March 26, 2012 Articles

Defending Audit-Malpractice Cases: The Audit-Interference Rule

The rule may restrict the type of client conduct that counts for purposes of apportioning fault.

By James H. Bicks and Robert S. Hoff – March 26, 2012

Getting a routine financial-statement audit is not the equivalent of buying an insurance policy. Auditors perform targeted procedures designed to provide reasonable assurance on whether a client’s financial statements are free of a material misstatement, whether caused by error or fraud. A financial-statement audit is not designed to root out fraud. Yet, when fraud or other bad acts have occurred during the period under audit, a lawsuit may be around the corner. When that lawsuit arrives, one of the key issues is often whether and how the client’s own negligence can be considered by the court or a jury.

For example, when an audit client has been the victim of embezzlement by its employee and claims the auditor was negligent in failing to catch the fraud, the auditor might argue that the client itself was negligent by failing to supervise the embezzler or by failing to follow its established internal controls. This sounds like a straightforward comparative-fault defense. But in some jurisdictions, auditors must contend with the “audit-interference rule.” The audit-interference rule may restrict the type of client conduct that counts for purposes of apportioning fault. In jurisdictions adopting the rule, an auditor may only assert a comparative-fault defense where it can establish that the client’s negligence “interfered with” the auditor’s performance of its duties.

Thus, the audit-interference rule can dramatically alter an auditor’s ability to defend a malpractice case. For example, in the above hypothetical, the audit-interference rule would preclude the auditor from relying on evidence that the client’s failure to follow its established internal controls allowed the embezzlement to go unchecked unless the auditor could show that the company’s failure to follow its internal controls interfered with the auditor’s ability to perform the audit. Absent other evidence, such as client misrepresentations to the auditor, this hurdle may be difficult to clear.

As we discuss below, the audit-interference rule is incompatible with the nature of the auditor-client relationship, in which both the auditor and client have important and distinct responsibilities. It is also inconsistent with modern comparative-fault rules, which seek to encourage parties to exercise their responsibilities with due care and to apportion fault among all wrongdoers.

The Harsh Results of Contributory Negligence

The audit-interference rule was adopted over 70 years ago to ameliorate the harsh results of the common law of contributory negligence in auditor-malpractice cases. Under traditional principals of contributory negligence, any amount of negligence by the client, no matter how small, was a complete bar to recovery. The case credited with first announcing the rule is National Surety Corp. v. Lybrand, 256 A.D. 226 (N.Y. App. Div. 1939). In that case, the plaintiff sued its auditors for failing to detect theft by a company employee. The auditors asserted that they were not liable—even if they were negligent—because the client’s claim was barred by its contributory negligence. To avoid this harsh result, the court held that accountants should not be able to escape liability altogether by virtue of their client’s negligence, and thus the client’s negligence “is a defense only when it has contributed to the accountant’s failure to perform his contract and to report the truth.” Nat’l Sur. Corp., 256 A.D. at 236. Several other jurisdictions with pure contributory-negligence systems followed suit, including Illinois, Kansas, Pennsylvania, and Texas. Seee.g.Comerica Bank v. FGMK, LLC, No. 10 C 1930, 2011 U.S. Dist. LEXIS 2648, at *10–12 (D. Ill. Jan. 11, 2011) (applying Illinois law); Comeau v. Rupp, 810 F. Supp. 1172, 1182–83 (D. Kan. 1999); Jewelcor Jewelers & Distribs., Inc. v. Corr, 542 A.2d 72, 79 (Pa. Super. 1988); Greenstein, Logan & Co. v. Burgess Mktg., Inc., 744 S.W.2d 170, 190 (Tex. App. 1987). Texas abandoned the audit-interference rule after it enacted a comparative-negligence statute. See Richardson v. Cheshier & Fuller, LLP, No. 6:07-cv-256, 2008 WL 5122122, at *2 (E.D. Tex. Dec. 3, 2008).

Since National Surety was decided, the vast majority of U.S. jurisdictions have eliminated the “harsh” contributory-negligence rule in favor of a comparative-negligence model. Under comparative negligence, a plaintiff is not barred from recovery simply by virtue of it being partially at fault; instead, its damages are reduced according to its percentage of fault. Most jurisdictions do, however, bar a plaintiff from recovery where its share of fault equals or exceeds a certain percentage—50 or 51 percent, depending on the jurisdiction.

