Written by:








An audit of financial statements is obligatory in Nigeria and its responsibility is placed upon the shoulders of directors of the company. After preparing the financial statements, the company directors will engage the services of auditors to conduct an audit and determine if the assertions made in the financial statements fairly portray the operation of the company’s business and its financial health.

Auditors are fiduciaries and may be liable to the company for negligent discharge of their duties. Before embarking on the audit, the auditor usually prepares an “engagement letter” in which the terms and responsibilities of both parties are clearly stated. Accordingly, the first point of call to determine the auditor’s liability is under contract represented by the engagement letter. Thus, in discharging their duties, auditors may incur liability in contract. Auditors may also be liable under tort of negligence, and sometimes under criminal law.


Auditors are fiduciaries and may be liable to the company for negligent discharge of their duties. For instance, under section 369 CAMA auditors are liable for the loss suffered by their clients for negligence in carrying out their duties. This liability is at the suit of the directors. If the directors fail to proceed against the auditors, any member may do so upon the expiration of a mandatory notice of 30 days given to the company of his intention to institute such an action.


Although in the normal case the auditors must only exercise an ordinary degree of care and skill and are, for example, entitled to accept statements on key matters from the company itself, 30 the picture changes once there is any cause for suspicion; the auditor is then placed under a positive duty to enquire and investigate and may be held liable to anyone affected by his actions. In Re Thomas Gerrard & Sons, auditors were held to be liable for their failure to investigate further and detect the fraudulent dealing, which lay behind their discovery of altered invoices; this was a breach of their duty of care and skill as owed to the company, but there seems no reason why similar criteria should not be relevant in a negligence action brought by an outsider. Therefore, auditors’ liability to the company can be based on contractual or tortious liability. It is noteworthy that the Nigerian, as well as the English law, has no cap on the extent of liability founded either in contract or tort. Some countries within the European Union have legislation prescribing a cap on the liability of auditors to the company.


The matter becomes more complex, however, when the plaintiff is a third party who detrimentally relies on the strength of an erroneous audit report. Under common law, such claims are tried under the principles of tort of negligence. But because ‘liability for negligent misstatement is not an autonomous category within negligence law it is usually analyzed in the wider context of pure economic loss’and economic loss is generally not recoverable under the common law.


Claims for pure economic loss were rejected out rightly by the common law courts. The position of the law was that claim for compensation for loss suffered must be an action for breach of contract or for negligence. Once the plaintiff could not prove privity the action under contract would fail. Any claim under the tort of negligence would as well not succeed unless there was proximity between the plaintiff and the defendant or the damage is reasonably foreseeable to the defendant. Apart from all these, the plaintiff must also show that the loss suffered by him was not pure economic loss, in order to be recoverable.


The common law does not comprehend allocation of risks and opportunities for pure economic loss outside the strictures of contract. The general rule under common law is that third parties can neither be bound nor be endowed by an agreement to which they are not a party. Only parties who have furnished consideration can claim.


Auditors may incur liability to others in a number of ways, the extent of which liability is explored in this article. Of most relevance is liability in tort for negligent misstatement. Such liability has developed in English law over many years. Liability for negligent misstatement occurs where a person possessing certain skills or knowledge makes a statement to another whom he knows (or ought to know) will rely on it for a given purpose, and that other person does in fact rely on it to his detriment. The liability may be limited in certain circumstances by agreement (subject to certain safeguards for consumers). English courts have established that liability for negligent misstatement can be established only where there is sufficient proximity between the parties and where it is just and reasonable to impose a duty of care. In order to establish proximity, the statement must be made to, or knowing that it will be provided to, the potential claimant and relied on by that person.  The locus classicus on liability to third parties for negligent misstatements is Hedley Byrne and Co Ltd v. Heller & Partners Ltd. It held that liability for negligent misstatement resulting in financial loss is not limited only to cases where there is an existing contractual or fiduciary relationship. As has been pointed out with regard to the liability of auditors for breach of duty to persons other than members under the principle:

such a duty will arise where a person gives information or advice in such circumstances that a reasonable man in his position would know that his skill and judgment was being relied upon, unless he expressly disclaims responsibility for its accuracy, and the auditor is clearly a person who may fall within this category.


