Library:

• Aviation
• Defamation & Media
• Dispute Resolution & Litigation
• Health & Administrative Law
• Insurance
• Marine
• Professional Liability & Indemnity

Common Issues in Lawsuits against Accounting Professionals
by James R. Lane

Return to Main Menu ››

As with many professions in Canada, members of the accounting profession in private practice have found themselves defending against lawsuits with increasing frequency. Many suits are brought by clients – usually for the purpose of recovering a loss incurred by the client directly. Sometimes as well clients sue their accountant or auditor in order to recover legal costs, or to displace blame, or achieve some other tactical advantage when the client has had to respond to a claim or a tax reassessment. In such cases, there is generally no question that the accounting professional must answer to the client for any significant mistakes made in the course of the engagement. The issue of whether an engagement was competently performed is referred to in law as a standard of care issue. Of course, a claimant can be someone other than a client, particularly in assurance engagements. A commonplace example is a claim by a third party who suffered a loss as a result of relying on the client’s audited financial statements. A third party claimant of that sort would face an additional hurdle to a successful claim against an accountant. The claimant would have to establish that he or she was someone to whom the auditor owed a duty of care. This article explores how Canadian law has developed the duty of care and standard of care concepts in cases involving auditors and accountants.

Duty of Care

Most lawsuits involving a complaint about professional services or advice are based in negligence. Other grounds, like breach of contract, are also often raised, but the law of negligence is usually at the heart of such claims. The starting point for any professional negligence claim is to establish that the professional owed the plaintiff a duty of care. The test for determining whether a duty of care exists is vague. As a result, the duty of care concept has been the subject of extensive litigation.

At law, we each owe a duty to avoid doing something that we can reasonably expect might injure someone close to us. It is clear that a professional's clients are close enough to be covered by this test. For professionals, the duty of care concept often becomes trickier when the claimant is someone other than a client.

The long-standing test of whether a duty of care exists is to ask: at the time the defendant did something causing harm, should he have had the plaintiff in mind as someone who could be injured by his actions? If it is reasonable to expect the defendant could have foreseen that somebody might be harmed in the way that that the plaintiff was actually harmed, then the defendant may be liable. For some professions, this test implies wide-ranging liability. For instance, is an engineer who designs a building potentially liable in negligence to any future visitor of the building?

The scope of a professional's duty of care was further increased by two developments in the law in the mid 1900's. One of these developments occurred in 1963 when the case of Hedley Byrne & Co. v. Heller & Partners established the right to recover damages caused by reliance on a negligent misrepresentation. This decision expanded the type of activity that can create a duty of care. Consider the case of an accountant who provides assurance regarding financial information that might be of interest to an investor. Without some limit being placed on the legal duty of care owed, the accountant could be liable to anyone who somehow receives and acts upon that financial information.

In another development occurring at about the same time, the law expanded the type of loss that can be compensated in negligence. Where the plaintiff has suffered a personal injury or physical damage to property, the courts tended to apply the traditional duty of care test without many additional restrictions. However, the law had drawn a distinction between physical injury and economic loss, such as a loss of profit. Traditionally, plaintiffs could not recover economic loss unless they also suffered physical loss. More recently, the law has permitted recovery of pure economic loss. This change had major implications for accounting professionals.

These and other developments exposed auditors and accountants to increased liability to anyone who suffers a monetary loss after relying on a professional opinion that turns out to be wrong. As a result, the law developed limits on the duty of care owed when providing advice in certain circumstances. These limits relate not only to the question of who can claim for a loss, but also to the sort of harm complained of.

When auditors or accountants provide an opinion on a client company's financial statements, they usually expect that the client will share the opinion with others who may rely on it, including bank creditors, suppliers, prospective investors and affiliated companies. The degree of reliance will generally increase when an audit opinion is given. In the case of large public companies, the audited financial statements can receive wide publication. As a result, under the traditional formulation of duty of care, accountants, in particular auditors, could face liability in any amount to a virtually unlimited number of third parties.

The courts generally considered this to be an extreme and undesirable result. And so, over the past few decades, the law has evolved to limit the scope of the duty of care owed by auditors for financial statements which prove to be inaccurate. The limits which were developed address the question of who is owed a duty of care, as well as the question of what use is made of an auditor's or accountant's opinion.

Both of these issues were addressed in the 1997 Supreme Court of Canada decision in Hercules Management Ltd. v. Ernst & Young. The plaintiffs in that case lost on their investment as shareholders of the defendant auditor's client, This loss was foreseeable in that the defendant auditors could easily have anticipated that someone (including existing shareholders) might rely on their client's audited financial statements in making an investment in the client and could be harmed if the statements were wrong.

