|
|
|
| Friday, May 29, 2009 |
|
Seven Defensive Steps to Avoiding Accounting Malpractice Claims
By Andrew Morris and Kevin Murphy @ 11:04 AM :: 552 Views ::
0 Comments :: 
|
 |
By Andrew J. Morris and Kevin M. Murphy
For decades, public accountants, especially auditors, have practiced in the shadow of potentially ruinous litigation. By now, at least one lesson is clear: It is not enough to do good work. To reduce the danger from lawsuits, accounting firms should take specific defensive steps. This article reviews some of the most important ones. These steps begin with avoiding high-risk clients in the first place, then taking care to memorialize what your firm will and will not do for the client. The steps continue with a series of step practices that reduce an audit’s vulnerability to later attack. Followed faithfully, these steps can reduce the chances that your firm will be the target of a lawsuit or, if you are targeted anyway, that the firm will suffer serious damage.
The Risks
Typical claims against auditors can come from any of several sources. The most likely one is the client. The other likely plaintiffs are third parties who have some connection to the client, such as its lenders, bondholders, and shareholders.
These plaintiffs can bring several kinds of claims. Audit clients typically sue for malpractice, claiming that the audit work was not up to professional standards. Third parties, such as banks who lend to audit clients, often sue the auditor for negligent misrepresentation, a variation of malpractice. All of these plaintiffs also can sue for fraud. The typical fraud claim alleges that that the auditor issued a clean opinion on financial statements despite knowing that the statements did not comply with Generally Accepted Accounting Principles. The damages from any of these claims can be massive, often up to hundreds of times the accountant’s fees on the engagement at issue.
Auditors also are vulnerable to enforcement actions by government agencies such as the Securities and Exchange Commission and banking regulatory agencies, as well as to disciplinary actions by the Public Company Accounting Oversight Board and state accounting boards. These actions can lead to penalties including large fines and even the loss of the right to issue audit opinions—an effective death sentence for an auditing firm.
To fully appreciate the danger from lawsuits and enforcement actions, it is important to keep in mind the so-called “expectancy gap.” This is the difference in the perception of the scope of the auditor's responsibilities, with the accounting profession on one side of the gap and the public on the other. To the accounting profession, the auditor’s role is a limited one, carefully circumscribed by the technical literature and consistent with a sophisticated understanding of the auditor’s independence from management. To much of the public, however, the auditor’s role is much broader. From this perspective, the auditor is a virtual partner with management, an expert business advisor that bears some responsibility for the client’s financial performance. According to this view the auditor should, for example, sound the alarm when the company is at risk of failing. This view also holds, however, that the auditor is a public watchdog as well, responsible for protecting the public. This explains the widely-held, though unrealistic, belief that a financial statement auditor should detect every fraud or defalcation of any significance.
Once the possibility of litigation arises, and the search for a deep pocket begins, the public’s broad view of the auditor’s role can push out the accounting profession’s more limited view. The result is that, in litigation, the auditor can sometimes be judged according to the public’s broad, if technically inaccurate, view of the auditor’s responsibilities.
Reducing the Risks
You can do much to reduce litigation risks by following a few important steps. These constitute the accounting equivalent of defensive driving. If a driver is injured in a traffic accident, it does her no good to say that she had the right of way. Even if she is correct on that score, she still can suffer serious injury. In the same way, it is little solace to an accounting firm, tagged with a huge lawsuit or even a judgment, to say that it complied scrupulously with applicable professional standards. That accounting firm must remain aware that others whom it will encounter do not see auditing in the same way. This problem calls for some defensive auditing.
1. Screen Potential Clients.
This first step probably is the most important: Conduct a methodical review of the background of every potential client. This review should be part of your firm’s procedures for client acceptance. Document the review. And be sure to update it every year.
Consult the detailed list in AICPA Practice Alert no. 2003-03, entitled "Acceptance and Continuance of Clients and Engagements." This Practice Alert identifies four especially important considerations: management’s integrity and competence, the accounting firm’s expertise and suitability for the engagement, input from the predecessor auditors, and the potential client’s financial viability.
Management integrity and competence are, of course, critical. Your review should look at the company’s general history and structure as well as the background of key members of management. Examine the firm’s litigation history as well.
Next, your firm’s expertise is relevant for the obvious reason that the auditor must perform the engagement according to professional standards. Insufficient expertise in a client’s industry (or in other relevant knowledge, such as International Financial Reporting Standards) can lead to weaker audits, manifested for example in a temptation to pull out audit programs that are generic, or to rely too heavily on management’s knowledge and judgment. Viewed from a defensive perspective, a record that your firm has carefully considered its relevant experience and concluded that it is well-suited to the engagement can head off later criticisms that your firm was out of its depth.
