility of a receivable that relates to its valuation in the December 31, 2013, financial statements but is not uncovered until January 31, 2014. Why is it important from an auditing perspective that an auditor be required to adjust the financial statement amounts for some material subsequent events? If an auditor fails to live up to this standard, what is the potential liability exposure for the auditor?
If the auditor is aware of a subsequent event that would change the reader’s or investor’s mind about the company and its financial statements, that subsequent event must be disclosed. Typically, such events have a direct effect on financial statement amounts. For example, the post-balance sheet date collection of a material receivable that had been written off at the balance sheet should lead to eliminating the write-off because the auditor knows prior to the issuance of the financial statements that the write-off is wrong and receivable balance is higher. On the other hand, some subsequent events do not affect the balance sheet amount but provide important information about the account at that date. An example of such a subsequent event would be for a manufacturing firm that had a fire destroy its manufacturing plant on February 10. Although the financial statements may present a fair representation as of December 31, a reader has the right to know that continuity of business has been threatened due to a fire at the plant.
8. What are the legal requirements for a third party to sue an auditor under Section 10 and Rule 10b-5 of the Securities Exchange Act of 1934? How do these requirements relate to the Hochfelder decision?
A plaintiff must prove the following under Rule 10b-5 of the Securities Act of 1934: 1) loss or damages; 2) financial statements were misleading; 3) reliance on the misleading statement; 4) misleading statements are the direct cause of loss; 5) accountant knew about the scheme to defraud (scienter). In the Hochfelder decision, the plaintiff could not prove scienter in that there was no showing that the auditors’ action was intentional or willful or designed to deceive investors.
9. Valley View Manufacturing Inc., sought a $500,000 loan from First National Bank. National insisted that audited financial statements be submitted before it would extend credit. Valley View agreed to this and also agreed to pay the audit fee. An audit was performed by an independent CPA who submitted her report to Valley View to be used solely for the purpose of negotiating a loan from National. National, upon reviewing the audited financial statements decided in good faith not to extend the credit desired. Certain ratios which as a matter of policy were used by National in reaching its decision, were deemed too low. Valley View used copies of the audited financial statements to obtain credit elsewhere. It was subsequently learned that the CPA, despite the exercise of reasonable care, had failed to discover a sophisticated embezzlement scheme by Valley View's chief accountant. Under these circumstances, what liability does the CPA have?
Under the situation, if the CPA can show due care and competency in the performance of the audit, the CPA would not be liable. The CPA will need to show that the audit was planned and performed to detect material misstatements, but that it is not absolute assurance that all misstatements, and especially sophisticated embezzlement by the chief accountant, will be discovered. The CPA would be liable to Valley View for ordinary negligence. The CPA would liable to the creditor for gross negligence or fraud only. The creditor was not a foreseen or reasonable foreseeable third party but would be considered the foreseeable user. Therefore, under the liberal Rosenblum ruling the creditor may be viewed as a reasonably foreseeable third-party user since the Valley View did not obtain a loan from National Bank.
10. Nixon and Co., CPAs, issued an unmodified opinion on the 2013 financial statements of Madison Corp. These financial statements were included in Madison’s annual report and Form 10-K filed with the SEC. Nixon did not detect material misstatements in the financial statements as a result of negligence in the performance of the audit. Based upon the financial statements, Harry purchased stock in Madison. Shortly thereafter, Madison became insolvent, causing the price of the stock to decline drastically. Harry has commenced legal action against Nixon for damages based upon Section 10(b) and Rule 10b-5 of the Securities Exchange Act of 1934. What would be Nixon’s best defense to such an action? Explain.
Harry must show that he suffered a loss, that the financial statements were misleading and that he relied on the financial statements to make his investment in Madison. Nixon’s defense against the legal action would be evidence of the audit performed with due care due care, non-negligent performance and absence of causation or proximate cause. Nixon would need to show that it did not intentionally fail to detect the material misstatement and was not trying to induce Harry to purchase the stock of Madison. A showing by Nixon that it followed GAAS and but for the material misstatement, the audit was conducted with due care. In other words, the firm may have been guilty of ordinary negligence but took no overt action to fall into the gross negligence or fraud categories of legal liability.
