Mindanao State University
College of Business Administration and Accountancy
DEPARTMENT OF ACCOUNTANCY
Marawi City
CPA’S PROFESSIONAL AND LEGAL RESPONSIBILITIES: FRAUD, ERROR, NON-COMPLIANCE AND LEGAL LIABILITY
Accounting 151
MISSTATEMENTS DUE TO ERROR AND FRAUD
The fair presentation of the financial statements in
accordance with financial reporting standards is the
responsibility of the client’s management. The auditor’s
responsibility is to design the audit to provide reasonable
assurance of detecting material misstatements in the
financial statements. These misstatements may emanate
from error, fraud and non-compliance with laws and
regulations.
Error refers to unintentional misstatements in the financial
statements, including the omission of an amount or
disclosure, such as:
A. Mathematical or clerical mistakes in the underlying
records and accounting data.
B. An incorrect accounting estimate arising from
oversight or misinterpretation of facts.
C. Mistake in the application of accounting policies.
Fraud, on the other hand, refers to intentional act by one or
more individuals among management, those charged with
governance, employees or third parties, involving the use of
deception to obtain an unjust or illegal advantage.
Although fraud is a broad legal concept, the auditor should
be primarily concerned with fraudulent acts that cause a
material misstatement in the financial statements. Fraud,
regardless of type, involves what is collectively termed as
the fraud triangle:
A. An incentive or a pressure to commit fraud.
B. A perceived opportunity to do so.
C. Some rationalization of the act.
Types of Fraud as to Who Perpetrates the Fraud
A. Management fraud – fraud involving one or more
members of management or those charged with
governance.
B. Employee fraud – fraud involving only employees of
the entity.
In either case, there may be collusion within the
entity or with third parties outside of the entity.
Types of Fraud Relevant to the Auditor
A. Fraudulent financial reporting – involves intentional
misstatements including omissions of amounts or
disclosures in financial statements to deceive
financial statement users. This type of fraud may be
accomplished by:
 Manipulation, falsification or alteration of
records or documents.
 Misrepresentation in or intentional omission of
the effects of transactions from records or
documents.
 Recording of transactions without substance.
 Intentional misapplication of accounting
policies.
Fraudulent financial reporting often involves
management override of controls that otherwise
may appear to be operating effectively. It can be
caused by the efforts of management to manage
earnings in order to deceive financial statements
users by influencing their perceptions as to the
entity’s performance and profitability.
B. Misappropriation of assets – involves the theft of an
entity’s assets and is often perpetrated by
employees in small and immaterial amounts but
can also involve management who are usually
more able to disguise or conceal misappropriation
in ways that are difficult to detect.
This type of fraud can be accomplished in a variety
of ways, including but not limited to:
Prepared by: Mohammad Muariff S. Balang, CPA, First Semester, AY 2013-2014
 Stealing physical assets or intellectual
property.
 Embezzling receipts.
 Causing an entity to pay for goods and
services not received.
 Using an entity’s assets for personal use.
Misappropriation of assets are often accompanied
by false or misleading records or documents in
order to conceal the fact that the assets are
missing or have been pledged without proper
authorization.
ERROR VERSUS FRAUD
The primary factor that distinguishes fraud from error is
whether the underlying cause of misstatement in the
financial statements is intentional or not.
Although the auditor may be able to identify opportunities
for fraud to be perpetrated, it is often difficult, if not
impossible, for the auditor to determine the intent,
particularly in matters involving management judgment.
Consequently, the auditor’s responsibility for the detection
of fraud and error is essentially the same. The auditor should
also be aware of the fact that:
A. The risk of not detecting a material misstatement
resulting from fraud is higher than the risk of not
detecting a material misstatement resulting from
error. This is because fraud may involve
sophisticated and carefully organized schemes
designed to conceal such as forgery, deliberate
failure to record transactions and intentional
misrepresentations being made to the auditor.
Collusion may cause the auditor to believe that
evidence is persuasive when it is, in fact, false.
