UK: The Company Law Reform Bill: Auditors’ Liability and Audit Quality - Part 1

By Elizabeth O'Connell and Richard Curd

A New Year and a brighter future for Auditors and their Insurers?

In March 2005, the DTI published a White Paper on Company Law Reform. After a lengthy consultation period, the Company Law Reform Bill was published on 3 November 2005 aimed at simplifying and improving company law. The provisions in the Bill relating to the audit profession are aimed at:

• The maintenance of a strong and complete audit market

• An anticipated increase in competition between audit firms in

• key business sectors as smaller audit firms seek appropriate

• opportunities for expansion

• Further strengthening in the quality of British audit

When the legislative process is completed the Company Law Reform Act 2006 is expected to come into force in 2007; in the meantime both auditors and their insurers will be discussing the significance of the reforms which are now proposed following a debate which has lasted several years.

The audit profession has been campaigning heavily for the reform of section 310 Companies Act 1985 and the replacement of joint and several liability (which has exposed auditors to 100% of the damages even when only 1% at fault) with "full proportionate liability", and the statutory right to negotiate liability limits with their audit clients; from a commercial perspective, it was also argued that a cap on auditor liability would increase market competition because it would lead to:

• A reduction in barriers to entry and growth facing smaller audit firms

• The maintenance of competition between larger audit firms including non-audit work

• Less risk of collapse of one of the Big Four

In the 1990s the Law Commission and the DTI concluded that it would be inappropriate to consider the introduction of full proportionate liability for auditors in isolation from a comprehensive reform on the law of negligence but the issue of limiting auditors' liability has continued to be hotly debated.

Part 16, chapter 6 of the Bill is therefore a welcome development for the audit profession as it makes it possible for auditors to limit their liability by agreement with a company on an annual basis, but the agreement will not be effective if it is not "fair and reasonable", i.e. any attempt to limit liability must be proportionate to the auditor's fault.

Clause 518(1) states:

"A "liability limitation agreement" is an agreement that purports to limit the amount of a liability owed to a company by its auditor in respect of any negligence, default, breach of duty or breach of trust, occurring in the course of the audit of accounts for a financial year specified in the Agreement, of which the auditor may be guilty in relation to the company."

Clause 519(4) states:

"'The principal terms of an agreement are terms specifying, or relevant to the determination of:

1. the kind (or kinds) of acts or omissions covered,
2. the financial year in relation to which acts or omissions are covered, or
3. the amount to which the auditor's liability is limited"

Whilst the limitation does not specifically introduce a cap, reference to "the amount to which the auditor's liability is limited" may be seen to encourage the setting of a financial cap. That said, according to clause 520 (1), a liability limitation agreement will not be effective to limit an auditor's liability if the limitation would result in the company recovering an amount that was less than "fair and reasonable in all the circumstances having regard to the auditor's responsibilities, the auditor's contractual obligations and the standards expected of an auditor". Therein lies the rub for auditors.

The proposed legislation specifically states that liability limitation agreements are not subject to certain provisions in the Unfair Contract Terms Act (1977) although clause 520(2) states, "a liability limitation agreement that purports to limit the auditor's liability to less than the amount mentioned in sub-section (1) shall have effect as if it limited his liability to that amount"; accordingly, if a Court determines that a liability limitation agreement would limit the auditor's liability to an excessive degree, the agreement will have effect as if it had limited liability to the amount that the Court determines is fair and reasonable; there is, therefore, very considerable scope for uncertainty as to the extent to which the Court will uphold any liability limitation agreement; the Court will examine all the circumstances including the extent of the damage which has been suffered by the company, and the relative culpability of the auditors, with the benefit of hindsight. The negotiation of a liability limitation agreement will, no doubt, become a matter of routine as part of the annual audit engagement but the amount of protection afforded to the auditor will be impossible to predict with certainty; many eyes will be eagerly focussed, assuming the proposed reforms become law, on the first occasion a liability limitation agreement is analysed by the Court.

In summary, although auditors will be able to agree a financial exposure limit with the company to apply to the annual audit, the Courts will have the power to override any such agreement if they consider that it would operate unfairly. Hence, auditors face uncertainty as to whether any such agreement will be enforceable unless and until a claim is pursued and determined by a Court.