11. Distinguish between legal and illegal insider trading. Evaluate the ethics of the practice.
Legal insider trading is the legal buying and selling by a corporate insider who owns more than 10% of the shares. The owner must report all trades over that percentage to the SEC. Illegal trading is illegal only when a person bases his or her trade of stocks in a public company on information not publicly available. Not only is trading on nonpublic information illegal, not reporting trades to the SEC are illegal as well. Illegal trading also includes giving tips to another person about nonpublic information. The SEC’s job is to make sure that all investors are making decisions based on the same publicly available information. A good example is the alleged illegal trading by Martha Stewart and Thomas Flanagan case (Deloitte & Touche vice chairman) discussed in this chapter. The ethics of this practice is that illegal trading provides an unfair advantage to the trader who has access to sensitive information not yet generally known by the public. The use of insider information for personal gain is an egoistic act (stage 2 of Kohlberg’s model). It is an irresponsible act in that any confidentiality obligation is violated, and an act lacking in integrity because it is unprincipled. Trading on inside information also brings discredit on the accounting profession when committed by a professional like Flanagan.
12. The legal concept of in pari delicto holds that in a “case of equal or mutual fault [in a financial fraud] the position of the defending party [auditor] is the stronger one.” The predicate for this defense is imputation: holding the corporation responsible for the acts of its officers. The leading case authority is Cenco Inc. v. Seidman & Seidman, a 1982 case where the court permitted an auditor to invoke the in pari delicto doctrine to defeat a claim against it for failing to detect fraud by the management of an audit client. From an ethical perspective, do you think auditors should be able to escape legal liability for failing to uncover fraud under the doctrine?
It depends on whether it is ethical or not. If the auditor truly was duped by management but exercised due care in performing the audit, gathering evidence, and approaching the audit with the necessary degree of professional skepticism, then the fact that management went to great lengths to fool the auditors should place more burden for the fraud on top management rather than the auditor. However, if it is discovered that the auditor failed in its ethical and professional obligations, then the auditor should bear more of the brunt of legal liability. The in pari delicto doctrine seems motivated more by legal practicalities in holding one party liable when the fault lies equally between the two and not looking at the ethical obligations of each party. The PSLRA tries to deal with these legal liability issues its proportional liability standard.
13. According to a 2012 study by Fortune magazine, 86.5 percent of Fortune 100 companies have adopted clawback provisions that allow them to recover cash bonuses or stock from errant executives. Apparently, such provisions now have become a widely accepted corporate governance practice. What practice(s) typically trigger clawback actions by the SEC? Do you think trying to enforce contested clawbacks are in shareholders’ best interests? Why or why not?
SOX requires the SEC to pursue the repayment of incentive compensation from senior executives that are involved in a fraud. Dodd-Frank mandates the SEC to require that U.S. public companies include a clawback provision in their executive compensation contracts that lead to payments in a situation where materially misstated statements existed during the compensation period (i.e., bonuses while the earnings were manipulated may lead to clawback of the bonus payments). As yet, the SEC has rarely used this clawback provision against executives. A working paper by deHaan, Hodge, and Shevlin (2012) finds that voluntarily adopted clawback provisions appear to be effective at reducing both intentional and unintentional accounting errors. The same study also finds that investors have greater confidence in a firm's financial statements after clawback adoption, and that boards of directors place greater weight on accounting numbers in executive bonuses after a clawback is in place (i.e., pay for performance sensitivity increases). Clawback provisions are in the best interests of shareholders because they recover some monies (“ill-gotten gains”) that rightfully belong to the company and, by extension, the shareholders.
14. Some auditors claim that increased exposure under Section 404 of the SOX creates a litigation environment that is unfairly risky for auditors. Do you think that the inability of auditors to detect a financial statement misstatement due to internal control fraud in a timely manner should expose auditors to litigationwhator why not?
An ethical person wants to perform honest work for an honest dollar. Auditors have an obligation of due care and competency, or another way to say that is the auditors have an obligation not to be negligent. Auditors should be held to such a standard and should be liable for degrees of negligence and fraud. While a financial statement audit does not mean internal controls have been audited, it is understood that auditors will detect material problems with internal controls that lead to materially misstated financial statements. Whether or not an auditor should be held legally liable for failing to detect a misstatement due to internal control fraud depends on the facts and circumstances of each situation. Section 404 of SOX attempts to deal with the problem by requiring auditors to review management’s assessment of internal controls so that if the auditor fails to uncover the material misstatement because of an inadequate evaluation, then it would seem logical to hold the auditor liable for such negligence.
