Auditor liability to third parties after Sarbanes-Oxley: An international comparison of regulatory and legal reforms

Journal of International Accounting, Auditing and Taxation 19 (2010) 66–78

Contents lists available at ScienceDirect

Journal of International Accounting, Auditing and Taxation

Auditor liability to third parties after Sarbanes-Oxley: An international comparison of regulatory and legal reforms Janne Chung a , Jonathan Farrar a,∗ , Poonam Puri b , Linda Thorne a a b

Schulich School of Business, York University, Toronto, Ontario, Canada Osgoode Hall Law School, York University, Toronto, Ontario, Canada

a r t i c l e Keywords: Sarbanes-Oxley Auditor liability Third parties Legal system

i n f o

a b s t r a c t This study compares the status of auditors’ legal liability to third parties in seven countries. It analyzes recent legislation, regulation, and case law as well as pronouncements from national accounting and auditing bodies. With the increasing internationalization of capital markets and audit firms, an understanding of auditor liability on a global basis is important. Our findings show that common law countries (the United States, Canada, the United Kingdom, Australia, and New Zealand) have enacted legislative reforms that directly or indirectly increased auditors’ liability. In contrast, civil law countries (Germany and France) did not mandate legislative or regulatory reforms. © 2009 Elsevier Inc. All rights reserved.

1. Introduction In the last decade, there have been numerous corporate failures across the globe. Although, arguably, the most infamous corporate collapse is Enron in 2001 in the United States, other corporate failures that same year include Independent Insurance in the United Kingdom, and HIH Insurance, Harris Scarf, and One.Tel in Australia. Other countries have had to deal with the effects of accounting irregularities as well. In Canada, the stock price of Nortel Networks collapsed in 2002 after accounting irregularities were discovered. In New Zealand, Fletcher Challenge failed in 1999 while in Germany, corruption investigations were carried out against Siemens AG and DaimlerChrysler AG. In response to these financial disasters, a new regulatory era was initiated globally as countries revised their legislation, regulation and case law to increase auditors’ liability to third parties (Toda & McCarty, 2005). The amount of new regulation makes it difficult to keep track of the standards of auditors’ liability across national jurisdictions. Understanding auditors’ legal liability to third parties cross-nationally is important given the globalization of capital, corporations, and audit practice. As Khoury (2001, 414) states, a comparative analysis of legal systems can “be useful, not only in providing a better understanding of one’s own legal system, but also as a ‘theatre of observation’ permitting one, through examination of how other legal systems at a comparable stage of social and economic development have dealt with similar problems, to find one’s own ‘paths through the forest’.” Our research analyzes auditors’ legal liability to third parties in seven countries: the United States, Canada, the United Kingdom, Australia, New Zealand, France, and Germany. The analysis includes a comparison of key legislation, regulation, and relevant case law, as well as professional pronouncements from national accounting or auditing bodies. Our findings show that common law countries responded in a manner similar to the United States with a change in regulation and legislation, while civil law countries did not. Similar to the United States, Canada, the United Kingdom,

∗ Corresponding author. E-mail address: [email protected] (J. Farrar). 1061-9518/$ – see front matter © 2009 Elsevier Inc. All rights reserved. doi:10.1016/j.intaccaudtax.2009.12.005

J. Chung et al. / Journal of International Accounting, Auditing and Taxation 19 (2010) 66–78

67

Australia and New Zealand introduced legislative reforms that directly or indirectly increase auditors’ liability. In contrast, neither France nor Germany introduced legislative or regulatory reforms. 2. Prior research A number of studies have compared auditor liability to third parties across different combinations of the seven countries considered in our research. Baker and Quick (1996) compare auditor liability to third parties in each of these countries except New Zealand. Pacini, Hillison, and Sinason (2000a) and Pacini, Martin, and Hamilton (2000b) compare auditor liability to third parties in the United States, Canada, the United Kingdom, Australia and New Zealand. Khoury (2001) compares auditor liability to third parties in Canada, the United Kingdom, and France. Only two studies have examined auditor liability to third parties after the enactment of the Sarbanes-Oxley Act (SOX) of 2002. Ryan (2005) compares corporate governance systems across North America, and Pritchard and Puri (2006) compare the Public Company Accounting Oversight Board (PCAOB) in the U.S. with its Canadian equivalent, the Canadian Public Accountability Board (CPAB). The seven countries included in this study were chosen because of the size and importance of their capital markets. In addition, all seven countries have experienced high profile corporate failures that may have led to legislative or regulatory revisions to auditors’ liability. 3. Scope of auditors’ legal liability to third parties To categorize and describe the scope of auditors’ legal liability to third parties in the seven countries, we adopt a standard of case law from the U.S. at the state level, which is where U.S. law establishing auditors’ duties and responsibilities has developed (Bush, Fearnley, & Sunder, 2007). Among state courts, there are four legal standards that determine which third parties are owed a duty of care by auditors. The standards range from very restrictive to liberal and include: (1) privity rule; (2) near-privity standard; (3) restatement rule; and (4) the reasonable forseeability rule (Pacini et al., 2000a,b; Trakman & Trainor, 2005). The four standards are described below. 3.1. Privity rule The privity rule is the most restrictive standard. Strict privity requires a contractual relationship or direct connection to exist between an auditor and a third party for the latter to be able to sue the auditor for negligence.1 3.2. Near-privity standard The near-privity standard was first applied in 1931 with the Ultramares2 case, and later clarified in the Credit Alliance v. Arthur Andersen & Co. case.3 Three prerequisites must be satisfied before auditors can be held liable for negligent misrepresentation to non-contractual third parties: (1) the auditor must have known that financial reports were to be used for a particular purpose; (2) the known party or parties were intended to be able to rely on those reports; and (3) there must have been some conduct linking the auditor to the relying party. 3.3. The restatement rule The restatement rule, first applied in 1968,4 broadens the class of persons to whom the auditor owes a duty. Intended identifiable and unidentifiable beneficiaries are included in the class. However, if an auditor has no reason to believe the information would be made available to a third party, or if the information’s use changes so as to increase audit risk materially, the auditor is not liable to this class. The major difference between the restatement rule and the near-privity rule is that the restatement rule does not require that the identity of specific third parties be known to the auditor, only that they be members of a limited group known to the auditor. 3.4. The reasonable forseeability rule Auditor third-party liability was expanded again in 1983 with the reasonable forseeability rule.5 Under this standard, an auditor has a duty to all those whom s/he should reasonably foresee as receiving and relying on the audited statements. The duty extends only to those users whose decision is influenced by audited statements obtained from the audited entity for

1 2 3 4 5

The privity rule was first established as a legal standard in 1919 in the Landell v. Lybrand (107 A 783 [Pa. 1919]) decision. Ultramares Corp. v. Touche (174 N.E. 441 [N.Y. 1931]). Credit Alliance v. Arthur Andersen & Co. (483 N.E.2d 110 [N.Y. 1985]). Rusch Factors v. Levin (284 F.Supp. 85 [D.R.I. 1968]). Rosenblum v. Adler (461 A.2d 138 [N.J. 1983]).