With respect to the "who?" question, the Supreme Court concluded that the auditors did not owe a duty to anyone and everyone who might be harmed by reliance on a negligent misstatement in the financial statements. An auditor will only owe a duty of care to someone who the professional actually knows might rely on the advice given. This would include a person who was a member of a specific class of persons that the professional knows about. In the Hercules case, the Court said that the existing shareholder plaintiffs did fall into this category.

Dealing with the second question, "for what use?", the Court went on to say that an auditor will only be liable to someone who used the advice for the specific purpose or transaction for which the advice was given. In the case of an audit opinion, the Supreme Court said that, ordinarily, that purpose is to assist shareholders in overseeing the management and affairs of the company, not to assist in making personal investment decisions. Therefore, the auditors were not liable to the plaintiff shareholders for their individual investment losses in this case. Auditors can be liable to their clients' shareholders if the shareholders as a group suffer a loss because inaccurate financial statements prevented them from holding management of the company to account for some problem.

The Hercules decision, even though it dealt with a claim by shareholders, also affects the duty of care that auditors owe to lenders and other creditors. Before Hercules, auditors were usually not found liable to creditors of whom they were not aware at the time of the audit. There were many cases though where the courts held auditors liable to their clients' creditors (often a client's bank) where the auditors knew that that creditor might rely on the audited financial statements. After the decision in Hercules, a creditor known to the auditor must also show that the financial statements were prepared for the purpose for which the creditor relied on them. In the case of a routine annual audit, this will ordinarily not be possible.

Although audits are sometimes conducted for purposes other than overseeing management, such as inclusion in an investment prospectus, it does not follow that the auditor will be liable to investors in those cases. Even in the case where the auditor has performed an audit specifically for the client to provide to a particular group of lenders for their use, the auditor may still have a duty of care defence. For example, following Hercules, a duty of care may not be owed, for example, where the financial statements are to be provided to a third party for the purpose of attracting a $10,000 loan and the third party relies on those statements in making a $1,000,000 loan.

In unusual cases, an auditor's actions can create a duty of care to a third party who could not meet the Hercules test at the time of the audit. In the case of ADT Ltd. v. Binder Hamblyn, for example, the auditor met with a client's prospective investor and confirmed that the financial statements which were prepared for the company some time earlier, were accurate. The court found that the direct relationship formed with the investor at the meeting created a duty of care where none had existed before.

There are some cases as well where a client may not be able to establish that a duty of care was owed. A claimant must prove not only the existence of a duty of care, but also the extent of the duty. The extent of the duty depends upon the nature of the engagement. In non-audit engagements, such as a review engagement, an auditor is not ordinarily required to consider factors like the client's own internal financial controls and procedures. If a review engagement client suffers a loss that could have been prevented had its accountant warned about problems with its internal controls, the accountant will usually not be liable unless the accountant actually noticed a significant problem resulting from poor controls, but failed to take appropriate action.

Standard of Care

In a lawsuit for damages relating to a complaint about professional services, the claimant must show that the professional did not exercise the care and skill possessed by his professional peers at the time the services were provided. A professional who makes a mistake in the course of providing professional services is not liable to the person who suffers a resulting loss provided the professional has exercised reasonable judgment, diligence and competence. The test is supposed to be applied without using hindsight available by the time a claim proceeds to trial. Generally speaking, a professional does not promise that the services, or the results, will be perfect. However, the minimum standards that professional bodies require their members to meet are generally quite high and are steadily rising. As a result, the standard of "ordinary" or "reasonable" competence applied by the courts is a rigorous one.

The standard of care can vary depending on the legal basis of the claim advanced. Claims against professionals can be brought on the basis of negligence, breach of contract (such as a retainer agreement), deliberate wrongdoing (such as fraud), or on equitable grounds (the most common being breach of a fiduciary duty owed by the professional). For example, a professional can be found not to have been negligent, but may still be held liable if the services provided did not conform to the terms set out in a retainer letter.

The standard of care that an accountant is required to meet depends to a large extent on the type of engagement entered into. Different engagements involve different degrees of attestation by the accountant. The three most common types of engagement are audits, review engagements and compilation or non-review engagements conducted on a notice-to-reader basis, The highest degree of attestation, and consequently the highest standard of care, applies to an audit. Audits usually involve review of a client's financial statements, but may also relate to investigation of a specific aspect of the client's business.

Typically, suits against accountants are based on allegations of negligent misstatement regarding the financial position of an audit client as reflected in the client's audited financial statements. One recurring complaint arising from audits relates to the auditor's failure to detect fraud by employees or by management of the audit client. Audits are not designed to detect fraud, but that does not prevent claimants from arguing that the auditor overlooked something that should have been apparent. As a result, complicated issues often arise regarding whether an auditor should have detected a fraud and whether a failure to do so resulted from the auditor's failure to comply with proper auditing procedures.

