A brief ruling issued this week by U.S. District Court Judge James C. Mahan makes it clear that an auditor isn't always liable even when a subsequent auditor uncovers fraud. In Oaktree Capital Mgmt., L.P. v. KPMG, 2014 U.S. Dist. LEXIS 106538 (D. Nev. 2014), the plaintiffs had purchased notes issued by a company that later defaulted and went bankrupt. One of the defendants had audited the issuer's 2007 financial statements that were included in the issuer's filings with the Securities and Exchange Commission. A different firm (KPMG) later discovered that the issuer had been providing fake addresses to the auditors for sending confirmation requests. The note purchasers brought suit under Section 18 of the Securities Exchange Act of 1934, arguing that even though KPMG's discovery was made in 2010, it could be inferred that the practice had occurred in 2007. The plaintiffs made similar allegations regarding the issuer's reported sales and cash balances.
Judge Mahan, however, found that these allegations were "merely consistent with, not indicative of, a failure to follow GAAS standards [the opinion misdescribes GAAS as Generally Accepted Accounting Standards]". He further found that it was "very possible" that the first auditor "complied with GAAS and did not discover the fraudulent activities that may have been occurring". Judge Mahan also dismissed plaintiffs' claim that the auditor made a false statement about the issuer's internal controls, noting that an "auditor's opinion on internal controls is just that - an opinion". (citing Deephaven Private Placement Trading, Ltd. v. Grant Thornton & Co., 454 F.3d 1168 (10th Cir. 2006).