68

J. Chung et al. / Journal of International Accounting, Auditing and Taxation 19 (2010) 66–78

a proper business purpose. Furthermore, the duty extends only to users who obtain a firm’s financial statements directly from the audited entity. 4. Analysis of auditor liability to third parties by country The next section presents the legislation and case law that defines auditor liability to third parties for each country, and then considers the changes that have occurred recently. 4.1. United States In the U.S., the Financial Accounting Standards Board (FASB) is the national organization responsible for establishing standards for financial accounting and reporting. The Securities and Exchange Commission (SEC) has delegated this GAAPsetting authority to the FASB (Trakman & Trainor, 2005). The concept of auditors’ liability to third parties in the U.S. originated with the federal statutory Securities Acts of 1933 and 1934.6 In the U.S., the scope of an auditor’s duty to third parties for negligent misstatements is a matter of state rather than federal or national law. An auditor is responsible to each of 50 state jurisdictions, each of which has the authority to determine the legal standard under which a third party can sue for negligent misrepresentation.7 4.1.1. SOX and post-SOX developments Major developments in auditor liability have occurred in the U.S. as a result of SOX. SOX was passed to increase the transparency of financial reporting by enhancing corporate disclosure and governance practices and to foster an ethical climate (Toda & McCarty, 2005). SOX increases auditor liability to third parties by specifying or expanding the scope of third parties to whom an auditor owes a duty of care. SOX also increases auditor liability to third parties because it requires accounting firms to issue additional financial reports, add disclosure in financial reports, or issue new reports about themselves. This information, not previously required, increases liability to third parties, since third parties could rely on this new information when making investment and credit decisions. There are several provisions in SOX that affect to whom an auditor owes a duty of care. Section 102 requires public accounting firms that issue audit reports to register with the SEC, and Section 102(e) requires registration applications to be made available for public inspection. These registration applications contain information such as a list of all accountants associated with an accounting firm who participate in or contribute to the preparation of audit reports (102(b)(2)(E)) and other information that the Board of the SEC deems necessary or appropriate for the public interest or for the protection of investors (102(b)(2)(H)). Section 102 expands auditor liability to third parties by identifying actual auditors, and by requiring accounting firms to provide new information in registration applications that could be used by third parties, such as prospective investors. Section 104 mandates inspections of registered public accounting firms, and Section 104(g)(2) requires that these inspection reports be made available in appropriate detail to the public. Thus, there is new information in these inspection reports that third parties can use in deciding whether or not to rely on the auditors’ report. Title IV of SOX contains “enhanced financial disclosures” in public reports, ranging from off-balance sheet transactions (401(a)(j)) to conflict of interest provisions (402) to disclosure of audit committee financial experts (407). The new information in these disclosures can be relied upon by third parties and, therefore, increases the scope of the duty of care by auditors to third parties. SOX has increased auditor liability to third parties by expanding the definition of who constitutes a third party and has widened the scope of financial information that can be considered by third parties. According to SOX, a third party is someone who relies on non-financial reports (e.g. registration applications; inspection reports) when deciding whether to rely on audited financial reports, which is a broader definition than previously held. Civil and criminal penalties for violations of SOX are higher than that mandated in previous legislation. Per Section 3(b)(1), a violation of SOX is to be treated in the same manner as a violation of the Securities Exchange Act. Section 105(c)(4) contains new sanctions for auditors or accounting firms who violate SOX, including civil money penalties of up to $15 million USD. Section 305(b)(8)(3) contains amendments for civil penalties for insider trades to pension plan administrators. Other amendments deal with corporate and criminal fraud (Titles VIII and XI) and white collar crime penalties (Title IX). For example, Section 1106 increases criminal penalties under the Securities Exchange Act for an individual who makes willfully false and misleading statements in public reports. The penalties, which ranged from $1 million to $2.5 million, now range from $5 million to $25 million USD, depending on whether the perpetrator was a “natural person.” This change increases substantially the legal liability of accountants practicing in the United States (Wegman, 2007). In the post-SOX era, contract liability and negligent misrepresentation liability are limited to clients, an intended third party, and a limited class of intended users. Common law rulings indicate which of four legal standards apply among states when determining the scope of auditors’ liability to third parties. Certain federal statutes, especially the Securities Acts, extend liability, in some circumstances, to any purchaser or seller of a security. Thus, statute liability is the greatest potential

6 7

Securities Act of 1933, § 19(a), 15 U.S.C. §77s (a) (1933) and Securities Exchange Act of 1934, §§ 4(a), 210, 15 U.S.C. 78d (a) (1934). Each state has securities laws which stipulate various degrees of auditor liability to third parties (Baker & Quick, 1996; Wegman, 2007).

J. Chung et al. / Journal of International Accounting, Auditing and Taxation 19 (2010) 66–78

69

liability facing accountants in the U.S. after Sarbanes-Oxley legislation was enacted (Grubbs & Ethridge, 2007; Wegman, 2007). 4.2. Canada In Canada, there are five major sources of auditor’s legal liability (Arens, Elder, Beasley, & Splettstoesser-Hogeterp, 2006; Blackier & Paskell-Mede, 1999): (1) client liability under common law; (2) securities legislation, such as provincial and territorial Securities Acts, which imposes liability on auditors who participate in the production of offering memoranda or prospectuses. In some provinces/territories, there is now statutory civil liability under securities laws for secondary market disclosures; (3) criminal liability of an auditor, which may result from federal or provincial laws if an auditor knowingly defrauds a third party through involvement with the financial statements; (4) fiduciary duty, where one party (auditor) must act in the best interests of another party; and (5) auditor third party liability, which exists under tort law. 4.2.1. Legislation In Canada, the conduct of an audit is regulated by federal or provincial legislation. The federal statute is the Canada Business Corporations Act (CBCA). Provincial statutes are provincial Business Corporations Acts. Generally speaking, provincial statutes mirror the CBCA. Recently, common law liability to shareholders and other investors buying or selling securities has been supplemented with statutory civil liability for secondary market disclosures under many provincial securities acts. In other situations of auditor third party liability, common law principles still prevail: auditors generally do not owe a duty of care to third parties, unless ‘special circumstances’ arise.8 This standard most closely corresponds to the near-privity standard found in the United States. Although each province has enacted its own statutes governing the auditing profession and provincial accounting bodies, provincial autonomy is overshadowed by the national professional body for one of the three accounting professional accounting designations in Canada, the Canadian Institute of Chartered Accountants (CICA). This body has published a document, the CICA Members Handbook, in which auditing standards for chartered accountants are set out. The handbook is referred to by both federal and provincial legislation (Khoury, 2001). These federal and provincial statutes and the CICA Members Handbook do not contain specific provisions that address auditors’ liability to third parties. However, they do impose a fiduciary duty on auditors that requires them to abide by rules of professional conduct. 4.2.2. Common law The development of the Canadian common law tort of negligent misstatement was influenced by American and British jurisprudence (Blackier & Paskell-Mede, 1999). To succeed in a claim for negligence, plaintiffs must show that they suffered harm as a consequence of the breach of a duty of care owed to them by the defendant. For years, the landmark case in Canada in the area of auditors’ liability towards third parties was the 1976 Haig case.9 The two most recent cases that bear upon auditors’ legal liability in Canada are the Kripps10 case and the Hercules case.11 The upshot of the Kripps decision for auditors’ liability to third parties is that auditors can be liable for negligence if they know the specific use of the audited financial statements, even if they follow national accounting standards in their financial reporting. The appropriate standard of care against which the conduct of auditors should be measured is uncertain. The outcome of the Hercules case is that investors have no right to sue auditors for misstatements in financial statements because a duty of care does not exist between auditors and shareholders unless there are special circumstances within the facts of the case. Even if the auditors foresee that the shareholders and investors will rely on the audited financial statements, auditors still do not have a duty of care (Deturbide, 1998).12 4.2.3. Recent developments There is no single, national securities regulator in Canada. Instead, each of Canada’s 10 provinces and three territories is responsible for securities regulation within its own territory (Barnes, Johnson, & Yarmus, 2004). In 2004, the Canadian Securities Administrators (CSA), following the urgings of the Ontario Securities Commission (OSC), introduced a series of national instruments and policies (multilateral instruments (MIs) and national instruments (NIs)). These policies closely follow SOX but accommodate the unique nature of the Canadian financial market. MI 52-109, Certification of Disclosure in Issuers’ Annual and Interim Filings, requires Canadian companies to adopt disclosure controls and procedures with regard to financial reporting and is similar to Section 302 of SOX. MI 52-110, Audit Committees, requires major Canadian public

