Auditor's Liability and Methods for its Limitation

The liability of the financial auditor has to be treated distinctively based on his relationship with the audited entity: internal auditor or external auditor. The logic behind this aspect results from the fact that, based on its relationship with the audited company, the liability has its source either in the Labour law, in what concerns the internal auditor, or it is a contractual liability, in case of the external auditor, even in the situation when this engages in internal auditing work through a contract. In both cases, the sanctions applied by the professional bodies to which they belong are applicable. The liability of the financial auditor is distinguished in categories as disciplinary, administrative, civil and criminal, the auditors having at their disposal methods to limit the liability, methods that will be displayed in the paper. This paper is concerned with the liabilities that the financial auditors can have, distinguished based on whether they are internal or external to the audited company, using in the analysis of the topic the method of deduction and induction, starting from the content analysis of the legislation and regulations in force. The role of this article is not only to present the situations which can attract the liability of the financial auditors and the types of liabilities, but also to support them with a presentation of and methods for limiting the liability, determined with the help of an analysis of these liabilities, and to protect them from a professional point of view.


Introduction
Audit represents, since its appearance, the guarantee of the veracity of the audited financial statements and the insurance factor for the shareholders, investors, potential or existent, as well as for other third parties interested in the data published in the financial statements and the state of a company.To highlight and correctly evaluate the dimensions of the auditor"s liability, from the point of view of possible sanctions, as well as from the prism of the liability"s gravity, it is necessary for this analysis to be correlated with the role, responsibility and the way in which the auditor is influenced by the corporate governance at global level.
The liability has to be viewed through the prism of the liberal character of the auditor profession.Shaw states that "liberty means responsibility that is why most men dread it".Through the nature of its profession, the auditor has vast freedom of thought, this being restricted only by the domain"s legislation and the professional standards which he is obliged to respect.As a consequence of this freedom, the auditor"s liability comes to sanction the reasoning, by fault or by intent, which was a direct cause of a faulty audit and, implicitly, of certain prejudices.
As the beneficiaries of service try to gain the most favourable position towards the provider, in this situation the attraction of a liability as large as possible upon the auditor is tried.The natural reaction of the auditor is to protect himself, trying to limit, in a reasonable manner, the size of the liability which he could suffer in case of a poorly conducted audit due to diverse reasons.
The scope of this article is to attract attention on the cases in which the financial auditors can be considered culpable and, through this, on the categories of liability under whose incidence they can enter.Furthermore, the paper highlights to the auditors, as a consequence, also the methods and mechanisms through which they can protect themselves by limiting either the liability"s amount, either the type of liability under which it falls.The result and the proposed scope of this article were attained by analysing the domain"s legislation in force and by applying abstraction techniques, as well as deductive and inductive techniques.
Thus, the main thread of this article follows the achievement of the two proposed goals, and it is structured in two parts, the first treating at the general level the financial auditor"s conditions of liability, passing on to an analytical analysis structured in two passages differentiated based on the position of the auditor regarding the audited entity, internal or external.The second part targets the achievement of the second scope and submits to analysis and synthesis the methods through which the financial auditors can limit the liabilities to which they are or could be subject to.

