WILSON, ELSER, MOSKOWITZ, EDELMAN & DICKER LLP

 

Peter J. Larkin

H. Steven Vogel

Ami Shah

Consider this frequent and unfortunate situation – a bookkeeper for a multimillion dollar company has sole access to client checks and a stamp bearing the signature of the client's president.  One day, she finds herself in need of money, and decides to write a fraudulent check payable to cash, signing it with the signature stamp.  A few months later, she needs more money and writes additional checks to herself.  She alters bank statements on her computer and attempts to erase any trace of the diverted checks.

During the subsequent year-end fieldwork, the independent auditor notices irregularities in the books and records of the client and alerts the president, who hires a forensic accountant and orders bank statements from the bank.  The auditor and the forensic accountant confirm that the bookkeeper embezzled over $500,000, and informs the president.  The president is shocked by the bookkeeper’s actions (despite previous notice of internal control deficiencies by the auditor), and blames the auditor for failing to detect the embezzlement earlier, filing suit.

Suits against auditors for failure to detect a theft or embezzlement are quite common, and are seldom susceptible to a summary judgment motion.[1] Faced with frequently sympathetic plaintiffs — they were robbed after all — and a societal misunderstanding of the true role of the auditor and inherent limitations in an audit, the defendant auditors frequently fight an uphill battle.  Adding to this the fact that the embezzler frequently is judgment-proof, if not actually incarcerated, and the plaintiffs have a fine recipe for a lawsuit against the auditor, who likely has malpractice insurance.

In defending these claims, a significant legal issue is whether the negligent conduct of the plaintiff can be used as a defense by the auditor, and whether the evidence of proof is available to establish the defense.  The objectives of this article are to help auditors understand the legal concepts of contributory or comparative negligence defenses, and to provide practical advice to auditors on managing professional liability risk in situations wherein the client is lax in instituting and monitoring internal controls to prevent fraud and theft.

Roles and Responsibility of the Auditor and the Plaintiff

The respective roles of the accountant and plaintiff in the typical audit serve as an important starting point.  Although the auditor is required by the auditing standards to assess the sufficiency of the plaintiff’s accounting system, system of internal controls and fraud risks to plan the audit, the auditor is not responsible for establishing these systems, nor is the auditor charged with detecting and reporting all weaknesses in internal controls, fraud, improprieties or immaterial errors in the financial statements. 

In most instances, the auditor’s engagement letter, management representation letters, and the audit report clearly delineate the limitations of the audit and the primary responsibility of the plaintiff to protect its own interests.  Nevertheless, disputes often arise concerning the plaintiff’s understanding of these limitations and the scope of the auditor’s engagement, with most plaintiffs simply claiming that everything pertaining to the financial statements is by definition the accountant’s responsibility, regardless of the language contained in the engagement letters and audit reports.  The rhetorical refrain heard countless times in these suits is “what was I paying him for if he wasn’t protecting me from exactly this type of situation?”

History of Contributory Negligence and the Emergence of the Audit Interference Rule

In early American jurisprudence, the contributory negligence of the plaintiff in civil actions seeking recovery for purely economic loss barred any recovery.  Thus, in cases seeking recovery for purely monetary loss, the claim would fail if the plaintiff in any measure contributed to its own loss.  However, many found this strict contributory negligence defense unduly harsh, so the courts created limitations and exceptions.

Audit failure cases saw a similar evolution.  In 1925, a New York court concluded that the plaintiffs were negligent due to their failure to properly supervise the employee/embezzler, and held that the plaintiffs’ contributory negligence was a complete bar to recovery.[2]  Fourteen years later, the very same New York court limited the applicability of the contributory negligence defense and created the “audit interference rule.”[3]  Essentially, the auditor had to prove that the plaintiff somehow impeded the audit, rather than simply being careless business managers.

Defending Auditor Malpractice Suits in Your State

A contributory negligence defense based on the plaintiff’s own fault in failing to prevent embezzlement and safeguard its assets can be a powerful weapon in fighting malpractice actions.  However, the availability of this defense presently depends, at least to some extent, on the jurisdiction where the action is commenced.  Alabama, Maryland, North Carolina, Virginia and the District of Columbia still uphold the “all or nothing” strict contributory negligence rule, which bars recovery if evidence can prove that plaintiff’s negligence contributed to his or her own damage. The remaining states are divided into two basic schemes.  Under a pure comparative fault system, the respective fault of the parties is simply apportioned, and the plaintiff’s damage award may be reduced in proportion to the amount of negligence attributed to the plaintiff.  Under the modified contributory negligence scheme, the plaintiff’s fault will only bar recovery if it exceeds 50% of the total fault causing the damages.

If an action is commenced in a strict contributory negligence state, defending an accountant malpractice case can be relatively simple if the jurisdiction has not adopted the audit interference rule.  In a malpractice suit involving an employee embezzling funds, if the accountant is able to show that the plaintiff failed to implement appropriate internal controls, failed to segregate duties, or to present evidence suggesting that the plaintiff contributed to the embezzlement, the plaintiff is barred from tort recovery.  Instead, the plaintiff may only recover the fees paid to the auditor under a breach of contract theory.