Auditors’ Liabilities

Auditor liability is increasingly concerning, both in terms of audit quality and the reputation of the profession but also in terms of the cost to the industry and the barriers this creates to competition within the audit market.


This considers the current legal position of auditors. It also discusses the impact on the competitiveness of the audit market and some of the methods available to limit exposure to expensive litigation.


Auditors perform audits and sign audit reports. These reports are the auditors’ opinions on the truth and fairness, etc. of the financial statements. Auditors are known to be competent and honest. So, if the auditors opine that the financial statements show a true and fair view, of the financial statements will have faith in them because they have faith in the auditors.


Therefore, the auditor has a responsibility to do his work honestly and with reasonable care and skill as his work is relied upon by others. At this point, we have to note that:

  • An auditor may fail to exercise sufficient skill and care;
  • consequently, some fraud or error may be undiscovered, or he may fail to discover that the accounts fail to show a true and fair view, or may contain a material misstatement;
  • As a result, somebody who relies on the work of the auditor may lose money;
  • This loss of money flows from the failure of the auditor to do his job properly;
  • The auditor may have to make good from his own resources the loss suffered by another person, that is, to pay damages which flow from his negligence.


Minimising Liabilities

Auditors can minimise their potential liability for professional negligence in several ways, which include the followings.

  1. Not being negligent;
  2. Following the precepts of the auditing standards;
  3. Agreeing the duties and responsibilities in the engagement letter (Engagement letter should specify the specific tasks to be undertaken and exclude specifically, those that are not to be taken. It should also define the responsibilities to be undertaken by the client and specify any limitations on the work to be undertaken).
  4. Defining in their report the precise work undertaken, the work not undertaken, and any limitations to the work. This is so that any third party will have knowledge of the responsibility accepted by the auditor for the work done;
  5. Stating in the engagement letter the purpose for which the report has been prepared and that the client may not use it for any other purpose;
  6. By stating in any report the purpose of the report and that it may not be relied on for any other purpose;
  7. By identifying the authorised recipients of report in the engagement letter and in the report;
  8. By defining the scope of professional competence to include only matters within the auditors’ competence. Do not take on work you are not proficient in.


Types of Liability

Auditors are potentially liable for both criminal and civil offences. The former occur when individuals or organisations breach a government imposed law; in other words criminal law governs relationships between entities and the state. Civil law, in contrast, deals with disputes between individuals and/or organisations.


Criminal offences

Like any individual or organisation auditors are bound by the laws in the countries in which they operate. So under current criminal law auditors could be prosecuted for acts such as fraud and insider trading.


Audit is also subject to legislation prescribed by the Companies Act 2006. This includes many sections governing who can be an auditor, how auditors are appointed and removed and the functions of auditors.


One noteworthy offence from the Companies Act is that of ‘knowingly, or recklessly causing a report under section 495 (auditor’s report on company’s annual accounts) to include any matter that is misleading, false or deceptive in a material particular’ (s.507).


This means that auditors could be prosecuted in a criminal court for either knowingly or recklessly issuing an inappropriate audit opinion.


Civil offences

There are two pieces of civil law of particular significance to the audit profession; contract law and the law of tort. These establish the principles for auditor liability to clients and to third parties, respectively.

Under contract law parties can seek remedy for a breach of contractual obligations. Therefore shareholders can seek remedy from an auditor if they fail to comply with the terms of an engagement letter. For example; an auditor could be sued by the shareholders, which was the case in the PwC settlement to Tyco shareholders referred to above.

Under the law of tort auditors can be sued for negligence if they breach a duty of care towards a third party who consequently suffers some form of loss.


Case history

The application of the law of tort in the auditing profession, and the way in which auditors seek to limit their exposure to the ensuing liabilities, has been shaped by a number of recent landmark cases. The most notable of these are Caparo Industries Plc (Caparo) v Dickman (1990) and Royal Bank of Scotland (RBS) vs Bannerman JohnstoneMacLay (Bannerman) (2002).


