Liability caps, those limits placed on auditors' responsibility to a company in the event of an audit disaster, have generated plenty of controversy since they first surfaced late in 2005. I was surprised by the mail reaction to a couple of postings I made here. (If you care to review, just see the new link at right, "Liability Caps.")
They'll be in the news again, I suspect. Not because of new revelations of widespread use of these auditing equivalents of prenuptial agreements - but because the Public Ccompany Accounting Oversight Board is taking up the issue with its Standing Advisory Group, indicating that the Board is giving it serious consideration and will likely weigh in on it eventually. The Standing Advisory Group will be meeting on February 9; the last thing they'll discuss that day is whether or not liability limits in audit engagement letters have an effect on auditor independence. Here's a link to the discussion background materials.
The PCAOB isn't the first regulator to take up the issue. Last June, the Federal Financial Institutions Examination Council came out strongly against practically any kind of limitation on auditor responsibility through engagement letters. Their hard-linecomment document is still a work in progress; no formal policy has been issued yet. When they do, it'll affect firms that report under the auspices of the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS).
While it's not a regulator, the Professional Ethics Executive Committee of the American Institute of CPAs also exposed a comment document regarding liability caps; in fact, they're debating the comments received on it this afternoon and deciding to issue a decision. As you can see from the PCAOB's backgrounder, they examined the same kinds of liability limitations as the FFIEC. With regard to many of the kinds of limitations, the two bodies were in surprising agreement. (For instance, both agreed that auditor indemnification against claims based on the audit client's negligence would not be a good thing for auditor independence.) In other areas, the AICPA was more favorably disposed to allowing limitations while the FFIEC was not. (Example: clauses that limited punitive damages were okay with the AICPA, but not the FFIEC.)
Another party has chipped in its two cents: the U.S. Chamber of Commerce. In the their position piece, "Auditing: A Profession At Risk," they argue for the creation of a system of alternative dispute resolution and criticize calls by the SEC and banking regulators (read as the FFIEC) for the toning down of liability caps as "misplaced regulatory overreach."
So - what's next?
The PCAOB, as mentioned, appears to be readying a response to the issue; you just don't put these kinds of things before the advisory group just to kill time. The FFIEC is readying their policy too - but hopefully, these two groups will see eye-to-eye on what kind of liability limitation is acceptable and develop similar policies. Otherwise, auditors of publicly-traded financial institutions will be subject to different constraints than auditors of publicly-traded nonfinancial institutions. A statement of the obvious: if limiting the prevalence of liability caps is a good idea for one kind of publicly-traded company, then why isn't it a good idea for all kinds of publicly-traded companies? Besides, whenever there's a difference in rules covering essentially the same kind of behavior, there's a possible arbitrage opportunity. It's not yet obvious what would develop here, but there's bound to be a clever lawyer who could figure a way to exploit the difference in the two sets of rules to create an unintended consequence.
As for the AICPA: their ruling would govern the auditors of nonpublic companies - some of which would come under the umbrella of FFIEC. So differences between the FFIEC rules and the AICPA rules could also create differences in engagement letters for financial institutions and nonfinancial institutions.
The question that comes to mind in all of this: is this trip necessary?
Or maybe: what's all of this worth to the auditors? None of the permutations of audit liability caps mentioned in the PCAOB backgrounder are going to absolve them of their liability to injured parties in the event of a colossal audit failure. In the auditing profession, appearances count - and with the liability cap issue, the profession is not making itself appear as strongly independent, even if the covered auditors are independent in fact. Liability caps won't help them cement credibility in the marketplace. If they are merely tinkerings at the edges of their responsbilities, is it worth looking seedy to the shareholders that hire them?