Consider the following scenario. One morning, you see your audit client's name emblazoned across the front page of the local newspaper. The story describes a long-term business deal gone awry and hints of embezzlement by the corporate controller. Doubt enters your mind as you envision every document you inspected and recall every conversation you had during the audit. You wonder if you missed something.
Whether it is a newspaper headline, a conversation with a client, or an industry development, a seemingly innocuous piece of new information about a completed audit engagement may raise concern that, had this been known when the auditor's report was issued, the auditor might have revised the report. Referred to as a "subsequent discovery of fact," new information that comes to light after the financial statements and related audit report are issued necessitates the auditor's consideration. This consideration and management's response may reveal that the financial statements or related disclosures require adjustment, the report may need to be withdrawn and reissued, users of the financial statements may need to be notified, and the CPA firm may even need to consider ending the client relationship.
Consider the auditor in the scenario above. What if a bank had loaned money to the client, or a new investor had just made a large cash infusion into the business? What if key financial metrics or debt covenants were barely reached and now may be questionable? If a CPA firm does not respond properly to a subsequent discovery of fact, third-party users of the financial statements may assert that the CPA firm failed to take necessary action to prevent reliance on the auditor's report on the financial statements. Indeed, approximately one-quarter of audit claims asserted against CPA firms in the AICPA Professional Liability Insurance Program are brought by third parties. Consequently, it is important that CPA firms be vigilant regarding information received after issuing an audit report and cognizant of the professional standards that guide their response.
The AICPA Clarified Statements on Auditing Standards, specifically AU-C Section 560, Subsequent Events and Subsequently Discovered Facts, guide the auditor's response to subsequently discovered facts in an audit engagement. Auditors should consider implementing the following measures when responding to a subsequent discovery of fact:
- Discuss the matter with client management. Determine if the financial statements, including disclosures, require revision and, if so, inquire how management intends to address the matter in the financial statements. Involve those charged with governance when appropriate.
- Ensure third-party users are notified. If the financial statements (before necessary revision) have been made available to third parties, client management, not the auditor, should inform the users of the situation and advise them not to rely on the financial statements and related audit report. The auditor should verify that the client has provided adequate notice to third parties. Timely and appropriate notification to third-party users represents a critical step in mitigating the risk of a professional liability claim.
- Audit the new information. The auditor should audit how the client has accounted for the new information and reflected it in the financial statements and related notes.
- Update and reissue the auditor's report. If the audit opinion differs from the originally issued opinion, an emphasis-of-matter paragraph or other-matter paragraph should be added to the report. The auditor has two choices related to the date of the reissued audit report:
• Date the report as of a later date. Extend subsequent-event procedures and obtain client management representations through the new report date.
• Dual-date the report. A note to the financial statements should disclose the new financial information and the financial statement impact, and include a statement that audit procedures applied subsequent to the original audit report date were limited solely to the revised financial information. Additional management representations should also be obtained in this circumstance.
WHAT IF THE CLIENT REFUSES?
A client may disagree or choose not to revise the financial statements. Even if client management agrees to revise the financial statements, it may not properly inform financial statement users of the situation. Should either of these situations arise, the CPA should take specific steps depending on the circumstance as outlined in AU-C Section 560, paragraphs .14, .17—.18, and .A23—.A26. These steps may include communications to management and those charged with governance, notification to applicable regulatory agencies, and notification to third-party users. Consultation with the firm's legal counsel is also recommended.
RISK MANAGEMENT TIPS
A subsequent discovery of fact, whether it is embezzlement within a client's organization, the termination of a key contract affecting previously recognized revenue, or another unexpected event, places CPAs in a delicate situation that demands a focused and timely response. Consider the following risk management techniques to help minimize professional liability risk related to a subsequent discovery of fact:
- Be alert for new information. Keep a close watch on client news and industry developments. This attentiveness can help identify new information.
- Know and adhere to the professional standards. Review AU-C Section 560 if new information is uncovered subsequent to engagement completion. Address the issue according to the professional standards.
- Reduce the likelihood of surprising new information by performing a thorough audit, including subsequent-event procedures. Diligent performance of these procedures may reveal facts in sufficient time to respond prior to issuance of the original audit report.
- Review training and quality-control procedures. Proactively assess audit training and quality-control procedures related to this area to ensure all firm personnel respond appropriately when faced with new information.
- Consult with others. Revisions to financial statements often lead clients and third parties to assign blame to the CPA firm for failure to detect the information sooner. Consult the firm's legal counsel to assist with the response. Your firm's professional liability insurance carrier also may have resources to assist you.
- Consider termination if the client's response is insufficient. If the client does not respond appropriately, or if it appears that the client has withheld information, consider the impact on your ability to rely upon its representations and consider terminating the relationship.
- Report the matter to the firm's professional liability insurance carrier, if required. Most policies require reporting of acts or omissions that may reasonably be expected to be the basis of a professional liability claim during the policy period. Review the professional liability policy's claim reporting requirements with the firm's insurance agent or broker.
WHAT ABOUT REVIEW ENGAGEMENTS?
The AICPA Statements on Standards for Accounting and Review Services (SSARSs) guide a CPA's response to a subsequent discovery of fact after the date of an accountant's review report. Accountants performing review services are advised to consult the SSARSs when faced with a subsequent discovery of fact.
Daniel J. Gartland (firstname.lastname@example.org) is a risk control consultant at CNA.
Continental Casualty Co., one of the CNA insurance companies, is the underwriter of the AICPA Professional Liability Insurance Program. For more information, call Aon Insurance Services, the National Program Administrator for the AICPA Professional Liability Program, at 800-221-3023 or visit cpai.com.
This article provides information, rather than advice or opinion. It is accurate to the best of the author's knowledge as of the article date. This article should not be viewed as a substitute for recommendations of a retained professional. Such consultation is recommended in applying this material in any particular factual situations.
Examples are for illustrative purposes only and not intended to establish any standards of care, serve as legal advice, or acknowledge any given factual situation is covered under any CNA insurance policy. The relevant insurance policy provides actual terms, coverages, amounts, conditions, and exclusions for an insured.