Literature review
To achieve a grounded study regarding the situations in which the financial auditor deflects from the profession"s requirements, we submitted to analysis some scientific articles which treat its ethics and rigours.A series of debates exist in the specialty literature concerning the challenges which the financial auditor has to face, for example strictness and professional quality (Chersan, 2012), ethical behaviour in the conditions of the global financial-economic crisis (Popescu et al, 2009), ethicsa measure of the financial auditor"s reputation (Marian, 2015), malpractice and liability (Cimpoeru, 2013), professional objectives and principles (Mihăilescu et al., 2008), regulation regarding ethics and responsibility (Zinca Voiculescu et al, 2014), ethical behaviour (Breban et al., 2008), professional values, ethics and attitude (Morariu et al., 2009), concepts, standards and norms (Horomnea, 2013) or ethics and the increased interest regarding this with the appearance of the global financial crisis (Matiş et al., 2010), while the influence of the ethical principles on the quality of audit is analysed through the profession"s responsibility and objectivity (Pascu, 2012).For example, in what concerns the expert accountant"s responsibilities, Breban et al. (2008), in the analysis of the ethical behaviour, state that "ethics bind the professional accountant to show honesty and probity in the exercise of his mission, which to us it seems of safe value.For the entity, confident in the professional qualities and independence of the expert accountant, to the benefit of a high moral value, the professional ethics will guarantee for the entity not only a professional service but also the involvement of a person that acts based on high moral principles".Furthermore, Mihăilescu et al. (2008) capture the financial auditor"s difficult position, and thus, the responsibility that arises from it: "From the auditors" practice resulted in the fact that frequently it is harder to detect the frauds because the managers and employees that commit a fraud try to conceal it.This fact though does not change the liability that the auditor bears in what concerns the appropriate planification and execution of the audit.".The responsibility is also transposed into economic terms because the way in which the auditor supplies the services impacts the entity within which or in relation with which it conducts its activity and, extrapolating, the entire community (Fülöp, 2014).
Moreover, Popescu et al. (2008) capture the modifications of the responsibility and professional ethics as a result of the global economic-financial crisis: "The values and principles of ethics and professional deontology circumscribe to the essential scopes available for every auditor.Mainly, these include the professional development and affirmation, the evolution of knowledge and research, in the actual conditions and in the prospect of respecting the rule of law and the human rights, the progress of science, the professional integrity, the democratic development and the society"s prosperity."This statement is also supported by the fact that after the financial crisis, many professional organisations, but especially IFAC, made considerable effort to restore the level of trust in the accounting profession and, implicitly, in auditors (Tiron- Tudor, 2013).
But, as it turns out, the financial auditor"s liability is an insufficiently explored subject by the speciality literature in Romania, reason why I propose to treat this subject.

Research Methodology
Through this article, I propose to analyse the environment in which the financial auditor"s activity is conducted by reference to the related ethics and obligations that the auditors assume, in tandem with the liability attracted by the potential violation of the professional regulation and not only.In achieving this desideratum, we present theoretical aspect found in the speciality literature and which reference the approached topic, as well as practical aspects, resulted from specialized cases.In order to outline the phenomenon of the financial auditor"s liability, we recourse to the abstraction method, the method of deduction and induction, but the main objective was to perform the content analysis of the national legislation in force, materialised in a synthesis of the main applicable norms in this domain, without neglecting the aspects that target elements specific for this category of accounting professionals subject to analysis.
For thematic documentation, scientific articles were analysed which highlight either the need for such a study, either treat the subject of liability or ethics to which the expert accountant and particularly the financial auditor has to submit.The speciality literature in the domain supported the conclusions drawn from the articles and formed a spectrum of analysis for the legislation related to this issue.To develop the actual study on the liability of the financial auditor and methods to limit it, legal regulations were analysed, both general and strictly professional ones, in force at the time being and which are incidental to the underlying theme.

Conditions for the Auditor's Liability
Regarding liability, the following forms are used: disciplinary, administrative, civil, criminal, from which the ones that have a direct relationship with the financial auditor"s activity will be presented, as well as the methods of limitation and protection against these categories of liabilities.
Correlated with the responsibilities that the auditor has towards the audited company, towards the shareholders, the stakeholders, and taking into consideration the failures that audit had in the past, the topic of the auditor"s liability is one of great importance.There are a series of limitations which have to be taken into consideration when determining the liability of the auditors, one of which is the legal liability, represented by the legal norms that regulate this matter, irrespective to their source or issuer, and by the regulations issued by the organisms that ensure the organization and functioning of the audit activity.The auditor"s liability varies depending on its role, internal or external, because, based on this position, the legally binding obligations and, as a consequence, the related sanctions differ as well.Starting from this premise, based on a deduction, it can be stated that the conditions of the auditor"s liability have to be treated distinctively, depending on the relationship that the auditor has with the audited company.
