V.

THE CPAs PROFESSIONAL RESPONSIBILITIES

III. Auditor’s Legal Liability

Learning Objectives Marconni B. Andres

L1. Understand the need to observe a reasonable level of care in the performance of their professional
work.

Potential litigation is a major concern to auditors. Professionals have always had a duty to provide
a reasonable level of care while performing work for those they serve. Audit professionals have a
responsibility under common law to fulfill expressed and implied contracts with clients. They are liable to
their clients for negligence and/or breach of contracts should they fail to provide the services or not
exercise due care in their performance.

Lawsuits against auditors typically involve alleged misstatements that the auditors did not detect
in the financial statements. These misstatements are usually
(1) an improper or inadequate disclosure, or
(2) an inappropriate valuation.

Other typical lawsuits brought by clients against CPA firms involve claims that the auditor (1) did
not discover an employee defalcation (theft of assets) as a result of negligence in the conduct of the audit;
(2) did not complete the audit on the agreed on date; and (3) inappropriate withdrawal from an audit.

Most auditors believe the conduct of the audit in accordance with Standards of Auditing is all that
can be expected. Many users believe that auditors guarantee the accuracy of financial statements and
some users even believe that the auditor guarantees the financial viability of the business. Fortunately for
the profession, courts continue to support the auditor’s view. Unfortunately, the expectation gap often
results in unwarranted lawsuits which had caused significant increase in both litigation costs and liability
insurance premiums among the public practitioners.

Public accounting firms have developed procedures that some characterize as defensive auditing
to minimize risk. Also, understanding how and when auditors can be liable will be helpful.

L2. Know the auditor’s responsibility as far as client’s compliance with laws and regulations that may affect
the financial statements.

Consideration of Laws and Regulations in an Audit of Financial Statements

PSA 250 is issued by the Auditing Standards Practices Council (ASPC) to establish standards and
provide guidance on the auditor’s responsibility to consider laws and regulations in an audit of financial
statements.

2When planning and performing audit procedures and in evaluating and reporting the results
thereof, the auditor should recognize that noncompliance by the entity with laws and regulations may
materially affect the financial statements. 3Noncompliance refers to acts of omission or commission by the
entity being audited, either intentional or unintentional, which are contrary to the prevailing laws or
regulations. 2An audit cannot be expected to detect noncompliance with all laws and regulations however,
when noncompliance is detected, the implications on the integrity of management of employees and the
effect on other aspects of the audit should be considered.

3Noncompliance includes acts and transactions entered into by management and employees in the
name or on behalf of the entity audited; and do not include personal misconduct by the entity’s
management or employees. Generally, noncompliance that are removed from events and transactions
reflected in financial statements are less likely to be recognized by the auditor. Furthermore, 4an act of
noncompliance is a legal determination and ordinarily beyond the auditor’s professional competence
although his experience and understanding of the client entity and its industry may provide a basis for
recognition that some acts coming to his attention constitute noncompliance with laws and regulations.
Management’s Responsibility for Compliance with Laws and Regulations
9Management has the responsibility to ensure that the entity’s operations are conducted within the

law and relevant regulations. The prevention and detection of noncompliance with laws and regulations
primarily rest on management as well. 10Policies and procedures that assist management in the prevention
and detection of noncompliance include:
a. Monitoring legal requirements and ensuring that operating procedures meet the requirements;
b. Instituting and operating appropriate systems of internal control;
c. Maintaining a register of significant laws the entity must comply within its particular industry;
d. Maintaining a record of complaints;
e. Engaging legal advisors to assist in monitoring legal requirements; and
f. Assigning appropriate responsibilities to an internal auditor or an audit committee.

Auditor’s Consideration of Compliance with Laws and Regulations

11An annual audit may act as a deterrent but an auditor is not and cannot be held responsible for

preventing noncompliance. 12Although the audit is properly planned and performed according to PSAs, an
audit is subject to the unavoidable risk that some material misstatements are due to noncompliance with
laws and regulations and involve conduct designed to conceal the noncompliance, such as collusion,
forgery, deliberate failure to record transactions, senior management override of controls and intentional
misrepresentations being made to the auditor.

