The Sarbanes-Oxley Act of 2002 created a new, five-member oversight group called the Public Company Accounting Oversight Board (PCAOB). This group is a strong, independent, and full-time oversight board with broad authority to regulate auditors of public companies, set auditing standards, and investigate violations. Only two of its members can be or have been CPAs. The Board is subject to the SEC review and will establish auditing, quality control, ethics, and independence standards for public company auditors. PCAOB's mission is to protect investors in U.S. securities markets and to further the public interest by ensuring that public company financial statements are audited according to the highest standards of quality, independence, and ethics. The Board is funded by fees from public companies.
PCAOB is empowered to set accounting standards that establish auditing, quality control and ethical standards for accountants. The Board also is empowered to adopt or amend standards issued or recommended by private accounting industry groups or to adopt its own standards independent of such private industry standards or recommendations. Auditing Standards have been historically created by the AICPA and many had thought that the PCAOB would delegate its authority to set standards to the AICPA. However, the Board is setting the standards itself. Because the Board is setting standards, auditors will see many more changes in auditing standards.
A New Paradigm
The Sarbanes-Oxley Act and SAS No. 99 put pressure on management, audit committees, chief executives, CFOs, external accountants, and internal auditors to incorporate forensic accounting techniques into their jobs. Now CEO/ CFOs must certify in each 10-K and 10-Q that the signing officer has reviewed the report, and state that based upon the officer's knowledge there are no material misstatements or omissions and the financial statements fairly represent the financial condition and results of operations.
One could argue that before Enron and the other scandals surfaced, no one accepted ultimate responsibility for finding fraud. Independent auditors disclaim such responsibility in their engagement letters. Internal auditors put disclaimers in their charters. Management looked to audit committees. Audit committees looked to independent auditors. Independent auditors looked to management. Were it not for the phenomenal amount of investment funds and jobs lost by innocent individuals, the whole business would remind one of the "Who's on first" classic comedy routine.
Will fraud detection now become primarily the responsibility of forensic accountants? Will there be forensic sleuths hired every year for the annual audit or carried on staff? Will forensic accountants have a special role in each internal audit function? Will audit committees insist on the services of a forensic accountant? The answer: No one really knows.
The approach up until now based on Sarbanes-Oxley is to make everyone responsible for fighting fraud by increasing all parties' responsibilities for uncovering such fraud in every direction at every step in the process.
Since management may override controls, substantive analytical procedures alone are not well suited for detecting fraud. PCAOB indicates that an auditor's substantive procedures must include reconciling the financial statements to the accounting records. Such substantive procedures also must include reconciling the financial statements to the accounting records. The auditor's substantive procedures also should include examining material adjustments made during the course of preparing the financial statements. Also, other auditing standards require auditors to perform specific tests of detail in the financial statement audit.
For example, AU Sec. 316 requires an auditor to perform tests of detail to further address the risk of management override, whether or not a specific risk of fraud has been identified. Also, AU Sec. 330 states that there is a presumption that the auditor will request the confirmation of accounts receivable. Finally, AU Sec. 331 states that observation of inventories is a generally accepted procedure and that the auditor who issues an opinion without this procedure "has the burden of justifying the opinion expressed."
The adoption of SAS No. 99 by the AICPA was an attempt to close the so-called expectation gap between professional standards and the belief of the outside world that the role of auditors is to find fraud. Now external auditors must gather information needed to identify risks of material misstatements due to fraud, assess these risks, and respond to the results.
A forensic audit is a separate job from a financial statement audit. In a typical forensic audit, there is an allegation of fraud or fraud has already been discovered. The CPA firm is called in as a consultant to gather evidence or to act as an expert witness with respect to legal proceedings relating to the fraud.
Some Standards to Follow
Although the Sarbanes-Oxley Act requires auditors of public companies to follow the PCAOB auditing standard, GAAS issued by the AICPA's Auditing Standards Board apply to all audits of non-SEC-registered entities.