B. The risk of the auditor not detecting a material
misstatement resulting from management fraud is
greater than for employee fraud. This is because
management is frequently in a position to directly
or indirectly manipulate accounting records and
present fraudulent financial information or override
control procedures designed to prevent similar
frauds by other employees.
RESPONSIBILITIES OF MANAGEMENT AND THOSE CHARGED
WITH GOVERNANCE
The primary responsibility for the prevention and detection
of fraud rests with both those charged with governance of
the entity and with management. It is important that
management, with the oversight of those charged with
governance, place a strong emphasis on fraud prevention
which may reduce opportunities for fraud to take place
and fraud deterrence which could persuade individuals not
to commit fraud because of likelihood of detection and
punishment.
In exercising oversight responsibility, those charged with
governance consider the potential for override of controls
or other inappropriate influence over the financial reporting
process, such as efforts by management to manage
earnings in order to influence the perceptions of analysts as
to the entity’s performance and profitability.
In regards with the management and those charged with
governance’s responsibility with fraud, PSA 240 requires:
A. The management to establish a control
environment and to implement internal control
policies and procedures designed to ensure,
among others, the detection and prevention of
fraud and error.
B. The individuals charged with governance of an
entity to ensure the integrity of an entity’s
Page|1 of 7
 accounting and financial reporting systems and
that appropriate controls are in place.
RESPONSIBILITIES OF THE AUDITOR
An auditor conducting an audit in accordance with PSAs
obtain reasonable assurance that the financial statements
taken as a whole are free from material misstatement,
whether caused by fraud or error. The auditor is not and
cannot be held responsible for the prevention of fraud and
error.
When obtaining reasonable assurance, the auditor is
responsible for maintaining an attitude of professional
skepticism throughout the audit, considering the potential
for management override of controls and recognizing the
fact that audit procedures that are effective for detecting
error may not be effective in detecting fraud.
Owing to the inherent limitations of an audit, there is an
unavoidable risk that some material misstatements of the
financial statements will not be detected even though the
audit is properly planned and performed in accordance
with PSAs. The subsequent discovery of a material
misstatement of the financial statements resulting from
fraud or error, does not, in and of itself, indicate:
A. A failure to obtain reasonable assurance.
B. Inadequate planning, performance or judgment.
C. The absence of professional competence and due
care.
D. A failure to comply with PSAs.
 PLANNING PHASE
A. When planning the audit, the auditor should make
inquiries of management about the possibility of
misstatements due to fraud and error. Such inquiries
may include:
 Management’s assessment of risks due to
fraud.
 Controls established to address the risks.
 Management’s knowledge of any actual,
suspected or alleged fraud affecting the
entity.
The auditor shall also inquire of those individuals
charged with governance to seek their views on
the adequacy of the accounting and internal
control systems in place, the risk of fraud and error
and the integrity of management.
B. The auditor should assess the risk that fraud or error
may cause the financial statements to contain
material misstatements due to fraud both at the
financial statement level, and at the assertion level
for classes of transactions, account balances and
disclosures.
In this regard, PSA 240, requires the auditor to
specifically “assess the risk of material
misstatements due to fraud and consider that
assessment in designing the audit procedures to be
performed.”
PSA 315 requires discussion among the engagement
team members and a determination by the
engagement partner of which matters are to be
communicated to those team members not
involved in the discussion. This discussion shall place
particular emphasis on how and where the entity’s
financial statements may be susceptible to
material misstatement due to fraud, including how
fraud might occur.
Though fraud is usually concealed making it
difficult to detect, the auditor, using his knowledge
of the business, may identify events or conditions
that provide an opportunity, a motive or a means
to commit fraud or indicate that fraud may already
have occurred. Such events are referred to as
fraud risk factors.
Fraud risk factors do not indicate the existence of
fraud but they often have been present in
circumstances where frauds have occurred (see
the Appendix of PSA 240 for examples).