8

See Hercules Managements v. Ernst & Young [1997] 2 S.C.R. 165. Haig v. Bamford [1976] 1 S.C.R. 466. The Supreme Court of Canada outlined three possible tests to determine the existence of an auditors’ duty of care to third parties were outlined: foreseeability of the use of the financial statements by the third party; actual knowledge of the limited class that will use and rely on the statements; and actual knowledge of the specific plaintiff who will use and rely on the statement. The Supreme Court of Canada adopted the broader ‘limited class test’ as a basis for determining a duty of care (Khoury, 2001). 10 Kripps v. Touche Ross & Co. [1994] 22 B.L.R. (2d) 86 (BSCS), aff’d [1997] BCJ No. 968 (BCCA). 11 Supra note 8. 12 The most recent case to affirm the decision from Hercules was Waxman v. Waxman [2004] 186 O.A.C. 201. This case reaffirmed that auditors will not be liable to individual shareholders of their corporate client unless the mandate of the auditor has been specifically expanded beyond its usual role. 9

70

J. Chung et al. / Journal of International Accounting, Auditing and Taxation 19 (2010) 66–78

companies to have fully independent and financially literate audit committees. MI 52-111, Reporting on Internal Control over Financial Reporting, mandates that Canadian companies perform detailed tests of all their internal accounting processes, and requires their external auditors to examine and opine on those tests. MI 52-109 and MI 52-110 were adopted by all jurisdictions in Canada, except for British Columbia, for financial years ending on or after June 30, 2006. Similarly, MI 52-111 applies to financial years ending on or after June 30, 2007 (Barnes et al., 2004; Gray, 2005). MI 52-109 and 52-111 increase auditor liability to third parties by creating more auditor-attested information in public reports on which third parties can rely. However, it remains to be seen how the courts will assess auditor liability to third parties using these national instruments. Recent developments affecting auditors’ liability to third parties are primarily the result of Bill 198 of Ontario. The Canadian reform measures take into account the smaller market capitalization that occurs in Canadian public markets as compared to the U.S. financial markets and are non-prescriptive (Gray, 2005; Nicholls, 2003). The reforms relate predominantly to corporate governance practices and as such, the measures do not directly impact auditor liability to third parties. However, the increased accountability brought about by legislative reforms has increased auditors’ statutory and criminal liability, and may increase their liability under common law once cases dealing with the reforms wend their way through the Canadian judicial system. Two proposals published by the OSC in 2004 – National Instrument 58-101, Disclosure of Corporate Governance Practices and National Policy 58-201, Effective Corporate Governance – describe best corporate governance practices and require issuers to make disclosures relating to these best practices. Best practice measures include measures related to the composition of a board; its mandate and its committees; director education and assessment; and codes of business conduct and ethics (Gray, 2005). These new disclosures can increase auditor liability to third parties because third parties now have more auditor-provided information on which to rely. Civil liability for secondary market disclosure has been revised recently in Canada with the Security Acts of Ontario and Alberta. The Securities Acts of Ontario and Alberta contain proportionate liability provisions as well as provisions for capping liability limits. The liability limits for experts such as auditors is the greater of $1,000,000 CDN and the amount of fees received in the preceding 12 months. Furthermore, a company that is a public issuer, the company’s directors, and experts such as auditors and accountants will be liable potentially for misrepresentation if the statements they make to the public are inaccurate. The legislation is important because it introduced statutory liability to shareholders and investors for buying or selling securities other than under a prospectus (Puri & Ben-Ishai, 2003). Proportionate liability replaced joint-and-several liability under the CBCA as enacted in November 2001. In July 2003, the Auditing and Accounting Standards Board (AASB) of the CICA approved a Task Force project to establish standards and provide guidance on the terms of engagement letters for financial statement audits. As a result of this Task Force, a new section in the CICA Handbook, Section 5110, was created. This section states that an auditor engagement letter may include “any restriction of the auditor’s liability, when such a restriction is possible.” Presumably, a restriction of auditors’ liability would include only known third parties rather than all third parties. In sum, auditor liability to third parties in Canada has increased because of the widened scope of disclosures in audit reports on which third parties can rely, and because of new securities legislation in several provinces which has increased penalties for fraudulent behavior. 4.3. United Kingdom The scope of auditors’ liability to third parties in the United Kingdom (U.K.) is not specified statutorily. Common law dictates that an auditor has a contractually based duty of care only to the client. Thus, the U.K. adopts a privity standard. In the U.K., the conduct of an audit is regulated by two main statutes, the Companies Act 1985 and the Companies Act 1989. Section 310 of the Companies Act 1985 addresses auditors’ liability, which is limited only to the companies they audit and not to third parties that may use audited financial statements (Khoury, 2001). The question of what happens if an auditor is negligent is not specifically addressed by U.K. statute (Baker & Quick, 1996). Instead, this question is determined by common law. Auditors are required to exercise professional competence and due care per the Code of Ethics in the Members’ Handbook of the Institute of Chartered Accountants in England and Wales (ICAEW).13 The leading British case in the area of auditors’ legal liability to third parties is the Caparo decision.14 The outcome of Caparo is that an auditor owes a duty not to act in a negligent manner only to the client who engaged the auditor. English common law does not extend the duty of care to shareholders, to creditors, or to potential shareholders (Baker & Quick, 1996). 4.3.1. Recent developments Most recently, the 2006 Companies Act came into force as a result of a fundamental review of the U.K. company law framework. Part 16 of the Act relates to audits and Chapter 6 is specific to auditor liability. The provisions allow auditors

13 14

Section 3.3—Professional accountants in public practice (Part B), Members’ Handbook, Institute of Chartered Accountants of England & Wales, p. 208. Caparo Industries v. Dickman [1990] 1 All E.R. 568 (H.L.).