An independent audit is an application of generally accepted auditing standards that have been established by the Auditing Standards Board of the AICPA as follows:
2. In all matters relating to the assignment, independence in mental attitude is to be maintained by the auditor or auditors.
3. Due professional care is to be exercised in the performance of the examination and the preparation of the report.
2. There is to be a proper study and evaluation of the existing internal control as a basis for reliance thereon and for the determination of the resultant extent of the tests to which auditing procedures are to be performed.
3. Sufficient competent evidential matter is to be obtained through inspection, observations, inquires, and confirmations to obtain a reasonable basis for an opinion regarding the financial statements under examination.
2. The report shall state whether such principles have been consistently observed in the current period in relation to the preceding period.
3. Informative disclosures in the financial statements are to be regarded as reasonably adequate unless otherwise stated in the report.
4. The report shall either contain an expression of opinion regarding the financial statements, taken as a whole, or an assertion to the effect that an opinion cannot be expressed. When an overall opinion cannot be expressed, the reasons therefor should be stated. In all cases where an auditor’s name is associated with financial statements, the report should contain a clear-cut indication of the character of the auditor's examination, if any, and the degree of responsibility the auditor is taking. Keep in mind that a Certified Public Accountant should not escape liability if he or she fails to perform at or above a reasonable standards.
· Treasury Department Circular 230.
· AICPA’s Statements on Responsibilities in Tax Practice.
· State legal standards
Circular 230, Section 10.51(j) defines both reckless conduct and gross incompetence; reckless conduct is defined as “a highly unreasonable omission or misrepresentation involving an extreme departure from the standards of ordinary care that a practitioner should observe under the circumstances.” Thus, the definition of reckless conduct for Section 10.51 (j) purposes appears to be limited to giving false opinions.
“Gross incompetence” is conduct that reflects gross indifference, preparation grossly inadequate under the circumstances, or a consistent failure to perform obligations to the client.
Section 10.22 requires a practitioner to exercise due diligence in preparing or assisting in preparing, filing and approving returns, documents, affidavits, and other papers relating to IRS matters, as well as in written or oral representations both to clients regarding IRS-administered matters and to the Treasury. Circular 230 does not define due diligence, however.
In Harary v. Blumenthal [555 F.2d 1113 (CA-2, 1977)], the court stated that under Section 10.22(c), due diligence requires that a practitioner be honest with his or her client in connection with all IRS-related matters; according to this court, the phrasing of the regulation suggests a principal concern with making practitioners accountable for negligence.
Training material of the IRS states that failure to exercise due diligence involves conduct that is “more than a simple error, but less than willful and reckless misconduct.” For more detail, see Gardner and Willey, “The Tax Practitioner’s Guide to Circular 230 (Part II) The Tax Adviser, December, 1995, pp. 711-715.
For more detail, see J. L. Todres, "Investment In A Bad Tax Shelter: Malpractice Recovery From The Tax Adviser Is No Slam-Dunk," Tax Notes, April 11, 2005, pp. 217-229.
A 1994 California court decision illustrates the huge amounts involved in malpractice disputes. In Mattco Forge case, a Los Angeles jury awarded Mattco $42 million -- $14.2 million in compensatory damages and $27.8 million in punitive damages. In addition to the judgment against the accounting firm, an audit partner was ordered to pay $5,000, and the Arthur Young partner was ordered to pay $250,000.
Several types of lawsuits may be brought against accountants:
For a tort, a professional has a duty to exercise the level of care, skill, and diligence normally performed by other members of a profession under similar circumstances. For example, to prove negligence (a tort), a party must prove the following:
Proximate cause generally includes two elements:
See Greenstein, Logan & Company v. Burgess Marketing, Inc., 744 S. W. 2d 170 (Tx. Ct. App. 1987)
An accountant's third-party risk depends upon the states, since there are basically four approaches to third party liability:
In general, plaintiffs have three strategies:
Accountants generally have some defensive strategies:
Arsenic and Accounting