The next consideration, input from the predecessor auditor, obviously provides important information about the potential client. This consultation also is generally required by SAS 84.
Finally, the strength of the potential client’s financial condition is important for a couple of reasons. The first is to ensure that fees will not be an issue. Although continuing audit clients generally pay their fees, you still should discuss cost and payment expectations with them. Avoiding fee disputes helps avoid malpractice claims, because clients that are sued for fees often respond with counterclaims for malpractice.
The second reason that the potential client’s viability is important is the great litigation risk posed by clients who fail. In particular, bankruptcies can lead to the appointments of trustees, who can be especially dangerous. Trustees have strong incentives to bring claims against auditors with reduced (or little) concern for the merits. And in litigation, a trustee has special powers: In some cases a trustee holds all of the client’s rights against the auditor, but is immune to some of the defenses the auditor would have against the client itself. This can leave the auditor close to defenseless. Bankruptcies can also draw the attention of other plaintiffs' attorneys and government regulators, who may bring their own lawsuits or investigations.
2. Use a proper engagement letter—and keep it current.
Once you have decided to take on a client, give careful attention to the engagement letter. This is your contract with the client—a critical risk management tool. Engagement letters can vary, but a strong letter should include several critical items.
First, state exactly what your firm is being hired to do. This requires a careful description of the work to be performed, drawing on relevant professional literature. Specify, for example, whether the engagement is for a GAAS audit, a PCAOB audit (in which case you should consult technical experts on those standards before entering the engagement), a review, or some other undertaking such as specific agreed-upon procedures. Include also a statement of what your firm has not been hired to do. Some letters specify, for example, that the auditor is not promising to detect fraud or agreeing to give business advice. Also include a description of the responsibilities of the client's management and directors, again drawing on the relevant literature. Include an acknowledgement that your firm can resign if, based on your professional judgment, resignation is appropriate.
These provisions are very helpful in case of litigation. When former clients sue, a central piece of their strategy is to expand the scope of the outside accountant's responsibility. Former clients often insist, for example, that they relied on their auditor as a roving lookout for problems that should be brought to the attention of the directors—in effect, as a second, and expert, set of eyes and ears for the board. Former clients also assert that they were looking to their auditor for general business advice, including even strategic guidance. Plaintiffs sometimes support these assertions with quotes from accounting-firm marketing materials that tout the firm's business acumen and its "partner" relationships with its clients. The best tool for cutting off these after-the-fact efforts to overstate the auditor's responsibilities is a proper engagement letter.
The letter should state that your firm is performing the work for the benefit of the client only, not for any third party. This cuts against later assertions by third parties, such as the client’s lenders, that your firm owed them a duty of care. As noted above, a bank that lent money to your audit client might argue that it has the right to sue your firm because, the lender would say, it was obvious that a client’s bank would rely on that client’s audited financial statements. A well-crafted engagement letter is an important means to cut off those claims as well.
Next, consider addressing how your firm and your client will resolve any disputes. Engagement letters often specify that any disputes must be heard in a certain court (a "forum-selection clause"), and they often waive any right to a jury. (This is an effort to reduce the possible danger from the expectancy gap.) Or the letter can state that the parties will avoid the court system altogether and resolve any disagreements through private arbitration.
Also consider a ceiling on the amount of possible damages. One common approach is to limit the amount of damages to a specified multiple of annual fees. Such a provision might state that the client cannot recover damages greater than three times the fees paid to the auditor for the year at issue. The letter also might require the client to indemnify your firm in case any third parties do sue you because of the audit. Because the law governing these provisions can vary by state, you should consult counsel when drafting them.
Finally, make sure that client representatives, including the chair of the audit committee, sign the letter. Surprisingly often, this simple step goes undone. An unsigned letter, however dutifully filed in the workpapers, has questionable value if the client later sues your firm. The client will fight the protective provisions that you have been so careful to include, arguing that it never agreed to them. And don’t forget to get a new letter signed every engagement; a letter from an earlier engagement might not help in a dispute about a later one.
3. Comply carefully with audit documentation standards.
Now that your firm has entered a well-defined relationship with a well-screened client, you should perform the audit work in a way that reduces vulnerability to attack. To begin, document every audit step performed. This may seem obvious, but all too often workpapers contain documentation that does not quite memorialize all relevant information about an audit step or a related judgment. That omission gives later plaintiff’s counsel a crack through which its expert can drive an entire theory that the audit was defective. Plaintiffs commonly use thin documentation to argue that the auditor performed steps improperly or overlooked them altogether.