J. Chung et al. / Journal of International Accounting, Auditing and Taxation 19 (2010) 66–78

71

to limit their liability by contract with their clients, subject to shareholder approval and subject to the amount being fair and reasonable. However, there are four provisions that temper the limitation of auditor liability. One relates to criminal offenses for auditors who ‘knowingly or recklessly’ include matter or omit information that is misleading, false or deceptive. Another requires auditors to disclose the terms of their appointment. A senior statutory auditor (partner) must sign the audit report. In the case where the auditor ceases to act for a listed company, s/he must file a statement with an appropriate audit authority (Companies Act, 2006). The provisions of the 2006 Companies Act do not impose restrictions on the methods that can be used to limit the auditor’s liability. Section 535(4) of the 2006 Companies Act states, “it is immaterial how a liability limitation agreement is framed.” The European Commission issued a non-binding consultation paper (Europa, 2007) on liability reform in the European Union, which sets out four ways of imposing auditor liability restrictions: a fixed monetary cap; a cap based on the market capitalization of the audited company; a cap based on a multiple of the audit fee; or proportionate liability. If proportionate liability is the chosen method, three criteria must be met for the limitation on liability to apply: the consent of shareholders must be obtained; any limit on liability must be fair and reasonable; and the Government will have the power to regulate what may or may not be agreed (Heaton & Wigston, 2006). The provisions of the 2006 Companies Act specifically address auditor liability to clients, but not auditor liability to third parties. The auditor liability provisions of the 2006 Companies Act affect third parties indirectly only when the proportionate liability method is used, since shareholders (third parties) must consent to the liability cap. 4.4. Australia In Australia, auditors have a duty not to engage in misleading or deceptive conduct under common law and by statute. According to Australian case law, for auditors to be liable to third parties for negligence, a duty of care must exist; it must be more than reasonably foreseeable to the auditor that the third party would rely on the audit report; the auditors must have in some way attempted to induce the third party to some form of action or inaction or else had knowledge that their advice was going to be used in relation to a specific transaction; the duty of care was breached, and quantifiable damages resulted as a breach of duty. Australia most closely follows the restatement rule. Third parties may be owed a duty of care by auditors outside of a contractual relationship, but they must be specifically foreseen or known users. 4.4.1. Legislation Auditing is regulated by a combination of the Corporations Act 2001, case law, accounting standards developed by the Australian Accounting Standards Board (AASB), auditing standards developed by the Auditing and Assurance Standards Board (AuASB), and the rules and guidelines of the accounting profession’s associations—CPA Australia and the Institute of Chartered Accountants in Australia. The provisions of the Corporations Act are administered and enforced by the Australian Securities and Investments Commission. The standards developed by the AASB have the force of law, whereas the standards developed by the AuASB do not have the force of law (Lansley, Gibson, & Fogarty, 2002). Auditors’ liability to third parties is addressed by case law. It is possible for a third party to sue an auditor for misleading or deceptive conduct under the Trade Practices Act 1974, the Australian Securities and Investments Commission Act 2001, and the State and Territory Fair Trading Acts. The duty not to engage in misleading or deceptive conduct applies to a prospectus and a more limited disclosure document such as an offering circular or information memorandum. 4.4.2. Common law Three Australian cases in the 1990s serve as the framework for auditors’ legal liability to third parties in Australia. In the first case, R Lowe Lippman Figdor & Franck v. AGC (Advances) Ltd.,15 the Supreme Court of Victoria decided that in the absence of an implied attempt to induce a third party to a particular course of action or inaction, a general duty of care could not arise. In Columbia Coffee & Tea Pty Ltd and Donyoke Pty Ltd v. Churchill t/a Nelson Parkhill,16 it was held that the auditor owed a duty to third parties because the audit firm’s own audit manual contained a statement acknowledging that interested third parties might read and rely on the audit report issued at any time. In Esanda Finance v. KPMG,17 auditors owe a duty of care to third parties if the provider of advice or information either intended to induce the plaintiff to rely on such advice, or in the absence of such an intention, knew that his/her statement would be communicated to the plaintiff, specifically in connection with a particular transaction, and that the plaintiff would be very likely to rely on it for the purposes of deciding upon that transaction (O’Leary, 1998). 4.4.3. Recent developments The Sarbanes-Oxley equivalent in Australia is the Corporate Law Economic Reform Programme (Audit Reform and Corporate Disclosure) Act, known as “CLERP 9” and effective from July 1, 2004. CLERP 9 amends the Corporations Act,

15 16 17

R Lowe Lippmann Figdor & Franck v AGC (Advances) Ltd. (1992) 8 ACSR 380. Columbia Coffee & Tea Pty Ltd. v. Churchill t/a Nelson Parkhill (1993) 29 NSWLR 141. Esanda Finance Corp. Ltd. v. Peat Marwick Hungerfords (1994) SCSA and Esanda Finance Corp. Ltd. v. Peat Marwick Hungerfords (1997) 71 ALJR 448.