Throughout the consultation process the audit profession argued that one of the barriers to competition was the cost and difficulty in obtaining professional indemnity insurance and that hefty premiums were recouped in increased audit fees. The Minister for Industry, Alun Michael, has said he expects to see audit fees reduce following the proposal in the Bill but whether this happens in practice and whether there is any resultant impact on the cost of professional indemnity insurance remains to be seen.

Throughout the consultation process, the threat of imprisonment loomed in circumstances where an auditor "knowingly or recklessly" causes a report to include anything which is misleading, false or deceptive, or to not include a statement of a problem with the accounts. The audit profession will be relieved to learn that the penalty is now reduced to an unlimited fine rather than a prison sentence.

Concerns continue to be expressed, however, as to the use of the words "knowingly or recklessly", with many fearing it will lead to the audit profession becoming much more risk averse; it was pointed out with considerable force by many firms that an auditor who makes an honest, but misguided, judgement during the course of an audit could face criminal prosecution. Alun Michael feels that there has been some misunderstanding about what was meant by "reckless", and there have been assurances that the test for recklessness will be very high and that honest errors would not result in the auditor in question being penalised; further clarification of this issue as the Bill progresses would doubtless be much welcomed by the audit profession; otherwise, whether honest mistakes are penalised is something that only time will tell.

Further provisions to improve transparency and strengthen the quality of audit reports are embodied in clause 480 which provides that regulations may be made in future requiring auditors to publish audit engagement letters including details of the services provided by the auditors and the remuneration received, and clauses 491 and 492 of the Bill which require the "senior statutory auditor" to sign the audit report; this requirement anticipates standards to be issued by the European Commission and will constitute a significant reputational inducement for the individuals concerned to satisfy themselves that the audits to which they publicly put their names are properly conducted. It is insignificant, however, in overall liability terms as the Bill provides (clause 492(3)) that the senior statutory auditor is not exposed to any additional civil liability merely by having signed the audit report.

The Government has decided not to codify any statement of the auditors' duty of care, as expressed by the House of Lords in Caparo Industries Plc v. Dickman [1990], but the Bill does, at clause 366, restate the auditors' duty to express an opinion as to whether the accounts give a "true and fair view" of the company's financial position.

Auditors remain reliant, therefore, on the judiciary to determine the circumstances in which damages for economic loss can be recovered by those who allege they have relied on audited accounts to their detriment. There remains concern that the common perception is that a company's auditors and their deep pocketed insurers will be a frequent target for claimants who are prone to inflate their claims in the hope of forcing a settlement based on damage limitation in terms of the size of the claim and protecting the reputation of the auditor in question.

In conclusion, those who have campaigned for many years for reform to the law on auditors' liability will understandably be pleased that change is coming; much thought will be given in the meantime by auditors, their insurers, and their advisors as to the approach to be taken (from both legal and commercial perspectives) to negotiating liability limitation agreements with their audit clients. The ramifications for the audit market will become clear over time; otherwise auditors will have to continue to rely on the Court for protection from unmeritorious claims by third parties who allege that they have relied to their detriment on negligent audit reports.

For an article summarising the provisions of the Bill as a whole click here. The article contains links to the Bill itself and related materials.

In April 2005 the Companies (Audit, Investigations and Community Enterprise) Act 2004 made various changes to the Companies Act 1985 designed to improve the quality of financial reporting by UK companies and the independence of auditors. For details of the main provisions of this Act and related changes see our article published in December 2003 (when the Act was in draft form), 'The UK'S answer to Sarbanes-Oxley: Proposed changes to accounting and auditing practices in the UK

On 3 December the Government introduced the Companies (Audit, Investigations and Community Enterprise) Bill to the House of Lords. The Bill is intended to improve the reliability of financial reporting and the independence of auditors, and to strengthen the powers of company investigators. It also includes the legislative provisions needed to bring into being the new "Community Interest Company".

Many of the changes in the Bill have been expected since the publication in July 2002 of the Government's White Paper on Company Law and since the Government prioritised reform of the UK's accounting, audit and corporate governance rules in the light of the Enron and Worldcom scandals.