The substantial majority of courts that have considered the audit-interference rule in comparative-negligence jurisdictions have rejected it. See, e.g.Vigilant Ins. Co. v. PricewaterhouseCoopers, LLP, X07-HHD-CV-07-5016099S, 2009 Conn. Super. LEXIS 2796, at *21 (Conn. Super. Oct. 27, 2009) (The authors represented PricewaterhouseCoopers LLP in the Connecticut case.); Paul Harris Stores, Inc. v. PricewaterhouseCoopers, LLP, No. 1:02-CV-1014-LJM-VSS, 2006 WL 2859425, at *7 (S.D. Ind. Oct. 4, 2006); Standard Chartered PLC v. Price Waterhouse, 945 P.2d 317, 352 (Ariz. Ct. App. 1996); Scioto Mem’l. Hosp. Ass’n. v. Price Waterhouse, 659 N.E.2d 1268, 1272 (Ohio 1996); Resolution Trust Corp. v. Deloitte & Touche, 818 F. Supp. 1406, 1408 (D. Colo. 1993); FDIC v. Deloitte & Touche, 834 F. Supp. 1129, 1145–46 (E.D. Ark. 1992); Nat’l Credit Union Admin. Bd. v. Aho, Henshue & Hall, No. 90-4443, 1991 WL 174671 (E.D. La. Aug. 30, 1991); Devco Premium Fin. Co. v. N. River Ins. Co., 450 So. 2d 1216, 1220 (Fla. Dist. App. 1984).

As these courts recognize, the rationale for the audit-interference rule is simply not present in a comparative-negligence jurisdiction, because a client’s negligence will not automatically render an auditor immune from suit. In addition, comparative negligence allows both parties to bear responsibility based on their respective roles and faults, and provides an important incentive for all parties to exercise due care. The Michigan Court of Appeals explained:

With comparative negligence, the result is not so harsh and the policy considerations that accountants should not be allowed to avoid all liability due to some negligence on the part of the client are not present. We find the application of comparative negligence to be proper as neither party is absolved of fault due to the other’s negligence. Comparative negligence creates an incentive for both parties to use due care.

Capital Mortg. Corp. v. Coopers & Lybrand, 369 N.W. 2d 922, 925 (Mich. App. 1985).

The audit-interference rule undermines these important public-policy considerations. Instead of allocating fault to all parties who contributed to a loss, the audit-interference rule shifts the burden to the auditor to show that the client’s negligence interfered with the auditor’s responsibilities, and arguably lessens the client’s incentive to exercise due care over its own affairs.

There are, however, a handful of jurisdictions that continue to apply the audit-interference rule even though they have adopted some form of comparative negligence. See Bd. of Trs. of Cmty. Coll. v. Coopers & Lybrand, 803 N.E.2d 460, 466 (Ill. 2003); Stroud v. Arthur Andersen & Co., 37 P.3d 783, 789–90 (Okla. 2001); Collins v. Esserman & Pelter, 256 A.D.2d 754, 757 (N.Y. App. Div. 1998); Fullmer v. Wohlfeiler & Beck, 905 F.2d 1394, 1398 (10th Cir. 1990); Lincoln Grain, Inc. v. Coopers & Lybrand, 345 N.W.2d 300, 306–07 (Neb. 1984). These cases clearly present the minority rule, and for good reason. The audit-interference rule is not appropriate or necessary in a jurisdiction that has adopted a comparative-fault regime that apportions fault among all wrongdoers who have responsibility for a particular action or result. This is particularly true given the nature of the auditor-client relationship, where each side has important and distinct responsibilities, and each side should be encouraged to perform its responsibilities with due care.

Inconsistency with the Auditor-Client Relationship

The audit-interference rule is based, at least in part, on the popular misconception that, in conducting a financial-statement audit, auditors are responsible for detecting any and all fraud and for protecting the client from its own negligence. Indeed, in announcing the audit-interference rule, the National Surety court asserted that “[a]ccountants, as we know, are commonly employed for the very purpose of detecting defalcations which the employer’s negligence has made possible.” Nat’l Sur. Corp., 256 A.D. at 236. See also Fullmer, 905 F.2d at 1398 (holding that allowing a comparative-negligence defense without requiring a showing that the plaintiff’s negligence interfered with the audit “would tend to ‘render illusory the notion that an accountant is liable for the negligent performance of his duties.’” (citation omitted)).

