Summary

This chapter gives an overview of the history and important aspects of the audit profession in a broad sense. I define the following important principles of my study. This study concerns statutory auditors registered with the Royal Netherlands Institute of Chartered Accountants (Nederlandse Beroepsorganisatie van Accountants, NBA) and with the Authority for the Financial Markets (Autoriteit Finan- ciële Markten, AFM) (by the audit firm). For this study, the relevant task of the auditor is the statutory audit of annual or consolidated financial statements within the meaning of article 2:393 Dutch Civil Code (Burgerlijk Wetboek, BW). The objective of such a statutory audit is that users of the financial statements can be confident that the financial statements provide a true and fair view of the financial position and results of the reporting company. Users include both the reporting company itself, i.e. the audit firm’s client, and third parties. Third parties are, for instance, shareholders, investors, employees, customers and lenders of the company.

The most important legislation for this study is: (i) the Audit Firm Supervision Act (Wet toezicht accountantsorganisaties, Wta); (ii) the Decree on Audit Firms Supervision (Besluit toezicht accountantsorganisaties, Bta); (iii) the EU Regulation on Specific Requirements regarding Statutory Audit of Public-interest Entities; (iv) the Audit Profession Act (Wet op het accountantsberoep, Wab) and (v) the Auditor Disciplinary Proceedings Act (Wet tuchtrechtspraak accountants, Wtra).

The most important regulations regarding the individual auditor are: (i) the Supplementary Instructions regarding Standards on Audit and Other Matters (Nadere voorschriften controle- en overige standaarden, NV COS), (ii) the Rules of Conduct and Professional Practice (Verordening gedrags- en beroepsregels accountants, VGBA), (iii) the Regulation regarding Independence (Verordening inzake de onafhankelijkheid van accountants bij assurance-opdrachten, ViO) and (iv) the Additional Instructions regarding Permanent Education (Nadere voorschriften permanente educatie, NV PE) by the NBA.

In the summary of part II, I will give my opinion with regard to -amongst others- the extensiveness of the laws and regulations with regard to the auditor’s profession and the fact that they change frequently.

The contractual relationship between a client and an audit firm usually qualifies as a service provision agreement (in Dutch: overeenkomst van opdracht). I con- clude that the service provision agreement results in the following obligations of the audit firm and/or the auditor to the client:

If an audit firm and/or auditor fail(s) to comply with its obligations arising from the service provision agreement, the audit firm can be held liable by the client for attributable non-performance (breach of contract) (in Dutch: toerekenbare tekortkoming or wanprestatie). The doctrine of contractual liability is applicable in that case.

An audit firm and third parties do not have a contractual relationship. The audit firm or individual auditor can nevertheless be liable towards third parties pursuant to a tortious act (unlawful act) (in Dutch: onrechtmatige daad). The doctrine of noncontractual liability is applicable in that case. The tortious act can relate to a broad circle of third parties. In my opinion, most cases of an auditor’s liability towards third parties concern ‘an act or omission in violation of what according to unwritten law has to be regarded as proper social conduct’ (article 6:162 Dutch Civil Code). Whether an auditor or audit firm is in fact liable depends on the answer to the question whether the auditor has acted as could be expected from an auditor acting in a reasonably competent manner under similar circumstances. The standard is ‘acting with the due care to be expected from a reasonably competent professional who acts reasonably’. The auditor has to meet a high standard of care, i.e. has a special duty of care. The special duty of care follows from the auditor’s societal importance.

Although liability arising out of a tortious act can be distinguished from liability arising out of failure to comply with the obligations arising from the service provision agreement, the following sub questions are relevant in establishing liability in both cases:

The concept of duty of care is the basis for answering the first sub question. The basis of the auditor’s duty of care is the standard of a ‘reasonably competent professional who acts reasonably’ (in Dutch: een redelijk bekwaam en redelijk handelend vakgenoot). I conclude that this ‘general’ duty of care is specified in a number of specific obligations of care. The auditor has to act in accordance with the following obligations of care in order to meet this standard:

Obligation of care 1: Competence: the auditor must have the competence required for the statutory audit of annual or consolidated financial statements within the meaning of article 2:393 Dutch Civil Code.

Obligation of care 2: Acting competently: the auditor has to apply his competence in the conduct of the audit.