The Bill must now proceed to a second and third reading in the House of Lords, and then be scrutinised by the House of Commons. Under normal circumstances, in order to become law a Government Bill must complete all its stages in one Session of Parliament. In the 2001-2 Session all the Bills presented by the Government were passed in that Session. The current Session runs until November next year, so it is likely that the Bill will become law before then.

This article highlights the main changes proposed in the Bill against the background of recent developments in this area.

In July 2002 the Government published a White Paper designed to be part of a complete overhaul of UK Company Law. Amongst the proposed changes:

• public and large private companies would be required to publish in their annual report an audited operating and financial review (OFR), containing an assessment of the company's business, performance and prospects, as well as its community and environmental impact and relationships with staff;

• directors of all companies and their subsidiaries would be required to volunteer to the auditors all information which they need in order to carry out their audit – with criminal sanctions attached to a failure to do so;

• the Reporting Review Panel (RRP) should be the successor body to the Financial Reporting Review Panel, and should have a broader remit, including power to enforce the rules for public and larger companies on the form and content of accounts.

Although the Government has not yet set a timetable to take forward the majority of the reforms in the White Paper, in July this year the DTI announced that the Government intended to introduce the OFR through secondary legislation (which will not require significant Parliamentary time), and that those reforms which are aimed at preventing 'major corporate failures' would be introduced "as soon as parliamentary time allows". It is these reforms that are included in the Bill.

Although the DTI has consulted on the question of which matters should be deemed sufficiently 'material' to require inclusion in the OFR, no draft regulations have yet been published.

For further information on the White Paper see the LawNow article published on 12 August 2002.

In January 2003 the DTI published two reports on audit and accounting issues in the UK. In the first, the Co-ordinating Group on Audit and Accounting Issues (CGAA) made recommendations for improving auditor independence and transparency, corporate governance, financial reporting standards and the monitoring of audit firms.

• the Financial Reporting Council (FRC) should take on the functions of the Accountancy Foundation with responsibility for setting, monitoring and enforcing accounting and audit standards, and overseeing the major professional accountancy bodies;

• the existing rules on independent regulation and review of audits should be significantly strengthened. Specifically, responsibility for setting independence standards for auditors and for monitoring the audit of listed companies and other significant entities should be transferred from the professional accountancy bodies to the independent regulator.

• There should be a risk-based, proactive approach to the enforcement of accounting standards. In particular, the Financial Services Authority (FSA) should have a greater role in identifying the risks to be investigated and the selection of company accounts for examination. The Inland Revenue should also help identify 'high-risk' accounts.

From March to June the DTI consulted further on the legislative changes needed to implement these recommendations, and the FRC has now taken over from the Accountancy Foundation, as the second report proposed.

Many of the recommendations in the Reports have already been implemented in guidance issued by the accounting bodies and through the incorporation into the new Combined Code on Corporate Governance of Sir Robert Smith's recommendations on audit committees. The Bill gives effect to the other recommendations in both reports.

The Reports are available at http://www.dti.gov.uk/cld/cgaai-final.pdf and http://www.dti.gov.uk/cld/accountancy-review.pdf

For further information on the Combined Code see the LawNow article published on 21 August this year.

Many of the reforms proposed in the Bill echo those introduced in the US by the Sarbanes-Oxley Act of 2002 (SOX), and represent the Government's response to Enron and Worldcom scandals.

In particular, the Bill is intended to improve the reliability of financial reporting and the independence of auditors by:

• requiring directors to state that they have not withheld any relevant information from their auditors;

• requiring companies to publish details of non-audit services provided by their auditors;

• imposing independent auditing standards, monitoring and disciplinary procedures on the professional accountancy bodies;

• strengthening the role of the FRRP in enforcing good accounting and reporting, by giving it new powers to investigate potentially defective accounts and broadening its remit to include monitoring accounts or reports required under the UKLA's Listing Rules (such as interim results); and

• allowing the Inland Revenue to pass information about suspect accounts to the FRRP.

More detail on these proposals is given in the 'Audit and accounting issues' section below.