Basically, auditors can be disciplinary, civilly and criminally liable.Regarding the auditors" disciplinary liability, this is regulated by OUG 75/1999 republished in 2017 and by HG number 433/2011 regarding the Organization and Functioning Regulation of the Chamber of Financial Auditors of Romania.For the cases that can attract the disciplinary liability of the auditors and which are contained in article 73 of HG number 433/2011, the following sanctions are stipulated depending on the gravity of infringement: scolding, written warning, suspension of membership of the Chamber for a period from 3 months up to 1 year and even the revoking of the membership.
Criminal liability can be attracted as a result of committing an offence stipulated in the criminal law while conducting the activity.Furthermore, criminal liability can be attracted as a consequence of non-compliance with a principle established by the Chamber of Financial Auditors of Romania."For example, noncompliance with the principle of confidentiality of information held is considered a severe mistake, maybe even of criminal nature.",(Ghiţă, 2004).
Civil liability, situated on the same sanctionary level as the criminal liability, starts from the basis of art.1357 of the New Civil Code, according to which "the one who causes harm to someone else through an illicit act, committed with guilt, is obliged to repair it.",(Codul civil).Thus, it is necessary to ascertain that prejudice has been caused by an auditor and to demonstrate a causality report between the alleged damage and the auditor"s activity.

Conditions of the internal auditor's liability
The status of the internal auditor influences the way in which he is liable for the activity that is poor and nonconforming with the professional standards.The internal auditor is an employee subordinated to the general manager or the administrator.Thus, "the internal auditor can be sanctioned in two ways for not being able to respect the professional standards:  firstly, he can be sanctioned disciplinarily by the professional organisation to which he belongs (Ghiţă, 2004) like AAIR or CAFR, but the prohibition of practising the profession or the adherence to any professional body can be applied as well;  "And then he can be sanctioned administratively by the management of the organisation by affecting the salary, the professional career and even through the termination of the employment contract."(Ghiţă, 2004).
Basically, the internal auditor"s liability has its roots in the branch of Labour law.Additionally to the status of the employee, to attract disciplinary liability, the committing of an illicit act is necessary which, once committed, will represent the objective side of the disciplinary liability.The deviations that may lead to disciplinary liability are not concretely regulated, these being in a strong relationship with the obligations assumed by the internal auditor through the labour contract and with the obligations resulting from the status that he holds.It is clear that for the disciplinary liability to be attracted the act has to be committed either with guilt or with negligence, to the extent that damage is caused.Through an analogy with the criminal law, but without entering into detail, there are a series of cases of disciplinary non-liability, such as error of fact, physical or moral constraints and the fortuitous case.Identical to the situation of any type of liability, it is necessary to prove the existence of a causal relationship between the illicit act and the harmful outcome, and in the situation when the legal or contractual norms stipulate as a necessary condition the causing of a damage, the burden of proving it falls on the employer.Is important to establish correctly the degree of the guilt of the inter auditor who committed the deviation, guilt or negligence, because and based on this element the individualisation of the applied sanctions is realised.Applying a disciplinary sanction does not impede the accumulation of this liability with the patrimonial, contraventional or even criminal liability."Consequently, the internal auditor and especially the head of the internal audit function are not entirely protected against this situation by the labour contract.",(Ghiţă, 2004).However, disciplinary liability can be of two type: predominantly moral or predominantly pecuniary type.
In case it gets to the accumulation of liabilities, intervening the patrimonial one, it is necessary for prejudice to have been caused, and thus, the obligation to repair it.The patrimonial liability is mainly characterized as being an individual liability, having repercussions on the person that caused the damage, and an integral one, because it implies the repair of the entire effective and actual damage, as well as the unrealised benefits, to the extent to which these were foreseen or could be foreseen at the time of concluding the labour contract.The cause of the prejudice can be not only an action strictly related to the work of the auditor but also an action like the absence from the workplace or a phase of the research carried out on the financial statements.There are a series of conditions concerning the characteristics which prejudice has to meet to be the trigger for the patrimonial liability.Thus, it has to be real and certain, to be caused directly to the employer and to be material.Moreover, also in the situation of patrimonial liability, it is necessary to prove the existence of a causal relationship between the act and prejudice, as well as the guiltiness of the internal auditor, the level of guilt not being relevant in this case.
In the first phase the procedure for establishing and later, for recovering the prejudice, can be carried out either amicably, through bargaining between the parties, or by notifying the court.