Prepared by: Mohammad Muariff S. Balang, CPA, First Semester, AY 2013-2014
Responses to Risks of Material Misstatements Due to
Fraud at the Financial Statement Level:
 The audit team may be selected in ways
that ensure that the knowledge, skill and
ability of personnel assigned significant
responsibilities are commensurate with the
auditor’s assessment of risk.
 The auditor may decide to consider
management selection and application of
significant accounting policies, particularly
those related to subjective measurements
and complex transactions (usually relates
to income determination and asset
valuation).
 The auditor may incorporate an element of
unpredictability in the selection of the
nature, timing and extent of audit
procedures.
Responses to Risks of Material Misstatements Due to
Fraud at the Assertion Level:
 The auditor’s ability to assess control risk at
less than high level may be reduced. Thus,
the auditor’s responses may include
changing the nature, timing and extent of
the audit procedures.
 The auditor should be sensitive to the ability
of the management to override controls.
To respond to the risk of management
override of controls, the auditor may:
a. Test the appropriateness of journal
entries recorded in the general
ledger and other adjustments
made in the preparation of
financial statements.
b. Review accounting estimates for
biases that could result in material
misstatement due to fraud.
c. Obtain an understanding of the
business rationale of significant
transactions that the auditor
becomes aware of that are
outside of the normal course of
business for the entity or that
appear otherwise to be unusual
given the auditor’s understanding
of the entity and its environment.
 TESTING PHASE
C. During the course of the audit, the auditor may
encounter circumstances that may indicate the
possibility of fraud. In these circumstances, the
auditor should perform procedures necessary to
determine whether material misstatements exist.
D. After identifying material misstatements in the
financial statements, the auditor should consider
whether such misstatement resulted from a fraud or
an error. This important because error will only result
to an adjustment in the financial statements
whereas fraud may have other implications on an
audit.
If the auditor believes that the misstatement is, or
may be the result of fraud, but the effect on the
financial statements is not material, the auditor
should:
 Refer the matter to the appropriate level of
management, at least one level above
those involved.
 Be satisfied that, given the position of the
perpetrator, the fraud has no other
implications for other aspects of the audit
or that those implications have been
adequately considered.
However, if the auditor detects a material fraud or
has been unable to evaluate whether the effect
on the financial statements is material or
immaterial, the auditor should:
Page|2 of 7
  Consider implication for other aspects of
the audit particularly the reliability of
management representations.
 Discuss the matter and the approach for
further investigation with an appropriate
level of that is at least one level above
those involved. Consider as well the need
to communicate the matter to those
charged with governance.
 Attempt to obtain evidence to determine
whether a material fraud in fact exists and
if so, their effect.
 Suggest that the client consult with legal
counsel about questions of law.
 COMPLETION PHASE
E. The auditor should obtain a written representation
from the client’s management that:
 It acknowledges its responsibility for the
implementation and operations of
accounting and internal control systems
that are designed to prevent and detect
fraud and error.
 It believes the effects of those uncorrected
financial statement misstatements
aggregated by the auditor during the
audit are immaterial, both individually and
in the aggregate, to the financial
statements taken as a whole. A summary
of such items should be included or
attached to the written representations.
 It has disclosed to the auditor all significant
facts relating to any frauds or suspected
frauds known to management that may
have affected the entity.
 It has disclosed to the auditor results of its
assessment of the risk that the financial
statements may be materially misstated as
a result of fraud.
 AUDITOR’S REPORT OR WITHDRAWAL FROM ENGAGEMENT
F. When the auditor believes that material error or
fraud exists, he should request the management to
revise the financial statements. Otherwise, the
auditor will express a qualified or adverse opinion.
G. If the auditor is unable to evaluate the effect of
fraud on the financial statements because of a
limitation on the scope of the auditor’s
examination, the auditor should either qualify or
disclaim his opinion on the financial statements.