15. Under Dodd-Frank, whistleblowers can obtain a monetary award if a violation of securities laws involves potential wrongdoing by an accountant’s auditing firm, including – but not limited to – failing to comply with the requirements of section 10A of the Exchange Act of 1934. As a future member of the accounting profession, do you believe you would bring forth such an allegation and, if so, under what circumstances? If you do not believe you would do so, explain why not?
Whistle-blowing should be seen as a last resort when all attempts to address and solve the problem within the organization have failed. As a new staff accountant you would have layers of supervisors who should review the situation before any whistleblowing decision is considered: the senior, manager, partner-in-charge of the engagement; reviewing partner; and managing partner. In the past, many firms used the client confidentiality rule as a reason why auditors could not whistle blow on the audit firm. Dodd Frank gives auditors a means of last resort. However, the auditor should still try to resolve the problem within the audit firm before going outside the firm.
While Dodd-Frank precludes internal accountants and external auditors from receiving whistleblower awards, it does make an exception for CPAs who report information about potential violations regarding their own firms’ performance of audit services for a client. This is true even where the CPA’s information about his or her firm leads to a successful enforcement action against one of the firm’s clients. However, the CPA should think twice about blowing the whistle even if all internal avenues have been explored. It may be deemed an act discreditable to the profession. A better approach may be to resign from the firm and look for one that is more sensitive to ethical issues.
16. The following quotation was in the court ruling in the case of the Public Employees’ Retirement Association of Colorado v. Deloitte & Touche, LLP:
It is not an accountant’s fault if its client actively conspires with others in order to deprive the accountant of accurate information about the client’s finances. It would be wrong and counter to the purposes of the Private Securities Litigation Reform Act to find an accountant liable in such an instance.
a. Evaluate this statement from the perspective of the scienter requirements discussed in the text.
The statement goes to financial fraud conspiracy by a client where the auditor is not part of the fraud. The auditor does not know; thus, does not act with scienter. Therefore, the auditor would not normally be held liable for the fraud.
b. Explain the implications of the PSLRA for audit responsibilities and auditor legal liability.
The PSLRA apportions responsibilities and liabilities among the different parties. This apportioning of liabilities among parties may lessen the auditor’s quest for knowledge of fraud. If the auditor does not know of the fraud, he cannot be held responsible for it nor have legal liability for it. However, failing to consider the possibility of fraud by evaluating risk and looking at the elements of the fraud triangle would subject the accountant to possible ethical violations and, perhaps, legal liability under the constructive fraud theory.
17. On December 31, 2009, the SEC sued Alameda, California–based telecommunications company UTStarcom, Inc., with violations of the Foreign Corrupt Practices Act for authorizing millions of dollars in unlawful payments by its wholly owned Chinese subsidiary to foreign government officials in Asia. UTStarcom agreed to settle the SEC’s charges and pay a $1.5 million fine to the SEC and another $1.5 million to the Department of Justice. One of the items cited as violating the FCPA was a payment of nearly $7 million between 2002 and 2007 for hundreds of overseas trips by employees of Chinese government-controlled telecommunications companies that were customers of UTStarcom, purportedly to provide customer training. In reality the trips were entirely for sightseeing.
a. Why would such payments by UTStarcom violate the FCPA?
These payments are bribes to foreign government officials to induce them to do what they otherwise would not necessarily be expected to do, absent supporting information, which is to favor UTStarcom when awarding telecommunications contracts. The FCPA makes it a crime to offer or provide payments to officials of foreign governments for the purpose of obtaining or retaining business.
b. The FCPA permits a company to assert an affirmative defense against allegations of violating the FCPA if the payments were lawful under the written laws of the foreign country. Do you believe it is ethically appropriate to allow such a defense when illegal payments are made? Why or why not?