One factor that the courts have emphasized when assessing the services of an individual professional is the practice standards approved by the professional's governing body. Unfortunately though, the courts have sent mixed messages on the question of whether a professional can be found negligent, or otherwise liable, for services which complied with the applicable professional standards but still proved to be deficient. Professionals have sometimes been held liable despite having conformed to the approved practice of their profession. Canadian courts have insisted on retaining a discretion to find that an accepted practice is not sufficient, or that it involves a foreseeable risk of harm.

Auditors are required to comply with the extensive, detailed standards set out in the Handbook of the Canadian Institute of Chartered Accountants (CICA). The Generally Accepting Accounting Standards (GAAS) and Generally Accepting Accounting Practices (GAAP) set out in the CICA Handbook provide evidence, although not necessarily conclusive evidence, of the standard of care that auditors are required to meet by law.

The general standard contained in the CICA Handbook applicable to auditors states that an auditor "performs the audit with an attitude of professional skepticism, and seeks reasonable assurance whether the financial statements are free of material misstatement." There are many practical limitations inherent in the audit process. The auditor is expected to exercise professional judgment regarding the sort of testing to be conducted and other audit procedures to follow on a given audit. Judgment is also required to evaluate the results of whatever procedures are conducted. The CICA Handbook observes that "much of the evidence available to the auditor is persuasive rather than conclusive in nature". Therefore, an auditor cannot be expected to obtain "absolute assurance" in the course of an audit review.

Before 1997, the most authoritative pronouncement in Canada on the degree to which the courts should accept the CICA Handbook as determining the standard of care to be met by accountants was the Supreme Court of Canada's decision in Hodgkinson v. Simms. That decision stated that professional standards are of guiding importance in determining the nature of the duty owed by a member of the profession. However, in 1997, the B.C. Court of Appeal held in Kripps v. Touche Ross that the court was not bound to conclude that the CICA Handbook was determinative. Despite the existence in that case of a retainer letter stating that the audit opinion was given in accordance with GAAP, the court stated that the adherence to GAAP was not a defence where the GAAP standard fails to adopt obvious and reasonable precautions which are readily apparent to the judge. Consequently, accountants in Canada cannot assume that adherence to the provisions of the CICA Handbook will necessarily protect them from liability,

Notwithstanding this uncertainty, the CICA's detailed codification of standards and its structural process for the review of those standards remains highly relevant for the determination of liability. In most cases where accountants' work meets those standards they will not be found liable.

Cases involving sophisticated commercial fraud present an interesting opportunity to see how .a Canadian court will typically establish a standard of care to govern liability in a particular case. Auditors are normally entitled to assume the honesty and good faith of management. However, one of the most commonly encountered phrases in negligence case law is "knew or ought to have known." Many standard of care disputes focus on what the professional "ought to have known." Among the questions which are likely to arise when the work of an auditor comes under scrutiny are:

1. Did the auditors obtain sufficient knowledge of the client's affairs to plan the audit?

2. Was the audit plan adequate?

3. If the auditors relied upon internal controls and limited their substantive testing, did they have appropriate evidence of the proper functioning of those controls?

4. Were all relevant audit assertions tested?

5. Was the intensity of inquiry adequate and were questions directed to appropriate individuals?

6. Are analytical procedures properly documented and were the results of those procedures given appropriate consideration?

It is because questions of this nature regularly arise that audit cases are often complicated and expensive to pursue, or defend.

It is also important to consider the flip side of the coin. What care does management owe and what are the legal consequences of management's failure to meet an appropriate standard of care? An issue commonly arises where both the auditor and the management of an audit client are at fault to some degree for failure to detect the existence of a problem. Under the legislation enacted in most provinces dealing with negligence, where two parties are at fault for a loss, the courts will apportion a degree of fault to each. If one of the parties is the plaintiff in the action, the liability of the other party as defendant will be reduced to the extent of the plaintiff's contributory negligence. If the fault is divided between two defendants, the plaintiff is entitled to recover its losses on a joint and several basis, meaning that the plaintiff can recover part or all of the loss from either defendant. This situation sometimes creates serious problems for auditors in circumstances where, for example, an auditor is found to be 5% at fault for a loss, but the party that is 95% at fault is insolvent. The auditor can then be on the hook for the whole of the plaintiffs loss.

There is disagreement in the case law regarding how the law of contributory negligence should be applied to an action by an audit client against its auditor, where both the auditor and the client's management are at fault for failure to detect a problem. Canadian courts have sometimes concluded that an audit client cannot recover from its auditor to the extent that the client's own management is at fault for the loss. A few decisions though have held that the client has retained the auditor to provide a check on management and, consequently, the auditor cannot defend itself by pointing to errors or wrongdoing by management of the sort that the auditor was paid to detect in some cases.