H. If, as a result of a misstatement resulting from fraud
or suspected fraud, the auditor encounters
exceptional circumstances that bring into question
the auditor’s ability to continue performing the
audit, the auditor shall:
 Determine the professional and legal
responsibilities applicable in the
circumstances, including whether there is a
requirement for the auditor to report to the
person or persons who made the audit
appointment or, in some cases, to
regulatory authorities.
 Consider whether it is appropriate to
withdraw from the engagement, where
withdrawal from the engagement is legally
permitted.
 If the auditor withdraws, he should:
a. Discuss with the appropriate level
of management and those
charged with governance the
auditor’s withdrawal from the
engagement and the reasons for
the withdrawal.
b. Determine whether there is a
professional or legal requirement
to report to the person or persons
who made the audit appointment
or, in some cases, to regulatory
Prepared by: Mohammad Muariff S. Balang, CPA, First Semester, AY 2013-2014
authorities, the auditor’s withdrawal
from the engagement and the
reasons for the withdrawal.
Examples of exceptional circumstances that may
arise and that may bring into question the auditor’s
ability to continue performing the audit include:
 The entity does not take the appropriate
action regarding fraud that the auditor
considers necessary in the circumstances,
even when the fraud is not material to the
financial statements.
 The auditor’s consideration of the risks of
material misstatement due to fraud and
the results of audit tests indicate a
significant risk of material and pervasive
fraud.
 The auditor has significant concern about
the competence or integrity of
management or those charged with
governance.
 REQUIRED DOCUMENTATION
I. The auditor’s documentation of the understanding
of the entity and its environment and the
assessment of the risks of material misstatement
required by PSA 315 shall include:
 The significant decisions reached during
the discussion among the engagement
team regarding the susceptibility of the
entity’s financial statements to material
misstatement due to fraud.
 The identified and assessed risks of material
misstatement due to fraud at the financial
statement level and at the assertion level.
J. The auditor’s documentation of the responses to
the assessed risks of material misstatement required
by PSA 330 shall include:
 The overall responses to the assessed risks
of material misstatement due to fraud at
the financial statement level and the
nature, timing and extent of audit
procedures, and the linkage of those
procedures with the assessed risks of
material misstatement due to fraud at the
assertion level.
 The results of the audit procedures,
including those designed to address the
risk of management override of controls.
 COMMUNICATION OF IDENTIFIED ERRORS AND FRAUD
To management of misstatements – error
K. The auditor should communicate to management
and to those with governance if necessary, any
identified material misstatements resulting from
error. In addition, the auditor should communicate
also those uncorrected misstatements aggregated
by the auditor during the audit that were deemed
by management as immaterial to the financial
statements.
To management of misstatements – fraud
L. Whether the misstatements due to fraud is material
or not, the auditor should report the same to the
appropriate level of management and to those
charged with governance. Whether fraud exists or
may exist, the auditor should report the same to the
appropriate level of management and those
charged with governance. Where necessary, the
auditor should suggest that management consult
with legal counsel.
To regulatory and enforcement agencies
M. As a general rule, the auditor’s professional duty to
maintain confidentiality of client information
ordinarily precludes reporting fraud and error to a
party outside the client entity. However, the duty of
confidentiality may be overridden by statute, the
law or courts of law.
Page|3 of 7
 N. The auditor shall document communications about
fraud made to management, those charged with
governance, regulators and others. When the
auditor has concluded that the presumption that
there is a risk of material misstatement due to fraud
related to revenue recognition is not applicable in
the circumstances of the engagement, the auditor
shall document the reasons for that conclusion.
MISSTATEMENTS DUE TO NON-COMPLIANCE
Non-compliance refers to acts of omission or commission
by the entity being audited, either intentional or
unintentional, which are contrary to the prevailing laws and
regulations. Such acts include transactions entered into by,
or in the name of, the entity or on its behalf by its
management or employees. However, non-compliance
does not include personal misconduct (unrelated to the
business activities of the entity) by those charged with
governance, management or employees of the entity.
