Auditor liability

Auditor liability: ‘fair and reasonable’ punishment?

The issue of auditor’s liability is included in the syllabus for Paper P7, Advanced Audit and Assurance. Candidates need to understand and apply the principles of establishing liability in a particular situation, as well as being able to discuss the ways in which liability may be limited. The specific learning outcomes can be found in the Syllabus and Study Guide.

This article focuses on the issue of auditor’s liability in the UK, and therefore contains references to the UK Companies Act 2006, as well as UK-specific legal cases. Candidates other than those attempting the UK adapted paper are not expected to have UK-specific knowledge. The concepts discussed in this article however are broadly relevant and will help candidates to understand why this is an important issue within the auditing profession.

Over the past two decades the bill for litigation settlements of Big Four audit firms alone has run into billions of dollars. Examples include Deloitte’s 2005 settlement of $250m regarding its audit of insurance company Fortress Re and PwC’s $229m settlement in the lawsuit brought by the shareholders of audit client Tyco in 2007.

Auditor liability is increasingly concerning, both in terms of audit quality and the reputation of the profession but also in terms of the cost to the industry and the barriers this creates to competition within the audit market.

This article considers the current legal position of auditors in the UK. It also discusses the impact on the competitiveness of the audit market and some of the methods available to limit exposure to expensive litigation.

Types of liability

Auditors are potentially liable for both criminal and civil offences. The former occur when individuals or organisations breach a government imposed law; in other words criminal law governs relationships between entities and the state. Civil law, in contrast, deals with disputes between individuals and/or organisations.

Criminal offences
Like any individual or organisation auditors are bound by the laws in the countries in which they operate. So under current criminal law auditors could be prosecuted for acts such as fraud and insider trading.

Audit is also subject to legislation prescribed by the Companies Act 2006. This includes many sections governing who can be an auditor, how auditors are appointed and removed and the functions of auditors.

One noteworthy offence from the Companies Act is that of ‘knowingly, or recklessly causing a report under section 495 (auditor’s report on company’s annual accounts) to include any matter that is misleading, false or deceptive in a material particular’ (s.507).

This means that auditors could be prosecuted in a criminal court for either knowingly or recklessly issuing an inappropriate audit opinion.

Civil offences

There are two pieces of civil law of particular significance to the audit profession; contract law and the law of tort. These establish the principles for auditor liability to clients and to third parties, respectively.

Under contract law parties can seek remedy for a breach of contractual obligations. Therefore shareholders can seek remedy from an auditor if they fail to comply with the terms of an engagement letter. For example; an auditor could be sued by the shareholders, which was the case in the PwC settlement to Tyco shareholders referred to above.

Under the law of tort auditors can be sued for negligence if they breach a duty of care towards a third party who consequently suffers some form of loss.

Case history

The application of the law of tort in the auditing profession, and the way in which auditors seek to limit their exposure to the ensuing liabilities, has been shaped by a number of recent landmark cases. The most notable of these are Caparo Industries Plc (Caparo) v Dickman (1990) and Royal Bank of Scotland (RBS) vs Bannerman Johnstone MacLay (Bannerman) (2002).

In the first case Caparo pursued the firm Touche Ross (who later merged to form Deloitte & Touche) following a series of share purchases of a company called Fidelity plc. Caparo alleges that the purchase decisions were based upon inaccurate accounts that overvalued the company. They also claimed that, as auditors of Fidelity, Touche Ross owed potential investors a duty of care. The claim was unsuccessful; the House of Lords concluded that the accounts were prepared for the existing shareholders as a class for the purposes of exercising their class rights and that the auditor had no reasonable knowledge of the purpose that the accounts would be put to by Caparo.

It was this case that provided the current guidance for when duty of care between an auditor and a third party exists. Under the ruling this occurs when:

  • the loss suffered is a reasonably foreseeable consequence of the defendant’s conduct
  • there is sufficient ‘proximity’ of relationship between the defendant and the pursuer, and
  • it is 'fair, just and reasonable' to impose a liability on the defendant.

In the second case RBS alleged to have lost over £13m in unpaid overdraft facilities to insolvent client APC Ltd. They claimed that Bannerman had been negligent in failing to detect a fraudulent and material misstatement in the accounts of APC. The banking facility was provided on the basis of receiving audited financial statements each year.

In contrast to Touche Ross, who had no knowledge of Caparo’s intention to rely upon the audited financial statements, Bannerman, through their audit of the banking facility letter of APC, would have been aware of RBS’s intention to use the audited accounts as a basis for lending decisions. For this reason it was upheld that they owed RBS a duty of care. The judge in the Bannerman case also, and crucially, concluded that the absence of any disclaimer of liability to third parties was a significant contributing factor to the duty of care owed to them.

Joint and several liability

The guidance for when an auditor may be liable, either under criminal or civil law, appears to be clear and largely uncontroversial. The same cannot be said of the nature of the fines and settlements, which remains a hotly debated issue.

Before discussing this, it is worth making the point that auditors are only found liable in cases where they have breached their responsibilities to perform work with professional competence and due care and to act independently of their clients. There is therefore little argument that they should face the penalties of their own failures and that parties that have suffered as a result should be able to seek adequate compensation.

The main criticism of the current system is that the penalties incurred by the audit profession are unfairly high. This arises from the civil law principle of ‘joint and several liability’ enforced in the UK (as well as the US). This means that even if there are multiple culpable parties in a negligence case the plaintiff may pursue any one of those parties individually for the entire damages sought.

So for example, if a director fraudulently misstates the financial statements, the company’s management fail to detect this because of poor controls and the auditor performs an inadequate audit leading to the wrong audit opinion, it would be fair to say all three parties are at fault. Shareholders seeking compensation for any consequent losses, however, could try and recover the full loss from only one of those three parties.

