Engagement Letters Are Seeking To Limit Auditor Liability

Bank regulators are mulling a proposal that is touching off a new era of debate over whether there should be liability limits for auditors when an audit fails to turn up flawed or fraudulent accounting.

A group of bank regulators have compared notes and discovered audit firms are increasingly seeking provisions via engagement letters that would limit auditors’ liability. The group issued a proposed advisory that would warn financial institutions to reject any such provisions when entering into an agreement for an external audit. The group has collected comments on the proposed advisory and is analyzing remarks.

The advisory is raising questions anew about who’s at fault when an entity’s accounting goes bad—management who fail to report properly, whether by negligence or fraud—or auditors who fail to catch and expose it.

The Securities and Exchange Commission already holds that accountants cannot be considered independent or objective if they are working under an understanding that they won’t be held liable for a bad audit, even if management deliberately deceives auditors. The American Institute of Certified Public Accountants, on the other hand, believes accountants should have some protections in the event that a bad audit can be traced to poor or fraudulent reporting on the part of management.

Three Types Of Provisions

The bank regulatory agencies said they’ve seen an increase in the types and frequency of provisions appearing in audit engagement letters seeking to limit auditors’ liability. “While these provisions do not appear in a majority of financial institution engagement letters, the provisions are becoming more prevalent,” the proposed advisory says.

Regulators advise that all financial institutions reject any agreement with an external auditor that includes a provision to limit auditors’ liability because they view it as a threat to auditor independence. “The Agencies believe such provisions may weaken an external auditor’s objectivity, impartiality, and performance,” the proposed advisory says.

Regulators list eight specific examples of provisions auditors have sought, but they generally lump them into three categories: protections from claims by third parties, protections from claims by the financial institutions themselves, and limitations on the legal remedies available to financial institutions should they believe they have a case against the auditor.

Patricia Hildebrand, senior policy accountant at the Office of Thrift Supervision, said there’s no particular pattern in terms of where the provisions appear, either in size or type of financial institution from which protection is sought or among audit firms seeking protection. Comment letters were not available to the public late last week, but reactions to the regulators’ position were “all over the map,” she said.

Although none of the Big Four or second-tier accounting firms would discuss the regulators’ position, PricewaterhouseCoopers provided its seven-page comment letter to the regulators’ proposed advisory, which raises two major objections.

AICPA'S VIEW

The following is "Ethics Ruling No. 94," excerpted from "Ethics Rulings on Independence, Integrity, and Objectivity," and revised July 2002:

94. Indemnification Clause in Engagement Letters

Question—A member or his or her firm proposes to include in engagement letters a clause that provides that the client would release, indemnify, defend, and hold the member (and his or her partners, heirs, executors, personal representatives, successors, and assigns) harmless from any liability and costs resulting from knowing misrepresentations by management. Would inclusion of such an indemnification clause in engagement letters impair independence?

Answer—No.

Click Here To View ET Section 191: Ethics Rulings on Independence, Integrity, and Objectivity

First, PwC says audit firms are justified in seeking legal protection against “knowing management misrepresentation,” or cases where management deceives auditors. “PwC suggests that indemnification against knowing management misrepresentations is an appropriate way for an audit firm, who is the target of unlawful and perhaps criminal behavior, to protect itself from deceitful management,” the letter says. The letter continues that such protection “serves a public purpose and does not impair the auditor’s objectivity and independence.”

Second, PwC takes exception with the regulators’ views on alternative dispute resolution. Audit firms have sought ADR via engagement letters, but the proposed advisory would caution financial institutions against agreeing to any ADR as a condition of the engagement. PwC points out that the regulatory group promotes the use of ADR as means of resolving contract disputes in other third-party relationships, suggesting relationships with audit firms should be no different.

Reducing Motivation?

The question of knowing management misrepresentation presents the greatest area of debate for legal and ethics experts.

Lisa Snyder, director of the AICPA’s Professional Ethics Division, says the bank regulators are looking at the question from a standpoint of safety and soundness, determining that financial institutions’ interests are not adequately protected if auditors are protected from liability. She said an AICPA ethics task force is still examining the issue.

In its comment letter, the AICPA says the majority of its Professional Ethics Executive Committee believe auditor protection against deception is “fundamentally fair” to the auditor and company, and even serves as “a significant deterrent to management fraud.”

Letter signatories Bruce Webb, chair of the PEEC, and Carl Larson, chair of the institute’s Depository Institution Expert Panel, said they don’t believe the bank regulators have “put forth sufficient rationale” to determine that auditor independence is compromised if auditors are legally protected against deliberate misrepresentations. “The Agencies have not identified the relevant threats to the auditor’s independence nor have they considered whether any safeguards exist that could sufficiently mitigate such threats,” they wrote.

Jacobs

“You don’t want to do anything that would reduce the incentive to be not only independent, but skeptical,” said Leslie Jacobs, partner with Thompson Hine, focused on white-collar crime and business regulation. “The concern today is that we want auditors not necessarily to look under every rock, but we don’t want them to casually choose not to look. Indemnification provisions certainly provide a comfort level so that auditors don’t have as much motivation.”

Ketz

J. Edward Ketz, accounting professor at Penn State University, agrees there must be incentive for auditors “to do their work properly and thoroughly,” but sides with PwC on management misrepresentations. “We cannot provide a green light to managers to lie and then punish the accounting firm,” he said.

Liability And Viability

Beyond the issue of “where to point the finger of blame,” the question of auditor liability raises even larger public policy concerns about choice and competition among audit firms. That’s according to Joseph Carcello, director of research for the University of Tennessee Corporate Governance Center, who adds that the viability of the profession may even be at stake. The Enron accounting scandal has already reduced the Big Five to the Big Four with the demise of Arthur Andersen, and the more recent threat of indictment against KPMG over tax shelter abuses heightens anxiety.

Carcello

“The question of liability is a legitimate concern for the audit firms. One judgment could wipe out a firm,” leading to a serious constriction of choice for audit consumers, Carcello said. “They’ve been concerned about this issue for at least the last 15 years.”

It also has implications for retaining and attracting talent to a battered profession, paradoxically in great demand in the current environment. “One busted audit could wipe out your job, your capital position in the firm, everything,” he adds.

Carcello said he believes Big Four firms would characterize liability as their second-largest expense behind payroll and benefits. “They view it as a continued threat to their existence,” he said.

While SEC rules bar liability limitations for public company audits, those rules have no bearing over private financial institutions, he said. As such, audit firms are just looking for protection anywhere they can find it. “They’re doing everything they can to reduce their liability risk with non-public clients,” he said.

Carcello suggests audit firms could gain the liability protection they seek if they were willing to expose themselves to even more regulation, such as extending the structure and authority of the Public Company Accounting Oversight Board to the private sector as well, although he concedes the prospect is unlikely.