To avoid handing plaintiff’s counsel this opening, document every audit step fully. Include some indication of the rationale for each test, the scope of the test, and all inputs considered when performing the test. If a step is listed in an audit program but the staff waived performing it, provide a specific explanation why.
Be similarly careful to memorialize the resolution of every audit concern mentioned anywhere in the workpapers. In doing so, remain mindful of the audit areas that workpapers identify as higher risk. For example, make sure to address every possible problem, however remote, flagged in a SAS 99 brainstorming workpaper. Plaintiffs love to use these memos. They look at every listed fraud possibility, read it extremely broadly, then see whether that possibility is specifically addressed elsewhere in the workpapers. For an auditor, noting a concern but failing to put it to rest can be worse than overlooking the concern in the first place.
4. Minimize reliance on management representations.
Another source of trouble is too much reliance on management, especially where other sources of audit evidence are reasonably available. Reliance on management, however unavoidable for some audit purposes, is a favorite plaintiffs’ punching bag: Once it is known—in hindsight—that management exercised poor judgment or even committed fraud, a plaintiff’s counsel will examine the workpaper sections most at issue and highlight every place that the auditor relied on management. Then, still with the benefit of hindsight, counsel will portray this reliance as sloppy, even ridiculous, and as definitive proof of lack of professional skepticism. Inevitably, plaintiff’s counsel will argue that, had the auditor not relied on management, the auditor would have uncovered the problem at issue in the case.
5. Communicate often with management and the audit committee, and document those communications.
Communicate often with management, and keep a record of significant points that you address. Consider sending follow-up emails as appropriate. Equally important, communicate regularly with the audit committee and document every point that you make, as well as every representation that the committee makes. Once litigation breaks out, audit committee members have a strong incentive to point the finger away from themselves and at someone outside the company. As a result, they can become remarkably forgetful about their conversations with the auditor. By making a contemporaneous—and complete—record of the topics that you discussed with the audit committee, you prevent committee members from later denying that you told them about the very problem that is the basis of the client’s lawsuit against your firm.
6. Avoid communications about the client with third parties.
Be wary of client requests that you talk directly to the client’s lenders or other third parties. Even a single conversation can expose you to claims by those third parties, whose claim that the client’s auditor owed them a duty can be strengthened by the fact that the auditor talked directly to them. A third party such as a lender may even argue that, once the auditor talked to the lender about the client, the auditor was obligated to voluntarily list all problems at the client company that might be significant to the lender.
7. Follow document retention policies and avoid unnecessary emails.
Accounting firms typically have strong policies governing the creation and retention of workpapers. Make sure that your firm’s policies govern the creation, disposal, and retention of all materials created during client engagements. As every accountant and lawyer is well aware, we have experienced an explosion in the creation of electronic materials. This explosion includes the volume and variety of materials created during an audit engagement. These materials are scattered across widely-dispersed locations. And your firm’s computers tend to preserve all of those materials unless someone consciously takes action to delete them. (This is opposite the problem that firms faced until about ten years ago; before then, materials did not survive unless someone made a conscious decision to save them.)
The result is a mass of formal and informal materials. Plaintiffs' lawyers love to search this material, including the informal bits and pieces, for litigation ammunition. This ammunition can be as simple as an off-hand personal opinion about the company or a casual reference to an audit issue that is not later put to rest in the workpapers. It can be as complex as a draft or partial set of electronic workpapers that survived only because they were overlooked during the process of cleaning up the files at the end of the audit. Minimizing the risk from these materials requires a document retention policy that is comprehensive.
Just as important, control the creation of all material to begin with. Train your staff to write emails and memos that are objective and professional: that avoid speculation, personal opinions, and other informal comments. Condition your staff to the fact that every email or text message they send, and every note they jot down, can be used against the firm in court. Instruct them to create only emails and memos that they could explain in later litigation or enforcement action.
Conclusion
It would be impossible to guarantee that your firm can avoid litigation, no matter how careful and professional you and your colleagues are. But the steps above can cut your risks. They can cost a bit more up front but, on the odds, they will pay for themselves many times over by reducing lawsuits and the resulting high legal fees and potentially-ruinous damages.
Andrew J. Morris is a Washington, D.C.-based member of Carr Maloney P.C. He litigates complex commercial matters, particularly disputes involving financial reporting, securities and corporate governance, and can be reached at ajm@carrmaloney.com. His colleague and co-author Kevin M. Murphy can be reached at kmm@carrmaloney.com.
|
|
|
|
|
| Comments |
Currently, there are no comments. Be the first to post one!
Click here to post a comment
|
|
|