Building on this misconception of an auditor’s role, some courts point to the Restatement (Third) of Torts as supporting adoption of the audit-interference rule. E.g.Bd. of Trs. of Cmty. Coll., 803 N.E.2d at 467. The Restatement recites the rather obvious principle that “a factfinder does not consider any plaintiff’s conduct that created the condition the service was employed to remedy.” Restatement (Third) of Torts; Apportionment of Liability § 7, cmt. m at 70 (2000). For example, if a doctor negligently treats a patient with a broken arm, causing the arm to become permanently paralyzed, the doctor cannot seek to apportion fault to the patient based on the patient’s failing to use due care when riding his bicycle, which caused his arm to break in the first place. That is the condition the doctor was hired to treat. This situation is entirely distinct from the auditor-client relationship. Unfortunately, courts that misunderstand the auditor’s role may improperly apply the principle in the auditing context. As the Illinois Supreme Court stated:

Just as the patient’s poor dental hygiene could not be asserted as a defense to the negligent infliction of a surgical injury, a client’s poor business practices cannot be asserted as a defense to the auditor’s negligent failure to discover and report the client’s noncompliance with investment policy and legal requirements.

Bd. of Trs. of Cmty. Coll., 803 N.E.2d at 467.

But contrary to these misconceptions, auditors hired to audit a company’s financial statements are not hired to fix a known, preexisting condition that the client’s negligence created, as many medical providers are asked to do when they treat patients. Nor are auditors typically hired to detect all fraud, to ensure the accuracy of every aspect of the client’s financial statements, or to ensure that the company complies with its internal controls and other rules of operation. It is beyond the scope of this article to describe fully the auditor’s responsibilities in conducting a financial-statement audit. What is important for this article is that under the applicable professional standards (Generally Accepted Auditing Standards, or GAAS), both the auditor and the client—often a sophisticated business—have separate and important responsibilities. And the failure by either party to live up to those responsibilities should be considered when assessing fault for any particular loss.

The example of internal controls is illustrative. Under GAAS, both the auditor and the client have important and distinct responsibilities. An auditor is typically required to obtain an understanding of the client’s internal controls to assess the risk of a material misstatement in the client’s financial statements, and to help the auditor plan its audit. AU 150.02 (Second Standard of Field Work). (The term “AU” refers to codified sections of GAAS.) But the auditor is not responsible for designing a company’s internal controls, nor is the auditor typically responsible for ensuring that the internal controls are being followed. If the auditor becomes aware of a significant deficiency or material weakness in the company’s internal controls over financial reporting, it is obligated to inform management. AU 325.17.

By contrast, the audit client is responsible for designing internal controls that will prevent and detect fraud, and that will allow the client to initiate, authorize, record, process, and report transactions accurately. AU 110.03; AU 316.04. The audit client is also responsible for ensuring that its employees follow those internal controls. This allocation of responsibility makes sense given that the audit client is responsible for its own financial statements, for supervising its employees throughout the year, and generally for running its business day in and day out.

Given the client’s responsibilities with respect to internal controls, the client should be held responsible for its share of the loss to the extent that it is caused by the client’s own failure to follow internal controls, regardless of whether such failure interfered with the auditor’s ability to conduct the audit. This is particularly true in comparative-fault jurisdictions, where the client’s negligence will not automatically render the auditor immune from suit, and the rules are intended to encourage parties to exercise due care in carrying out obligations assigned to them. As the Minnesota Supreme Court said, “[f]ailure to exercise ordinary care in conducting accounting activities may expose an accountant to allegations of negligence. By the same token, the persons who hire accountants, usually businesspersons, should also be required to conduct their business activities in a reasonable and prudent manner.” Halla Nursery, Inc. v. Baumann-Furrie & Co., 454 N.W.2d 905, 909 (Minn. 1990).

Conclusion

In short, because both the auditor and the client have important and independent obligations under the applicable professional standards, both should share responsibility to the extent they fail to comply with their obligations and such failure contributes to the client’s loss. Applying traditional comparative-negligence principals—regardless of whether the client’s negligence interferes with the auditor’s ability to conduct an audit—properly allocates fault and encourages both parties to use due care.

Keywords: litigation, professional liability, fraud, contributory negligence, auditor-client relationship


James H. Bicks and Robert S. Hoff are partners in Wiggin and Dana LLP in Stamford, Connecticut.