Litigation Risk Management

Litigation Risk Management
Has the CPA Become the CYA?

MAY 2006 - There is a growing awareness in our society of the responsibilities of certified public accountants and the role CPAs play in maintaining the integrity of our economic system. As our visibility has increased, however, so has our potential liability, especially to the users of our services. In many cases, our knee-jerk reaction has been to cover our assets by focusing on the minutiae in the rules. As a result, we’re unable to see the forest for the trees.

In response to my March editorial, “Certified Public Accounting: It Isn’t Just About Numbers,” reader Dave Tatlock, CPA, CPCU, wrote:

I’ve been in the profession for 20 years, the first 13 as an auditor. The thing I have found troubling about how our profession has evolved since my days as a staff accountant is how litigation risk management has transformed the audit process. The profession has largely taken a defensive approach to managing this risk: increasing required disclosures (often without regard to the usefulness of the information being presented), while reducing as much as possible the public’s expectations of the value of the audit process. The CPA has become the CYA.

So here come the auditors, disclaiming responsibility for being able to detect fraud, discover materially misstated balances, or unravel complex transactions. In several recent cases, they have been able to offer real proof of their inabilities in these areas. With the notable exception of SAS 99, the profession’s message to the investing public has been that auditors are basically powerless in the face of management that would manipulate results. Where does this end?

The way to change perceptions is to change reality—public accounting firms need to go on the offensive, and take more responsibility that the financial statements they audit can be relied upon. They need to produce a real value-added service to the companies they audit and to the general public, and to charge accordingly for this service. A strong profession, backed by the confidence of the investing public, can then take an offensive position against litigation risk, rather than trying to avoid financial responsibility by seeking to diminish its own importance in the eyes of the public.

The “top 10” list of auditors’ worst nightmares includes learning that their audit risk has become a reality. Audit risk is defined as the risk that an auditor will conclude that the financial statements are fairly stated and an unqualified opinion may be issued, when they are in fact materially misstated. So what can be done to address the checklist “CYA” mentality that has evolved from the fear of litigation due to this risk? How do we address these issues and, at the same time, not diminish the value of our services or abrogate our responsibility to the investing public?

Charge appropriately. The problem of not charging appropriately for the value of an auditor’s time and services has never been more apparent than in not-for-profit sector audits. The Roslyn school district scandal is the most glaring example. Miller, Lilly & Pearce, the CPA firm that audited that school district, was cited in a report by New York State Comptroller Alan G. Hevesi for a lack of documentation and evidence to support the firm’s audit conclusions. In the 2001/02 audit, New York State auditors discovered 128 instances where the CPA firm lacked adequate information to support conclusions, and another 77 similar deficiencies in the 2002/03 audit. When planning the 2002/03 audit, the firm failed to increase testing, despite its knowledge that fraud had occurred during the prior year. The firm checked “N/A” (not applicable) on the audit form for “Our overall procedures indicate no indications of possible illegal actions and there is no need to follow-up in accordance with professional standards.” Ultimately, the district received what it paid for: an audit so flawed and so far below professional standards that it failed to identify the millions that were apparently misappropriated.

Ditch the checklist mentality. Education and training for CPAs should include all the requisite knowledge and skills to fulfill the public’s expectations of our role as financial watchdogs. With the appropriate background, it is not unreasonable to expect CPAs to use our professional judgment based on the evidence gathered during the course of an audit. Yet, many CPA firms are more concerned with following the letter of the law than its essence. Unfortunately, our standards-setting bodies have unwittingly contributed to this problem. Standards should include a clear objective or purpose in the opening summary. While providing examples for implementation might be helpful, it’s impossible to include every possible contingency, and ultimately, there’s the temptation to simply use the examples as a checklist (aka the CPA’s security blanket).

Educate the public and rebuild confidence. Finally, and most important, our profession needs to educate the public about the value of the attest function. Without the confidence of the investing public, the CPA may become N/A.

As Benjamin Franklin said, “The only way to be safe is never to be secure.”

Mary-Jo Kranacher, MBA, CPA, CFE
Editor-in-Chief
mkranacher@nysscpa.org

Close