However, in a jurisdiction that has adopted the audit interference rule, proving the contributory negligence of the plaintiff-client is more difficult.  In that state, the defendant auditor will have to demonstrate that management impeded the audit.  This distinction is important, because it is generally easier to identify general deficiencies in the internal control system than to prove that management’s conduct directly interfered with the auditor’s procedures.  In the employee embezzlement scenario, this might require proof that there was absentee management, and that the auditor’s sole source of information was the embezzler due to the unavailability of the other members of management.  In this scenario, it can be argued that management’s decision to abdicate all responsibility to the dishonest employee affirmatively placed the embezzler between the auditor and the truth, and completely impeded the audit.

In both pure comparative fault and modified contributory negligence jurisdictions, the first consideration is also whether the audit interference rule has been adopted, rejected or not yet addressed.  For example, Michigan and Florida have completely abandoned the audit interference rule and apply pure comparative fault applies regardless of whether the plaintiff’s fault has any causal connection to the alleged audit failure.[4]  On the other hand, other pure comparative fault states, such as Mississippi and Missouri, still recognize the audit interference rule.[5]  In these states, the plaintiff’s negligence is only a defense if it caused the accountant’s failure to detect the embezzlement.

Under New York law, something less than actual interference with the audit may be enough to implicate comparative fault, but the standard is nebulous.  In 1989, a New York Court held that the plaintiff, who suffered losses at the hands of an employee embezzler, did not require any showing that the conduct of the employer interfered with the accountant’s procedures.[6]  Unlike the Craig court, the Hall court did not hold that plaintiff’s negligence barred its action, but rather recognized that “the principles of comparative negligence are applicable in malpractice cases.”  Only a few years later, the same court further confused the issue by stating that a trial court’s failure to apply comparative fault principles was not an error because there was no showing that the plaintiff’s negligence contributed to the accountants’ failure to properly perform their duty.[7]

Minnesota, Ohio, Texas, Nevada, Arizona and Arkansas rejected the audit interference rule under their modified contributory fault system.[8]  Conversely, courts in Connecticut, Massachusetts, New Jersey, Oklahoma, Pennsylvania, Tennessee, Nebraska, Utah and Kansas still recognize the audit interference rule under their modified contributory fault systems.[9]

Practical Considerations

There are relatively few reported cases reviewing jury verdicts where the plaintiff’s fault is measured against the defendant auditor, but there are some significant cases.  In a 1984 decision, a Florida trial court determined after a bench trial that the plaintiff’s contributory fault in the form of unreasonable reliance on the auditors, as well as failure to properly implement internal controls and poor management decisions, amounted to 80% of the total fault causing plaintiff’s damages. [10]  In a 2002 decision in Illinois, where the traditional audit interference rule was still applied under the state’s 50% contributory fault system, the jury verdict finding the plaintiff 45% at fault for simply providing a management representation letter vouching for the information provided to the auditor was upheld. [11]  In a 2003 decision in Ohio, a jury found the plaintiff 67% at fault for failing to detect an employee embezzlement under Ohio’s modified contributory negligence scheme.[12]

While every case must stand on its own facts, the limited and somewhat mundane nature of the comparative fault in these cases indicates a large measure of fault clearly can be assessed against the plaintiff in the right case.  Unfortunately, the availability of this defense and its application are far from uniform.  There is no clear national trend and no consensus even among states that follow the same system of assessing fault.  Accordingly, each jurisdiction must be researched and the defense assessed based on the law of the court where the case is commenced.  Thus, the strength of this defense depends entirely on where you are.

How Can Auditors Mitigate Liability Risks?

Where a contributory negligence defense is available, the burden of proof is on the defendant-auditor. Auditors should be familiar with the law in the states in which they practice. In those states that have adopted the audit interference rule, recognize that liability risk to the CPA firm is elevated compared to similar situations in other jurisdictions.  Managing the client relationship, including client communications and documentation of same, is essential.   So, what else can an auditor do to mitigate liability risks and improve the likelihood of successfully fighting a malpractice claim?  Here are some recommendations:

·        Establish an understanding with the client about the limitations of an audit; in other words, the client should not rely on the auditor to detect all fraud.

·        Document evaluation of internal controls and client communication with respect to internal control deficiencies.  Continue reporting significant control deficiencies and material weaknesses not addressed by the client until they are resolved.

·        Give special attention in audit planning to internal control deficiencies that may give rise to heightened audit risks. 

·        If theft or fraud is discovered during audit field work, promptly bring the findings to the attention of those charged with governance, and require the client to investigate.  Document client communications, client’s investigative findings, and the auditor’s evaluation of management’s findings and resolution in the audit workpapers.

·        In state courts that uphold the audit interference rule, it is important to establish evidence that the client’s actions interfered with the auditors in conducting their audit under the prescribed scope.  Document things such as the unavailability of management to address auditor’s inquiry or requests, management’s disregard of the auditor’s warning of internal control deficiencies or suspected fraud, management’s failure to prosecute or terminate dishonest employees, etc.   

·        Consider resigning from an engagement if client management is uncooperative or is not responsive to questions or concerns raised during the audit, or if they refuse to take action to improve internal controls or investigate suspected fraud.

©2008 Wilson Elser. All Rights Reserved. Printed with Permission.