The July issue of Accounting Today makes important points about accounting risk for failure to detect and report fraud. Sarah Ference, Risk Control Director for CNA, notes that while CPA engagements are not typically designed to detect or report fraud, most clients, and perhaps most jurors, think CPAs should always be on the lookout for fraud. 25% of claims arising from audit and attest engagements allege that the CPA failed to detect and report fraud. 6% of tax service claims also allege a failure to detect and report fraud. Ms. Ference notes the importance of engagement letters to manage expectations and, where appropriate, disclaim reliance. Mission creep, of course, can render the best engagement letter ineffective. Finally, the article suggests that anything sinister or unusual observed during the engagement should be reported in writing to the client. The disconnect between client/juror expectations and an accountant’s scope of engagement will apparently always be with us. Paying attention to potential fraud and reporting it may help your accounting firm avoid becoming a data point in the claims statistics.
I was fortunate to attend and speak on a panel at the CLM Annual Conference in Houston last week. I thought I would pass along a few takeaways from the professional liability sessions I attended.
- The increase in autonomy for “Physician Extenders” (CRNA, NP, PA, midwives) likely comes with increased liability risk to them. Analyzing contracts with the supervising physician, actual supervision of the physician extender, whether the extender’s liability insurance coverage matches the realities of their practice, and whether the extender will be held to the physician standard of care are all important considerations in advising and defending a physician extender.
- Lawyers must embrace Artificial Intelligence in analyzing cases and use it to their advantage. They must be prepared to discuss why the data is or is not accurate and how it can be applied to a specific case.
- Don’t forget about paper and unsaved emails in the “high-stakes” insurance broker case. The tendency may be to focus on ESI due to the vast amount of documentation in a multi-million dollar claim. But a hand-written note documenting a meeting or phone call, or an email that was not saved to the client file could be the key piece of evidence to support the broker’s position that a coverage was refused or a particular risk was discussed.
- High exposure does not necessarily translate to the existence of a special relationship with an insurance broker. Key factors to address in opposing a special relationship finding are:
- Other brokers involved/seeking competing bids
- Criticism or questioning of the broker by the client
- The sophistication of the client and autonomy in decision-making
- Cyber-attacks and data breaches pose an increasing risk to professionals such as lawyers, accountants, insurance agents, and medical professionals, who possess a significant amount of potentially valuable data.
- As the sophistication of the attacks has increased, so has the variety in available insurance coverages.
- Make sure that your firm and your clients have adequate coverages to address the wide range of cyber risk to you and your clients.
- The sooner you respond to a cyber-attack, the better, starting with reporting it to your insurance carrier who likely has the resources to assist with addressing the issue.
Today the CPA Dailey Letter (citing CBS News and the IRS) warned against phishing attacks on accounting firm computer networks resulting in stolen data and fraudulent tax returns. We helped an unfortunate client facing this problem last year. They merged in a smaller firm in the middle of busy season and didn’t get the small firm converted to the large firm’s computer system quickly enough. Imagine a hacker getting copies of all your clients’ 2016 returns and then using your clients’ data to file fraudulent 2017 returns seeking big refunds. You and your clients learn about the problem when notices start drifting in from the IRS rejecting returns that seek 7 figure refunds. Eventually you get such a notice for every one of your tax return clients. You have to call each and every one of them to tell them that fraudsters have all their personal information from the return. Fraudulent tax returns may just be the beginning of their identity theft problems. This problem could really ruin your quarter and your year. Keep your software updates current and do some simulated attacks to protect your clients and your firm.
Earlier this week the Wall Street Journal and others reported that KPMG had hired former PCAOB staffers to reveal the secret list of KPMG audits that the PCAOB would examine. The article reported that the SEC had indicted 5 former KPMG employees including 3 former partners for fraud. KPMG apparently discovered the scheme in March of 2017 and self-reported. Allegedly almost half the 2013 KPMG audits reviewed by the PCAOB in 2014 had been found deficient and the firm felt pressure to improve its audit quality. The partners charged included those formerly in charge of national audit quality and another responsible for inspections.
A few days later GE announced an SEC probe of its accounting practices along with a restatement of its 2016 and 2017 financial results. At least part of the problem arises from revenue recognition issues in its jet engine and power turbine business. Other problems stem from charges in its long term care insurance business. Together the adjustments may total over 21 Billion dollars. KPMG has served as GE’s auditor since 1909.
These articles highlight the challenges even the largest audit firms face in detecting material misstatements in a client’s financials. We face increasing complexity in public company financials and auditors are struggling to keep up with the standards in a difficult environment.
Matt Gass and Joe Kingma won a motion to dismiss against a seller after a deal fell through. The seller alleged malpractice, misrepresentation and intentional interference; essentially that the purchaser wanted to get out of their agreement and used the accountant to achieve that result. Joe and Matt filed an early motion to dismiss and prevailed on all the claims.