Given that many of the cases arise when companies are facing financial difficulties, as with the examples cited above, and that any individuals involved are unlikely to possess sufficient assets to settle the liabilities, the audit firm, who may be asset rich and possess professional indemnity insurance, is often the sole target for financial compensation.

Regardless of the perceived fairness, this situation does create a number of challenges for the profession, namely:

  1. The increasing cost to the industry, firstly from defending and settling claims but also from spiralling insurance premiums.
  2. The potential for consequent increases in audit fees to cover these rising costs.
  3. The overall lack of sufficient insurance cover in the sector in comparison to the size of some of the claims.(Reference 1)
  4. The lack of competition in the audit market for large (listed) entities.

With regard to the final point, auditor liability is not the sole reason for the lack of competition in the audit of listed entities but it is a significant barrier to entering that market. Currently only the Big Four firms have adequate insurance and asset cover to be able to audit an extensive range of listed clients. It may simply be too risky for smaller firms to take on such clients. Given that settlements against the Big Four have topped $300m, one large negligence case could easily bankrupt a mid-tier firm.

Managing exposure to liability

Audit quality

There are a number of ways in which audit firms can manage their exposure to claims of negligence. Perhaps the most obvious is not being negligent in the first place. In practical terms this means rigorously applying International Standards on Auditing and the Code of Ethics for Professional Accountants and paying close attention to the terms and conditions agreed upon in the engagement letter.

Of course, improvements in quality controls in comparison to current levels would not happen without investment from the audit firms. With pressure to reduce audit fees it is unlikely that firms will want to commit to further increases in cost unless it is perceived that such action will lead to long-term reductions in legal and insurance costs.

Disclaimers of liability

One of the outcomes of the Bannerman case was the potential exposure of auditors to litigation from third parties to whom they have not disclaimed liability. As a result it became common to include a disclaimer of liability to third parties in the wording of the audit report.

Disclaimers may not entirely eliminate liability to third parties but they do reduce the scope for courts to assume liability to them. It should be noted that whilst this should reduce the threat of litigation in the UK, this protection may not extend overseas because the disclaimer is based on a ruling from a UK court case. It also provides no protection from the threat of litigation from clients under contract law.

There are also critics of the ‘Bannerman Paragraph,’ who believe that its presence devalues the audit report. They argue that the disclaimer acts as a barrier to litigation, which reduces the pressure to perform good quality audits in the first place. It is plausible that this reduces the credibility of the audit report in the eyes of the reader.

Liability Limitation Agreements

Since 2008 auditors have been permitted, under the terms of the Companies Act, to use Liability Limitation Agreements (LLAs) to reduce the threat of litigation from clients. LLAs are clauses built into the terms of an engagement that impose a cap on the amount of compensation that can be sought from the auditor. These must be approved by shareholders annually and be upheld by judges as ‘fair and reasonable’ when cases arise.

Whilst this may sound straightforward it has created problems, including how to define the cap (ie as a fixed monetary amount, a multiple of the fee, proportionate liability on a case by case basis). It is also difficult to decide what is fair and reasonable when setting the terms of the engagement because this is done before any potential litigation, or the scale of potential litigation, is known to the auditor and the client. This is therefore open to the interpretation of the courts. At which point the level of compensation may as well lie at the discretion of the courts in the first place.

Another problem lies with the shareholders; what motivation do they have for agreeing to terms that could potentially reduce their ability to recover any losses they incur due to the negligence of other parties? Once again this may be perceived as a barrier to litigation that audit firms can hide behind, reducing the pressure to perform good quality audits.

Current position

All the methods described contribute to the management of auditor liability but it seems none of them have provided the protection the profession needs to become truly competitive. Remember, the profession is not asking for exemption from litigation, rather that it does not shoulder the entire burden of litigation where others may also be to blame.

In June 2008, the European Commission recommended that member states find a way to limit auditor liability to try and encourage competition in the audit of listed companies and to protect EU capital markets. Given the different legal systems involved the recommendation leaves it to member states to determine an appropriate method but suggests that the solution:

  • should not apply in cases of misconduct
  • would be ineffective if it did not extend to third parties, and
  • should ensure fair compensation of damaged parties.

Whilst no firm decision has been reached in the UK there are an increasing number of advocates for a ‘proportional’ system of liability replacing the current ‘joint and several’ one. Under this proposal the audit firm would accept their proportion of the blame in a negligence case and would pay that proportion of the compensation. This system, as introduced in Australia in 2004, would ensure a fair outcome for the plaintiff without placing the entire financial burden upon the audit profession. It would also meet the EC recommendations listed above.

At the time of writing no solution has been agreed upon in the UK and the debate continues.


There is an increasing trend of litigation that is costing the audit profession billions of pounds. The potential costs and risks of auditing large, listed businesses may now be prohibitive for any firm of willing auditors outside of the Big Four.

Auditors can reduce their exposure to litigation but there is a rising groundswell of opinion that the audit profession has, for too long, borne the brunt of penalties for misdemeanours shared by other culpable parties. These penalties are prohibitive to competition, which may be damaging to capital markets.

There is widespread agreement that this situation must change. Unfortunately, any decision on the nature and timing of such a change appears to be a long way off. Until such time the audit profession will simply have to bear the burden of liability.

Simon Finley is a teaching fellow at the Aston University Accounting Group

Reference 1 Auditing: Commission Issues Recommendation on Limiting Audit Firms’ Liability, European Commission, 6 June 2008

"The guidance for when an auditor may be liable, either under criminal or civil law, appears to be clear and largely uncontroversial. The same cannot be said of the nature of the fines and settlements, which remains a hotly debated issue."