CPAs as Corporate Directors





Section 407 of SOX requires public company disclosure of “financial expert” participation on an audit committee but stops short of requiring one. Reasons for not including one must be disclosed. CPAs have become prime candidates to serve in this capacity because they generally meet the definition of a financial expert.

Typical corporate director duties include managing a company on behalf of, and in the best interests of, the shareholders in an oversight and advisory role. The audit committee of a board has additional responsibilities, and for public companies these responsibilities must be carried out in accordance with SEC, SOX, and stock exchange requirements.

Directors are expected to perform their duties according to certain standards of conduct. State and federal guidance on director liability provides that directors acting in good faith and performing duties with due care, loyalty, and diligence should be protected from liability in conjunction with board service.

Out-of-court settlements in high-profile cases such as Enron and Worldcom may have heightened concerns about the personal liability of directors, but do not create a legal precedent.

Recent litigation cases involving director liability suggest that board members will be insulated from liability as long as they did not breach their fiduciary duty by engaging in self-dealing and were not personally aware of wrongdoing on the part of the corporation or its officers.

Being designated an expert means that directors are expected to use that expertise when carrying out duties, and this will be considered when determining whether those duties were performed with due diligence and in good faith.

Deborah Archambeault, CPA, Ph.D., is assistant professor of accounting at the University of Tennessee at Chattanooga. John Friedl is a professor in the Department of Accounting and Department of Political Science, Public Administration, and Nonprofit Management at the University of Tennessee at Chattanooga. Their e-mail addresses, respectively, are and

Financial scandals routinely highlight the need for improved corporate governance and the reliability of financial reporting. Lawsuits associated with these scandals have focused attention on the individuals involved, management and directors alike, and the personal liability that may result. The profession is at an interesting crossroads—CPAs are needed to fill the roles of conscientious, diligent watchdogs on corporate boards and audit committees. However, personal liability concerns may deter excellent candidates from agreeing to serve. This article summarizes some relevant legal issues and provides suggestions for accountants who are considering whether to serve on a board.

The Sarbanes-Oxley Act contains requirements intended to improve the accuracy and reliability of corporate disclosures. Section 407 of SOX requires public companies to disclose whether the audit committee of the board of directors includes at least one “financial expert.” Final rules issued pursuant to section 407 (SEC Rel. No. 33-8177) define an audit committee financial expert as a person who has an understanding of GAAP and financial statements; an ability to assess the application of accounting principles; experience in the preparation, audit, analysis or evaluation of financial statements; experience in accounting internal controls; and an understanding of audit committee functions. (For a complete SEC definition of an audit committee financial expert, see page 46.)

Section 407 stops short of requiring the presence of a financial expert on the audit committee, but it does require companies lacking a financial expert to disclose their reasons for failing to include one. It seems companies should prefer including a financial expert on the audit committee rather than explaining the absence of one. A director does not have to be a CPA or an accountant to qualify as a financial expert, but CPAs are prime candidates for the position because they generally meet the qualifications.

The corporate director’s role is to manage the company in the best interests of the shareholders. Directors generally delegate authority and responsibility for daily operations to the CEO and senior management, while taking on an oversight and advisory role. Typical director responsibilities are described in Corporate Governance Best Practices: A Blueprint for the Post-Enron Era , a 2003 report by The Conference Board, and in Principles of Corporate Governance , a 2005 report by the Business Roundtable. Many of these responsibilities, summarized in Exhibit 1 , focus on business strategy, risk assessment and corporate objectives. The Conference Board noted that in the wake of recent corporate scandals, boards face the challenge of increasing their focus on oversight to actively monitor management.

In addition to these typical director responsibilities, which apply to directors of public and private companies, directors of publicly traded companies are required to carry out other duties on the company’s behalf. Section 10A of the Securities Exchange Act of 1934 places specific requirements on the board’s audit committee (see “Eight Habits of Highly Effective Audit Committees,” page 46). In addition to preapproving all audit and non-audit services provided by the company’s registered public accounting firm, the audit committee is required to appoint and compensate the public accounting firm and oversee its work. The audit committee must establish procedures for handling accounting or auditing complaints, and handling confidential anonymous concerns from employees on accounting or auditing matters.