13PSA 200, ‘Objective and General Principles Governing an Audit of Financial Statements’,
instructs auditors to plan and perform the audit with an attitude of professional skepticism recognizing that
the audit may reveal conditions or events that would lead to questioning whether an entity complies with
laws and regulations. The auditor should particularly be able to recognize the laws and regulations the
noncompliance of which would cause the entity to cease operations or question the entity’s continuance as
a going concern.

The auditor should have sufficient understanding of laws and regulations to be considered when
auditing assertions related to the determination of amounts to be recorded and disclosures to be made. The
auditor should obtain a written representation from management that it has disclosed to the auditor all
known actual or possible noncompliance with laws and regulations whose effect must be considered when
preparing financial statements.

Indications That Noncompliance May Have Occurred

The auditor should be aware of indications that noncompliance may have occurred. The appendix
to PSA 250 lists this information that may come to the auditor’s attention that may indicate that
noncompliance with laws or regulations have occurred:
 Investigation by government departments or payment of fines or penalties.
 Payments for unspecified services or loans to consultants, related parties, employees or
government employees.
 Sales commissions or agent’s fees that appear excessive in relation to those ordinarily paid by the
entity or in its industry or to the services actually received.
 Purchasing at prices significantly above or below market price.
 Unusual payments in cash, purchases in the form of cashiers’ checks payable to bearer or
transfers to numbered bank accounts.
 Unusual transactions with companies registered in tax havens.
 Payments for goods or services made other than to the country from which the goods or services
originated.
 Payments without proper exchange control documentation.
 Existence of an accounting system which fails, whether by design or by accident, to provide an
adequate audit trail or sufficient evidence.
 Unauthorized transactions or improperly recorded transactions.
 Media comment.
Procedures When Noncompliance is Discovered
26When the auditor becomes aware of information concerning possible noncompliance, he should

learn the nature and circumstances and gather sufficient data to evaluate its effect on the financial
statements. 27He should consider potential financial consequences, such as fines, penalties, damages,
threat of expropriation of assets, enforced discontinuance of operations and litigation. He should determine
whether the potential financial consequences need disclosure or if they are so serious as to call into
question the fair presentation of the financial statements.

28When the auditor believes there may be noncompliance, he should document his findings and
discuss them with management. Documentation of findings would include copies of records, documents,
and minutes of conversations, if appropriate. 29The auditor may consult the client entity’s lawyer or the
auditor’s own lawyers whether a violation of laws and regulations is involved and the possible legal
consequences, and what further action the auditor should take.

31The auditor should consider the implications of noncompliance to other aspects of the audit,
particularly the reliability of management representations. In noncompliance not detected by internal
controls, he should consider the relationship of perpetration and concealment, the relevant internal control
procedure, and the level of management or employees involved.

Reporting of Noncompliance
32As soon as practicable, the auditor should communicate to management: the audit committee,

the board of directors, and senior management, or obtain evidence that they are appropriately informed
regarding the noncompliance that has come to his attention. 33If he believes noncompliance is intentional
and material, he should communicate his findings without delay. 34If he suspects senior management is
involved, he should report the noncompliance to the next higher level of authority.

35If the auditor concludes that the noncompliance has a material effect on the financial statements
and has not been properly reflected therein, he should express a qualified or an adverse opinion. 36If the
auditor was precluded by the client entity from obtaining sufficient appropriate evidence to evaluate
noncompliance, he should express a qualified or a disclaimer of opinion on the financial statements on the
basis of a limitation on the scope of the audit.

38Incertain circumstances, the auditor are required to report noncompliance by financial institutions
to the supervisory authorities. The auditor’s duty of confidentiality would ordinarily preclude him from
reporting noncompliance to a third party; however, confidentiality is overridden by statute or by court of law.
He should seek legal advice and give consideration to his responsibility to the public interest.

Withdrawal from the Engagement

39When the client entity does not take the remedial action that the auditor considers necessary in

the circumstances, and when the auditor concludes the implication of involvement of highest authority
within the entity, thus affecting reliability of management’s representation; the auditor should seek legal
advice and withdraw from the engagement.

L3. Know the sources of legal liability of the independent auditor. Princess Hannah P. Noble

Legal Concepts Related to Auditor’s Liability

a) Due professional care

The auditor’s legal liability arises primarily from his failure to exercise due professional care in the
performance of an audit and in the preparation of the audit report. The auditor is expected to exercise the
due care that a prudent person and others in the profession would perform under similar circumstances.