In the first case Caparo pursued the firm Touche Ross (who later merged to form Deloitte &Touche) following a series of share purchases of a company called Fidelity plc. Caparo alleges that the purchase decisions were based upon inaccurate accounts that overvalued the company. They also claimed that, as auditors of Fidelity, Touche Ross owed potential investors a duty of care. The claim was unsuccessful; the House of Lords concluded that the accounts were prepared for the existing shareholders as a class for the purposes of exercising their class rights and that the auditor had no reasonable knowledge of the purpose that the accounts would be put to by Caparo.


It was this case that provided the current guidance for when duty of care between an auditor and a third party exists. Under the ruling this occurs when:

  • the loss suffered is a reasonably foreseeable consequence of the defendant’s conduct
  • there is sufficient ‘proximity’ of relationship between the defendant and the pursuer, and
  • it is ‘fair, just and reasonable’ to impose a liability on the defendant.


In the second case RBS alleged to have lost over £13m in unpaid overdraft facilities to insolvent client APC Ltd. They claimed that Bannerman had been negligent in failing to detect a fraudulent and material misstatement in the accounts of APC. The banking facility was provided on the basis of receiving audited financial statements each year.


In contrast to Touche Ross, who had no knowledge of Caparo’s intention to rely upon the audited financial statements, Bannerman, through their audit of the banking facility letter of APC, would have been aware of RBS’s intention to use the audited accounts as a basis for lending decisions. For this reason it was upheld that they owed RBS a duty of care. The judge in the Bannerman case also, and crucially, concluded that the absence of any disclaimer of liability to third parties was a significant contributing factor to the duty of care owed to them.


Joint and several liability

The guidance for when an auditor may be liable, either under criminal or civil law, appears to be clear and largely uncontroversial. The same cannot be said of the nature of the fines and settlements, which remains a hotly debated issue.


Before discussing this, it is worth making the point that auditors are only found liable in cases where they have breached their responsibilities to perform work with professional competence and due care and to act independently of their clients. There is therefore little argument that they should face the penalties of their own failures and that parties that have suffered as a result should be able to seek adequate compensation.


The main criticism of the current system is that the penalties incurred by the audit profession are unfairly high. This arises from the civil law principle of ‘joint and several liability’ enforced in the UK (as well as the US). This means that even if there are multiple culpable parties in a negligence case the plaintiff may pursue any one of those parties individually for the entire damages sought.


So for example, if a director fraudulently misstates the financial statements, the company’s management fail to detect this because of poor controls and the auditor performs an inadequate audit leading to the wrong audit opinion, it would be fair to say all three parties are at fault. Shareholders seeking compensation for any consequent losses, however, could try and recover the full loss from only one of those three parties.


Given that many of the cases arise when companies are facing financial difficulties, as with the examples cited above, and that any individuals involved are unlikely to possess sufficient assets to settle the liabilities, the audit firm, who may be asset rich and possess professional indemnity insurance, is often the sole target for financial compensation.


Regardless of the perceived fairness, this situation does create a number of challenges for the profession, namely:

  1. The increasing cost to the industry, firstly from defending and settling claims but also from spiralling insurance premiums.
  2. The potential for consequent increases in audit fees to cover these rising costs.
  3. The overall lack of sufficient insurance cover in the sector in comparison to the size of some of the claims.(Reference 1)
  4. The lack of competition in the audit market for large (listed) entities.


With regard to the final point, auditor liability is not the sole reason for the lack of competition in the audit of listed entities but it is a significant barrier to entering that market. Currently only the Big Four firms have adequate insurance and asset cover to be able to audit an extensive range of listed clients. It may simply be too risky for smaller firms to take on such clients. Given that settlements against the Big Four have topped $300m, one large negligence case could easily bankrupt a mid-tier firm.

Managing exposure to liability

Audit quality

There are a number of ways in which audit firms can manage their exposure to claims of negligence. Perhaps the most obvious is not being negligent in the first place. In practical terms this means rigorously applying International Standards on Auditing and the Code of Ethics for Professional Accountants and paying close attention to the terms and conditions agreed upon in the engagement letter.


Of course, improvements in quality controls in comparison to current levels would not happen without investment from the audit firms. With pressure to reduce audit fees it is unlikely that firms will want to commit to further increases in cost unless it is perceived that such action will lead to long-term reductions in legal and insurance costs.