72

J. Chung et al. / Journal of International Accounting, Auditing and Taxation 19 (2010) 66–78

2001. The most prominent of its 41 elements are significantly tougher disclosure requirements for companies listed on the Australian Stock Exchange and more detailed regulation of audit practices (Robins, 2006). The rules and practices relating to auditor independence, the structures for the oversight of the accountancy profession, the rules and practices governing audit engagement, and the institutional framework for setting auditing standards were all modified by CLERP 9. The new legislation can increase auditor liability to third parties because it increases the scope of the duty of care that auditors owe to third parties. Increased legal duties and responsibilities will also expose auditors to increased potential liability to third parties (Lansley et al., 2002). In 2004, the Treasury Legislation Amendment (Professional Standards) Act 2003 was passed by the Australian Federal Parliament. This bill means that liability limits that apply under certain professional standards schemes will also apply to claims for misleading or deceptive conduct under Australian Federal legislation. In particular, auditor liability to third parties is capped at $20 million AUS in cases where third parties can establish that auditors have made false and misleading statements on which it is reasonable for a plaintiff to have relied (Arens et al., 2007; Baxt, 2005). In essence, the bill established a proportionate liability regime in which a court will decide what percentage of blame for any financial losses is carried by the auditor, and will award damages accordingly. As a result, the CLERP 9 legislation has increased potential auditor liability, although a proportionate liability regime now exists which can limit auditor damages from third party suits. The proportionate liability reforms are of general application and are not confined to auditors (CLERP, 2003).18 4.5. New Zealand Liability to third parties in New Zealand is established under common law. Auditors owe a standard of care to third parties if there is a ‘special relationship’ between an auditor and a third party user of audit reports, and if the third party user actually relies on the audit report that causes a loss (Yeh, 2005). Until early 1999, New Zealand adhered to the reasonable foreseeability rule, but now most closely follows the restatement rule (Pacini et al., 2000a). 4.5.1. Legislation In New Zealand, under the Companies Act 1993, an auditor is obligated to report to the shareholders concerning whether or not financial statements comply with the financial reporting standards established by the Accounting Standard Review Board of the New Zealand Institute of Chartered Accountants (Watson, 1999). The Companies Act 1993 also recognizes the special importance of the role of independent auditors, and states that an auditor of a company must ensure that their judgment is not impaired by reason of any relationship with or interest in the company or any of its subsidiaries (Gilbertson & Brown, 2002). The New Zealand Institute of Chartered Accountants has published Codified Auditing Standards and Audit Guidance Statements to regulate the conduct of its auditors, as well as Quality Control Professional Standards and Ethical Standards for practicing accountants, including auditors. New Zealand does not have a body, independent of the audit profession, responsible for the oversight of auditors (NZ, 2004). 4.5.2. Common law Three New Zealand cases have affected auditor liability to third parties. The first is the Dimond Manufacturing case.19 The court ruled that where a firm of accountants and auditors prepares and certifies a company’s balance sheet which a member of a firm shows later to someone known by the auditors to be planning to purchase the company’s shares, a duty of care arises. The liability is restricted to where there is actual knowledge by the auditor that the person concerned was either going to or was thinking of buying the company’s shares (Watson, 1999). The Scott Group20 case widened the test under Dimond Manufacturing by establishing a test of foreseeability, making an auditor potentially liable to all individuals the auditor could reasonably foresee would rely on the financial statements (Watson, 1999). The Boyd Knight21 decision “implicitly overrules” the Scott Group decision (Pacini et al., 2000a, 213). Here, the court took the position that the purpose of audited statements is to fulfill the auditor’s statutory duty to the shareholders collectively to enable them to monitor management. Moreover, no duty is owed to an individual investor or prospective shareholder for inaccuracies in information, in the context of a prospectus, without specific, verifiable reliance on the auditor’s work (Pacini et al., 2000b). New Zealand narrowed its scope of auditor liability to non-clients for negligence because the foreseeability test under Scott Group was laid to rest. In other words, in New Zealand, auditors’ liability to third parties is a function of the purpose for which the advice was given. Auditors will be liable to investors only if those investors can show that they relied on the accuracy of financial statements in prospectuses which were negligently certified as giving a true and fair view by the auditors (Watson, 2000).

18 19 20 21

Proportionate liability applies to the Trade Practices Act, Australia Securities & Investment Commission (ASIC) Act, and the Corporations Act. Dimond Manufacturing Co. Ltd v Hamilton [1969] NZLR 609. Scott Group v McFarlane [1978] 1 NZLR 553. Boyd Knight v. Purdue [1999] 2 NZLR 276.

J. Chung et al. / Journal of International Accounting, Auditing and Taxation 19 (2010) 66–78

73

4.5.3. Recent developments New Zealand’s corporate governance regime is an amalgamation of statute, code and common law principles (Gilbertson & Brown, 2002). In 2003, the New Zealand Securities Commission, in response to a request by the New Zealand Minister of Commerce, published comprehensive guidance on corporate governance, entitled “Corporate Governance in New Zealand: Principles and Guidelines.” These guidelines relate to ethical standards, board composition and performance, board committees, reporting and disclosure, remuneration, risk management, auditors, shareholder relations, and stakeholder interests. Auditor guidelines relate to audit partner rotation, independence, disclosure of audit fees, whistleblower policies, and the lack of need for an independent audit oversight body (NZ, 2004). The New Zealand Institute of Chartered Accountants has also published a report on corporate governance which contains 22 recommendations (c.f. Quinn, Rowe, & Linton, 2003). The recent response by New Zealand does not directly affect auditor liability to third parties. However, the new auditor guidelines provide more opportunities for a ‘special relationship’ to exist between auditors and third parties, which in turn can increase auditor liability to third parties. There has been some discussion relating to a new proportionate liability regime for the accounting profession in New Zealand, but there are no changes as of yet.22 4.6. France In addition to being a civil law country, France is one of two European countries in our sample where auditor liability to third parties is based on tort rather than a contractual relationship.23 According to an EU document, “French Law emphasizes the public policy nature of the auditor’s duty as the justification for basing the action by the audited company in tort. The mission undertaken by the statutory auditor, which is a public interest mission, is defined by laws and regulations and not by contract.” (EU Study, in press, 7). 4.6.1. Legislation France is unique in that it is the only legal system in which the law provides explicitly for auditors’ liability towards third parties (Khoury, 2001). Under article 234, Section 1 of the “Loi sure les Societes Commercials no. 66-537”, an auditor is liable to the client and to third parties for damages caused by intentional or negligent violations of professional duties. The auditor is not liable for violations of the law committed by the directors of the client unless the auditor has knowledge of the violations and withholds such information (Baker & Quick, 1996). According to article 234, Section 2, auditors are liable only for their personal faults, and their fault cannot be substituted for the fault of management. Thus in France, auditors may be liable towards an audited company, its shareholders and third parties. Auditor liability is based in tort law and given broad application, since the view is that the auditor’s mandate focuses on the best interests of the public. Third parties do not have to be specifically foreseen or known; thus France adopts the reasonable foreseeability standard. The general principle of liability is also codified in the Code Civil, in articles 1382 and 1383. The liability of an auditor for violations of professional duties is a special instance of the general liability law (Baker & Quick, 1996). For these two articles to apply, fault, harm, and causation must always be proven before a claim is accepted (Khoury, 2001). 4.6.2. Common law According to common law in France, once the fault of the auditors and the loss are established, a third party must prove a direct link between the two. This task is difficult. One reason is that the fault of the auditors is usually one of omission rather than of positive action, and this creates evidentiary difficulties. A second reason is that auditors do not prepare the financial statements and have the right not to participate in the management of a firm. Consequently, their fault is never the only cause of damage suffered by the firm or the third party, which usually flows primarily from the lack of care or fraud by management (Khoury, 2001). When courts assess the existence of a link between the work of an auditor and a loss, they generally ask whether the normal diligence of a competent auditor would have permitted the plaintiff to avoid the loss. The claim will be rejected if the loss would have occurred in the absence of a fault. Two requirements must be met to demonstrate auditor causality: as long as diligence on the part of the auditor would have allowed the real situation to be discovered, the fault must have provoked an error in the mind of the plaintiff in relation to the financial circumstances of the company; and this error must have brought about the prejudicial action of the plaintiff (Khoury, 2001). French courts have frequently rejected claims where the damage would have been suffered even in the absence of a fault on the part of the auditor. Third party claims have failed where the evidence showed that the irregularities would not have been discovered even if the auditor had acted with diligence and prudence; when the errors did not substantially modify the financial statements; when the court considered that the plaintiff would have acted the same way even with knowledge of the errors, or that the sequence of events would have been the same in the absence of the fault; where the detrimental act of the plaintiff occurred before the fault of the auditor; and where the cause of the loss was solely independent of the defendant, such as a bankruptcy of the firm (Khoury, 2001).

22 23

See online:
3752.aspx> at #379.

74

J. Chung et al. / Journal of International Accounting, Auditing and Taxation 19 (2010) 66–78

4.6.3. Recent developments There have been no developments or changes to French standards of liability in the post-SOX era. France does not appear to have responded to the EU discussion on auditor liability (Europa, 2007). 4.7. Germany Germany, another civil law country, has a relatively limited scope of auditor liability to third parties. The liability toward third parties is based in tort, unless the court recognizes a contract with protective effects toward the third parties, or recognizes the existence of an implied contract between the third party and the auditor. Under both common law theories, third parties do not have to be specifically foreseen or known, thus Germany tends to follow the reasonable foreseeability standard. 4.7.1. Legislation Legislation regarding auditors’ liability has not changed in the post-SOX era. Statutory auditors’ liability arises from the general rules for civil liability in tort as well as from specific statutory provisions for statutory auditors contained in Article 323 of the HGB (German Commercial Code), which provides for auditors’ contractual liability. According to Article 323, liability extends to the auditor, his or her assistants, and the legal representatives of the auditing firm. For an auditor to be culpable under Article 323, the auditor must have deliberately or negligently ignored his or her duties. Article 323 states that liability cannot be waived or limited. The auditor’s contractual liability is limited to D 1 million per audit and D 4 million in the case of audits of listed companies (Köhler, Kai-Uwe, Quick, & Ruhnke, 2008, 133). Contractual liability was capped at 500,000 DM until the passage of the Corporation Control and Transparency Act (KonTraG) in May 1998. Thereafter, the liability cap increased to 2 million DM per audit and 8 million DM if the company issued listed stock (EU Study, in press; Nowak, 2001).24 Professional rules impose a fiduciary duty on auditors. According to §43 of the Act on the Profession of Auditors (Wirtschaftsprüferordnung), an auditor has to exercise his or her professional duty in an independent, conscientious, confidential and personally responsible manner. 4.7.2. Common law Under German tort law, auditors are liable to third parties when they violate a law which has as one of its objectives the individual protection of a third party from an explicitly defined kind of damage. Protective laws include laws for criminal fraud, investment fraud, economic subsidy fraud, breach of trust, falsification of documents, violation of private secrets, and bankruptcy offences. Auditor liability under protective laws requires an intentional violation (Quick, 1996). Furthermore, auditors are liable to third parties if they violate their duties with the intent of damaging a third party. The courts have interpreted ‘unethical violation’ as an action that is particularly unconscionable and careless or “immoral.” The courts have interpreted ‘intent’ as an auditor being sufficiently aware of the possibility that a third party would suffer a damage because of his or her conduct. Auditors are responsible for the tortious acts of their assistants but may absolve themselves from liability if they prove that they thoroughly selected, trained and supervised them, or prove that the damage would have occurred even if they had exercised this care (Gietzmann & Quick, 1998; Quick, 1996). German courts have developed two approaches that give rise to claims by third parties on auditors’ liability: (1) contract with a protective effect for third parties, and (2) an implicit contract for information. For a contract with a protective effect for third parties to apply, the following three factors must be complied with: (i) the third party must be closely connected to the auditor’s work, as shareholders and creditors are. They must use the audit opinion as one basis for their decisions; (ii) it must be the wish of the parties to the contract to include third parties, although this need does not have to be explicitly defined; and (iii) the auditor must be aware that third parties are included, and that they put trust in the audit and use the information for decision making. For the implicit contract for information to apply, the courts deem that the auditor who provides information to a client, and is aware that the client gives information to a third party in order to influence this third party, should be liable to the third party for the correctness and completeness of the provided information (De Poorter, 2008; Köhler et al., 2008; Quick, 1996). 4.7.3. Recent developments Post-SOX, there has been no change in German tort law, nor has there been any significant changes in the system of civil liability (Köhler et al., 2008, 138). 5. Analysis and comparison In this section, we compare the degree to which auditor liability to third parties is imposed, according to the current legal standard of each country. Several studies found that cross-national differences are related systematically to the underlying

24 The Euro (D ) replaced the Deutsch Mark (DM) as Germany’s official currency in February 2002. For purposes of the liability cap, D 1 million and D 4 million are equivalent to 2 million DM and 8 million DM respectively.

J. Chung et al. / Journal of International Accounting, Auditing and Taxation 19 (2010) 66–78

75

Table 1 International comparison of common law cases according to degree of privity.

U.S.

Privity

Near-privity

Landellv. Lybrand (1919)

Ultramares Corp v. Touche (1931) Credit Alliance v. Arthur Andersen (1985) Haig v. Bamford (1976) Kripps v. Touche Ross & Co. (1994) Hercules Management v. Ernst & Young (1997) Waxman v. Waxman (2004)

Canada

U.K. Australia

New Zealand

Restatement

Reasonable foreseeability

Caparo Industries v. Dickman (1990) R Lowe Lippmann Figdor & Franck v. AGC (Advances) Ltd. (1992) Columbia Coffee & Tea Pty Ltd. v. Churchill t/a Nelson Parkhill (1993) Esanda Finance Corp. Ltd. v. Peat Marwick Hungerfords (1994) Dimond Manufacturing Co. Ltd. v. Hamilton (1969) Scott Group v. McFarlane (1978) Boyd Knight v. Purdue (1999)

France

Bull. C.N.C.C. 47.288 Bull. C.N.C.C.1980.40.435

Germany

Contract with protective effect Implicit contract for information

legal system of a country (La Porta, Lopez-de-Silanes, Shleifer, & Vishny, 1997; La Porta, Lopez-de-Silanes, Shleifer, & Vishny, 1998). There are two legal systems that operate across the seven countries included in this study: common law and civil law. The essential difference between the two legal systems is that common law was law developed by custom, whereas civil law developed out of the Roman law and is essentially law by decree. The differences between the two types of legal systems also extend beyond codification, and include the approach to codes and statutes. In civil law countries, legislation is the primary source of law; in common law countries, cases are the primary source of law. In civil law countries, the code or legislation is seen as the primary source of law, and courts reason on the basis of general rules and principles of the code. In common law countries, cases are the primary source of law, and legislation is interpreted narrowly. The primary source of law is common law for five of the countries selected in our research (the United States, Canada, the United Kingdom, Australia and New Zealand), and civil law for two of the countries selected in our research (France and Germany). Consequently, we compare the legal standard of common law cases according to degree of privity as they relate to auditor liability to third parties, analyze recent developments, and draw conclusions on the responsiveness of the type of legal system (common law vs. civil law). Table 1 shows that France and Germany have the highest levels of auditor liability to third parties as these two countries have the least restrictive levels of auditor third party legal liability. Thus, they can be considered to be the “leaders” in establishing the highest standards of auditors’ liability to third parties. Consequently, it is not surprising that the post-SOX changes to auditors’ liability have been minimal in these two countries as compared to the other five countries included in our study. Recall that the rules regarding auditors’ legal liability for Germany and France are based upon tortious-only principles that are consistent with a civil law approach, whereas in the U.S., Canada, U.K., Australia, and New Zealand, the rules of law regarding auditors’ legal liability are based largely upon contractual obligation, and it is very difficult to establish a case in tort. According to Table 1, France and Germany in both the pre-SOX era and post-SOX era had the highest standard of auditor liability, as reasonable foreseeability means that auditors in these countries are liable to any party that would reasonably be foreseen to rely on their audited financial statements. Table 1 also indicates that U.S. common law is not limited to just one of four legal standards; Canadian common law follows the near-privity standard; U.K. common law follows the strict privity standard; and Australian and New Zealand case law most closely follows the restatement standard.25 Thus, among some British Commonwealth countries, there is a

25 The High Court of Australia has ratified only one case relating to auditor liability to third parties – the Esanda Finance case – which is the only one of the three Australian cases cited that clearly follows the restatement standard. The other cases have been classified as following the restatement standard, although they adhere to more of a near-privity standard, because their outcomes are inferior to the Esanda Finance outcome in that the High Court of Australia did not preside over them.

76

J. Chung et al. / Journal of International Accounting, Auditing and Taxation 19 (2010) 66–78

Table 2 International comparison of combined degree of privity.

U.S. Canada U.K. Australia New Zealand France Germany

Privity √

Near-privity √ √

Restatement √

Reasonable foreseeability √

√ √ √ √ √

lack of convergence, despite mutual origin in British common law. Although common law in the United States is also rooted in British common law, auditor liability to third parties is state-specific and spans the gambit of all four levels of privity. Table 1 also shows that France and Germany have the highest level of auditors’ liability to third parties by virtue of France having case law that requires reasonable foreseeability, and Germany requiring contract with protective effect and implicit contract for information, both of which require reasonable foreseeability. Table 2 summarizes the degree of privity across countries. The U.S. has the widest range since auditors’ liability is essentially within state jurisdiction. In each of the other countries, a single standard prevails. Table 3 is a comparison of the legislation governing auditor liability to third parties and a summary of the legislative or non-legislative developments in the post-SOX era. Table 3 also summarizes the auditor liability regime (proportionate; joint-and-several). Table 3 shows that the U.S., Canada, the U.K., Australia and New Zealand have enacted legislation in response to SOX. The U.S. and Canada created new oversight bodies, the U.K. and Australia modified legislation, while New Zealand issued corporate governance guidelines from its Institute of Chartered Accountants. Table 3 illustrates that the civil law countries, France and Germany, have a higher standard than the other five common law countries, some U.S. states notwithstanding. In the five common law countries, new legislation appears to have indirectly increased auditors’ liability to third parties by imposing more regulations upon them. Alternatively, the new legislation may limit auditors’ liability Table 3 International comparison of legislation and professional pronouncements, post-SOX developments, and liability regimes. Legislation and professional pronouncements

Pos t-SOX developments

Liability regime

U.S.

Section 11 of 1933 S.A. Section 10b of 1934 S.A. FASB Guidelines

Sarbanes-Oxley Act (2002) Creation of PCAOB

41 states use proportionate liability

Canada

CBCA Provincial BCA’s

MI 52-109 MI 52-110

Proportionate liability under CBCA Proportionate liability under Ontario & Alberta Securities Acts

CICA Handbook

MI 52-111 NI 52-108 NI 58-101 NI 58-201 Creation of CPAB Proportionate liability and liability cap per Ontario & Alberta Securities Acts Section 5110 of CICA Handbook

Companies Act 1985

Companies Act (2006)

Four ways of imposing liability restrictions

U.K.

Companies Act 1989 Companies Act (2006) Australia

Corporations Act 2001 AASB AuASB CPA Australia ICAA

CLERP 9 (2004)

Proportionate liability

New Zealand

Companies Act 1993

Corporate Governance in New Zealand: Principles and Guidelines NZICA Report on Corporate Governance

Joint-and-several liability

ASRB of NZICA Codified Auditing Standards Audit Guidance Statements Quality Control Professional Standards Ethical Standards for Practicing Accountants France

Loi sure les Societies Commercials

Joint-and-several liability

Germany

Article 323 of the HGB

Joint-and-several liability

J. Chung et al. / Journal of International Accounting, Auditing and Taxation 19 (2010) 66–78

77

Table 4 Post-SOX changes to auditor liability to third parties. Quantitative

Qualitative-legislative SOX can expand auditor duty of care to third parties More auditor-attested disclosures on which third parties can rely

U.K.

Increase in civil and criminal penalties for SOX violations—$15M and $25M USD New liability cap—greater of $1M CDN and fees received in the preceding 12 months (Ont. & Alberta) None

Australia

New liability cap—$20 million AUS

CLERP 9 can expand auditor duty of care to third parties

U.S. Canada

None

New Zealand

None

Auditor guidelines can expand

France

None

None

Germany

None

None

to third parties by replacing a joint and several liability regime with a proportionate regime or a liability cap. France and Germany have not directly followed the lead of the common law countries by making legislative changes. Table 4 summarizes the quantitative and qualitative post-SOX developments for auditor third party liability. Two countries imposed financial caps on auditor liability to third parties: Canada and Australia. Australia ($20 M) has a fixed component, whereas Canada has a fixed ($1 M) and variable (varies with fees) component. Germany also has a liability cap, but it was imposed before SOX (Gietzmann & Quick, 1998; Nowak, 2001). The U.S. has increased its civil and criminal penalties for SOX violations, which affects auditor liability to third parties if auditors are negligent in their duties. While there have been no specific qualitative developments in auditor third party liability (e.g. common law or legislation), in most common law countries, auditor liability has been indirectly increased since the new legislation has broadened the disclosure requirements and otherwise increased the scope of information provided by auditors to third parties. In the U.S., the legislation increased the scope of third parties who could rely on auditor-provided information. 6. Conclusion This paper compares auditors’ liability in the post-Sarbanes-Oxley era for seven countries, with a specific focus on changes to auditor legal liability to third parties. Key pieces of legislation, relevant case law, and professional pronouncements and post-SOX developments are highlighted. The results of our analysis show that common law countries, in particular, Canada and the United States, have reacted swiftly to shareholders’ demand for a response to corporate failures by introducing immediate and comprehensive legislation that attempts to increase auditors’ liability to third parties. The U.K., Australia and New Zealand also responded with new legislation. France and Germany made no legislative changes or other responses to increase auditor liability to third parties. Our results are not surprising since France and Germany already have higher standards of reasonable foreseeability for auditors’ liability and are civil law jurisdictions, whereas the other five countries have lower standards for auditors’ liability and are common law countries. Perhaps the narrow French and German responses were in part because there were no corporate failures in the years succeeding the Enron collapse, although accounting irregularities were investigated. Our research not only describes the current state of affairs with respect to auditors’ liability across different national institutional contexts but also contributes to the discussion of how regulatory harmonization could be achieved for the purpose of fostering high standards of auditing to protect the public interest (Baker, Mikol, & Quick, 2001). The underlying legal system of a country should be a prime consideration if regulatory harmonization is attempted, because common law countries responded quickly and decisively, whereas civil-law countries were less apt to respond. Acknowledgements We appreciate the helpful comments of editor Kathleen Sinning, the journal’s anonymous reviewers, Sally Gunz, Maureen Gowing, and participants at the 2008 European Accounting Association annual conference and the 2007 Canadian Academic Accounting Association annual conference. We also wish to acknowledge funding provided by the Social Sciences & Humanities Research Council of Canada (SSHRC). References Arens, A. A., Best, P. J., Shailer, G., Fiedler, B., Elder, R. J., & Beasley, M. (2007). Auditing and Assurance Services in Australia: An integrated approach (7th ed.). French’s Forest: Pearson Education Australia. (Chapter 3) Arens, A. A., Elder, R. J., Beasley, M. S., & Splettstoesser-Hogeterp, I. B. (2006). Auditing and other assurance services (Canadian) (10th ed.). Toronto: Pearson Education Canada. (Chapter 4). Baker, C. R., Mikol, A., & Quick, R. (2001). Regulation of the statutory auditor in the European Union: A comparative survey of the United Kingdom, France and Germany. European Accounting Review, 10, 763–786. Baker, C. R., & Quick, R. (1996). A comparison of auditors’ legal liability in the USA and selected European countries. European Business Review, 96, 36–44. Barnes, J. A., Johnson, L. A., & Yarmus, J. S. (2004). Corporate Governance Reform in Canada. International Journal of Disclosure and Governance, 1, 260–269.