The courts understand that the auditor is not infallible and he does not guarantee financial
statement accuracy; however, the auditor is expected to discover material and pervasive misstatements
that can be uncovered by the examination of sufficient and competent evidence and the exercise of due
professional care in the audit of financial statements.
b) Sources of responsibility

The auditor’s legal responsibilities are established by common law that had been developed by
court decisions and by statutory laws that were passed through government statutes and by legislative
bodies. The auditor has legal responsibilities to users of financial statements who relied on the opinion he
expressed thereon. Banks and financial institutions rely on the audited financial statements in granting
loans and the auditor is legally liable if he has failed to discover pervasive and material misstatements
contained in the financial statements.

c) Degree of wrongdoing

The auditor’s legal liability depends upon the degree of omission or commission attributable to him.
He may be guilty of negligence, gross negligence or constructive fraud, and of intentional fraud in issuing
an audit report aware that the financial statements are misstated and users would be deceived. Ordinary
negligence implies absence of reasonable care expected under the circumstances. The auditor is guilty of
gross negligence if he consistently fails to follow the standards of the profession in the conduct of an audit.
 Deliberate fraud is the worst fault with the maximum penalty from the courts.

d) Lack of privileged communication

The auditor shall not disclose any confidential information without the specific consent of the client.
The courts may subpoena working papers and disclosure does not need permission of the client. Legally,
information is called privileged if legal proceedings cannot require a person to provide information, even if
there is a subpoena. Information obtained by the CPA from clients and confidential discussions between
the client and the auditor cannot be withheld from the courts.

e) Liability for acts of others

The partners in a public accounting firm are jointly liable for civil actions against a partner; for the
work of their employees; and for the work of other CPAs and non-accountants/experts called upon to do
part of the audit work or provide technical information.

Legal Liability of the Independent Auditor

Auditor’s liability to clients
 A CPA is obliged to exercise due professional care during the engagement including adherence to
professional standards and ethics. Failure by the CPA to exercise this degree of care may constitute
negligence and breach of contracts to render professional service. An honest error does not constitute
negligence on the part of a CPA so long as he exercised due professional care.

Auditor’s liability to third parties

 Creditors, investors and other third parties also rely upon the auditor’s work when they place
confidence in audited financial statements. Independent auditors are liable to all foreseeable third
parties for losses which are caused by the auditor’s fraud or gross negligence. Auditor’s expression of
an opinion on financial statement when, in fact, he has no basis for an opinion is considered gross
negligence. Failure of the auditor to detect widespread fraud also constitutes negligence.

L4. Understand the auditor’s responsibility in tax practice. Marjerie M. Villaflor

Responsibility in Tax Practice

 The CPA as tax advisers has a primary responsibility to the client; that is, to ensure that the client pays
the right kind and proper amount of tax.
 In the role of a tax adviser, the CPA may properly resolve questionable issues in favor of the client
but at the same time must adhere to the same standards of trust and personal integrity in tax work
as in all other professional activities. Any departure from these standards on a tax engagement
would surely destroy the reputation of the CPA in performing his work as independent auditor.
 Any tax advice of material consequence given to client/employer should be recorded in letter form
or in a memorandum for the files.
 A CPA on tax engagements has a second responsibility and that is to the public whose interests are
represented by the government – more specifically by the Bureau of Internal Revenue (BIR).
 To meet this responsibility, the CPA must observe the client’s declaration on tax returns they
prepare. CPAs are not obliged to investigate any or all information provided by the taxpayer but
they cannot just disregard any clues that cast doubt on the accuracy of these data.
 In addition to being guided by the declaration on the tax returns, CPAs should look to the series of
pronouncements, rules and regulations on tax matters issued by the Department of Finance.

 A professional accountant should ensure that the client/employer is aware of the limitations attached to
tax advice and services, and does not misinterpret an expression of opinion as an assertion of fact. The
professional accountant should advise the client/employer that the tax returns are properly prepared on
the basis of information received but the responsibility for the contents of the tax returns rests primarily
with the client/employer.

L5. Identify the auditor’s defenses against client suits as well as third-party lawsuits.

Auditor’s Defenses against Client Suits

 Under the common law, CPA firms can use one or a combination of five defenses when there are legal
claims by clients. These are:
(1) The CPA firm can claim there was no implied or expressed contact to perform the service. This is
referred to as lack of duty to perform the service.
(2) The audit was performed using reasonable care or the lack of reasonable care did not cause
damages.
(3) The reliance on the financial statements did not cause the loss. This is also referred to as absence
of causal connection.
(4) In cases in which a tort is involved, auditors in some jurisdiction can claim contributory negligence
(that the client’s own action contributed to the loss).
(5) The statute of limitations on the action has expired.