Disclaimers of liability

One of the outcomes of the Bannerman case was the potential exposure of auditors to litigation from third parties to whom they have not disclaimed liability. As a result it became common to include a disclaimer of liability to third parties in the wording of the audit report.

Disclaimers may not entirely eliminate liability to third parties but they do reduce the scope for courts to assume liability to them. It should be noted that whilst this should reduce the threat of litigation in the UK, this protection may not extend overseas because the disclaimer is based on a ruling from a UK court case. It also provides no protection from the threat of litigation from clients under contract law.


There are also critics of the ‘Bannerman Paragraph,’ who believe that its presence devalues the audit report. They argue that the disclaimer acts as a barrier to litigation, which reduces the pressure to perform good quality audits in the first place. It is plausible that this reduces the credibility of the audit report in the eyes of the reader.

 Liability Limitation Agreements

Since 2008 auditors have been permitted, under the terms of the Companies Act, to use Liability Limitation Agreements (LLAs) to reduce the threat of litigation from clients. LLAs are clauses built into the terms of an engagement that impose a cap on the amount of compensation that can be sought from the auditor. These must be approved by shareholders annually and be upheld by judges as ‘fair and reasonable’ when cases arise.


Whilst this may sound straightforward it has created problems, including how to define the cap (ie as a fixed monetary amount, a multiple of the fee, proportionate liability on a case by case basis). It is also difficult to decide what is fair and reasonable when setting the terms of the engagement because this is done before any potential litigation, or the scale of potential litigation, is known to the auditor and the client. This is therefore open to the interpretation of the courts. At which point the level of compensation may as well lie at the discretion of the courts in the first place.


Another problem lies with the shareholders; what motivation do they have for agreeing to terms that could potentially reduce their ability to recover any losses they incur due to the negligence of other parties? Once again this may be perceived as a barrier to litigation that audit firms can hide behind, reducing the pressure to perform good quality audits.

Current position

All the methods described contribute to the management of auditor liability but it seems none of them have provided the protection the profession needs to become truly competitive. Remember, the profession is not asking for exemption from litigation, rather that it does not shoulder the entire burden of litigation where others may also be to blame.


In June 2008, the European Commission recommended that member states find a way to limit auditor liability to try and encourage competition in the audit of listed companies and to protect EU capital markets. Given the different legal systems involved the recommendation leaves it to member states to determine an appropriate method but suggests that the solution:

  • should not apply in cases of misconduct
  • would be ineffective if it did not extend to third parties, and
  • should ensure fair compensation of damaged parties.

Whilst no firm decision has been reached in the UK there are an increasing number of advocates for a ‘proportional’ system of liability replacing the current ‘joint and several’ one. Under this proposal the audit firm would accept their proportion of the blame in a negligence case and would pay that proportion of the compensation. This system, as introduced in Australia in 2004, would ensure a fair outcome for the plaintiff without placing the entire financial burden upon the audit profession. It would also meet the EC recommendations listed above.

At the time of writing no solution has been agreed upon in the UK and the debate continues.



There is an increasing trend of litigation that is costing the audit profession billions of pounds. The potential costs and risks of auditing large, listed businesses may now be prohibitive for any firm of willing auditors outside of the Big Four.

Auditors can reduce their exposure to litigation but there is a rising groundswell of opinion that the audit profession has, for too long, borne the brunt of penalties for misdemeanours shared by other culpable parties. These penalties are prohibitive to competition, which may be damaging to capital markets.

There is widespread agreement that this situation must change. Unfortunately, any decision on the nature and timing of such a change appears to be a long way off. Until such time the audit profession will simply have to bear the burden of liability.



Auditing: Commission Issues Recommendation on Limiting Audit Firms’ Liability, European Commission, 6 June 2008

CAMA (2004), supra note 2 s. 369(3).

Garrison, A.F.  (1987) ‘Common Law Malpractice Liability of Accountants to Third Parties (1987) 44, 188 Washington & Lee Law Review accessed 5 February 2018.

Otero-Crespo, M. (2007) Algunas Notas en torno a la Responsabilidad Civil de los Auditores Frente a Terceros Ajenos al Contrato de Auditoría’ 16(1) 348

Leave a Comment