Common examples of non-compliance include tax
evasion, violation of environmental protection laws and
inside trading of securities.
FRAUD AND ERROR VERSUS NON-COMPLIANCE
The unavoidable risk that some material misstatements in
the financial statements will not be detected, even though
the audit is properly planned and performed in
accordance with PSAs is higher with regards to material
misstatements resulting from non-compliance with laws and
regulations because:
A. There are many laws and regulations, relating
principally to the operating aspects of an entity
that typically do not affect the financial statements
and are not captured by the entity’s information
systems relevant to financial reporting.
B. Non-compliance may involve conduct designed to
conceal it, such as collusion, forgery, deliberate
failure to record transactions, management
override of controls or intentional misrepresentations
being made to the auditor.
C. Whether an act constitutes non-compliance is
ultimately a matter for legal determination by a
court of law.
RESPONSIBILITIES OF MANAGEMENT AND THOSE CHARGED
WITH GOVERNANCE
It is the responsibility of management, with the oversight of
those charged with governance, to ensure that the entity’s
operations are conducted in accordance with the
provisions of laws and regulations. The responsibility for the
prevention and detection and non-compliance rests with
management.
The following are examples of the types of policies and
procedures an entity may implement to assist in the
prevention and detection of non-compliance with laws
and regulations:
A. Monitoring legal requirements and ensuring that
operating procedures are designed to meet these
requirements.
B. Instituting and operating appropriate systems of
internal control.
C. Developing, publicizing and following a code of
conduct.
D. Ensuring employees are properly trained and
understand the code of conduct.
E. Monitoring compliance with the code of conduct
and acting appropriately to discipline employees
who fail to comply with it.
F. Engaging legal advisors to assist in monitoring legal
requirements.
G. Maintaining a register of significant laws and
regulations with which the entity has to comply
within its particular industry and a record of
complaints.
However, in larger entities, these policies and procedures
may be supplemented by assigning appropriate
responsibilities to an internal audit function, an audit
committee or a compliance function.
Prepared by: Mohammad Muariff S. Balang, CPA, First Semester, AY 2013-2014
RESPONSIBILITIES OF THE AUDITOR
An audit cannot be expected to detect non-compliance
with all laws and regulations. Nevertheless, the auditor
should recognize that non-compliance by the entity with
laws and regulations may materially affect the financial
statements.
 PLANNING PHASE
A. As part of obtaining an understanding of the entity
and its environment in accordance with PSA 315
the auditor should obtain a general understanding
of the legal and regulatory framework applicable
to the entity and the industry and how the entity is
complying with that framework.
To obtain a general understanding of the laws and
regulations, the auditor would ordinarily:
 Use the auditor’s existing understanding of
the entity’s industry, regulatory and other
external factors.
 Inquire of management as to other laws or
regulations that may be expected to have
a fundamental effect on the operations of
the entity.
 Inquire of management concerning the
entity’s policies and procedures regarding
compliance with laws and regulations.
 Discuss of management regarding the
policies or procedures adopted for
identifying, evaluating and accounting for
litigation claims.
 Discuss the legal and regulatory framework
with auditor of subsidiaries in other
countries.
B. After obtaining the general understanding, the
auditor would then:
 Design audit procedures to obtain
sufficient appropriate audit evidence
about compliance with the provisions of
those laws and regulations generally
recognized by the auditor to have a direct
effect on the determination of material
amounts and disclosures in the financial
statements such as tax and pension laws
and regulations.
 Design audit procedures to help identify
non-compliance with those laws and
regulations that may have a material
indirect effect on the financial statements
such as compliance with the terms of an
operating license and compliance with
environmental regulations.
a. Inquiring of management and,
where appropriate, those charged
with governance, as to whether
the entity is in compliance with
such laws and regulations.
b. Inspecting correspondence, if any,
with the relevant licensing or
regulatory authorities.