Item 407 of Regulation S-K requires the audit committee to disclose its activities, which include review and discussion of the financial statements with management and required communication with the external auditor. Directors of public companies may be subject to additional responsibilities under the corporate governance standards that stock exchanges impose on registrants. For example, the corporate governance standards for New York Stock Exchange registrants (Standard 303A.07) require audit committee members to be involved in and familiar with the company’s risk assessment and risk management processes.

Exhibit 1
Responsibilities of
Corporate Directors

Approving a corporate philosophy and mission.

Planning for management development and succession.

Understanding, reviewing and monitoring the implementation of the corporation’s strategic plans.

Reviewing and approving the corporation’s financial objectives, plans and actions, including significant capital allocations and expenditures.

Focusing on the integrity and clarity of the corporation’s financial reporting.

Reviewing and approving material transactions not in the ordinary course of business.

Monitoring corporate performance.
Advising management on significant issues facing the corporation.

Reviewing management’s plans for business resiliency, including risk assessment
and security.

Nominating directors and committee members.

Performing other functions as prescribed by law or by the corporation’s governing documents.

Assessing the board’s effectiveness in fulfilling board responsibilities.

Sources: Business Roundtable (2005), Principles of Corporate Governance ; The Conference Board (2003), Corporate Governance Best Practices: A Blueprint for the Post-Enron Era.

Directors are expected to adhere to certain standards of conduct. While statutes vary by state, most states have adopted the provisions of the Model Business Corporation Act (MBCA), which requires directors to act in good faith, in a manner he or she reasonably believes is in the corporation’s best interests, and with the care that a person in a like position would reasonably believe appropriate. Additionally, a director is entitled to rely on the performance or opinions of others, as long as the director “does not have knowledge that makes this reliance unwarranted” (MBCA § 8.30).

The common law business judgment rule , the main provisions of which have been incorporated into the MBCA, protects directors involved in shareholder lawsuits. Under this safe harbor, a director is not liable for breaching a fiduciary duty as long as he or she acts in good faith, believes the decisions are in the corporation’s best interest, makes an informed decision, and does not act with self-interest. If any of these criteria are not met, the director loses the protection of the business judgment rule and may be held liable for damages caused by the breach of duty.

A slightly different standard is used to assess whether a director of a public company has breached fiduciary duties at the federal level. Under section 11 of the Securities Act of 1933, directors of an issuer may be liable to any person acquiring a security pursuant to a registration statement that contains a material omission or misstatement. A director is expected to undertake a reasonable investigation and have reasonable grounds to believe that the statements contained within the registration statement are true and do not omit any material fact. In determining what constitutes reasonable behavior in such cases, the statute uses a prudent person standard. This test says the director is expected to act with the standard of reasonableness “required of a prudent man in the management of his own property.”

Directors who can show that they exercised such due diligence, either through their own investigation or through their reasonable reliance on the work of experts, can avoid liability. Hence, a director of a publicly traded company is expected to thoroughly review the information contained in (or omitted from) the registration statement. This requires making a reasonable investigation, using the assistance of experts if needed, to ensure that the registration statement does not contain any material omissions or misstatements.

Because the work of experts is explicitly addressed in the civil liability provisions of Section 11, there was some concern that directors identified as experts might be held to a higher standard of performance than other directors. Section 11 does not specifically address this issue. Responding to concerns that being designated as an audit committee financial expert might create additional liability, however, the SEC created a safe harbor in 2003. Under this provision (adopted in SEC Rel. No. 33-8177), designating a director as an audit committee financial expert will not cause the director to be deemed an “expert” under Section 11, nor “impose on such person any duties, obligations, or liability that are greater than the duties, obligations, and liability” that the person would have absent this expert designation. As long as a director who is an audit committee financial expert can demonstrate the requisite due diligence, as described above, he or she should not fear additional liability under federal statutes. Moreover, while this safe harbor, by its terms, applies only in cases arising under the federal securities laws, the SEC has opined that a director’s designation as a financial expert similarly should not alter his or her fiduciary duties or liabilities under state law.