Obligation of care 3: Information and warning obligations: the auditor can have information and warning obligations.

If one of these obligations is not met, an auditor can be held liable for damages, towards the client as well as towards third parties.

Obligation of care 1: ‘Competence’ – The auditor must meet significant demands on his expertise. If the auditor satisfies his educational requirements and retains his professional expertise, the risk of violating this obligation of care is in my opinion minor.

Obligation of care 2: ‘Acting competently’ – The second obligation of care revolves around acting competently while conducting the statutory audit of annual or consolidated financial statements within the meaning of article 2:393 Dutch Civil Code. With regard to this obligation of care, laws and regulations contain many open standards, for instance ‘reasonable assurance’ (in Dutch: redelijke mate van zekerheid), ‘material misstatement’ (in Dutch: afwijkingen van materieel belang), ‘true and fair view’ (in Dutch: getrouw beeld/inzicht), ‘sufficient and appropriate’ (in Dutch: voldoende en passend) en ‘acceptably low level’ (in Dutch: aanvaardbaar laag niveau). These open standards are applied using professional judgement. Professional judgement contains a certain subjective element, and the necessary presence of this subjective element lowers the risk of violating this obligation of care. Furthermore, the risk of violating this obligation is in my opinion manageable if the auditor applies these open standards in good faith and with reasonable effort and makes effective use of instruments such as file management.

Obligation of care 3: Information and warning obligations – Information obligations towards the client are of great importance and I presume they will become even more significant in the future. An obligation to warn a client is assumed when the warning could have prevented a situation from happening. This situation has to be related to the statutory audit (effectiveness of warning). I conclude that warning the management board is in principle not sufficient. The supervisory board and sometimes even the AFM have to be informed as well, depending on the circumstances. There are (as yet) no specific obligations to inform or warn towards third parties.

Not fulfilling the auditor’s duty of care can be a non-performance or a tortious act. This answers question 1 in the affirmative. However one is only liable for damages, if the non-performance or tortious act can be attributed to the auditor and/or audit firm. Furthermore damage must have been incurred and there has to be a causal relationship between the non-performance or tortious act and the damage.

Attribution- A non-performance towards a client, constituting an infringement of the auditor’s duty of care, can be attributed to the audit firm. This regards the doctrine of ‘liability for auxiliary persons’ (in Dutch: aansprakelijkheid voor hulppersonen). A tortious act towards third parties, consisting of an infringement of the auditor’s duty of care, can be attributed to the audit firm as well, because the behaviour of the auditor is considered to be behaviour of the audit firm. Furthermore, the doctrine of liability for tortious acts of a subordinate (in Dutch: ondergeschikte) or non-subordinate (in Dutch: niet-ondergeschikte) can provide a basis for attribution.

Damage- A client can suffer damage as a result of a non-performance, consisting of an infringement of the auditor’s duty of care. The most obvious damage suffered by clients is damage as a result of fraud, which is not, or not timely, detected. One has to bear in mind, however, that the responsibility for the preparation of the financial statements and the presentation of a true and fair view (and therefore the detection of fraud) primarily lies with the client’s management board, under the supervision of the supervisory board. The auditor ‘only’ audits.

Damage suffered by third parties as a result of a tortious act by the auditor can be enormous. This could result in a catastrophic claim.

Causal relationship- In case of an infringement of obligation of care 2: ‘Acting competently’, the causal relationship between the non-performance or tortious act and the damage, a conditio sine qua non, can only be established if the injured party would have acted differently on the basis of the correct audit opinion or financial statements.

In case of an infringement of obligation of care 3: ‘Information and warning obligations’, the causal relationship between the non-performance or tortious act and the damage can only be determined if a client would have intervened, if he had been informed of the fault earlier.

The doctrine of reasonable attribution (in Dutch: leer van de redelijke toerekening) can in my view result in a broad attribution (in Dutch: ruime toerekening) of damage to the liable auditor. This strongly depends on the specific circumstances of the case.

I conclude that the injured client or third party will, in case of uncertainty with regard to the causal relationship (in Dutch: causaliteitsonzekerheid), in all likelihood not benefit much from the exceptions to the rule that the injured party has to make the causal relationship plausible (paragraph 5.4.4).

