Y2K for CPAs

By Bruce H. Nearon, CPA

Disclosure and Liability Issues

By now it is difficult to believe a CPA who claims he or she did not know about the Y2K problem. Y2K and its effects have received significant coverage in the mass media and professional trade journals, and regulators and accounting standards setters have issued advice for CPAs to consider regarding disclosure issues and other important matters. Y2K is less than a year away, and it is important for CPAs to address these issues and understand the potential liability exposure.

Required Meaningful Disclosure for SEC Audits

CPAs who audit public companies must take note of Securities Exchange Commission Staff Legal Bulletin No. 5, which states that public companies need Y2K disclosures to ensure that their financial information is not misleading. The SEC has made it known publicly that it will not accept boilerplate Y2K disclosure.

Related SEC scrutiny of the financial community includes Chair Arthur Levitt's criticism of earnings management and Director of Enforcement Richard H. Walker's disagreement with practitioners on the appearance of independence. Auditors of public companies cannot wink and nod at Y2K disclosures that are only form and no substance. The SEC has forced the CPA's hand to ensure that public companies disclose Y2K effects in regulatory filings and financial statements.

Small Business Audits, SAS 59, and Going Concern

While SEC-mandated disclosures are important to auditors of public companies, perhaps the gravest Y2K liability threat to the accounting profession lurks in small businesses. Media reports continue to draw attention to Y2K risks for the majority of the nation's small businesses, and estimates for related legal costs could exceed $1 trillion. CPAs who audit small businesses could potentially find themselves exposed to lawsuits.

The AICPA's The Year 2000 Issue: Current Accounting and Auditing Guidance states that CPAs should apply the AICPA Y2K guide to avoid the risk of performing audits not in conformity with GAAS. Professional standard Au 411.16.10b summarizes the hierarchy of GAAP and explains that AICPA audit and accounting guides are the second highest level of GAAP after rulings from FASB, APB, and ARB. Since the AICPA Y2K guide incorporates the higher level standards, a CPA would lack authoritative support for ignoring the guide.

Among the issues discussed in the AICPA guide is Y2K's potential effect on a business's ability to continue to operate. SAS 59, The Auditor's Consideration of an Entity's Ability to Continue as a Going Concern, states:

The auditor has a responsibility to evaluate whether there is substantial doubt about the entity's ability to continue as a going concern for a reasonable period of time, not to exceed one year beyond the date of the financial statements being audited.... The auditor's evaluation is based on his knowledge of relevant conditions and events that exist at or have occurred prior to the completion of fieldwork.

Y2K is within one year and one day of December 31, 1998 year-end audits, and certainly within one year of any audit periods ending during 1999. Audits performed according to GAAS require the application of SAS 59. A CPA cannot claim that he or she did not have knowledge of the risks associated with Y2K failures. It is common knowledge that Y2K potentially can affect most computers, their operating systems, and software, as well as other equipment integral to a business's operation.

In the absence of competent sufficient evidence to the contrary, an auditor should be skeptical of any management assertions that the entity is not at risk for Y2K. Users who rely on financial statements and suffer losses as a result of a business's failure to disclose the Y2K risk in its financial statements or auditor's report may have grounds to sue the auditor. If the auditor's workpapers lack documentation of SAS 59 procedures with specific consideration of Y2K, the courts may conclude that the auditor did not perform the audit in conformance with GAAS and rule that there is liability for losses to those who relied on the auditor's report.