 TESTING PHASE
C. When the auditor becomes aware of information
concerning a possible instance of non-compliance,
the auditor should obtain an understanding of the
nature of the act and the circumstances in which it
has occurred and sufficient other information to
evaluate the possible effects on the financial
statements.
When evaluating the possible effect on the
financial statements, the auditor should consider:
 The potential financial consequences,
such as fines, penalties, damages,
enforced discontinuation of operations,
threat of expropriation of assets and
litigation.
 Whether potential financial consequences
requires disclosure.
Page|4 of 7
  Whether potential financial consequences
are so serious as to call into question the
fair presentation given by the financial
statements.
Indications of Possible Non-Compliance with Laws
and Regulations
 Investigations by regulatory organizations
and government departments or payment
of fines or penalties.
 Payments for unspecified services or loans
to consultants, related parties, employees
or government employees.
 Sales commissions or agent’s fees that
appear excessive in relation to those
ordinarily paid by the entity or in its industry
or to the services actually received.
 Purchasing at prices significantly above or
below market price.
 Payments for goods or services made other
than to the country from which the goods
or services originated.
 Unusual payments in cash, purchases in
the form of cashiers’ checks payable to
bearer or transfers to numbered bank
accounts.
 Unusual transactions with companies
registered in tax havens.
 Payments without proper exchange
control documentation.
 Existence of an information system which
fails, whether by design or by accident, to
provide an adequate audit trail or
sufficient evidence.
 Unauthorized transactions or improperly
recorded transactions.
 Adverse media comment.
D. When the auditor believes there may be non-
compliance, the auditor should document the
findings and discuss them with management and,
where appropriate those charged with
governance.
The auditor shall also consider the implication of
the non-compliance on other aspects of the audit,
including the risk assessment and the reliability of
written representations and take appropriate
action.
E. The auditor should communicate with those
charged with governance matters involving non-
compliance with laws and regulations that come
to the auditor’s attention during the course of the
audit, other than when the matters are clearly
inconsequential. If in the auditor’s judgment, the
non-compliance is believed to be intentional and
material, the auditor shall communicate the matter
to those charged with governance as soon as
practicable.
If the auditor suspects that management or those
charged with governance are involved in non-
compliance, the auditor shall communicate the
matter to the next higher level of authority at the
entity, if it exists, such as an audit committee or
supervisory board. Where no higher authority exists,
or if the auditor believes that the communication
may not be acted upon or is unsure as to the
person to whom to report, the auditor shall
consider the need to obtain legal advice.
 COMPLETION PHASE
F. The auditor should obtain from management and,
where appropriate, those charged with
governance written representations that all known
instances of non-compliance or suspected non-
compliance with laws and regulations whose
effects should be considered when preparing
financial statements have been disclosed to the
auditor.
Prepared by: Mohammad Muariff S. Balang, CPA, First Semester, AY 2013-2014
 AUDITOR’S REPORT OR WITHDRAWAL FROM ENGAGEMENT
G. When the auditor believes that there is non-
compliance with laws and regulations that
materially affects the financial statements, he
should request the management to revise the
financial statements. Otherwise, a qualified or
adverse opinion will be issued.
H. If a scope limitation has precluded the auditor from
obtaining sufficient appropriate evidence to
evaluate the effect of non-compliance with laws
and regulations, the auditor should express a
qualified opinion or a disclaimer of opinion.
I. The auditor may conclude that withdrawal from
the engagement is necessary when the entity does
not take the remedial action that the auditor
considers necessary in circumstances, even when
the non-compliance is not material to the financial
statements.
 DOCUMENTATION OF IDENTIFIED NON-COMPLIANCE
J. The auditor shall document identified or suspected
non-compliance with laws and regulations and the
results of discussion with management and, where
applicable, those charged with governance and
other parties outside the entity. The auditor’s
documentation of findings regarding identified or
suspected noncompliance with laws and
regulations may include, for example:
 Copies of records or documents.
 Minutes of discussions held with
management, those charged with
governance or parties outside the entity.