Claims arising from the accountant’s role in mergers and acquisitions are definitely on the rise, and we are handling several more of those now, so check back for updates.
Causation continues to be one of the toughest hurdles for clients suing their former lawyers. In legal malpractice cases arising from litigation, one element of a plaintiff’s case will be the merits of that underlying litigation. If the underlying case was unwinnable, then losing is not malpractice. Relying on this rationale, Georgia courts have been frequently dismissing malpractice cases. Sometimes an attorney’s best defense is to attack the merits of the underlying claims he or she had previously argued in favor of.
In Benson et al. v. Ward, the Georgia Court of Appeals held that a defendant attorney was entitled to summary judgment in a legal malpractice lawsuit because his former client could not show that the trial court abused its discretion dividing marital property. The plaintiff’s lawyer failed to timely file an appeal of the divorce decree. Because the trial court has broad discretion in how it divides marital property, the plaintiff couldn’t meet the high burden of showing that the division would have been reversed if the appeal had been properly filed.
In McDonough v. Taylor English Duma, LLP, the Georgia Supreme Court affirmed the dismissal of a legal malpractice lawsuit based on Georgia’s non-assignment statute (O.C.G.A. § 44-12-24). The plaintiff was a successor in interest to a bank on a note and guaranties that sued the guarantor for fraudulently transferring property to his wife. The plaintiff’s attorney did not add the wife to the lawsuit before she transferred the property to a bona fide purchaser. As a result, the plaintiff couldn’t execute the judgment against the transferred property. The Court held that the plaintiff could not have prevailed on the fraudulent transfer claim because a right of action for fraud is not assignable. Because the fraudulent transfer claim was not viable, the legal malpractice claim also failed.
It is important, however, to note that the Georgia legislature has passed the Uniform Voidable Transfer Act, which expressly allows assignees to pursue fraudulent transfer claims. Even so, the McDonough decision is a good reminder that a valid defense to the underlying claims can sever proximate cause in the legal malpractice lawsuit.
These cases emphasize that the viability of underlying claims are often the lynchpin in legal malpractice lawsuits. Once a legal malpractice lawsuit is filed, however, an attorney needs to be comfortable switching from offense to defense. This can put attorneys in the awkward spot of challenging their own positions they had taken representing their former client. As the Georgia courts continue to show us, attacking proximate cause due to failures of the claims underlying the legal malpractice lawsuit can often be the best defense.
October 2017 has been an interesting month for cases involving waiver in the courts of Georgia. These cases are important reminders that legal rights may matter, but a party’s conduct matters more. They underscore the fact that almost anything is waivable in the right circumstance. Waiver is a fancy word for giving parties what they said (or acted like) they wanted or at least accepted, despite changing their minds at some later point.
In Department of Labor v. Preston, No. 17–10833 (11th Cir. Oct. 12, 2017), new Circuit Judge Kevin Newsom writes an interesting opinion on ERISA’s statute of repose (That’s not a thought you would expect to have about an ERISA case, but Judge Newsom is already making a name for himself rendering interesting usually mundane statutory issues.) In concluding that ERISA’s statute of repose is subject to waiver, the Court collected a list of many waivable “rights,” including the Fourth Amendment right to be free from unreasonable searches, the Fifth Amendment right against self-incrimination, and the Sixth Amendment right to assistance of counsel. The opinion concludes: “It would be passing strange—bizarre, in fact—to conclude that while a litigant can renounce his most basic freedoms under the United States Constitution, he is powerless to waive the protection of . . . ERISA’s statute of repose. No way.” No way, indeed.
This Eleventh Circuit case pairs well with an opinion out of the Georgia Court of Appeals to underscore the concept of waiver, even of the unwaivable. In Zelda Enters., LLLP v. Guarino, 2017 Ga. App. LEXIS 447 (Oct. 4, 2017), the Georgia Court of Appeals reminded us that even non-waivable conflicts of interest are waivable in the course of litigation. The Court noted that the Rules of Professional Conduct—which prohibit waiver of certain conflicts of interest among lawyers and their clients—does not control the decision of whether a client subsequently waives the ability to have a lawyer disqualified in a legal proceeding by delaying in seeking disqualification. In sum, the Court seems to have caught on to the fact that litigants are trying to use tenuous connections with counsel to achieve litigation advantage by seeking disqualification of a party’s lawyer of choice, often after months or years of litigating without raising the issue.
To conclude, legal rights are great. But almost all of them can be waived either expressly in writing or by virtue of a party’s conduct in litigation, and courts are increasingly attuned to hyper-technical lawyering seeking to avoid the consequences of a party’s earlier actions. For the moment, substance prevails over form.
1. Cyber Insurance is cheap and important to protect against risks not covered by E&O. Work with a knowledgeable broker and insurer and buy the coverage because the risk is real and growing.
