Over the past 20 years, the accounting profession has been increasingly subject to professional negligence actions. Apart from direct claims brought by their clients, accounting firms are continually faced with law suits by third parties in respect of their professional services. At times, the claims can be so catastrophic as to bring down entire practices.

It is, therefore, essential that certified public accountants (CPAs) employ proper risk management techniques to minimise their liability exposure. One option which CPAs should seriously consider is to exclude or limit potential liabilities:

  • (in the case of non-statutory audit work carried out for their clients) by a term in the engagement letter; and
  • (in the case of third parties) by a disclaimer.

Limiting or excluding liability to clients

Given the contractual relationship between a CPA and its client, any term seeking to restrict or exclude liability must be expressly agreed by the client and included in the engagement letter.

At present, however, CPAs are prohibited by section 165 of the Companies Ordinance from contractually disclaiming and limiting liability towards their audit clients in respect of statutory audit appointments under the Companies Ordinance, Cap 32. This prohibition, though, does not extend to non-statutory audit work and nonaudit engagements. On this basis, subject to any relevant foreign law, limitation or exclusion clauses can be introduced into engagement letters in respect of audit appointments of foreign companies that are not governed by the Companies Ordinance.

As CPAs are paid by a client to provide professional services, it is generally more appropriate for them to seek to limit (as opposed to exclude) their liability towards their clients. The usual way in which CPAs limit their liability is to negotiate a cap on their maximum liability for breach of contractual obligations or negligence. The cap may be either a specified amount of money or calculated as a multiple of the fees paid. As discussed further below, in order to be enforceable, limitation (as well as exclusion) clauses require careful drafting and are subject to a test of reasonableness.

Excluding liability towards clients is appropriate in limited circumstances. It is common practice for CPAs to include in their engagement letters a total exclusion of liability for claims by their clients involving fraud, misrepresentation or wilful default on the part of the clients or their employees.

Disclaiming liability against third parties

The law concerning accountants’ liability to third parties remains a developing area. Despite a growing body of case law, it is often difficult (if not impossible) to predict with certainty the extent of a CPA’s potential liability to a third party in a particular situation.

In the light of this, the need to adopt proper disclaimers is particularly critical when it comes to protecting CPAs against the risk of inadvertently assuming a duty of care towards third parties. Such a risk may easily arise since the work product of a CPA is often subject to general circulation, unlike the case in many other professions. Audit reports, for example, will necessarily be scrutinised by a wide range of third parties – who have no contractual relationship with the CPA – for a variety of different reasons.

There are a number of cases where the courts have pointed out the crucial role of disclaimers in determining whether or not a CPA has assumed responsibility towards a third party. As early as the decision in Caparo Industries v Dickman (1990), the House of Lords in England specifically admitted the possibility of a disclaimer in the audit report itself. In both the cases discussed below, we can see:

  • the importance attached by the courts to the fact that the auditors in question could have disclaimed liability (to identifiable third parties) but failed to do so;
  • that the absence of a disclaimer may be a factor which the courts will consider as pointing to an assumption of responsibility by a CPA towards a third party.

ADT v BDO Binder Hamlyn (1995)

The action arose out of ADT’s acquisition of Britannia Securities Group (BSG). BDO Binder Hamlyn (BDO) was one of BSG’s joint auditors and had been involved in an audit of BSG’s 1989 accounts. Prior to the acquisition, ADT made it clear to BDO that the final hurdle before making the offer was to obtain certain assurances from BDO.

During a meeting with ADT, BDO’s audit partner confirmed to ADT at its request that he would “stand by their accounts” and that he was aware of nothing else which ADT should be told. The audit turned out to have been negligently performed and ADT suffered loss in making the acquisition. ADT claimed that but for the representations made by BDO, it would not have proceeded with the acquisition or, at least, it would have proceeded on different terms.

The English High Court decided that BDO, through the representations made by its audit partner, had assumed responsibility towards ADT for the accuracy of the audited accounts. In particular, the judge said, if the audit partner had insisted on a disclaimer, this would have been regarded as a red flag by ADT, which would then have made further inquiries.

The court awarded damages against BDO of £65m, which after adding interest and costs, amounted to a total of £105m. The award exceeded the indemnity cover by around £34m.

The case demonstrates how the auditors of a target company can incur colossal liabilities towards a prospective purchaser as a result of unguarded assurances. This case highlights the need for auditors to protect themselves either via a disclaimer or to abstain from giving such assurances in these circumstances.

The Bannerman Johnstone Maclay (2002) case

Similarly, in the controversial Royal Bank of Scotland plc v Bannerman Johnstone Maclay decision, the Outer House in Scotland (equivalent to the High Court in Hong Kong) also regarded the absence of a disclaimer by the auditors as central to the finding of liability.

BJM were auditors of APC Ltd whose principal lender was the Royal Bank of Scotland (RBS). RBS also had an equity interest in APC. It was a requirement of RBS’s facility letters that APC provide its audited financial statements to RBS within six months of its financial year end. Copies of APC’s audited accounts were passed by APC to RBS for the purpose of assisting RBS in its lending decisions. RBS subsequently sued BJM for its losses suffered as a result of its reliance on APC’s audited accounts, which contained material inaccuracies. BJM applied to strike out the claim on the basis that it did not owe RBS a duty of care.

