Special Report --- Auditor's Liability to Third Parties
From Practitioners Publishing Company, November 1993
It is well established that clients may (and often do) sue their auditors for negligence or other kinds of malpractice. It is not as clear, however, when auditors can be held liable to nonclientsor third-party users of financial statements for those same types of claims. Historically, the courts have shown a trend toward expanding auditor's liability to third parties. Recent cases, however, indicate a possible reversal of this trend. This article takes a brief look at four categories of legal precedents that have been followed by state courts in determining an auditor's liability for negligence to third-party users of financial statements.
The Privity Doctrine
The Ultramares Corp.V. Touche, Niven & Co. (New York, 1931) decision established the privity defense," which makes it difficult for a third party not in privity (that is, in contract) with the auditor to recover damages for negligence. The court ruled that auditors are liable only to their clients and to third parties who are primary beneficiaries of the engagement and who were identified to the auditor by name before the audit. The courts upheld the privity doctrine in Credit Alliance Corporation V. Arthur Anderen & Co. (New York, 1985), in which a lender sued the auditor of a bankrupt client. The Credit Alliance case established the following criteria for determining whether the circumstances involve "near privity" sufficient to allow the third-party to bring a negligence claim against the auditor:
a. The auditor is aware the audited financial statements will be used by a known third party for a particular purpose.
b. The auditor's conduct links the auditor in some way to the third party.
C. The auditor's conduct shows a clear under-standing of intended reliance.
Under the third criterion above, what actions constitute evidence of a dear understanding of intended reliance? The answer, as is usually the case when dealing with legal issues, depends on what jurisdiction you are in. Some courts have ruled that virtually any action will satisfy the criteria, while others require clear evidence of the auditor's knowledge. For example, in Willian Islen & Co. v Mann Judd Landau (new York, 1987), which involved reviewed financial statements, the court ruled that telephone calls between the accountant and the plaintiff did not provide the necessary evidence of the accountant's knowledge because the conversation did not expressly deal with the plaintiff's intended reliance on the financial statements.
Some states have adopted "privity statutes" that codify into law the privity defense. Those statutes provide more specific rules for what constitutes privity, but even they are not conclusive. At least one such statute implies that privity is established if the auditor acknowledges the intended user in writing, but it does not rule out the possibility of other third parties attempting to establish a privity claim. Another statute, however, provides that the third party must be identified to the auditor in writing in order to bring a negligence claim against the auditor.
The Restatement Approach
Some courts, using Restatement of Torts (Second), Section 522, have extended the auditor's liability by ruling that third parties who are members of an actually foreseen class could hold the accountant liable for negligence. The Restatement Approach requires that the auditor have actual knowledge of reliance by a limited class of persons, but the third parties need not be in privity. For example, the client may advise the auditor before the audit begins that the financial statements will be provided to a group of lenders (not necessarily identified by name) to obtain a loan. Because the auditor knows that lenders will rely on his or her work, any third-party lender may be able to hold the auditor liable for negligence.
The Restatement of Torts (Second) is a codification of existing common law prepared by the American Law Institute. Although it is not "authoritative," it is sometimes looked to by the courts. The Restatement Approach represents a middle ground between the "Privity Doctrine" and the more liberal "Reasonably Foreseeable" Approach.
The "Reasonably Foreseeable" Approach
Under H. Rosenblum, Inc., v. Adler (New Jersey, 1983), the auditor's liability to third parties was
extended further. This decision holds the auditor liable to any reasonably foreseeable third party who uses financial statements in the ordinary course of business. In other words, the court held that auditors are responsible to any person who might reasonably rely on their work, such as investors and creditors.
The Rosenbium decision was based partly on a belief by the court that the auditor's expanded liability could easily be mitigated by obtaining professional liability insurance. That would, in essence, establish a system for compensatmg those who claimed to have suffered loss by relying on auditor's reports. The fallacy of that theory has clearly been demonstrated by the recent difficulties CPAs have had in obtaining reasonably priced insurance. Theoretically, the increased cost of insurance can simply be passed on to clients through higher audit fees. However, the ability of business, especially small business, to absorb increasing audit fees is limited.
A New Approach?
A recent ruling by the California Supreme Court may have established yet another approach for assessing auditors' liability to third parties. The case, Buy v. Arthur Young & Company (California, 1992), is significant for two reasons. First, it combined the use of the three previously discussed approaches and applied the privity doctrine in deciding a claim of negligence. Second, California was previously a "reasonably foreseeable" state.
Specifically, the court made a distinction between a claim of ordinary professional negligence and a claim of negligent misrepresentation. The court held that:
a. The Privity Doctrine should be applied in cases of ordinary professional negligence (a thoughtless slip or blunder).
b. The Restatement Approach should be applied in cases of negligent misrepresentation (an unintentional act but "a form of deceit").
The "Reasonably Foreseeable " Approach should be applied in cases of gross negligence or fraud.
A number of states have yet to address the issue of determining auditor's liability for negligence to third-party users of financial statements. Also, the approaches discussed apply only to an auditor's liability for negligence. The same rules do not apply to fraud claims. Auditors are generally liable to anyone damaged due to the auditor's fraud or intentional misconduct. The auditor's liability to third parties for gross negligence is not as clear and varies by jurisdiction.
Why Is the Approach Important?
You should be aware of the prevailing approach to liability to third parties in all states in which your firm practices. This includes the states in which the firm maintains offices, the states in which clients are located, and the states in which significant, known third-party users of financial statements audited by the firm reside. This is important because in many states the nature and extent of the auditor's contact with third parties in face-to-face meetings, phone conversations, and written correspondence will influence the auditor's liability to those parties. By being aware of the implications of these contacts with third parties, you may be able to avoid unintended liability. Knowledge of the local approach can also influence other aspects of the way a firm conducts its practice. For example, in considering the acceptance of a client who resides in a state that follows the "reasonably foreseeable" approach, an auditor who resides in a state with a more restrictive approach to third-party liability may want to consider the in-creased litigation hazard before accepting the client. The accompanying exhibit shows the approach applied in several states.
Joint and Several Liability
Another issue in an auditor's liability to third parties is the legal concept of joint and several liability. Under this concept, a defendant may be forced to pay 100% of the damages even though the defendant is only partially at fault. The concept is of particular concern to auditors since they are often (a) perceived as having "deep pockets" and (b) the only financially viable target of creditors or investors attempting to recover losses when a client becomes insolvent.
THE AUDITOR'S LIABILITY TO THIRD PARTIES-
PREVAILING APPROACH BY STATES
Arkansas ------------Georgia ----------------- New Jersey
New York------------New Hampshire
The auditor's best defense against legal liability is a thorough understanding of and compliance with GAAS and GAAP. In many areas, however, even strict compliance with professional standards may not be an ad-equate defense. Auditors should have access to quality legal counsel who can offer specific advise about the doctrine followed in their practice locations. PPC's Guide to Audits of Small Businesses includes a chapter on legal liability considerations for auditors.