2. Make sure your engagement letter includes:
• a specific description of the work you will do;
• limitation of damages provision where not precluded by standards;
• indemnification where not prohibited by standards;
• disclaimers where appropriate ( i.e. AUP’s);
• jurisdiction, venue and choice of law provisions; and
• a provision for the client to pay for time and expense you incur for subpoena compliance.
Watch out for client changes including cyber representations and indemnifications of any kind.
3. Evaluate the risk to your firm before responding to subpoenas or document requests. Consultation with your insurer or outside counsel may be time well spent. The risk runs from minimal to existential and different risks require different responses.
4. You save money by not engaging with bad clients. Red flags include:
• financially stressed or unprofitable clients;
• clients whose work you are not really equipped to handle;
• clients whose interests conflict with other clients; and
• clients who lack management integrity.
These all should be evaluated for disengagement. Consider firing your bottom 5 or 10% and investing those resources into developing better opportunities.
5. All of us have clients who present some special risk. Do what you can to mitigate that risk with:
• thorough client acceptance procedures;
• engagement letters;
• robust conflict analysis; and
• continuous reevaluation.
Employ detailed financial management including precise billing entries, timely billing and early AR follow-up in order to spot problems quickly.
As public offerings have gotten more complex and expensive, capital has flowed to non-public securities. Consequently, the exempt securities market has expanded and increased in complexity and risk. Issued on July 27, 2017, SAS 133 is intended to provide guidance to bring auditing consistency across offerings and increase public confidence in the presentation of financial information.
Beginning with offerings made in June 2018, this new standard will apply when audited financials are used in connection with exempt securities offerings. Common exemptions involve private placements, municipal securities, not-for-profit securities, new crowd-funding and Regulation A offerings, and franchise offerings. Thus, heightened audit procedures will be the rule rather than the exception, applying in some form to both private and public capital raising efforts.
SAS 133 will apply when an auditor is “involved” in an exempt offering. Being involved has two components: (1) the auditor’s report is included or referenced in the exempt offering document and (2) the auditor performs specific activities with respect to the offering document like reading the offering materials, offering a comfort letter, or agreeing to allow the use of the report in connection with the offering. These requirements are designed to protect auditors from fallout from the use of their audits in connection with exempt offerings without their knowledge.
Among other things, SAS 133 will import the requirements AU-C Section 720 regarding “other information in documents containing audited financial statements” and AU-C Section 560, which requires auditors to consider whether events after the report would cause the auditor to revise the report.
This new auditing standard will require auditors to pay attention to two related developments. First, auditors will have to be more attuned to which transactions count as securities. For example, the SEC recently decided that offering cryptocurrency is a securities offering requiring registration or exemption. Second, auditors will have to consider how closely to hue to GAAP and the FASB’s auditing standards, which are not yet mandatory but do influence how disappointed investors seek redress for failed investments. For more information on non-GAAP accounting and the state of the industry, see our video here.
If you did not believe it before, you can believe it now—Ponzi-scheme cases make bad law. On July 5, 2017, the Eleventh Circuit decided Furr v. National Union Fire Insurance Company of Pittsburgh (No. 15-14716), in which the court considered the impact of a “professional services” exclusion in a bank’s executive and organization liability insurance policy.* The court held that there was no coverage for anyone because some of the claims asserted were related to the professional services that the bank rendered to the Ponzi scheme. In denying coverage to everyone, the court reviewed this exclusion:
The Insurer shall not be liable to make any payment for Loss in connection with any Claim made against any Insured alleging, arising out of, based upon, or attributable to the Organization’s or any Insured’s performance of or failure to perform professional services for others, or any act(s), error(s) or omission(s) relating thereto.
The court upheld coverage denial (1) because the policy did not contain a severability provision and (2) because the text of the exclusion prohibited payment if a claim is made against any insured who performed or failed to perform professional services. To be clear: if anyone was a professional subject to a claim (or performing professional services), no one gets coverage, even non-professionals.
This has two important consequences: First, if a claim is made under a policy with similar contents, then claiming a legal, accounting, or medical error will jeopardize coverage for everyone. Second, and perhaps more importantly, this particular policy evidently does not protect a bank from claims arising from banking services because those services are professional enough to be encompassed by the exclusion.
Exclusions like the professional services exclusion (and the personal injury exclusion) are designed to keep claims inside the appropriate policy and preclude doubling-up on coverage across multiple policies. That is fair. A D&O policy shouldn’t cover personal injury—that is the role of the general liability policy. But excluding coverage based on a bank’s banking services seems to have left the bank’s executives without any coverage. That is a harsh result.
I do not mean to sound shrill, but everyone should look at their policies and make sure that they actually have the coverage that they intend to have both from the perspective of whether the company’s services would be included in the “professional services” exclusion and to make sure that an errant claim touching on a professional’s work inside the business does not jeopardize coverage for everyone.
* I have not actually seen the policy, but this “executive and organizational” policy sounds more like a Director & Officers (D&O) policy than an Errors and Omissions (E&O) policy.