Have you ever been asked by an audit client for consent to include an audit report in a public or private securities offering? Irrespective of whether the offering is subject to registration with the SEC or state securities regulators or exempt from registration requirements1, there are professional liability risks associated with granting consent.
By including the CPA firm's audit report in the offering document, third party users of the financial statements, and the audit report, may assert that a duty of due care was created to them in addition to the duty of care owed to the firm's client2. If the client subsequently defaults on its debt or its securities lose value, investors who suffer losses may bring a claim against the CPA firm, alleging their losses resulted from reliance on the financial statements and audit report in making an investment decision. In addition, an auditor that includes misstatements of fact or that fails to disclose all material facts may also be sued under the anti-fraud provisions of state or federal securities statutes3.
As a result, when being asked for consent, a number of issues must be considered before responding to such requests.
Risk Control Considerations
If an audit report is included in an SEC filing, the company's offering document must include both the audited financial statements and the auditor's consent. The offering cannot proceed in the absence of these documents. In a private offering, however, the auditor's consent is not typically required. However, he or she may provide such consent after evaluating the risks associated with this service (see Interpretation No. 3 of AU §711,
Filings Under Federal Securities Statutes, paragraph .016-.017).
Client/Engagement Acceptance
As part of client and engagement risk assessment and acceptance procedures, ask the client whether the audit report will be used in a securities offering in the near future. If the client indicates this is a possibility, assess the risks of association with the client and engagement, including an evaluation of the firm's competence to perform an audit in connection with an offering before accepting the engagement. The client assessment should include, for example, the following questions:
- What is the objective of raising capital? Is the entity's business plan for growth or expansion sound?
- What is the entity's financial condition and performance trend?
- Will the entity be able to generate expected returns to equity investors or make interest and principal payments to bondholders?
- Is the entity able to produce reliable financial statements for outside users?
- Does the entity have adequate internal controls?
- Are there significant contingencies or pending litigation?
- Is there evidence of management fraud or illegal acts in the past? Does the pressure to acquire capital heighten fraud risks?
Even for a continuing client, consider performing client screening and background check procedures as though a new client is seeking your services. If a client or former client asks for a consent to include a previously issued audit report in a securities offering, consider whether there were any problems encountered in prior audits such as disagreements with management or multiple internal control deficiencies.
Engagement Letter Considerations
If the engagement is accepted, clearly document the anticipated use of the audit report in the engagement letter to avoid misunderstandings with the client. Restrict the use and distribution of the audit report so that it cannot be used in connection with a securities offering or SEC filing without the firm's written consent. Inform the client that the offering document and related materials must be presented for review prior to granting consent. In addition, the CPA must be given the opportunity to proofread these materials before printing and distribution
4. Also communicate that work performed in connection with consent issuance will be considered a separate engagement subject to an additional fee.
Consent Procedures
Subsequent Event Procedures
For securities subject to registration with the SEC, the CPA is required under AU §711 to evaluate subsequent events from the date of the audit report up to the effective date of the registration statement
5. Additionally, auditors associated with an offering document containing false or misleading information can be sued under the anti-fraud provisions in the federal or state securities statutes. To help mitigate this risk, CPAs should evaluate whether any events subsequent to the date of the audit report will require adjustment or disclosure in the financial statements
6. Obtain management representations regarding subsequent event disclosures to ensure the offering document is not misleading. If consent is requested by a former client, obtain a letter of representation from the successor auditor regarding their awareness of any matters subsequent to the date of the audit report that might have a material effect on the financial statements pursuant to which the audit report was issued. Assess subsequent developments that may have a material adverse impact on the company's financial position and business viability and whether this potential effect requires disclosure to prospective investors. While the subsequent event procedures specified in AU §711 and AU §9711,
Auditing Interpretations of Section 711, are related to consent procedures for filings under federal securities law, such procedures may also be applied to consents issued in connection with a private securities offering or to one exempt from federal registration.