To Serve or Not to Serve?

Consider the following before deciding to serve on a board or an audit committee, whether as a director or an audit committee financial expert:

1. It takes time. Service as a director is a significant time commitment due to the recent increased focus on corporate governance. This is especially true for audit committee members whose duties require them to address a variety of accounting, technical and risk-related issues. Exhibit 1 presents a listing of director responsibilities.

2. Do some research before deciding. The decision to join a board is similar to the auditor’s “client acceptance” decision and should be accompanied by a similar due diligence process. Recent SEC filings, background information on current directors and executives, and communication with the company’s auditor and outside counsel are all good sources to aid in making an informed decision.

3. Understand the business. A thorough understanding of the company’s business, risks and the industry in which it operates is important for directors—and essential for audit committee financial experts.

4. Know your responsibilities. Read and understand the corporate charter, the audit committee charter, and (for public companies) the corporate governance standards of the company’s stock exchange, particularly as they relate to the duties and expectations of directors and audit committee members. Familiarity with your duties is an important first step in carrying them out.

5. Expert duty of care. Designated financial experts will be expected to use their expertise. That will likely be scrutinized when evaluating whether a director discharged his duties with due care and diligence.

6. Research insurance protection. Familiarize yourself with the insurance coverage that is available to you. The recent trend in settlement cases requiring directors to make some payment out of personal assets does not diminish the importance of D&O insurance as a form of protection. Additionally, CPAs whose firms already provide approved non-audit services to a company should ascertain whether their malpractice insurance coverage will be affected by their dual roles of director and public accountant. In situations where there is uncertainty about the capacity in which the CPA is acting (director or accountant), it is possible that the two insurance companies may try to disclaim coverage, arguing that the other insurance company should be responsible.

7. Be diligent. Once the commitment to serve as a director has been made, the director must be diligent and act in good faith. The best defense against liability is to diligently carry out fiduciary duties.

Recent out-of-court settlements in a few high-profile cases have cast a light on directors’ susceptibility to personal liability. In the Enron and WorldCom cases, non-management directors were accused of breach of fiduciary duty for failing to oversee the company properly. Settlement agreements in both cases required the non-management directors to pay a portion of the damages from their personal assets, even if directors’ and officers’ (D&O) insurance would cover the damages.

In the Enron case, payments from directors’ personal assets represented disgorgement of a portion of the profits that these directors received from the sale of Enron stock prior to the company’s collapse. In the WorldCom case, payments from personal assets were determined strictly as a percentage of each director’s personal net worth and did not represent a disgorgement of profits. This trend of punishing directors through the loss of personal assets for failure to carry out their fiduciary duties has emerged in SEC settlements. These settlements also prohibit the settling party from seeking reimbursement or indemnification from D&O policies for amounts paid out of personal assets. Since the Enron and WorldCom cases did not go to trial, the settlements do not stand as legal precedents. The next section examines cases recently decided in the courts.

Recent decisions in shareholder derivative litigation suggest that audit committee board members are insulated from liability as long as they do not engage in self-dealing and are not personally aware of wrongdoing by the corporation or its officers. In the 2006 case of Yemin Ji v. Kits van Heyningen (U.S. District Court for the District of Rhode Island, 2006 U.S. Dist. LEXIS 65926), shareholders sued personally members of the board’s audit committee. The case alleged the members breached financial oversight duties by allowing the issuance of improper financials and public disclosures. The court rejected this standard of liability, requiring instead that the plaintiffs show that members of the committee had actual knowledge of improprieties. Similarly, in the 2006 case of Conagra Foods Inc . (U.S. District Court for the District of Nebraska, 2006 U.S. Dist. LEXIS 70787), allegations that audit committee members should have known about accounting irregularities were insufficient. The plaintiffs were required to provide particularized allegations that members of the committee had actual knowledge of the accounting errors.