The court decided, as a preliminary issue, that the facts pleaded by RBS were sufficient in law to give rise to a duty of care. Significantly, it held that, although there was no direct contact between BJM and RBS, BJM could have disclaimed liability to RBS when they learnt that RBS would be entitled to see the audited accounts for the purpose of assisting it with its lending decisions. The absence of such a disclaimer was a significant factor supporting the finding of a duty of care. This aspect of the decision was upheld on appeal.

The salient message emerging from the two cases mentioned above is that, once it is known that a third party may rely on the auditors’ report or representations, disclaiming liability is a good way of trying to avoid liability.

Ways of disclaiming liability towards third parties

Where CPAs seek to disclaim their liability to third parties, this must be done expressly in writing. Disclaimers may be placed in the engagement letters to clients and also in the actual work product of a CPA (for example, in audit reports or written advice). Specifically, ways in which CPAs may exclude their liability towards third parties include clearly restricting:

  • the intended recipients of their work product;
  • the use to which their work product may be put; and
  • (where practicable) circulation of their work product without prior written consent.

In addition, where the third parties are identifiable and specific circumstances warrant it, a CPA may send a separate disclaimer letter directly to the third parties involved.

CPAs providing audit services should also have regard to the disclaimer wording recommended by the Hong Kong Institute of Certified Public Accountants in its Technical Bulletin issued on 27 May 1993, following the first instance decision in Bannerman. The following disclaimer wording was recommended to be placed in audit reports, so as to disclaim liability to parties other than the shareholders as a body:

“It is our responsibility to form an independent opinion, based on our audit, on those financial statements and to report our opinion solely to you, as a body, in accordance with [section 141/section 141D] of the Companies Ordinance, and for no other purpose. We do not assume responsibility towards or accept liability to any other persons for the contents of this report.”

The HKICPA suggests that auditors consider taking a similar approach in respect of other public reporting engagements such as interim reviews, regulatory reports and reports issued under other legislation.

It must be emphasised that the use of disclaimers does not necessarily guarantee that CPAs will not owe any duty of care to third parties. As the Technical Bulletin rightly highlights, CPAs should remain vigilant to avoid the words being overridden by actions (either contemporaneous or subsequent) which are inconsistent with the disclaimer.

Effectiveness of disclaimers and limitation clauses

Getting limitation and exclusion clauses wrong can be costly. Whether such clauses are suitably drafted to achieve the desired effect – and whether they are enforceable – are, of course, issues on which legal advice should be sought. The appropriate wording to be adopted and its efficacy will depend on the circumstances of each individual case.

The importance of clarity in the drafting of limitation and exclusion clauses cannot be overemphasised – a point vividly illustrated by the decision in University of Keele v Price Waterhouse (2004).

Price Waterhouse advised the university on setting up a profit-related pay scheme, which ultimately failed. The university sought damages, including the loss of the tax savings that would have been achieved had the scheme been successfully implemented. While admitting negligence, Price Waterhouse sought to rely on a limitation clause in its engagement letter:

  • The first limb of the clause stated that, subject to a limit on liability which was equal to twice the anticipated savings from the scheme, Price Waterhouse accepted “liability to pay damages in respect of loss or damage suffered by you as a direct result of our providing the services”.
  • The second limb stated that “all other liability is expressly excluded, in particular consequential loss, failure to realise anticipated savings or benefits …”

The loss of anticipated savings was held to be covered by the first limb and was not excluded. The problem with the clause, according to the English Court of Appeal, was that (on the face of the clause) the loss fell under both limbs. The key to the interpretation of the whole clause was the word “other” at the start of the second limb. It suggested that the first limb took precedence over the second, which only excluded loss not covered by the first limb. The difficulty with the clause was that it failed to set out clearly the relationship between its two constituent limbs, one accepting liability and the other excluding it.

Generally, a CPA should be aware of the following matters when using exclusion and limitation clauses:

  • The clauses must be clearly and unambiguously drafted. They must state explicitly what liability is intended to be excluded or limited. In respect of disclaimers to third parties, CPAs must make clear the party for whom – and the sole purpose for which – their work is carried out. They must ensure that third parties are under no illusion that they rely on the CPA’s work at their own risk.
  • It is important to make each individual exclusion or limitation clause self-standing and to ensure there is no inconsistency between the clauses.
  • The clauses must satisfy the reasonableness test imposed by the Control of Exemption Clauses Ordinance, Cap 71. In this regard, the balances of financial resources and bargaining position, the availability of insurance cover, the value of fees, and the scale of loss foreseeable are all relevant. It is for the CPA to show that the clauses are reasonable, otherwise they will be void.
  • A total exclusion of liability is less likely to be considered reasonable except in exceptional circumstances.
  • It is important to ensure that any disclaimer is not overridden by any statements or representations, whether made contemporaneously or at a later date, which are inconsistent with it.


As the accounting profession continues to face claims of professional negligence, it is important that steps are taken to adopt sensible precautions through the appropriate use (and regular review) of exclusion and limitation clauses. Given all the adverse effects which a legal claim can have on a CPA’s practice, management time and resources are obviously better spent on trying to reduce – or, better still, to eliminate – the risk of exposure than dealing with the consequences of it.