Changes are also included in the Bill which are designed to pave the way for the introduction of the rules on OFRs, and to strengthen the powers of inspectors appointed by the DTI to investigate the affairs of companies suspected of operating improperly.

For all companies whose accounts have been subject to a statutory audit for that financial year, the directors' report will have to contain a statement to the effect that, at the time the report is approved, there is no information which has not been disclosed to the company's auditors which:

1. a director of the company is aware of, or it would be reasonable for a director of the company to obtain by making enquiries;
2. the director knows or ought to know would be relevant for the purposes of the auditors' determination whether the annual accounts have been properly prepared in accordance with the requirements of the Companies Act 1985; and
3. the director knows or ought to know that the auditors are not aware of.

The Bill proposes that a director 'ought to have known' something if it would have been known by a reasonably diligent person having both the knowledge, skill and expertise of that director, and the knowledge, skill and experience that might be reasonably expected of a person carrying out the same functions as that director.

A director who makes such a statement knowing it to be false, or being reckless as to whether it is false, will be guilty of a criminal offence unless he can show that he took all reasonable steps to prevent the report from being approved. The penalties on indictment are imprisonment for up to two years and/or an unlimited fine and, on summary conviction, up to twelve months' imprisonment and/or a fine up to the statutory maximum (£5,000).

The prospect of having to give such a statement is designed to encourage directors to ensure that their company has in place a formal and effective procedure for managers to report to the board matters which could be relevant to the accounts or the audit process, and for the accounts to be checked and double-checked with all the relevant people before they are signed off.

These provisions are similar to the requirement imposed by SOX for CEOs and CFOs to certify that financial and other information contained in quarterly and annual reports filed with the SEC:

• does not contain any untrue statement of a material fact or omit to state a material fact necessary in order to ensure that the contents are not misleading; and

• fairly presents in all material respects the financial condition, results of operations and cash flows of the company for the period under review.

The CEO and CFO also have to certify that they have:

• designed the company's disclosure controls and procedures so as to ensure that material information is made known to them, particularly during the period in which the report is being prepared; and

• disclosed to the company's auditors and to the audit committee of the board of directors (i) all significant deficiencies in the design or operation of internal controls which could adversely affect the company's ability to record, process, summarise and report financial data; and (ii) any fraud that involves management or other employees who have a significant role in the company's internal controls.

An officer who gives a false SOX certification is guilty of a criminal offence which is punishable by substantial fines and lengthy terms of imprisonment. Other sanctions (such as repayment of remuneration) may also follow.

The Bill would give the Secretary of State power to pass regulations requiring companies to publish more information about the nature of any services provided to them (or their associates) by their auditors or their associates (whether in an audit capacity or otherwise), and the remuneration, expenses and benefits-in-kind ('remuneration') received or receivable for such services.

Such disclosure is likely to be made either in notes to a company's annual accounts, in the directors' report or in the auditors' report. At present companies that do not qualify as 'small' or 'medium sized' have to include in a note to their accounts details of the aggregate remuneration paid to their auditors in respect of both audit and non-audit services. But under the new regulations it is anticipated that all or most companies will have to provide a breakdown of all services provided and the cost of each component part.

Such services could include bookkeeping services relating to accounting records or financial statements, financial information systems design and implementation, appraisal or valuation services and fairness opinions, actuarial services, internal audit outsourcing services, management functions or human resources, broker or dealer, investment adviser, or investment banking services, and legal and expert services unrelated to the audit.

The proposal in the Bill does not goes as far as SOX, which prohibits auditors from providing any such services to their clients, although tax advice and certain other services can be provided if the prior approval of the company's audit committee is obtained and the approval is disclosed in the company's periodic reports.

In July this year the ICAEW published Tech 24/03, which contains guidance for directors of UK companies quoted on a regulated market as to the form and extent of disclosure in their annual reports of services provided by auditors. The guidance states that the annual report should disclose sufficient information about the services provided, and their cost, to enable a reader to make an informed judgement as to whether the potential for conflicts of interest has been satisfactorily addressed by the auditors and the company. In particular, the company should break down fees paid to the audit firm in the following categories: audit, further assurance (such as advice on accounting matters unrelated to the audit, and due diligence work), tax, and 'other' services such as financial information technology, internal audit, valuation and recruitment. Such companies should also give a narrative statement on the company's policy for ensuring that the auditor's independence has not been compromised. Tech 24/03 is available by clicking here.