Having as an argument the fact that the contraventional and criminal liability is identical for all the auditors, internal or external, I will treat these in the next chapter.

Conditions for the Internal Auditor's Liability
The liability of the external auditor differs fundamentally, as a source, from one of the internal auditors.This does not have the status of the company"s employee.The auditing activity is carried out based on a contract concluded between the auditing company and the audited company.Thus, we can state that in relationships between the audited company and the external auditors the liabilities can be only contractual ones.The situation of an erroneous audit has a repercussion, with the possibility of creating damages, on the shareholders and investors of the company (Tiron- Tudor et al., 2009).The shareholders can be prejudiced by the fact that they are misinformed about the situation of the company in which they hold shares, and the investors can be prejudiced in case of buying shares, to the extent that they base their decision on the reports issued by the auditors, considering the published financial situations as being in line with the reality and the national and international accounting standards.As a condition, also, in this case, it is necessary to establish a casualty relationship between the external auditor"s deed and the prejudice suffered by the third parties to attract the liability of the auditor, the situation in which we can talk about civil tort liability.According to the contractual clauses stipulated or to the ISA audit standards, a disjunction between the auditor"s civil liability and the audit mission"s scope and objective cannot be created.Thus, "the liability of the auditor is a contractual one in front of the audited company"s bodies.",(New Corporate Paradigm, 2003).The auditor"s liability is determined and outlined by the source of the erroneous audit which caused the appearance of the prejudice.Therefore, if the auditor is guilty of negligence, its liability cannot be attracted, even if the prejudice is only recoverable by tort, except the case in which it was proven that the auditor was disloyal, imprudent or roughlycareless.According to article 1349 from the Civil Code, "(1) Any person that must respect the rules of conduct imposed by law or by the habits of the place and not to cause prejudice, through his actions or inactions, rights or legitimate interests of other persons.( 2) The one that violates this duty, having discernment, is liable for all the prejudices caused, being obliged to repair them completely.".From this article, it can be drawn that, for the civil tort liability to be attracted upon the external auditor, it is imperative for him to commit an illicit act which prejudices the audited company or the co-interested third parties, directly or indirectly, through the audit report.In the same time, it is important to mention that, for the auditor to be held liable for his prejudicial actions or inactions, the auditor has to show discernment in the moment of committing the audit mission and the acts which are the basis for engaging the liability.
In what concerns the causality report, this represents not only a necessary condition for the tort liability but also the criteria based on which the extent of the auditor"s liability is determined.There are situations in which establishing the causality report is burdened by the fact that a variety of causes and conditions, which can contribute to the causing of the prejudice, are present.In particular, we can refer to the auditor"s negligence, to his illicit deed, to the risk of not detecting distortions or other factors which are external to the auditor.The nature of the external auditor"s obligations when engaging in an audit mission have to be clearly defined.
The obligations that arise from this kind of audit engagement are mainly obligations of means and by no way of result.The consequence of this is, that in the case the opinion expressed in the audit report by the external auditor at the end of the audit mission is subsequently invalidated by the discovery of significant distortions in some financial statements which, according to the contract, were part of the audit mission"s object, the auditor"s liability cannot be attracted based on the motive that he did not meet his contractual obligations.Due to the fact that is it about the medium obligations in the external auditor"s duty, the company has to demonstrate that the auditor is at fault for not executing the audit mission and the activities within it according to the legal provisions in force, to the Audit Standards and the Code of Ethics applicable to the auditors.Thus, the external auditor can be liable only for the non-fulfilment of those obligations which were assumed in the audit engagement and only in the situations in which these were not fulfilled, but only from the point of view of their realisation process, not from the point of view of the actual results, in an erroneous way and nonconforming with the standards and legislation in force or, if it is the case, with the qualitative standards established in the contract.