AUDITOR’S LEGAL LIABILITY AND RESPONSIBILITY
Potential litigation is a major concern to auditors.
Professionals have always a duty to provide reasonable
level of care while performing work for those they serve.
Audit professionals have a responsibility under law to fulfill
expressed and implied contracts with clients. They are liable
to their clients for negligence and breach of contracts
should they fail to provide the services or not exercise due
care in their performance.
When investors and creditors suffer losses from a bankrupt
entity, they look for deep pockets, those who have the
ability to pay for their losses if ordered to do so by a court.
Accounting firms are often considered deep pockets
because they are composed of a number of partners each
of whom is personally liable for the firm’s actions and carries
professional liability insurance.
Lawsuits against auditors typically involve alleged
misstatements that the auditors did not detect in the
financial statements. Other typical lawsuits brought by
clients against CPA firms involve claims that the auditor:
A. Did not discover an employee defalcation as a
result of negligence in the conduct of the audit.
B. Did not complete the audit on the agreed date.
C. Inappropriate withdrawal from an audit.
LEGAL CONCEPTS RELATED TO AUDITOR’S LIABILITY
A. Due professional care.
There is an agreement within the profession and
the courts that the auditor is not a guarantor of the
statement’s accuracy. Auditors are not infallible
and can make errors in judgment. But auditors are
expected to exercise the same reasonable care
with which others in the profession would perform in
similar circumstances.
B. Sources of responsibility.
The auditor’s legal responsibilities to others are
established either by:
 Common laws – those that have been
developed through court decisions rather
than government statutes.
 Statutory laws – those bodies of laws
passed by legislative bodies such as the
Congress.
Page|5 of 7
 C. Degree of wrongdoing.
At one end, the auditor commits no wrongdoing.
The auditor performed an appropriate audit and
issued an appropriate report. On the other end, the
auditor commits fraud. The auditor issues a report
on the financial statements with the intent to
deceive. Despite knowing that the financial
statements are misstated, the auditor did not take
appropriate action to report the misstatements.
Courts have identified two other degrees of
wrongdoing. Ordinary negligence or simply
negligence implies the absence of reasonable
care that can be expected of a person in a set of
circumstances. Auditors are guilty of negligence if
they do not do what reasonably prudent auditors
should do in the circumstances. Auditors are guilty
of gross negligence if they consistently fail to follow
or recklessly disregard standards of the profession
on an engagement. Gross negligence is also
known as constructive fraud.
Courts distinguish between these four degrees of
wrongdoing depending on the particular
circumstances of the case or the pertinent legal
precedent.
D. Lack of privileged communication.
Generally, CPAs shall not disclose any confidential
client information without the specific consent of
the client. Permission, however, is not required from
the client if working papers are subpoenaed by the
court. Under common law, information obtained
by a CPA from a client is not privileged. Information
is privileged if legal proceedings cannot require a
person to provide the information even if there is a
subpoena. Confidential discussions between client
and auditor cannot be withheld from courts.
E. Liability for acts of others.
The partners in a CPA firm are jointly liable for civil
actions against a partner. They are also liable for
the work of others such as their employees, other
CPA firms engaged to do part of the work and
specialists or experts called upon to provide
technical information.
LEGAL LIABILITY OF THE INDEPENDENT AUDITOR
A. Auditor’s liability to his clients.
A CPA is obliged to exercise due professional care
during the engagement including adherence to
professional standards and ethics. Failure by the
CPA to exercise this degree of care may constitute
negligence and breach of contracts to render
professional service. An honest error doesn’t
constitute negligence on the part of CPA so long
as he has exercised due professional care.
If an undetected fraud is so widespread and of
such magnitude as to cause the financial
statements to be materially misstated, the
argument may be advanced that the auditor’s
procedures were clearly inadequate and that the
auditor was negligent. In the event that the auditor
is found negligent, a client is entitled to recover
any losses to which the auditor’s negligence was
proximate cause. The client may also recover the
audit fee because of the auditor’s breach of
contract.
