Final notice for audit? Legal impact of auditors failing to raise the red flags of potential insolvencies16 Feb 2022 // Insights
Charles Burrell and David Wheeler analysed the pressure on audit firms to make sure teams have the right experience and have enough insurance in place...
Last summer, PwC were sued by administrators over allegations of negligence to spot fraud of car dealership JD Classics. Unfortunately, headlines such as this are now not uncommon. A common decision those acting for those who have suffered loss through fraud is how to recover those losses. If the fraud is due to the dishonesty of employees there may be insurance to cover the loss, or the company may decide to keep the matter quiet to minimise reputational damage. If there has been a criminal complaint, there may confiscation and possible civil recovery against the employee but where there has been fraud by the management which results in significant damage to or the collapse of the company the possibility of recovery becomes limited. Then, the attention of the remaining management or the Liquidator will centre on the most likely source of redress – the insured and possibly well-funded firm of accountants who have been charged with checking that financial statements made by the company are free from negligent or intentional misstatement. Unless the auditors have limited their liability, the auditors also risk claims for negligence from third parties, such as banks or shareholders, who have suffered loss from the fraud.
It is incumbent on any audit team to ensure that the requirements of ISA 240 are complied with scrupulously and that those requirements are properly documented to allow their work to be defended if needed. The latest case against PWC shows that lawyers for the administrators of JD Classics have drilled down into the audit strategy, the competence of the team assigned and level of professional scepticism showed in the audits from 2015 to 2018 which allowed major financial misstatements to go undetected or challenged. Although PWC are defending the case the potential damages and costs are enormous. We have no idea what the audit letter contains, but one has to ask if there were sufficient disclaimers within it to deal with what is alleged to be fraud by the founder, Derek Hood. It is also to be seen whether there an enforceable limitation of liability clause.
The Auditor is responsible for communicating to Management and those charged with Governance when fraud is detected or suspected. The level of communication depends on the level of fraud, the perpetrator and whether the senior levels of Management and Governance can be relied on to properly investigate and prevent future occurrences and report the incident(s) to the relevant authorities where necessary. If the Auditor does not have confidence that this will happen, legal advice may be necessary on the question of whether to communicate the concerns to regulatory or supervisory authorities as the duty of confidentiality is a burden not easily avoided.
The allegation in the PWC case suggests that there was a failure to identify the fraudulent transactions themselves which suggests that it may be that the teams involved did not appreciate what the risks of fraud were with JD Classics. However, there are historic fraud cases involving similar business models where active deception of auditors took place which should have put them on notice of where the risks lay. A prominent cause celebre in 1997 involved the deception of Coopers and Lybrand by the directors of Swithland Motors who engaged in wholesale fraud in virtually every aspect of their business including misstating the value of transactions and padding inventory (using the employees’ own cars) which should have given a warning for any future audits of similar businesses.
Thorough and accurate scrutiny of financial statements and obtaining sufficient experience of the businesses being audited may increase costs, but the auditors risk a claim if they skimp on the detail.
It is likely that the fraudster will be aware of the risk of an audit, seek to cover their tracks from the auditors and even use the audit to cover or perpetuate the fraud. In cases where the auditors have been deliberately misled cases can be brought for fraudulent misstatement or for an offence under section 501 of the Companies Act. A finding might help an auditor to show that the right level of care was used and that a reasonably competent auditor might not have found the fraud. However, they will still want to show that the right level of care was used, which will be much harder without the right experience in place.
An auditor’s insurance and often deep pockets makes them an obvious target for a civil claim. Moreover, the high burden of proof in fraud often makes a claim for negligence or breach contract, without the need to prove the fraud, an easier and cheaper alternative to suing the perpetrator. The ever-increasing sophistication of frauds, will put ever more pressure on firms to make sure that teams have the right experience and, ultimately, that they have enough insurance in place.
What to read next
Senior Associate Fiona Mendel has written for People Management providing advice for employers on how best to support workers who experience the loss ...