The court in In re Cray Inc . derivative litigation (U.S. District Court for the Western District of Washington, 2006 U.S. Dist. LEXIS 27182) ruled in 2006 that audit committee members were not “interested parties” who stood to gain by failing to take action with respect to remedying the company’s internal controls. The court said “[t]he relevant case law does not hold that a director is interested merely by virtue of sitting on an Audit Committee while the corporation faces accounting and audit irregularities.” No appeal is on record in any of the three preceding cases, so reversal of these decisions is not anticipated in the foreseeable future.

A 2006 Delaware Chancery Court decision, in which no appeal has been filed, has caused some concern about the liability of expert directors. The Emerging Communications Inc . shareholder suit (Court of Chancery of Delaware, New Castle, 2006 Del. Ch. LEXIS 25) is based on a merger negotiation in which the board of directors, relying on the expertise of an outside financial expert, approved a share price that significantly undervalued the company. Salvatore Muoio, a director who was a securities analyst and mergers and acquisitions expert, was found liable for approving this transaction that undervalued the company’s stock. Other directors without expertise in this area were not found liable.

The decision created significant concern that audit committee financial experts could face increased liability if they are designated as experts. However, the findings in the Emerging Communications case do not support that conclusion. The court’s ruling did not state, per se, that Muoio was subject to a higher standard of due care. It limited the higher standard to the specific area in which Muoio was expert. The court found that “Muoio’s expertise in this industry was equivalent, if not superior, to that of Houlihan, the Special Committee’s financial adviser. That expertise gave Muoio far less reason to defer to Houlihan’s valuation.” The court explored plausible explanations as to why Muoio disregarded his own expert knowledge and approved an unfair merger price. The court found two possibilities— either a desire to further his own interests, or an intentional disregard for his responsibility to the shareholders—demonstrated that Muoio had breached his duties of good faith and/or loyalty. The “expert” director in this case was found liable because his expertise was such that he could not have relied on the outside expert’s opinion in good faith. The main lesson from this court’s finding is that a director who possesses expertise is expected to use it in carrying out fiduciary duties. Failure to do so will be seen as a breach.

The Delaware Chancery Court decision in In re Walt Disney Company (Court of Chancery of Delaware, New Castle, 2005 Del. Ch. LEXIS 113), which was affirmed by the Supreme Court of Delaware in 2006, suggests that the business judgment rule is still the standard for assessing director liability. In this case, Disney’s board of directors, led by CEO and Chairman Michael Eisner, approved a compensation package to hire Michael Ovitz as president. The deal provided for a large payout in the event of his termination. When Ovitz was terminated a year later, the severance package, which included cash and the immediate vesting of stock options, was valued at approximately $140 million. Stockholders sued the directors, alleging they had breached their fiduciary duties by approving the compensation package and allowing the termination that resulted in the large payout.

The court found that Eisner and the other directors acted in good faith and with the belief that their actions were in the company’s best interests. Hence, they did not violate their fiduciary duties. The court criticized the directors for not acting in accordance with corporate governance “best practices,” but that behavior did not amount to a breach of fiduciary duty. The court noted that although corporate governance best practices may change over time, the duties of a fiduciary do not. Failure to comply with the “aspirational ideal of best practices” is not grounds for holding a fiduciary liable, as long as the duties of loyalty, due care and good faith are fulfilled.

Recent court decisions affirm that the business judgment rule (with its component duties of good faith, loyalty and due care) is still the standard for assessing director liability for breach of fiduciary duty. Although out-of-court settlements may have heightened public awareness of director liability, directors who act with good faith, loyalty and due care should continue to be protected from personal liability


Preparing the statement of cash flows

This instructive white paper outlines common pitfalls in the preparation of the statement of cash flows, resources to minimize these risks, and four critical skills your staff will need as you approach necessary changes to the process.


Keeping you informed and prepared amid the COVID-19 crisis

We’re gathering the latest news stories along with relevant columns, tips, podcasts, and videos on this page, along with curated items from our archives to help with uncertainty and disruption.