In what concerns the criminal sanction"s treatment of the external auditor, the conditions for the retention of this in the auditor"s charge are significantly different than those applicable to the civil or contractual liability.The external auditor"s criminal liability is not strictly conditioned by the existence of prejudice, in the sense that this does not condition the existence or not of criminal liability and does not give a measure for it either.What is of importance is the damaging act which needs to be illicit and which has to fit in one of the articles that define criminal offences in the criminal code.Due to the stipulated sanctions, it can be stated that the criminal liability is the auditor"s most severe form of liability because, additionally to causing a prejudice, the auditor also committed a criminal offence for which he is liable even in the situation of completely remedying the prejudice caused by the criminal offence committed.Another reason for why the criminal liability is considered to be severe is the one that against this type of liabilities the auditor"s cannot take limiting measures like it is possible in the case of the civil liability.
To answer the question targeting the scope of the auditor"s liability, we need to take into consideration the purpose and function that this liability fulfils.Therefore, the thesis according to which the auditor"s liability has mainly a preventive function but a comminatory one as well can be supported.The pecuniary factor which intervenes in the equation of the auditor"s liability and the protection of the audited companies and the interested third parties against poor audits and, implicitly, the prejudices caused, could lead to the improvement of the audit function through the possible repercussions with constraint character.The consequence of this fact is practically that of increasing the pressure which characterises the auditor"s work in the context that there have been situations in which the auditors paid damages around the value of a hundred million dollars for a single audit mission which attracted their liability.

Limitations of Auditor's Liability
Due to the liabilities they have, auditors tend to try to limit the possible liability in the situation of conducting a poor audit which did not respect the necessary standards and norms.The limitations which they make are interposed between the auditors and the audited company included in the clauses of the audit engagement, clauses which the company, through its governing bodies, may not accept.In principle, these clauses are valid to the extent that they are reasonable.Under no circumstances can clauses that completely exonerate the auditor from any liability or through which the auditor is exempted from liability due to fraud or serious misconduct be valid.Therefore, as their name also suggests, these clauses can only partially limit the possible liability that can be attracted upon the auditor, as long as these clauses are not formulated in a way which is totally at the expense of the audited company, through eliminating any possibility of compensation in case of prejudice.These clauses have their utility in the hypothesis in which the possible liability of the auditor is limited to a financial ceiling or "if in certain specific cases, with the understanding of the parties, they will not attract the auditor"s liability.",(Munoz, 2005).
Starting from the idea of a double control filter, for better decantation of the risks, the idea of establishing, mandatorily, the measure of verification of the auditing report by the insurance company which insured the auditor or the audited company has advanced.The verification in question should be done by specialised financial bodies and would have as an objective the preventing of frauds.The corporate control form considered to be common in many legislations is the one achieved through the audit function, which leads to the conclusion that there is a need for a very performing auditor body.The way to achieve this goal is the verification of the lists and auditors of the company by the higher financial authorities no matter what their name is."In the analytical models of audit it is argued and proven the fact that the liability influences the auditor"s process of decision making, including the audit efforts and the decisions on the fees (Dye, 1993), the auditor"s reporting strategy (Thoman, 1996), client-auditor acceptance (Laux and Newman, 2009), and the decision settlement process (Smith and Tidrick, 1998).".It cannot be disputed the fact that the auditor"s liability represents a burden which they have to carry, besides the social responsibility they have.Therefore, attempts for the limitation of liability are a natural and instinctive reaction of the auditors" class.
Based on some studies, motivated by the current debates regarding the limitation of the auditor"s liability and conducted experimentally and analytically, it can be stated with certainty that "the aversion towards risk, concerning the auditors, it is higher in case of unlimited liability than in the situation in which there is a limitation of this.Findings suggest the fact that the auditor"s motivation to exercise an additional effort is disproportionately higher in case of an unlimited liability, which could cause "excessively cautious audits" (Levitt Jr. and Nicolaisen, 2008).Moreover, in the same research, it was concluded that "the aversion towards ambiguity is higher in the case of an unlimited liability than it is in the case of the limited one.",(Levitt Jr. and Nicolaisen, 2008).What can be observed is the fact that, the aversion towards risk and the aversion towards ambiguity are correlated in the presence of the unlimited liability."The discovery that people with aversion towards risk tend to manifest also an aversion towards ambiguity in the presence of the unlimited liability represents a new argument regarding the reasons why the unlimited liability affects the attractiveness of the audit profession", (London Economics, 2006;Levitt Jr. and Nicolaisen, 2008).Therefore, we can observe the fact that the unlimited liability has a direct and negative influence on the auditor"s efficiency.