The court case sites the $7 million in overseas trips for Chinese government-owned telecommunications companies that were customers of UTStarcom; these are considered bribes to obtain or retain business. The case further alleged that UTStarcom provided lavish gifts and all-expense paid executive training programs in the U.S. for existing and potential foreign government customers in China and Thailand; these are considered bribes to obtain or retain business. UTStarcom also allegedly hired individuals affiliated with foreign government customers to work in the U.S. and provided work visas, even though the individuals did not work for UTStarcom. These improper payments to sham consultants in China and Mongolia were alleged to be used to bribe foreign government officials. These are violations of the anti-bribery, books and records, and internal control provisions of FCPA.
From an ethical perspective, one’s actions should be universally appropriate so that a decision is might be evaluated by asking: Would I want other companies to do the same thing I am about to do (bribe foreign government officials) in similar situations for similar reasons? This Rights approach clarifies that chaos would likely ensue in an environment where one company is looking to give a bigger bribe than another(s) knowing that those others also are bribing to obtain business. From a Rule Utilitarian perspective, we can say that while acts can be evaluated in terms of harms and benefits, one rule should never be violated – don’t bribe! Moreover, bribery of this nature is illegal in the U.S. so a U.S. company should not sanction it simply because it is done in a country that does not prohibit such payments. Ethics is all about consistency in one’s actions.
18. Given the discussion of the FSGFO in this chapter, comment on the statement that workplaces based on the FSGFO are better places to work.
FSGFO compliance measures establish a foundation for an organization to build an ethical culture through ethics codes, training programs, officer-level ethics employees, hot lines, and so on. An ethical culture starts with top management and permeates every aspect of the organization. The support provided by these measures helps to create such a culture. An employee should want to work for an ethical company because demands to do something wrong, such as go along with materially misstated financial statements, are less likely to occur than in companies that give only lip service to ethics. Ethics permeates the culture and leads to behavior consistent with company norms in other areas such as not inflating expense accounts or stealing from the company. When a company’s ethical compass is pointing true north, everything else falls into line, and legal liability issues are controlled.
19. In her article about possible changes to the legal liability of auditors due to the modification of GAAS and the audit report as a result of “The Clarity Project,” Nancy Reimer points out that although the goal of the “clarified standards” is to make GAAS easier to read, understand and apply, the new modified standards establish a higher “standard of care.” A failure to meet these modified standards could increase a practitioner’s exposure to legal liability. Explain how the auditor’s legal liability might increase as a result of changes to the audit report discussed in Chapter 5.
One of the purposes of the new audit report is to make it more understandable to investors and creditors. The introduction paragraph will no longer reference in passing the management’s responsibility and the auditor’s responsibility. Now there will be a full paragraph and section on management’s responsibilities detailing management’s responsibility for the design, implementation and maintenance of internal controls. A new section is the auditor’s responsibility which is expanded to include more explicit discussion about how an audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements and the procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. This section also notes that risk assessments involve consideration of internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control.
These additional details are based upon the auditor’s judgment and will call for documentation of the procedures and testing to back up the auditor’s judgment. Since the new audit report better defines what is expected of the audit and auditors, they may be more subject to legal liability. On the other hand, the greater clarity of the report may help auditors in their defense by documenting they have done what the audit report requires.
20. Has the accounting profession created a situation in which the auditors’ ethical behavior is impaired by their professional obligations? How does the profession’s view of such obligations relate to how courts tend to view the legal liability of auditors?
An example would be client confidentiality. Auditors do have not have auditor-client privilege in federal courts. It is only available in a small number of state courts. Auditors are not prohibited from reporting fraud and other violations externally. Under Dodd-Frank they are called upon to make an ethical choice about what to do when they identify possible violations of federal securities laws. The proper approach is first to report the securities violations to their employers or clients in accordance with relevant rules and regulations, and then work together to uncover the extent of wrongdoing and ensure that those responsible are held accountable.
The confidentiality obligation in the AICPA Code should not be used to mask a CPA’s duties to the public and investors. An ethical perspective requires that CPAs should question whether complete confidentiality is essential to the accountant-client relationship. Given the public reporting responsibilities of auditors and the audit report, the accountant’s primary duty is to protect the public from improper reporting rather than to protect the client from disclosure of wrongdoing.