Age of consent

By Don Jeffreys & John Kirkwood
Illustration: Mike Constable

Ontario’s new securities regulations mean new legal liabilities for auditors and new AASB guidance

New legislation in Ontario is ushering in a new era in securities regulation in Canada. The new rules deal with the secondary market for securities and affect many parties. Of particular interest to auditors of public companies,

the legislation provides for a new form of written consent to the use of the audit report, which can result in new statutory legal liabilities for the auditor in cases of improper or inadequate disclosure. To assist auditors who must respond to requests for this consent, the AASB published new guidance — Auditing and Assurance Guideline AuG-44, "The Auditor’s Written Consent to the Use of the Audit Report in a Continuous Disclosure Document" — in December 2005. The AASB also revised existing auditing standards on subsequent events, a closely related topic.

Until now, legislation governing financial and other disclosure in public documents has focused on the primary market for securities — that is, offerings of securities by the issuer. There has been statutory liability to shareholders and investors for statements made in financial statements in a prospectus. There have also been rights of action for damages against various parties: the issuer; individuals who signed the document; and in certain circumstances, an expert (including an auditor) who consented in writing to the use of a report that appeared or was quoted or summarized in the document. Guidance on this type of consent is already provided in the CICA Handbook − Assurance in material dealing with securities offering documents.

In recent years, the regulatory focus has turned more in the direction of the secondary market for securities — that is, trading of previously outstanding securities (which by some estimates includes as much as 98% of the total value of securities transactions). In this market, liability to shareholders and other investors buying or selling securities has, until now, been left to the common law. Under the common law principles endorsed by the Supreme Court of Canada decision in Hercules Management Limited v. Ernst & Young in 1997, investors generally have no right to sue the auditors for misstatements in the financial statements. The court held that a duty of care does not exist between the auditor of a corporation and its shareholders and investors unless there are special circumstances on the facts of the case.

New Ontario legislation passed in 2002 and 2004 changes this. It provides a statutory right of action in the secondary market if a misrepresentation exists and imposes liabilities on responsible parties for improper or inadequate corporate disclosure in the secondary market for securities. A comprehensive review of the liability provisions in the 2002 legislation was provided in an article by Brian Morgan in "New liabilities" (Law, June/July 2003). After additional legislation was passed in 2004, the new provisions (in the form of revisions to the Ontario Securities Act) became effective December 31, 2005. Similar legislation has been enacted (but not yet proclaimed at the date of writing) in a new British Columbia Securities Act, and has been proposed by the Canadian Securities Administrators in a blueprint for a uniform securities act for adoption in other provinces and territories.

The liability provisions in the Ontario Securities Act apply to a misrepresentation, which is defined as "an untrue statement of a material fact, or an omission to state a material fact that is required to be stated or that is necessary to make a statement not misleading in the light of the circumstances in which it was made." The statement may be oral or written. The act provides a right of action for damages to a person who acquires or sells securities of the issuer during the period between the time when a continuous disclosure statement or document is released and when the misrepresentation is publicly corrected. That person is deemed to have relied on the misrepresentation and the onus is on the defendant to prove a defence of reasonable care.

As it relates to a public document, the right of action provided by the act generally applies against several parties: a reporting issuer; its directors; its officers; an "influential person" (as defined); and an expert such as an accountant or auditor, if the misrepresentation is contained in a report of the expert and the expert has consented in writing to the use of the report in the document.

Each of these parties, except the expert, is not liable with respect to any part of the document that is covered by the expert’s report. But this only applies if the issuer has the expert’s written consent to the use of the report and the consent had not been withdrawn in writing before the document was released, and the party proves it didn’t know and had no reasonable grounds to believe there had been a misrepresentation in that part of the report.

Such a defence against liability is sometimes referred to as a "reliance on an expert" defence.

In early 2005, the CICA’s Auditing and Assurance Standards Board (AASB) anticipated the proclamation of legislation and decided to develop guidance for auditors asked to provide written consent. In December 2005, the AASB published an Auditing and Assurance Services Guideline, AuG-44, "The Auditor’s Written Consent to the Use of the Audit Report in a Continuous Disclosure Document." And, as a related project, the AASB published a revised CICA Handbook — Assurance Section 6550, "Subsequent Events." Only the Ontario legislation had been proclaimed when the guideline was completed. Consequently, as a practical matter, the AASB based the guideline primarily on the relevant provisions of the Ontario legislation and provided a summary of these as an appendix to the guideline.

The guideline describes the legislation, sets out procedures for the auditor to perform and provides an example of written consent. It is intended to assist an auditor who is asked, and agrees, to give written consent in accordance with the new legislation. The AASB anticipates that such requests may be made primarily in connection with an entity’s initial filing of its financial statements and audit report on SEDAR or EDGAR. It also expects such requests may be made later on the publication of the annual report, or in certain circumstances, the publication of a business acquisition report. For purposes of governing legislation, the financial statements and audit report filed on SEDAR constitute a continuous disclosure document.

In developing the guideline and considering exposure draft comments, the AASB addressed a number of issues.

In order to issue a written consent, the auditor must be satisfied that the audit report, and the audited financial statements, take into account any relevant events or developments that have occurred subsequent to the date of the audit report. The AASB concluded that to achieve this objective, the auditor would need to perform the following procedures:

• update the subsequent events procedures set out in Section 6550, "Subsequent Events" (as recently revised, as explained below);
• obtain updated management representations to the date of the auditor’s written consent;
• perform review procedures on the most recently issued interim financial statements in accordance with Section 7050, "Auditor Review of Interim Financial Statements," if any such statements have been issued for a period subsequent to the date of the audited financial statements;
• read the other financial and nonfinancial information in the continuous disclosure document, and perform all of the other procedures required by Section 7500, "Auditor Association with Annual Reports, Interim Reports and Other Public Documents"; and
• determine that the continuous disclosure document has been approved by the appropriate officials.

The procedures are not new — they draw heavily from existing guidance in the Handbook. The auditor would perform these procedures to the date of the consent or to a date as close thereto as is reasonable and practicable in the circumstances.

The responsibility for identifying and disclosing subsequent events rests with management. As a result of exposure draft comments, the AASB emphasized more clearly in the Guideline that the date of the auditor’s consent would coincide as nearly as possible with the date on which management has completed its procedures established for that purpose. If the consent is to be issued at the same time as the release of the audit report, the auditor’s procedures would normally be limited to determining that the continuous disclosure document has been approved by the appropriate company officials. The longer the interval between the dates of the audit report and the auditor’s consent, the more extensive the auditor’s procedures will need to be.

An illustrative example of consent wording is provided. It addresses the use of the audit report in a continuous disclosure document to be filed on SEDAR, expected to be the most common circumstance for which written consent is requested. Following comments on exposure, the AASB revised the wording to emphasize that the consent would normally be addressed to the issuer. This is so because the legislation that confers a "reliance on an expert" defence applies when the issuer of the continuous disclosure document has obtained the expert’s written consent.

Providing written consent in the form set out in the guideline is a new area of practice for auditors. Also, new legislation may come into effect in other provinces. Consequently, the AASB will be monitoring practice and legislative developments to determine whether additional guidance will be needed.

Subsequent to the issuance of the guideline, a question has arisen as to whether the notion of an auditor’s "consent in writing" as used in the governing legislation may be interpreted more broadly than is contemplated in the guideline. Readers should refer to a January 2006 Risk Alert that is available at the "Other Auditing and Assurance Publications" link on the AASB’s website (aasb.ca).

In early 2005, the AASB decided Section 6550 needed updating. The IAASB had just revised its standards on auditing subsequent events and the AASB was completing its new standards dealing with the concepts of reasonable assurance and audit risk. Also, the AASB recognized that updated guidance on subsequent events was important to the development of the new guideline on the auditor’s written consent.

In December 2005, the AASB published a revised Section 6550 that is consistent with the IAASB standard. The primary change has been to expand the section. There is now specific reference to the need for the auditor to gain an understanding of the procedures management has established to identify subsequent events. Additional examples are provided of enquiries the auditor would normally make of management concerning specific matters that might require adjustment to and/or disclosure in the financial statements. Also, the section notes that the auditor is not expected to perform a continuing review of all matters to which previously applied procedures have provided satisfactory conclusions.

The AASB also made several other changes. The existing section included a reference to "reviewing and scanning records of transactions and events to the extent necessary" in the list of procedures normally performed by the auditor. This has been deleted, consistent with the new standards dealing with the concepts of reasonable assurance and audit risk. In addition, the requirement that the auditor obtain written representations from management has been deleted because it is dealt with in Section 5370, Management Representations.

The revised section is effective for financial statements and financial reports for periods commencing on or after January 1, 2006.