Reading Other Information included in Offering Document
In accordance with AU §550,
Other Information in Documents Containing Audited Financial Statements, carefully read the offering document to identify material inconsistencies with the audited financial statements and material misstatements of fact within the other information. Consult with a securities attorney if there are questions regarding the disclosures required to comply with securities law. If the document contains material misstatements in the financial statements, material inconsistencies, or material misrepresentation or omission of facts, or if the document fails to comply with the requirements of securities law or regulations, report the matter to client management and those charged with governance. These parties should be further advised to discuss the matter with their legal counsel. If the matter cannot be resolved, consent should not be granted.
Consent Letter Issuance
If a consent is issued, consider having a securities attorney draft or review the consent letter. If applicable law and professional standards do not require the performance of subsequent events procedures for the audit report to be included in the offering document, responsibility for consideration of subsequent events should be disclaimed in the consent letter. In addition, if the offering document contains forward-looking statements or a partial or full set of prospective financial information on which the CPA has not been engaged to report, the consent should state that the CPA has not compiled, reviewed, or audited the prospective financial information and conclude by stating it does not express any opinion or any form of assurance with respect to the information
7.
Requests for Comfort Letters
In addition to being asked to consent to include a previously issued audit report in a public securities filing with the SEC, accountants may be asked to provide a comfort letter to the securities underwriters or other parties with a due diligence obligation under federal securities law. While not mandated by the Securities Act of 1933, comfort letters are requested by underwriters or other parties with a due diligence defense. A comprehensive discussion of comfort letters is beyond the scope of this article. However, accountants should carefully consider the requirements of AU §634,
Letters for Underwriters and Certain Other Requesting Parties, of the Public Company Accounting Oversight Board (PCAOB) professional standards and examine their qualifications to perform required agreed-upon procedures, as well as the risks associated with the engagement prior to agreeing to issue a comfort letter. Comfort letters may only be issued by external auditors registered with the PCAOB. Consultation with an attorney experienced in federal securities law is recommended prior to undertaking such an engagement.
Additional Considerations for Consent to Include Audit Report in an SEC filing
Private company clients may be merged with or acquired by public companies or companies that will go public upon completion of the merger or acquisition. This may require the client's audited financial statements to be included in a related SEC filing. If the firm "played a substantial role in the preparation or furnishing of an audit report" of an issuer
8 or a non-issuer subsidiary, division, branch, office or other component of an issuer, the audit must be performed in accordance with the standards of the PCAOB, the CPA firm must be registered with the PCAOB, and the auditor's report must refer to the PCAOB standards. If the firm meets the "substantial role" definitionand the audit of the private company client was not performed in accordance with PCAOB standards, consent to reissue the audit report for the purpose of SEC filing should not be granted. Moreover, the audit report should not be included in the SEC filing. An issuer cannot include a previously issued audit report without the auditor's consent, and will be required to engage a firm qualified to perform a PCAOB audit of those financial statements.
The evaluation of whether a firm played a substantial role in the audit can be complex. PCAOB Rule 2100 states that, by itself, the issuance of a consent to include a prior period audit report issued by a public accounting firm which does not currently have and does not expect to have an engagement with an issuer to prepare or issue an audit report (or to play a substantial role in the preparation or furnishing of an audit report) does not require a public accounting firm to register with the PCAOB. Due to this complexity, consultation with a securities attorney is recommended to help assess whether the audit firm of a non-issuer meets the 'substantial role' requirements.
Summary
Whether or not to consent is not a straightforward decision. To give consent is not as simple as "doing a client a favor." Most audits of private companies are not performed with the expectation that the audit report will be included in securities offering materials and are typically not priced to reflect the enhanced vulnerability to securities-related claims that would not otherwise exist. The reality is that when a client's business fails, investors will seek deep pockets to recoup their losses. Beyond the entity's directors and officers, the deepest pocket is often the entity's external auditors. When a current or former client requests consent, carefully weigh the client's needs against the associated professional liability risks. Do not feel pressured to give consent. Consult with a securities attorney and your professional liability insurance provider to understand the potential impact of association with securities offerings prior to agreeing to consent.