In May this year the ICAEW also published guidance for audit committees, which includes guidance on 'Reviewing auditor independence'. This is available by clicking here.

As part of the ongoing process of developing and updating professional standards for auditors, at the end of November the Auditing Practices Board issued for public comment five Exposure Drafts of proposed Ethical Standards dealing with (amongst other things) 'auditor integrity, objectivity and independence', 'fees, economic dependence, remuneration and evaluation policies, litigation, gifts and hospitality', and 'non-audit services provided to audit clients'. When the Ethical Standards are finalised, any audit of financial statements will have to be carried out in compliance with them. The Exposure Drafts can be found by clicking here.

Auditors' rights to information under section 389A of the Companies Act 1985 (which currently allows auditors to require information and explanations from the relevant company's directors, managers and company secretary) would be extended to employees of the company, to any person holding or accountable for its books, accounts or vouchers, and to any subsidiary undertaking incorporated in Great Britain (and to the officers, employees, auditors and persons holding the books of such subsidiary undertaking). Where a parent company has subsidiary undertakings which are not incorporated in Great Britain, auditors would be able to require the parent company to obtain the relevant information from the same categories of persons at that subsidiary.

Failure to supply information to auditors is not currently an offence. The Bill would introduce a new section 389(B) to the Companies Act 1985, under which a failure to comply without delay with a request for information from the auditors would constitute a criminal offence. The company and each of its officers who are in default would be liable to a fine. A failure by a parent company to take all steps reasonably open to it to obtain the information or explanations which an auditor has required it to obtain from subsidiary undertakings which are not incorporated in Great Britain would also constitute an offence (with a similar penalty).

There would also be a new offence of providing false or misleading information or explanations to an auditor where the auditor requires, or is entitled to require, such information under the revised section 389. A breach would be punishable by imprisonment or a fine (or both).

At present, the FRRP is authorised by the Secretary of State to enforce the rules which require company accounts to be prepared in accordance with the Companies Act 1985 and UK GAAP. For this purpose, the FRRP checks the annual reports of companies that are incorporated under the Companies Act and, if it believes the accounts are defective, can apply to court for an order that revised accounts be prepared.

In future the FRRP's role will be performed by a FRRP committee known as the Review Panel. The Bill proposes that the FRRP's role should be enhanced in the following ways:

• The scope of the FRRP's activities should be extended to include monitoring interim reports and any other periodic reports required by Listing Rules, in addition to annual reports; and also to monitoring both the annual and interim reports of entities which are listed on the Official List but which are not Companies Act companies (such as overseas companies which have a primary listing in the UK, and issuers which are not companies but which issue equities or domestic debt). The FRRP will be expected to inform the Financial Services Authority of any suspected breaches of the Rules. This is likely to result in more fines being imposed by the FSA on listed companies and their directors which publish financial information that is false or misleading.

• Where it has reason to believe that accounts do not meet the applicable standards, the FRRP should be given power to compel companies to divulge relevant information. Currently the FRRP has no power to force companies to co-operate: it relies on explanations and documents which are not publicly available being disclosed voluntarily. The Government believes that, in taking a more proactive approach, the FRRP will be considering more cases, and that it is not enough to rely on voluntary co-operation.
• The Inland Revenue should be authorised to pass information to the FRRP where it believes that accounts may be defective.

The Secretary of State will be given power to specify a body to issue standards relating to directors' reports included in annual reports and accounts (which are not currently covered by accounting standards). This is intended to pave the way for the introduction of rules requiring public and very large private companies to publish an Operating and Financial Review, which will replace the directors' report.

