Securitizing audit failure risk: an alternative to caps on damages.

AuthorCunningham, Lawrence A.

INTRODUCTION I. AUDIT FAILURE: RISK AND CONTROL A. Audit Constituents and Stakes B. Public Policy 1. Audit Effectiveness 2. Deterrence 3. The Insurance Argument C. The Role of Insurance 1. Optimality 2. Statistical Independence 3. Limiting Probability 4. Limiting Magnitude 5. Distributing Residual Risk II. EXISTING INSURANCE FOR AUDIT FAILURE A. Errors & Omissions (E&O) Insurance 1. Moral Hazard 2. Adverse Selection 3. Monitoring 4. Insurance Levers B. Self-insurance Programs (SIPs) 1. Large Firm Programs 2. Decisions To Self-insure III. POTENTIAL INSURANCE FOR AUDIT FAILURE A. Financial Statement Insurance (FSI) 1. Structure 2. Advantages B. Insurance-based Securitization (IBS) 1. The Market 2. Structuring Challenges 3. Design Requirements 4. Illustration and Assessment CONCLUSION INTRODUCTION

This Article contributes a new transactional alternative to address risks of catastrophic audit failure: having auditing firms issue bonds, called catastrophe bond securitizations, to capital markets to provide coverage for these risks. This innovation follows from this Article's analysis of longstanding debates about the relative merits of establishing caps on damages for auditing firms in securities liability cases. In those debates, a common argument favoring caps is the absence or limited availability of insurance to address the liability. This forces auditors to resort to self-insurance programs that they operate through captive affiliates. This Article's transactional proposal responds to this insurance-based argument.

On the evidence available, self-insurance appears to be better than external insurance, such that the insurance-based argument does not necessarily support damages caps. The former bundles risk monitoring and distribution within audit firms whereas the latter separates the two functions. Even if the argument is valid, moreover, this inquiry reveals superior alternatives that can be designed to address losses arising from audit failure. These are: (1) financial statement insurance, which has been discussed in the literature and tailors coverage to risks of ordinary audit failure; and (2) catastrophe bond securitization, which has not been mentioned in the literature and is introduced here as a way to pool and distribute risks of catastrophic audit failure through capital markets. The former bundles risk monitoring and distribution within insurers, while the latter re-bundles them outward to capital markets.

This Article thus tentatively concludes that the insurance-based argument favoring damages caps warrants analytical skepticism. Analytical skepticism is the most the conclusion can reach, however, because the evidence available for a definitive determination is limited. Auditing firms, which are privately owned, provide virtually none of the public information necessary to evaluate these issues. (1) Auditing firms do not publicly disclose any meaningful information about their financial condition or results, disclosing instead summary data on assets and total worldwide revenues broken down by geographic region and business line. (2) They provide no disclosure concerning internal or external insurance models or capacity and only cursory information about internal organizational structures, controls, or governance. In the course of some of the following analysis, therefore, an inferential picture of practices will be developed.

Subject to those limits, after reviewing the terms of the debate and introducing basic principles concerning the role of insurance in public policy governing auditing, this Article explores two alternative models that exist and two that could be created to address auditor liability for audit failure. The first of the two existing models is, of course, traditional professional liability insurance. This insurance is still commonly obtained by smaller and medium-sized auditing firms and was once commonly used by the four large auditing firms but now only to a modest, specialized extent. What is remarkable about this form of insurance is how it separates monitoring by auditors from distribution of the risk of audit failure. This separation or unbundling of risk monitoring and risk distribution can contribute comparative disadvantages to the audit function.

In comparison, the second of the two existing models is the more recently evolved self-insurance program. Beginning sometime in the late 1970s and early 1980s, the large auditing firms all developed highly sophisticated internal structures using captive insurance affiliates to manage and fund exposure to legal liability for audit failure. (3) While some participants in the debate view this as evidence of the firms' dire straits, analysis supports the view that the decision to self-insure is both rational for the firms and relatively appealing systemically. Most notably, compared to the unbundling and separation of functions that external insurance presents, self-insurance programs bundle the monitoring and risk distribution functions together within audit firms.

As for two new possible alternatives to address audit failure, the first is financial statement insurance, which has been discussed somewhat in the literature and is summarized briefly here. Rather than auditors using professional liability insurance or self-insuring against the risk of liability from audit failure, this insurance covers particular financial statements. Issuers buy coverage from external insurers which, in turn, engage auditors to conduct financial statement audits; the resulting insurance then covers those statements. Like self-insurance, this device bundles monitoring and risk distribution, although it bundles them into insurers rather than into audit firms. Even so, in a regime of financial statement insurance, existing commercial insurers as well as existing audit firm captives could compete to underwrite coverage.

The second novel alternative is insurance-based securitization, which has not been mentioned in the literature and is introduced here. Since 1995, financial innovators have packaged insurance-like products into securities using special purpose entities that pool and distribute risks through capital markets. (4) Insurance securitizations have concentrated on risks of catastrophic loss arising from such phenomena as hurricanes and floods. But, to date, they have not included professional liability insurance of the kind auditors have obtained externally or developed internally. Although this market remains young and thin, as it matures and deepens, it could be an attractive vehicle to contribute resolution to the longstanding debate over damages caps for auditors by establishing a vehicle to cover catastrophic losses.

An intriguing feature of insurance-based securitization of risks of audit failure is how this concept could partially re-bundle the risk monitoring and risk distribution functions outward to capital markets. Investors could essentially invest in functional insurance policies covering the risk of audit failure. Using capital markets could reduce the insurance market volatility that appears to be at the heart of insurance-based arguments favoring damages caps. It could add pressure on auditors to promote audit effectiveness and possibly reduce the incentives that plaintiffs' lawyers have to pursue excessive damages claims against auditors of public companies--an important adjunct of such insurance-based arguments. Best of all, it could precisely address catastrophic audit failure risk, which most seem to agree is the most important context in which damages caps warrant serious policy consideration.

Part I of this Article summarizes the audit function and debates over damages caps. The latter are often supported by lamenting a lack of insurance, absence of insurability or, sometimes, an "insurance crisis." Part II considers existing insurance for audit failure. It evaluates how audit failure risk may be better addressed by self-insurance than by traditional liability insurance because of closer bundling of risk monitoring with risk distribution. Part III explores potential insurance for audit failure. It reviews previous proposals for financial statement insurance to address ordinary risks of audit failure and then introduces the novel idea of insurance-based securitization to address catastrophic risks of audit failure.

  1. AUDIT FAILURE: RISK AND CONTROL

    The following discussion introduces the parameters and stakes of the audit function, considers public policy matters implicated, and addresses the role of insurance in policy design. The stakes of audit failure are potentially staggering when only four large firms are competent to audit the vast majority of public enterprises. This has revived debates dating back several decades about whether the law should set limits on the amount or type of damages auditors face for audit failure, in which proponents often cite the relative absence or expense of related insurance.

    1. Audit Constituents and Stakes

      The audit function addresses multiple constituent classes and, within each class, many variations of type. The primary constituent class is investors, who range from sophisticated institutions to retail clients investing personal funds. The secondary class is issuers, who can be of any form, including non-profits and for-profits, private enterprises or public enterprises. Tertiary constituents include other participants in financial reporting, chiefly an issuer's officers and directors especially its audit committee--and professional advisors, mainly lawyers and underwriters. The latter group also includes insurers of issuers, directors, and officers, and professional service firms, including auditors, regulators--mainly the SEC, but also state, securities, and insurance regulators--and courts.

      As a group, auditors exhibit some variation in kind. They may usefully be grouped into three tiers by size--either by total revenues, or by total employees or professionals, which...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT