Auditor’s Liability

Auditors find themselves in a rather strange position in the sense that they are contracted to
perform a service for a company, but do not answer to that company. When dealing with the
liability of auditors we need to differentiate between the liability an auditor may have to the
company to which it is contracted and the liability it may have to a party entering into
contracts with the company on the strength of the auditor’s reports.
There are two bases on which an auditor may be liable to the company. Firstly, the auditor
may be contractually liable if it has breached the contract with the company. Secondly, it
could be liable to the company if its conduct constitutes a delict. So, there could be
contractual liability or delictual liability.
There is only way basis that a third party could hold an auditor liable. [In this context, a third
party refers to a person entering into contracts with the company to which the auditor
provides services.] That basis is on delict. A third party cannot hold the auditor liable for the
simple reason that the third party does not have a contract with the auditor.

Auditor’s Civil Liability to the Company

1. Contractual Liability
In order to hold an auditor liable for breach of contract, the company would have to show
that:
a) there was a contract;
b) a term of the contract was breached either by omission or commission; and
c) the company suffered a loss as a result of the breach.

It should be a relatively simple matter to show that there was a contract between the
company and the auditor.

Any party to a contract breaches that contract if they do not perform in terms of the contract.
It is important, therefore, to establish what the terms of a contract are in order to determine
whether they have been breached. It is often difficult or impossible to set out the terms with
absolute accuracy so that they cover all possible eventualities. In this context, the terms that
will be implied in the contract are that the auditor must perform the tasks reasonably
expected of an auditor and to perform them with a reasonable amount of accuracy and
prudence. Broadly, the auditor is expected to perform the tasks as set out in the Companies
Act and the Auditing Professions Act.

The terms of a contract can be breached by commission or omission. A breach by

commission would be a positive act by an auditor that it was not supposed to do in terms of
the contract. A breach by omission is committed when an auditor fails to do something that
it was contractually bound to do. It is important to note that, whether contractually or
delictually, an act can only be committed by omission where there is a duty to do something
and the wrongdoer, the auditor in this context, failed to do so.

It is a question of fact whether a company has suffered a loss as a result of the breach of
contract. In this regard a company can claim compensation in such an amount as would
place the company in the position it would have been had the auditor not breached the
contract.

Thoroughbred Breeders’ Association of South Africa V Price Waterhouse

TBA sued PW for damages arising from a breach of contract

TBA appointed a financial manager who stole from them; it appeared later that on his
appointment he already had a conviction for theft which TBA found out about and still
confirmed his appointment.
 TBA alleged that had PW exercised reasonable care in the execution of its audit the theft
would have been uncovered and subsequent theft avoided.

TBA claims all their losses as a result of the theft from PW.

PW denied liability stating that the losses arose as a result of TBA’s negligence in:
 appointing the financial manager;
 retaining him after they discovered his record; and
 failing to inform PW of his criminal record;
 failing to adequately control his activities.

Court held that having discovered that certain promissory notes recorded in the
accounting records did not exist PW should have realized that something was “seriously
out of kilter” and should have driven them to investigate deeper.
Had PW done so they would have uncovered the theft and prevented any further theft
from occurring.

PW further asserted that they were not at fault since the value of the promissory notes
was too low to be material.

The court found that the value of an irregularity is irrelevant and that having discovered an
irregularity PW should have investigated further

As such, PW breached its contract and was liable for the losses.

2. Delictual Liability

Delict is the means through which people are held liable to others for causing harm, whether
intentionally or not. It is used in many instances. It is not specific to auditors or even
Company Law. [You will remember that s77(2)(b) refers to delictual liability in circumstances
where a director fails to fulfil his duty to act with due care and skill.] In motor vehicle
accidents, for instance, the wrongdoer will be held liable for the damages done to the vehicle
of the innocent party using the law of delict.

There are 5 elements that must all be present in order to hold someone delictually liable. If
one of the elements is absent liability cannot be imputed. In general the purpose of the
elements collectively is to systematically establish that a person did something negligently,
and that it caused someone else financial loss.

The elements are:

a) Act or omission;
b) Wrongfulness;
c) Fault;
d) Loss; and
e) Causation.

The elements are independently assessed and then collectively applied afterwards to
determine whether there was delictual liability.

a) Act or omission
This element is fulfilled if the wrongdoer, the auditor in this context, actually did something.
At this stage the question of whether he did something wrong or whether it caused loss is
irrelevant. An act can be committed by omission if there is a positive duty on the auditor to
do something and he failed to do it. There cannot be talk of an act by omission if there is not
a positive duty to do something.

Auditing Profession Act, 2005

Duty to report on irregularities

45. (1) (a)An individual registered auditor referred to in section 44(1)(a) of an entity that is satisfied
or has reason to believe that a reportable irregularity has taken place or is taking place in respect
of that entity must, without delay, send a written report to the Regulatory Board.

(b) The report must give particulars of the reportable irregularity referred to in subsection (l)(a) and
must include such other information and particulars as the registered auditor considers appropriate.

“reportable irregularity” means any unlawful act or omission committed by any person responsible for the
management of an entity, which —
(a) has caused or is likely to cause material financial loss to the entity or to any partner, member,
shareholder, creditor or investor of the entity in respect of his, her or its dealings with that entity; or
(b) is fraudulent or amounts to theft; or
(c) represents a material breach of any fiduciary duty owed by such person to the entity or any partner,
member, shareholder, creditor or investor of the entity under any law applying to the entity or the conduct or
management thereof.

(2) (a) The registered auditor must within three days of sending the report to the Regulatory Board
notify the members of the management board of the entity in writing of the sending of the report
referred to in subsection (1) and the provisions of this section.

(b) A copy of the report to the Regulatory Board must accompany the notice.

(3) The registered auditor must as soon as reasonably possible but no later than 30 days from the
date on which the report referred to in subsection (1) was sent to the
Regulatory Board-
(a) take all reasonable measures to discuss the report referred to in subsection (1) with the
members of the management board of the entity;
(b) afford the members of the management board of the entity an opportunity to make
representations in respect of the report; and
(c) send another report to the Regulatory Board, which report must include-
(i) a statement that the registered auditor is of the opinion that-
(aa) no reportable irregularity has taken place or is taking place; or
(bb) the suspected reportable irregularity is no longer taking place and that
adequate steps have been taken for the prevention or recovery of any loss
as a result thereof, if relevant; or
(cc) the reportable irregularity is continuing; and
(ii) detailed particulars and information supporting the statement referred to in
subparagraph (i).

(4) The Regulatory Board must as soon as possible after receipt of a report containing a statement
referred to in paragraph (b)(i)(cc) of subsection (3), notify any appropriate regulator in writing of the
details of the reportable irregularity to which the report relates and provide it with a copy of the
report.

(5) For the purpose of the reports referred to in subsections (I) and (3) a registered auditor may
carry out such investigations as the registered auditor may consider necessary and, in performing
any duty referred to in the preceding provisions of this section, the registered auditor must have
regard to all the information which comes to the knowledge of the registered auditor from any
source.
Section 45(1)(a) places an obligation on an auditor to report any reportable irregularity. This
creates a positive duty on the part of the auditor to do so, should an auditor fail to report a
reportable irregularity the auditor would be committing an act by omission.

Note that the question is only whether the auditor committed an act, not whether the act was
wrongful, negligent or that it caused harm to anyone. That comes later.

b) Wrongfulness
This element is often misunderstood and form a central part of the liability, or lack thereof,
with regard to the liability of auditors. The wrongfulness of actions is tested against the boni
mores of society. Boni mores directly translated from Latin means “good morals”. In
essence, the act is wrongful if society considers it to be wrongful. We need to be very careful
not to confuse the assessment of fault when applying the wrongfulness test. Wrongfulness
is assessed objectively, meaning that the act is stripped of its context and judged simply on
its own merits.

By way of example, assume that a company contracted with a security firm to supply a guard
to protect its premises. One night a number of people appear wearing police uniforms and
present the guard with what purports to be a warrant. The guard allows them entry and they
rob the premises. The question arises as to whether the guard’s actions were wrongful. The
guard’s actions need to be judged objectively. Wrongfulness is assessed retrospectively
with all the knowledge and facts that may have emerged after the fact. Objectively, the
guard allowed robbers onto the premises he was supposed to protect. It is irrelevant to this
enquiry at this stage that the guard did not know that they were robbers. In the light of this, it
is undeniable that his actions were wrongful. It is tempting to argue that he may have
reasonably thought that they were police officers, and that assessment may well be correct,
but that investigation will be done under the element of fault. For now, it is sufficient that it is
established that the act is wrongful.

c) Fault
There are two types of fault, namely; intention and negligence. Intention refers to the
subjective state of mind of the wrongdoer, the auditor. In other words, the auditor knew that
what he was doing was wrong but did it in any case. He purposely/intentionally, for
example, certified as accurate financial statements that he knew to be inaccurate.

More commonly, with delictual liability we are concerned with negligence. A negligent act is
an act that is not intentional, but a reasonable person would not have committed such an
act. Central to the test is the concept of the reasonable man. The reasonable man is not
perfect nor is he reckless. Broadly speaking, that actions of the wrongdoer will be tested
against the notional actions of the reasonable man, if found wanting, the wrongdoer’s actions
will be considered to be negligent.

The test for negligence has two elements:

(i) The foreseeability that harm may arise from the act; and
(ii) Taking precaution to prevent the harm.

The first leg asks the question whether the reasonable man would have foreseen the harm
that arose out of the act. If, in this context, the auditor did not foresee that his actions may
cause harm where a reasonable man would have foreseen the harm, the auditor’s actions
are negligent.

If the auditor did foresee that harm may ensue from his actions the next question is whether,
having for seen the harm, a reasonable man have taken precautions to prevent the harm
from occurring. If a reasonable man would have taken such precautions and the auditor did
not, the actions of the auditor are negligent.

Section 46(2) specifically requires that fault is present before an auditor may be held liable.
Note that this subsection refers to liability to both the company and third parties.

Auditing Profession Act, 2005

Limitation of Liability

46(2) In respect of any opinion expressed or report or statement made by a registered auditor in
the ordinary course of duties the registered auditor does not incur any liability to a client or any third
party, unless it is proved that the opinion was expressed, or the report or statement made,
maliciously, fraudulently or pursuant to a negligent performance of the registered auditor's duties.

d) Loss
Loss literally refers to the objective fact that a client/company has lost money.

e) Causation

The element of causation is the link between the wrongful, negligent act on the one side, and
the loss on the other. Simplistically put, we are trying to show that the act of the auditor
caused the loss for the company. If the actions of an auditor did not cause anyone to suffer a
loss, there is no justifiable reason to expect him to compensate the company. The mere fact
that a company has suffered a loss does not mean that the auditor caused that loss.

The test for causation has two legs. Firstly, it needs to be established that he wrongdoer’s
actions are a factual cause of the loss. With factual causation we use what is referred to as
the condictio sine qua on, literally translated as the condition without which. For this test, we
ask whether the loss would still have occurred if the auditor had not acted negligently. In
other words, if the auditor had acted in the manner that is expected of a reasonable auditor,
would the company still have suffered a loss? If the answer is yes, then the actions of the
auditor did not cause the loss since there must have been another cause.

Applying factual causation only can lead to absurdities. Using an example from criminal law,
if B stabs A, B caused A’s death.

Since B borrowed the knife from C it stands to reason that, factually, C also caused A’s
death because if C did not lend a knife to B (condictio sine qa non), B would not have been
able to stab A. If C had bought the knife from Checkers, then Checkers also caused A’s
death because if Checkers had not sold the knife to C, C would not have been able to lend it
to B and, consequently, B would not have been able to stab A to death. We have a very long
chain of factual causation. Clearly, the law will not countenance such a long chain. The
question is how we shorten the chain to hold only those responsible who are actually
blameworthy.

There is a secondary test to be applied after it has been established that there is a factual
causal link between the wrongdoer’s actions and the harm, or loss in this case. Legal
causation is the means that we use to shorten the chain. Legal causation gives us reason
on the basis of which we can conclude that certain people are the legal cause of the loss
and are therefore blame worthy. Broadly we use two concepts’ namely; remoteness and new
intervening acts.
Remoteness refers to the proximity of the act to the harm/loss. In our example above,
common sense tells us that the actions of C and Checkers are too remote from the harm for
them to be the legal cause of the harm.

New intervening acts can also serve to break down the chain of causation. For example,
assume that A survived the stabbing, but is dying. If an ambulance arrives to take C to the
hospital and the ambulance is in an accident on the way in which A died. The actions of the
person causing the accident caused the death of A, not B. So the actions of the person
causing the accident intervened in the chain of causation leading to B. Of course, B could be
charged with attempted murder, but not murder since B did not cause A’s death.

International Shipping Co v Bentley 1990 (1) SA 680 (A)

Facts
The appellant, International Shipping, a company carrying on the business of financiers and shippers, agreed
to make certain financial facilities available to the D Group of companies in early 1976. The respondent,
Bentley, was appointed auditor to the D Group in November 1977. In March 1979, Bentley issued reports in
respect of the financial statements of each of the companies comprising the D Group, as well as its financial
statements, for the year ending 20 December 1978. In each of these reports, which were not qualified in any
way, Bentley stated that he had examined the financial statements in question and had complied with the
requirements of section 300 of the Companies Act, and that, in his opinion, the statements fairly represented
the financial position of the company as at 20 December 1978, and the results of its operations for the period
then ended, in the manner required by the Companies Act.

International Shipping continued to provide these financial facilities until the liquidation of the companies
comprising the D Group in April 1981. At the time of such liquidation, the total indebtedness of the D Group to
International Shipping amounted to R977,318, of which only the sum of R593,826 was recovered. International
Shipping thus sustained a loss in the amount of R383,492.

In April 1982, International Shipping instituted an action for damages against Bentley in a Local Division,
alleging
 that the aforementioned financial statements were materially false and misleading in a number of
respects; [wrongful act]
 that, in so reporting, Bentley had acted fraudulently or, alternatively, negligently towards International
Shipping, which had relied thereon in reviewing and deciding to maintain and increase the facilities
accorded to the D Group; [Fault]
 that, had the 1978 financial statements fairly presented the financial position of the D Group and its
constituent companies, International Shipping would have terminated the facilities and have required
the Group to make good its indebtedness; [Causation]and
 that the loss sustained by International Shipping constituted damage which Bentley was accordingly
liable to compensate it. [Fault]
The action was dismissed by the court a quo.

Judgment
International Shipping thereafter brought the instant appeal in which the court held
 that the financial statements were, to some extent, false and misleading;[wrongful act]
 that there was no reason for interfering with the court a quo's finding that fraud had not been
established; but
 that negligence had been established in regard to some aspects of the financial statements; and
 that unlawfulness had been established in that it could not be said that Bentley had properly
complied with his statutory duties in terms of the Companies Act.
The only remaining issue was that of causation.

As far as factual causation was concerned, the court held that the respondent's negligent report on the 1978
financial statements unquestionably constituted a causa sine qua non of the appellant's loss, since a proper
and non-negligent performance of his duties as auditor would have obviated the appellant's ultimate loss. With
regard to legal causation, the court held that there were a number of factors which tended to separate cause
and effect in the instant case, viz
 the time factor, in that two years had elapsed between the respondent's reporting and the loss;
 the decision by the appellant to provide a support programme for the D Group at a stage when it
already knew that the Group's financial situation was fairly bleak;
 the fact that the appellant allowed the D Group's indebtedness to escalate;
 the changed relationship between the parties as a result of the implementation of the support
programme, in that the appellant and the D Group ceased to deal at arm's length with each other,
 and the appellant became intimately involved in the administration (or lack thereof) of the D Group;
 the fraud committed by the managing director of the D Group, which played an important part in
causing the financial loss which the appellant ultimately incurred;
 the fact that, to some extent, the appellant did not rely on the 1978 financial statements prepared by
the respondent; and, lastly,
 the foreseeability of the support programme.

The support programme amounted to uninhibited lending to the D Group without added security, which was
the real cause of the appellant's loss. Such a situation was hardly foreseeable in March 1979.

The court held, further, having regard to the above-mentioned factors, that the ultimate loss suffered by the
appellant was too remote for legal liability on the respondent's part to arise. The appeal was accordingly
dismissed and the decision in the Witwatersrand Local Division, in International Shipping Co (Pty) Ltd v
Bentley, confirmed.

Auditor’s Civil Liability to a Third Party

Auditors cannot have any contractual liability to third parties for the simple reason that they
have no contract with third parties; third contractual relationship is with the company.
Therefore, the only basis for liability is delictual.

The elements of delict that apply to the liability of auditors to companies apply in precisely
the same way except for the element of wrongfulness. Section 46(3) of the Auditing
Profession Act serves to limit the circumstances in which an auditor’s actions will be
considered wrongful, thereby severely limiting the circumstances under which auditors will
be held liable to third parties. It is crucial to note that s46(3) does not apply to auditor’s
liability to the company to which they are contracted.

Auditing Profession Act, 2005

Limitation of Liability
46(3) Despite subsection (2), a registered auditor incurs liability to third parties who have relied on
an opinion, report or statement of that registered auditor for financial loss suffered as a result of
having relied thereon, only if it is proved that the opinion was expressed, or the report or statement
was made, pursuant to a negligent performance of the registered auditor's duties and the registered
auditor-
(a) knew, or could in the particular circumstances reasonably have been expected to know,
at the time when the negligence occurred in the performance of the duties pursuant to
which the opinion was expressed or the report or statement was made-
(i) that the opinion, report or statement would be used by a client to induce the
third party to act or refrain from acting in some way or to enter into the specific
transaction into which the third party entered, or any other transaction of a similar
nature, with the client or any other person; or
(ii) that the third party would rely on the opinion, report or statement for the purpose
of acting or refraining from acting in some way or of entering into the specific
transaction into which the third party entered, or any other transaction of a similar
nature, with the client or any other person; or

(b) in any way represented, at any time after the opinion was expressed or the report
or statement was made, to the third party that the opinion, report or statement was correct,
while at that time the registered auditor knew or could in the particular circumstances
reasonably have been expected to know that the third party would rely-on that
representation for the purpose of acting or refraining from acting in some way or of entering
into the specific transaction into which the third party entered, or any other transaction of a
similar nature, with the client or any other person.

(4) Nothing in subsections (2) or (3) confers upon any person a right of action against a registered
 auditor which, but for the provisions of those subsections, the person would not have had.

That s46(3) applies only to the element of wrongfulness is clear since the preamble of the
section assumes the presence of all the elements other than wrongfulness. Causation is
referred to by the use of the words “as a result of having relied”.

For an auditor to be liable to a third party, subparagraph (a) requires that the auditor knew
(or could reasonably be expected to know) at the time that they made the report (at which
time the negligence occurred), that the company would use the report to convince a third
party to enter into a contract with the company or that the third party would specifically rely
on the report to make a decision to enter into a contract with the company. Subparagraph (b)
deals with the situation where the auditor did not know at the time of drafting the report that a
third party was going to rely on the report, but finds out later that this is the case. In this case
it is wrongful if the auditor, on finding out that someone will rely on the report, expresses an
opinion that the report is correct.

Please note that s46 does not create liability for the auditor, it merely limits the application of
delictual liability by limiting the circumstances under which the auditor’s actions are wrongful.

Ultimately, an auditor’s actions are wrongful if he drafted them of said they were accurate
and reliable when he knew someone would rely on them. All the other elements of delictual
liability must also be present. Since delictual liability relies on all the elements being shown,
the lack of one of those elements means that the auditor is not delictually liable to a third
party. Therefore, an auditor will not incur any liability to a third party if they perform their
tasks in the normal course of events and do not know that a specific third party will rely on
the report. The fact that auditors know in general terms that people will rely on their reports
in insufficient. To be liable the auditor must know that a specific third party will rely on the
report for a specific purpose.