B. Auditor’s liability to third parties.
Creditors, investors and other third parties also rely
upon the auditor’s work when they place their
confidence in audited financial statements.
Independent auditors are liable to all foreseeable
third parties for losses which are caused by the
auditor’s fraud or gross negligence. Auditor’s
Prepared by: Mohammad Muariff S. Balang, CPA, First Semester, AY 2013-2014
expression of an opinion on financial statement
when, in fact, he has no basis for an opinion is
considered gross negligence.
C. CPA’s responsibility in tax practice.
The CPA as tax advisers has a primary responsibility
to the client to ensure that the client pays the right
kind and proper amount of tax. As a tax adviser,
the CPA may properly resolve questionable issues
in favor of the client but at the same time must
adhere to the same standards of trust and personal
integrity in tax work as in all other professional
services.
A CPA on tax engagements has a secondary
responsibility to the public whose interests are
represented by the government, specifically the
BIR. To meet this responsibility, CPAs must observe
the client’s declarations on tax returns they
prepare. Though not required to investigate, CPA
should not disregard any clues that cast doubt on
the accuracy of information provided by taxpayers.
In addition, CPAs should look into the series of
pronouncements, rules and regulations on tax
matters issued by the Department of Finance as
follows:
 BIR Revenue Regulation No. 3 – 90.
 PAPS 1001Ph.
 Section 321 (C) of the National Internal
Revenue Code.
DEFENSES AVAILABLE TO AUDITORS
Defenses against Client Suits
A. There was no implied or expressed contract to
perform the service. This is referred to as lack of
duty to perform.
B. The audit was performed using reasonable care or
the lack of reasonable care did not cause the
damage.
C. The reliance on the financial statements did not
cause the loss. This is also referred to as absence of
causal connection.
D. In cases in which a tort is involved, auditors in some
jurisdiction can claim contributory negligence. This
means that the client’s own actions contributed to
the loss.
E. The statute of limitations on the action has expired.
Defenses against Third Party Lawsuits
A. The preferred defense in third party lawsuits is non-
negligent performance. If the audit was conducted
in accordance with GAAS, the other defenses are
unnecessary.
B. A lack of duty can also be used. This defense
contends the lack of privity of contract which limits
the liability to the parties of a given contract. Under
privity, the auditor is not liable to third parties for
ordinary negligence.
C. The auditor may use the absence of causal
connection. The third party must be able to prove
that there is a close causal connection between
the auditor’s breach of the standard of due care
and the damages suffered by the third party. This
could be construed as non-reliance on the
financial statements by the user.
D. The statute of limitations on the action has expired.
Contributory negligence is not available in third party
lawsuits because third parties are not in a position to
contribute to misstated financial statements.
MINIMIZING EXPOSURE TO LEGAL LIABILITY
In the light of auditor’s extensive exposure to obligation,
public accounting firms must take positive action to
withstand the threat of legal liability. These actions include:
A. Emphasize compliance with GAAS, the Code of
Ethics for Professional Accountants and where
appropriate GAAP.
B. Avoid companies and industries in which the risk of
litigation is high.
Page|6 of 7
 C. Thoroughly investigate prospective clients. Avoid
taking on clients when there are indications of
deliberate management misrepresentation.
D. Exercise extreme care in the audit of clients in
financial difficulties.
E. Establishing and following appropriate quality
control procedures over all audit work.
F. Use engagement letters which clearly point out to
the client the scope of auditor’s services and
responsibilities on a particular engagement.
G. Conduct the audit with appropriate professional
skepticism.
H. Provide the opportunity for auditor to consult with
more experienced auditors about difficult issues.
I. Maintain adequate professional liability insurance
coverage. This is however no a common practice
in the Philippines.
J. Seek legal counsel whenever serious problem
occur.

Prepared by: Mohammad Muariff S. Balang, CPA, First Semester, AY 2013-2014 Page|7 of 7