Another method for the limitation of the liability is considered to be the one of concluding a professional insurance policy, mandatory according to the legislation in force.This insurance policy assumes a more pecuniary limitation from the fact that, in case of prejudice, the auditor will not pay himself the sum owned as the equivalent of the prejudice.The sum will be paid by the insurance company, to the extent that the auditor"s deed is covered by the insurance policy concluded.Of course that this indirect limitation of the liability does not remove other categories of sanctions, like the criminal, professional and disciplinary ones.The fact that the auditor, in the situation in which the insurance policy concluded covers the damage caused by his deed, will not suffer any repercussions from the pecuniary point of view cannot be stated either.Subsequently, if the auditor wants to conclude another insurance policy or extend the existent one, he will have to pay a larger sum to the insurance company than the one he was paying until the moment of compensation.
Of course, there are different proposals regarding the possible methods for the limitation of the liability.A possible alternative would be the existence of a limitation "based on the size of the company or the market capitalisation.",(Doralt et. al., 2008).This alternative is not considered as being propitious because it would lead to a bipartite system differentiated according to the companies listed or not on the stock exchange, and on the other hand, the market capitalisation can be extremely volatile.Instead, another possible alternative could be the limitation of liability "based on the fees paid by the company to the auditors.
Neither is this alternative right to be followed.Such a regulation would help at establishing a correlation between the income and the risks assumed by the auditor, but to satisfy the compensation function of the liability, the limit should be set at a high enough value.",(Doralt et. al., 2008).Anyway, the current practices exclude this alternative as a method of limitation of the auditor"s liability.
Therefore, the preferred method for the limitation of the liability remains the contractual one, allowing the company and the auditors to limit the liability of the latter."The modern regulations regarding the auditor"s liability need to provide a significant level of compensation of losses and discouragements, but should also maintain stimulants for the professionals to carry out an audit that is worth and efficient from the cost point of view.As a general principle, the civil liability risks should be evaluable in advance for the auditors.This is essential for concluding insurance with an increased cost-efficiency ratio and, thus, for maintaining the additional costs imposed by the decreased risks of civil liability.",(Doralt et. al., 2008).
Therefore, the limitations of the liability are accepted to the extent in which they are done in a reasonable measure.However, the court that will pronounce itself on a possible litigation having as an object the prejudice created by the auditor, can declare the agreement between the parties, through which the liability is limited, as being null if it is proven that this limitation of the liability deviates significantly from what is considered to be reasonable and equitable.

Conclusions
It is indisputable that the auditor"s liability, both juridical and professional, is more and more contoured from the juridical and practical point of view and it is used with an increased frequency in the contractual clauses.As we initially stated, in order not to destabilise the equilibrium that the auditor brings in the corporate governance environment, it is necessary to exist a motivated correlation between the role of the auditor, his acts and the liability he faces.
Jacques Renard said about an audit that it "is like the smell of gas: it is seldom agreeable, but it can, usually, avoid an explosion.".Thus we can observe the auditor"s role in corporate governance, but also the importance that he has in the correct and efficient deployment of governance.
Having such an important role, it is only natural that the responsibility and, implicitly, the liability of the auditor to match it.However, it is important to keep a reasonable proportion for the liability in order to achieve its goal, namely the one of offering an assurance regarding the quality of the services offered by the auditor without causing though negative secondary effects by creating an excessive pressure which, finally, would have them as a result exactly the non-achievement of the scope.Empirical studies demonstrated the fact that an excessive liability, to which the auditor is exposed to, has adverse effects on the auditor"s efficiency, on the freedom of reasoning, having as a result either the committing of accidental mistakes, either the carrying out of a poor audit mission.
Although auditors assume this professional and juridical liability, the fact that they will try to contract the attempts of the audited companies in establishing higher limits of liability is predictable.Therefore, the auditors will try to limit the liability to a reasonable level, accepted by both parties, through the available methods: professional liability insurance policies or contractual clauses partially limiting the liability.