78

J. Chung et al. / Journal of International Accounting, Auditing and Taxation 19 (2010) 66–78

Baxt, R. (2005). The impact of CLERP 9 on the limitation of auditors’ liability. Company and Securities Law Journal, 23, 321–324. Blackier, J., & Paskell-Mede, M. (1999). Auditor liability in Canada: The past, present and future. University of New Brunswick Law Journal, 48, 65–94. Bush, T., Fearnley, S., & Sunder, S. (2007). Auditor liability reforms in UK and US: A comparative review. In Working paper. CLERP. (2003). CLERP (Audit Reform & Corporate Disclosure) Bill Commentary on the Draft Provisions–Corporate Law Economic Reform Program No. 9 (October 2003). Online: http://www.treasury.gov.au/documents/700/HTML/docshell.asp?URL=02 Introduction.asp Companies Act (2006). Online: . Deturbide, M. (1998). Liability of Auditors–Hercules Management Ltd. et al v. Ernst & Young et al (Case Comment). Canadian Bar Review, 77, 260–264. De Poorter, I. (2008). Auditor’s liability towards third parties within the EU: A comparative study between the United Kingdom, the Netherlands, Germany and Belgium. Journal of International Commercial Law and Technology, 3, 68–75. EU Study (in press). A study on the systems of civil liability of statutory auditors in the context of a Single Market for auditing services in the European Union. Online . Europa (2007). Auditors’ Liability: Commission consults on possible reform of liability rules in the EU. Online: . Gietzmann, R., & Quick, R. (1998). Capping auditor liability: The German experience. Accounting, Organizations and Society, 23, 81–104. Gilbertson, B., & Brown, A. (2002). Corporate governance in New Zealand. International Financial Law Review. In The IFLR guide to corporate governance (pp. 61–68). Gray, T. (2005). Canadian response to the U.S. Sarbanes-Oxley Act of 2002: New directions for corporate governance, PRB 05-37E. Ottawa, Canada: Parliamentary Information and Research Service, Library of Parliament. Grubbs, J. K., & Ethridge, J. R., Jr. (2007). Auditor negligence liability to third parties revisited. Journal of Legal, Ethical and Regulatory Issues, 10, 75–90. Heaton, N., & Wigston, A. (2006). Professional negligence: Pushing the limits. In The lawyer. June 26 (pp. 32–33). Khoury, L. (2001). The liability of auditors beyond their clients: A comparative study. McGill Law Journal, 46, 413–471. Köhler, G., Kai-Uwe, M., Quick, R., & Ruhnke, K. (2008). Audit regulation in Germany: Improvements driven by internationalization. In R. Quick, S. Turley, & M. Willekens (Eds.), Auditing, trust and governance: Regulation in Europe (pp. 111–143). Routledge: Abingdon. Lansley, A., Gibson, B., & Fogarty, M. (2002). Corporate governance in Australia. International financial law review. In The IFLR guide to corporate governance (pp. 33–40). La Porta, R., Lopez-de-Silanes, F., Shleifer, A., & Vishny, R. (1997). Legal determinants of external finance. Journal of Finance, 52, 1131–1150. La Porta, R., Lopez-de-Silanes, F., Shleifer, A., & Vishny, R. (1998). Law and finance. Journal of Political Economy, 106, 1113–1155. Nicholls, C. C. (2003). The Canadian response to Sarbanes-Oxley. Capital Markets Institute, Policy Comment. Online: http://www.rotman.utoronto.ca/ cmi/news/Canadian%20Response%20to%20SOX.pdf Nowak, E. (2001). Recent developments in German capital markets and corporate governance. Journal of Applied Corporate Finance, 14, 35–48. NZ. (2004). Corporate governance in New Zealand: Principles and guidelines. Online: http://http://www.seccom.govt.nz/publications/documents/governanceprinciples/index.shtml O’Leary, C. (1998). Auditors’ liability to third parties—The door remains open. Managerial Auditing Journal, 13, 521–524. Pacini, C., Hillison, W., & Sinason, D. (2000). Auditor liability to third parties: An international focus. Managerial Auditing Journal, 15, 394–406. Pacini, C., Martin, M. J., & Hamilton, L. (2000). At the interface of law and accounting: An examination of a trend toward a reduction in the scope of auditor liability to third parties in common law countries. American Business Law Journal, 37, 171–235. Pritchard, A., & Puri, P. (2006). The regulation of public auditing in Canada and the United States: Self-regulation or government regulation? Fraser Institute. Puri, P., & Ben-Ishai, S. (2003). Proportionate liability under the CBCA in the context of recent corporate governance reform: Canadian auditors in the wrong place at the wrong time? Canadian Business Law Journal, 39, 36–51. Quick, R. (1996). The legal liability of auditors in Germany. The European Accounting Review, 5, 507–521. Quinn, C., Rowe, P., & Linton, C. (2003). New Zealand Corporate Governance. International Financial Law Review. London: Corporate Governance Supplement. October 2003 (pp. 155–160). Robins, F. (2006). Corporate governance after Sarbanes-Oxley: An Australian perspective. Corporate Governance, 6, 34–49. Ryan, L. (2005). Corporate governance and business ethics in North America: The state of the art. Business and Society, 44, 40–73. Toda, M., & McCarty, W. (2005). Corporate governance changes in the two largest economies: What’s happening in the U.S. and Japan? Syracuse Journal of International Law and Commerce, 32, 189–231. Trakman, L. E., & Trainor, J. (2005). The rights and responsibilities of auditors to third parties: A call for a principled approach. Queen’s Law Journal, 31, 148–205. Watson, S. (1999). The application of “Common Sense” liability of auditors in New Zealand. Journal of Business Law, 43, 286–297. Watson, S. (2000). Liability of auditors to third parties in New Zealand, clarification at last. Journal of Business Law, 44, 52–57. Wegman, J. (2007). Impact of the Sarbanes-Oxley act on accountant liability. Journal of Legal Ethical and Regulatory Issues, 10, 1–16. Yeh, A. (2005). Should we have Sarbanes-Oxley rules in New Zealand? In Working paper. Victoria University of Wellington.