Proof – If the injured party can prove the non-performance or tortious act, attribution, damages and causal relationship between the non-performance or tortious act and the damage, in principle an obligation to pay damages has come into existence. However, the auditor may be able to invoke the doctrine of own fault, an exemption clause or the principle of relativity.

Doctrine of own fault- In case of fraud, the doctrine of own fault of the injured party can be relevant. Given the responsibilities of the management board and supervisory board of a client, I see possibilities for own fault of the client. However, due to the particular competence of the auditor a (adverse) fairness correction can be considered.

Exemption clause – The auditor and/or audit firm can invoke an exemption clause, usually included in the general terms and conditions that are part of the service provision agreement. The exemption clause can be invoked against both clients and third parties. The exemption clause is not applicable insofar as, given the circumstances, this would be unacceptable as measured against the standards of reasonableness and fairness.

As discussed previously, non-performance of an auditor can be attributed to the audit firm as contracting party. However, the individual auditor can be held liable in person as well for a tortious act against a client as well as against third parties. It is in my view of great importance to protect the individual auditor against such liability, for instance by means of an exemption clause including a third party clause.

The above is a brief summary of my conclusions on the question when an auditor can be held liable under Dutch law for (errors in) the statutory audit. The summary is not comprehensive, and limited to the criteria which I deem to be the most important. In the following I will briefly discuss selected other topics regarding the auditor’s liability: laws and regulations, disciplinary law, claims and settlements, the expectations gap, public oversight conducted by the AFM and limitation of liability.

Neglect of professional expertise (in Dutch: vaktechniek) is a potential cause of the problems for which the auditor’s profession currently finds itself under public scrutiny. Retaining professional expertise is a very important starting point for the auditor’s profession. However, in my opinion, the laws and regulations with regard to the auditor’s profession have become so extensive, detailed and complex, and change so frequently, that maintaining up-to-date professional expertise has become a significant problem for auditors. One needs to be wary of over-regulation of the auditor’s profession. Too much regulation will create a checklist-mind-set. This is not in accordance with the objective of a statutory audit.

It is quite common that a disciplinary proceeding precedes a civil court case. One presumes that the odds of winning a civil court case are higher once the deficiency of an audit has been established in a disciplinary proceeding. This is not always the case. In their study, Uhlenbroek en Mooibroek assign decisive importance -in case of auditor’s liability- to a prior disciplinary proceeding in 19% of the civil court cases. This is higher than in case of liability of other professionals. This could perhaps be explained by the fact that it might be difficult for a civil court to assess the noncompliance of an auditor. Furthermore, the civil court has to duly justify dissenting from a disciplinary proceeding. This could mean that the civil court would have to appoint an expert to be able to duly justify a dissenting decision.

Between 2012 and the end of 2017 there have been – to my knowledge – ‘only’ eight claims regarding seven audit clients. Six claims concern receivers and third parties, only two claims concern clients. To my knowledge, ‘only’ nine settlements regarding six audit clients were entered into during the period of 2012 to 2017. These settlements were entered into with receivers and third parties, such as (supervisory) board members, shareholders, investors and creditors. The Dutch Investors’ Association (In Dutch: Vereniging voor effectenbezitters, VEB) and/or claim foundations (in Dutch: claimstichtingen) have played an important role with regard to these settlements. The claims and settlements almost all relate to the important accounting scandals as discussed in my study. These scandals are: Ahold, DSB, Landis, Econcern, Eurocommerce, Vestia, Weyl en Koops Furness.

In practice, despite the low absolute number of claims and settlements involving legal audits, the Dutch audit profession is going through a turbulent period. The auditor is frequently the subject of adverse news coverage, feeding social and political pressures for fundamental reform. Criticism of the audit profession can be analyzed using the concept of the expectations gap. The expectations gap consists of a’ deficient performance gap’, a ‘deficient standards gap’ and an ‘unreasonable expectations gap’. Research shows that only a small percentage of the expectations gap relates to deficient performance. A deficient performance nevertheless in my view is the only part of the expectations gap that corresponds to the legal notion of not fulfilling the auditor’s duty of care. Deficient standards and unreasonable expectations can not result in a non-performance of the auditor’s duty of care, and therefore not be a basis for liability.

Although from the perspective of this study the expectations gap is of limited significance, reducing the expectations gap is important for the audit profession and for society. I suggest that, to reduce the expectations gap, priority should be given to the deficient standards gap and the unreasonable expectations gap.

