- Emergency Consultation Services
- Risk Management Services
- Who We Are
- Our People
- What We Do
- Why We Are Different
- What’s New
- Where We Are
By: Tim Soefje
Some lawyers may create more potential professional liability over the coming months by drafting a single letter in response to their client’s independent auditor’s request for information than they will throughout the entire rest of the year.
The problem arises primarily because after 40 years of writing these letters to independent auditors, too many attorneys and auditors have concluded the entire process is a colossal waste of time.
As a result, too many, especially solo attorneys and small- to mid-size law firms, have failed to develop and implement appropriate internal policies to insure they handle these auditor’s requests according to the professional standards required of them.
Consequently, a sizable number of attorneys remain blissfully unaware of the specific duties owed and the professional liability created when done so improperly, leading to a waiver of client confidentiality, misleading financial reports, and host of other problems.
The American Bar Association issued its first “Statement of Policy Regarding Lawyers’ Responses to Auditors’ Requests for Information” on January 7, 1976, and have updated it twice since in 1998 and 2003.
And yet, outside of a very few attorneys in the large, downtown corporate law firms, few attorneys responding to these requests have ever read the ABA Statement of Policy, much less the American Institute of Certified Public Accountant (AICPA) rules.
The auditor’s request for information to a client’s attorney arises from the generally accepted accounting principles (“GAAP”) with respect to loss contingencies set forth in Accounting Standards Codification (“ASC”) 450-20 (formerly Statement of Financial Accounting Standards No. 5).
The AICPA requires an attorney’s client to account for a loss contingency if two conditions are met:
Six factors should be considered when the accountant assesses the probability of an unfavorable outcome for the contingency;
If any one of the conditions are not met, the accounting standard requires the client to disclosure the contingency only if it is reasonably possible that a loss may have been incurred. In such case, the disclosure must include an estimate of the loss, but only if the loss is estimable. No disclosure is required if the loss is remote.
The client owes no duty to disclose a loss contingency of an unasserted claim “if there has been no manifestation by a potential claimant of a possible claim or assessment” unless: (1) it is considered probable that a claim will be asserted; and (2) there is a reasonable possibility that the outcome will be unfavorable.
In response to the AICPA’s standards, the ABA issued its own “Statement of Policy Regarding Lawyers’ Responses to Auditors’ Requests for Information” (the “ABA Statement of Policy”). Together, the two documents, often referred to as the Treaty.
The two standards seek to balance the client’s auditor’s need for information with the client’s attorney’s duty to protect the client’ confidential information.
It should be noted, however, that the accounting profession continues to insist that the ABA Statement of Policy does not control, and it is the AICPA standards that govern the auditor’s request for information.
The ABA Statement permits an attorney to ethically comply with an auditor’s request for information under limited circumstances. First, no attorney should ever disclose information to the client’s outside auditor without the client’s written consent.
The attorney, however, shall not disclose to the auditor a confidence, a secret, or an evaluation of a claim. The ABA Statement cautions that an adverse party may assert that any evaluation of a potential liability is an admission by the client.
The attorney must always be cognizant that a client’s voluntary request for disclosure to its accountant almost always waives the attorney-client privilege. United States v. Deloitte, 610 F.3d 129, 139-40 (D.C. Cir. 2010).
Federal law, and few states, provide any confidentiality protection to an accountant’s work-product. United States v. Arthur Young & Co., 465 U.S. 805 (1984). Even an attorney’s oral communications to the auditor are not privileged if the auditor includes the discussions in its work papers. United States v. Deloitte, 610 F.3d at 143.
Otherwise, the attorney may disclose information to the auditor without further client consent for:
The ABA Statement of Policy requires an attorney responding to an auditor’s request for information should only offer an opinion on the outcome of litigation, in the rare case, when the outcome is “probable” or “remote.”
An unfavorable outcome for the client is “probable” if the prospects of the claimant not succeeding are judged to be extremely doubtful and the prospects for success by the client in its defense are judged to be slight.
An outcome is “remote” if the prospects for the client not succeeding in its defense are judged to be extremely doubtful and the prospects of success by the claimant are judged to be slight. The commentary in the ABA State provide examples of such situations, including the following:
An attorney should never provide an estimate of the amount or range of a potential loss unless the attorney believes that the probability of inaccuracy of the estimate is slight. The ABA Statement of Policy also requires that the attorney must confirm to the auditor:
“the client’s understanding that, if in the course of performing legal services for a client with respect to an unasserted claim which may call for financial statement disclosure, the lawyer has formed a conclusion that the client must disclose or consider disclosure concerning the unasserted claim, the lawyer, as a matter of professional responsibility to the client, will so advise the client and consult with the client concerning the question of such disclosure and the requirements of ASC 450-20.”