A number of changes will be made to the company investigations regime in order to strengthen the Secretary of State's powers to investigate the affairs of a company. These include:

• section 447 of the Companies Act 1985 will be revised to give DTI investigators power to force a company to produce any documents and information which they require. This will broaden the existing powers under section 447;

• a new section 448(A) will introduce a number of protections in relation to the disclosure of information, by providing immunity from legal liability for breach of confidence to persons making "a relevant disclosure";

• inspectors will also get new powers, under new sections 453(A) and 453(B) to the Companies Act 1985, to require access to and to remain on premises which they believe are used for the purposes of the business of the company they are investigating; and

• a failure to comply with a request for documents or information under the revised section 447, or to co-operate with investigations under section 453(A), will constitute an offence punishable as if it were a contempt of court.

The Companies Act 1989 requires company auditors to be members of a recognised supervisory body, and to hold a recognised professional qualification. The five recognised supervisory bodies (which include the ICAEW and ACCA) are required to observe certain requirements in carrying out their supervisory roles. Under the proposals in the Bill, the role of such bodies would be broadened to include the

• setting of auditing standards relating to professional integrity and independence,

• the setting of technical standards,

• the monitoring of audits of listed companies (and other companies whose financial condition is of particular importance), and

• the investigation and taking of disciplinary action in relation to public interest cases.

The Bill will also allow certain functions relating to company auditors and the recognition of supervisory bodies to be delegated to the Professional Oversight Board for Accountancy (POBA), which will be set up as part of the Financial Reporting Council.

Unrelated to the changes described above, the Bill also sets out the draft legislation required to bring into being the new Community Interest Company (CIC) proposed by the DTI earlier this year. The CIC is a new type of company designed for use by social enterprises or businesses that use their profits for the benefit of the local community or the wider public (such as in childcare provision, social housing, leisure and community transport). CICs are intended to offer an alternative to charities: they will be subject to a lighter regulatory regime, but will not have the tax advantages of charities.

The provisions relating to CICs are not covered further in this article. For further information on the Government's proposals, see the LawNow article published on 14 April this year.

The full text of the Bill and the Explanatory Notes can be obtained by clicking on the above links.

Further information on auditor independence can be found on the ICAEW's website by clicking here.

On 16 December 2003 the DTI launched a consultation on amending section 310 of the Companies Act 1985, which imposes restrictions on the extent to which companies can indemnify or release their directors and auditors from liability in tort, contract or otherwise.

The section is notoriously uncertain in scope, and in June 2001 the Company Law Review Steering Group recommended that it should be amended to allow auditors - subject to the approval of the company's shareholders - to limit their liability in contract to the company or the shareholders in their audit engagement contract, and that auditors should be expressly permitted to limit their liability in tort to third parties. In both cases, such limitations would be presumed reasonable for the purposes of the Unfair Contract Terms Act 1977 provided they go no further than certain guidelines to be agreed after public consultation. Unsurprisingly, audit firms have been lobbying the Government to introduce such changes.

Nevertheless, the timing of the consultation is something of a surprise: the White Paper did not deal with the "difficult question of auditor liability", and instead the Government stated that it would announce its response to the question in due course. Subsequent signals from the DTI have suggested that reform of the section was unlikely to occur for some time. However, it seems that the Government has responded to pressure from audit firms, and to the recommendation of Derek Higgs, that the important issues of directors' and auditors' liability should be clarified.

The options put forward by the DTI include:

• allowing companies to pay up front the legal costs incurred by a director in defending himself successfully

• allowing companies to limit the liability of their directors for negligence

• allowing directors to be indemnified by third parties

• enabling a company to indemnify a director against a reasonable bona fide deductible under a D & O insurance policy

• allowing auditors to negotiate with their client a limit on their liability for breach of contract and negligence

• allowing audit firms to cap their liability to clients. The cap could be calculated by reference to:
  
  - a multiple of the audit fee;
  
  - a multiple of total fees paid to the auditor, including any non-audit services provided;
  
  - a multiple of the auditor's turnover; or
  
  - a fixed rate – for example, one rate could apply to the Big Four firms and a lower rate or rates to smaller firms

• requiring companies to disclose such arrangements in their annual report and accounts

• making such arrangements subject to shareholder approval or ratification.

A system of proportionate liability, whereby the courts would have to apportion liability between auditors, the company and its directors, has been considered and rejected.

The consultation closes on 12 March 2004. The consultation paper can be found at http://www.dti.gov.uk/condocs.htm.

To continue reading this article please click on 'next page' below