I have also assessed the independent public oversight by the AFM. This public oversight does not relate directly to the auditor’s liability. However, the content of the auditor’s duty of care is clearly influenced by the Audit Firms Supervision Act. Therefore, the public oversight based on the Audit Firms Supervision Act is relevant for my study.

I have come to the conclusion that the AFM has adopted an authoritative enforcement style. Furthermore, through its use of the media the AFM creates widespread attention for deficiencies in audits discovered by its oversight activity. In my view, this enforcement style only serves to increase the expectation gap. I express the hope that the AFM will soon adopt a more cooperative and facilitating enforcement style. This could improve mutual understanding between the AFM and the auditors.

In its most recent thematic review, the AFM qualified 59% of the inspected statutory audits at Big 4 audit firms as ‘inadequate’. The deficiencies in statutory audits marked as inadequate are, according to the AFM, of such severity that the AFM concluded that the audit opinions with respect to these financial statements were issued without sufficient audit evidence to support the opinion. However, an inadequately conducted statutory audit does not by definition imply that the audited financial statements are incorrect. The AFM does not examine the audited financial statements for correctness and therefore passes no judgement on this aspect. Following the AFM’s 2013/2014 review, the Big 4 firms have examined the consequences for the audit opinions they issued based on statutory audits classified as ‘inadequate’ by the AFM. They concluded that these audit opinions did not require amendments. This implies that these audit opinions were substantively correct, even though they were incorrectly issued in a procedural sense.

Taking into account the low number of claims and settlements, and assuming that social controversy surrounding the audit profession reflects to a large extent those elements of the expectation gap that do not directly reflect deficiencies in the performance of the auditor, I have come to the conclusion that the auditor’s liability has justifiably not been limited. Laws and regulations contain sufficient restrictive measures to maintain liability towards clients within reasonable bounds. With regard to liability towards third parties, laws and regulations in combination with the standards developed in case law and the judicial review, at present contain sufficient barriers against excessive liability. However, if the standards developed in case law and/or the statutory system change significantly, and to the detriment of the auditor, it would be justifiable to limit the liability towards third parties. My preferred choice in that case would be a cap of five to ten times the audit fee.

Until approximately ten years ago, case law and disciplinary judgements with regard to the statutory audit were virtually non-existent. However, the last decade has seen an increasing number of disciplinary proceedings. In many cases, the underlying disciplinary complaints are in line with the above-mentioned conclusions of the AFM.

One can observe this in the disciplinary judgements with respect to Econcern, Eurocommerce, Vestia, Weyl Vleesverwerkers and Koops Furness. The overall conclusion in all these cases is that the auditor did not obtain sufficient appro- priate audit evidence to justify his opinion regarding the financial statements as a whole. The Accountants Chamber (Accountantskamer) and the Appeals Board for Trade and Industry (College van Beroep voor het bedrijfsleven) have ruled in these cases that the statutory audits were conducted with insufficient depth and an insufficiently professional and critical attitude, because the auditor could not demonstrate that sufficient appropriate audit evidence had been obtained. The disciplinary judgements conclude that an unqualified audit opinion with respect to the financial statements was published without a reasonable basis. This implies that the audit opinions were issued on a procedurally incorrect basis. It remains unclear, though, if these audit opinions were also substantively incorrect.

In my opinion, the greatest potential liability risk to which auditors are exposed under current law is the risk of being unable to demonstrate that sufficient appropriate audit evidence was obtained, and therefore to be held liable for planning and conducting a statutory audit with insufficient depth and an insufficiently professional and critical attitude. This will often mean that the auditor is liable for an audit opinion of which the incorrectness has only been established at the procedural level. However, damage suffered and, consequently, liability incurred, will be higher in case of an audit opinion that is also incorrect in a substantive sense.

The liability risk can be diminished through specific and verifiable criteria to determine when audit evidence is sufficient and appropriate for the circumstances. The AFM, the NBA and academia must agree upon these criteria. The criteria have to be workable, within the objective of the statutory audit of article 2:393 Dutch Civil Code and the boundaries of professional judgement by the auditor. It must be ensured that this does not result in regulations that contribute to a checklist-mentality, which would not be in accordance with the objective of a statutory audit.