The ABA Statement provides different illustrative examples of response letters for “inside” and “outside” counsel. In general, the outside counsel may limit its response to particular matters to which it provided substantive attention or representation; whereas the inside general counsel represents he has general supervision for the company’s legal affairs and has “reviewed litigation and claims threatened or asserted involving the Company and [has] consulted with outside legal counsel” where appropriate.
The ABA Statement does not specifically address government investigations of a client. Attorneys should consider most government investigations unasserted claims. The investigation may well constitute potential for a claim, however, the investigation has not ripened into an overt threat of litigation, claims, or assessments. The ABA Statement only requires the attorney disclose unasserted claims when the client specifically identifies them and asks the lawyer to comment.
The client may, however, request the attorney to report all investigations in the same manner the attorney would report pending litigation. Even where the client requests it, however, the Committee noted that in most cases, “the lawyer will not be able to provide any information to the auditor concerning the investigation other than the existence thereof and the fact of the client’s involvement.”
The Committee advised that whichever approach to reporting is adopted, the “approach should be consistently followed with respect to such client until the auditor has been advised of a change in approach.”
The attorney should clearly disclose to the auditor the limited scope of its engagement by the client, and that he is only disclosing terms considered material.
The attorney also should always provide the date on which any information is provided, and disclaim any ongoing agreement to update the information even when the attorney becomes of aware of changed facts or circumstances.
The ABA Statement contemplates that the attorney may incorporated the Statement by reference in the lawyer’s response by the following statement:
“This response is limited by, and in accordance with, the ABA Statement of Policy Regarding Lawyers’ Responses to Auditors’ Requests for Information (December 1975); without limiting the generality of the foregoing, the limitations set forth in such Statement on the scope and use of this response (Paragraphs 2 and 7) are specifically incorporated herein by reference, and any description herein of any ‘loss contingencies’ is qualified in its entirety by Paragraph 5 of the Statement and the accompanying Commentary (which is an integral part of the Statement).”
While incorporating the ABA Statement by reference is permitted by Paragraph 8, the attorney, however, should consider instead stating clearly that the auditor alone shall use the letter solely in connection with the audit of the client.
The attorney also should state the letter shall not be quoted in any financial statements of the client or related documents. The attorney also must state that no one, including the client, should file it with any governmental agency or other person, without the attorney’s prior written consent.
As discussed above, the ABA acknowledges that an auditor may assume the lawyer, as a matter of professional responsibility to the client, will advise the client concerning the question of such disclosure is required and of the applicable requirements of FAS 5.
The ABA makes clear that every attorney owes a professional obligation to not knowingly participate in any violation by the client of the disclosure requirements of applicable securities laws.
The ABA or applicable state code of professional responsibility also may require the attorney to resign his engagement under some circumstances if his advice concerning disclosures is disregarded by the client. The ABA Statement says withdrawal is very undesirable.
For more than a decade commentators have expressed that there appears to be a continual increase in the number of inquiry letters that do not conform to the ABA-AICPA Compromise. Firms should resist responding to inquiries that are outside of the ABA-AICPA Compromise. Some recent examples of non-conforming requests include:
The professional liability risk created from failing to follow the ABA-AICPA Compromise is real. For example, Sarbanes-Oxley Act heightened the risk of potential firm exposure in connection with responding to inquiring letters because attorneys are covered as “persons acting under the direction” of corporate officers and directors, and therefore, can be held liable if their actions are deemed, under a negligence theory, to “result in rendering financial statement materially misleading.”
Best professional practice demands that every attorney or law firm review the ABA-AICPA requirements before responding to Auditor’s Request for Information. Every law firm should implement an internal procedure for responding to auditor’s request for information. The procedure should at minimum include:
Those law firms who do not regularly prepare such audit’s request for information letters, would be well advised to consult with outside counsel to confirm that their internal procedures are sufficient, and their letters comply with their professional liability requirements as set forth in the AICPA-ABA requirements without waiving client confidentiality. Firms who do neither must beware of the risks they assume.