Auditor’s Defenses against Third-Party Lawsuits

 Auditors have found four defenses in third-party lawsuits. These are:
(1) The preferred defense in third-party suits is nonnegligent performance. If the audit was conducted
in accordance with Standards of Auditing, the other defenses are unnecessary.
(2) A lack of duty defense can also be used. This defense contends lack of privity of contract. Privity of
contract means limitations of liability to the parties to a given contract. Under privity, the CPA is not
liable to third parties for ordinary negligence.
(3) Absence of causal connection. This means that third party must be able to prove that there is a
close causal connection between the auditor’s breach of the standard of due care and the
damages suffered by the third party. This could also be construed as nonreliance on the financial
statements by the user.
(4) The statute of limitations on the action has expired.
 Contributory negligence is ordinarily not available in third-party lawsuits because a third-party is not in a
position to contribute to misstated financial statements.

L6. Know how to minimize an auditor’s exposure to legal liability. Mary Therese A. Alcozero

Minimizing Exposure to Legal Liability

In the light of the auditor’s extensive exposure to obligation, public accounting firms must take positive
action to withstand the threat of legal liability. Among these actions are:
1. Emphasize compliance with standards of auditing, the Code of Professional Ethics and where
appropriate Financial Reporting Standards.
2. Thoroughly investigate prospective clients. Avoid taking on clients when there are indications of
deliberate management misrepresentation. Evaluate whether a client has the necessary integrity.
3. Avoid companies and industries in which the risk of litigation is high.
4. Exercise extreme care in the audit of clients in financial difficulties.
5. Establishing and following appropriate quality control procedures over all audit work.
 6. Use engagement letters which clearly point out to the client the scope of the auditor’s services and
responsibilities on a particular engagement.
7. Conduct the audit with appropriate professional skepticism.
8. Provide the opportunity for auditor to consult with more experienced auditors about difficult issues.
9. Maintain adequate professional liability insurance coverage. This is however not a common
practice in the Philippines.
10. Seek legal counsel whenever serious problems occur.

L7. Know the auditor’s responsibility to communicate audit matters with those charged with governance.

Communications of Audit Matters with Those Charged with Governance

Governance is the term used to describe the role of persons entrusted with the supervision, control
and direction of an entity. Per PSA 260 ‘audit matters of governance interest’ are those that arise from audit
of financial statements, which in the opinion of the auditor are important and relevant to those charged with
governance, who oversee the financial reporting and disclosure process.

The auditor should determine the relevant persons charged with governance, to whom audit
matters of governance interest are to be communicated; as the Board of Directors; and the entity’s
governance structure, as the Audit Committee or any supervisory body.

Matters of governance interest should be communicated by the auditor include:

 General approach and scope of the audit;
 Selection of or changes in significant accounting policies;
 Audit adjustments;
 Disagreement with management;
 Material uncertainties;
 Expected modification in an audit report and other matters, such as:
 Material weakness in internal control;
 Questions regarding management’s integrity;
 Fraud involving management; and
 Items included in the terms of the audit engagement.
The auditor should communicate audit matters of governance interest on a timely basis so that those
charged with governance can take appropriate action.

The auditor’s communication of audit matters of governance interest to those charged with
governance may be made orally or in writing, depending upon the nature and sensitivity of the audit matters
to be communicated; the size, operations, legal structure and communication processes of the entity;
arrangements made with respect to periodic meeting or reporting of audit matters; and amount of on-going
contact with those charged with governance. The auditor should consider the obligation of confidentiality in
communicating audit matters of governance interest to those charged with governance.

References:
Cabrera, Ma. Elenita B., Public Accountancy Profession: Assurance Principles, Professional Ethics
and Good Governance. 2013-2014. Manila. GIC Enterprises & Co., Inc.
Galanza, Raquel M., Auditing: Assurance Principles, Professional Ethics, and Good Governance.
2015. Quezon City. Rex Printing Company, Inc.
Cabrera, Ma. Elenita B., Auditing Theory. 2017. Manila. GIC Enterprises & Co., Inc.