Citations

Full opinion text

Opinion LUCAS, C. J. We granted review to consider whether and to what extent an accountant’s duty of care in the preparation of an independent audit of a client’s financial statements extends to persons other than the client. Since Chief Judge Cardozo’s seminal opinion in Ultramares Corp. v. Touche (1931) 255 N.Y. 170 [174 N.E. 441, 74 A.L.R. 1139] (Ultramares), the issue before us has been frequently considered and debated by courts and commentators. Different schools of thought have emerged. At the center of the controversy are difficult questions concerning the role of the accounting profession in performing audits, the conceivably limitless scope of an accountant’s liability to nonclients who may come to read and rely on audit reports, and the effect of tort liability rules on the availability, cost, and reliability of those reports. Following a summary of the facts and proceedings in this case, we will analyze these questions by discussing the purpose and effect of audits and audit reports, the approaches taken by courts and commentators, and the basic principles of tort liability announced in our prior cases. We conclude that an auditor owes no general duty of care regarding the conduct of an audit to persons other than the client. An auditor may, however, be held liable for negligent misrepresentations in an audit report to those persons who act in reliance upon those misrepresentations in a transaction which the auditor intended to influence, in accordance with the rule of section 552 of the Restatement Second of Torts, as adopted and discussed below. Finally, an auditor may also be held liable to reasonably foreseeable third persons for intentional fraud in the preparation and dissemination of an audit report. I. Summary of Facts and Proceedings Below This litigation emanates from the meteoric rise and equally rapid demise of Osborne Computer Corporation (hereafter the company). Founded in 1980 by entrepreneur Adam Osborne, the company manufactured the first portable personal computer for the mass market. Shipments began in 1981. By fall 1982, sales of the company’s sole product, the Osborne I computer, had reached $10 million per month, making the company one of the fastest growing enterprises in the history of American business. In late 1982, the company began planning for an early 1983 initial public offering of its stock, engaging three investment banking firms as underwriters.' At the suggestion of the underwriters, the offering was postponed for several months, in part because of uncertainties caused by the company’s employment of a new chief executive officer and its plans to introduce a new computer to replace the Osborne I. In order to obtain “bridge” financing needed to meet the company’s capital requirements until the offering, the company issued warrants to investors in exchange for direct loans or letters of credit to secure bank loans to the company (the warrant transaction). The warrants entitled their holders to purchase blocks of the company’s stock at favorable prices that were expected to yield a sizable profit if and when the public offering took place. Plaintiffs in this case were investors in the company. They include individuals as well as pension and venture capital investment funds. Several plaintiffs purchased warrants from the company as part of the warrant transaction. Others purchased the common stock of the company during early 1983. For example, one plaintiff, Robert Bily, who was also a director of the company, purchased 37,500 shares of stock from company founder Adam Osborne for $1.5 million. The company retained defendant Arthur Young & Company (hereafter Arthur Young), one of the then-“Big Eight” public accounting firms, to perform audits and issue audit reports on its 1981 and 1982 financial statements. (Arthur Young has since merged with Ernst & Whinney to become Ernst & Young, now one of the “Big Six” accounting firms.) In its role as auditor, Arthur Young’s responsibility was to review the annual financial statements prepared by the company’s in-house accounting department, examine the books and records of the company, and issue an audit opinion on the financial statements. Arthur Young issued unqualified or “clean” audit opinions on the company’s 1981 and 1982 financial statements. Each opinion appeared on Arthur Young’s letterhead, was addressed to the company, and stated in essence: (1) Arthur Young had performed an examination of the accompanying financial statements in accordance with the accounting profession’s “Generally Accepted Auditing Standards” (GAAS); (2) the statements had been prepared in accordance with “Generally Accepted Accounting Principles” (GAAP); and (3) the statements “presented] fairly” the company’s financial position. The 1981 financial statement showed a net operating loss of approximately $1 million on sales of $6 million. The 1982 financial statements included a “Consolidated Statement of Operations” which revealed a modest net operating profit of $69,000 on sales of more than $68 million. Arthur Young’s audit opinion on the 1982 financial statements was issued on February 11, 1983. The Arthur Young partner in charge of the audit personally delivered 100 sets of the professionally printed opinion to the company. With one exception, plaintiffs testified that their investments were made in reliance on Arthur Young’s unqualified audit opinion on the company’s 1982 financial statements. As the warrant transaction closed on April 8, 1983, the company’s financial performance began to falter. Sales declined sharply because of manufacturing problems with the company’s new “Executive” model computer. When the Executive appeared on the market, sales of the Osborne I naturally decreased, but were not being replaced because Executive units could not be produced fast enough. In June 1983, the IBM personal computer and IBM-compatible software became major factors in the small computer market, further damaging the company’s sales. The public offering never materialized. The company filed for bankruptcy on September 13, 1983. Plaintiffs ultimately lost their investments. Plaintiffs brought separate lawsuits against Arthur Young in the Santa Clara County Superior Court. Plaintiffs J.F. Shea & Co., et al. (the Shea plaintiffs), brought one lawsuit; plaintiff Robert Bily brought another. The two actions were consolidated for trial. The focus of plaintiffs’ claims was Arthur Young’s audit and audit opinion of the company’s 1982 financial statements. Plaintiffs’ principal expert witness, William J. Baedecker, reviewed the 1982 audit and offered a critique identifying more than 40 deficiencies in Arthur Young’s performance amounting, in Baedecker’s view, to gross professional negligence. In his opinion, Arthur Young did not perform its examination in accordance with GAAS. He found the liabilities on the company’s financial statements to have been understated by approximately $3 million. As a result, the company’s supposed $69,000 operating profit was, in his view, a loss of more than $3 million. He also determined that Arthur Young had discovered material weaknesses in the company’s accounting controls, but failed to report its discovery to management. Although most of Baedecker’s criticisms involved matters of oversight or nonfeasance, e.g., failures to detect weaknesses in the company’s accounting procedures and systems, he also charged that Arthur Young had actually discovered deviations from GAAP, but failed to disclose them as qualifications or corrections to its audit report. For example, by January 1983, a senior auditor with Arthur Young identified $1.3 million in unrecorded liabilities including failures to account for customer rebates, returns of products, etc. Although the auditor recommended that a letter be sent to the company’s board of directors disclosing material weaknesses in the company’s internal accounting controls, his superiors at Arthur Young did not adopt the recommendation; no weaknesses were disclosed. Arthur Young rendered its unqualified opinion on the 1982 statements a month later. The case was tried to a jury for 13 weeks. At the close of the evidence and arguments, the jury received instructions and special verdict questions including three theories of recovery: fraud, negligent misrepresentation, and professional negligence. The fraud instructions required proof of an intentional misrepresentation made by defendant “with intent to defraud the plaintiff or a particular class of persons to which plaintiff belonged.” Similarly, the negligent misrepresentation instructions required a negligent misrepresentation made “with the intent to induce plaintiff or a particular class of persons to which plaintiff belongs to rely on it.” The negligence instructions stated in part that an independent auditor has a duty to have the degree of skill and learning possessed by reputable certified public accountants in the same community and to use “reasonable diligence and its best judgment in the exercise of its professional skill.” With respect to liability to third parties, negligence instructions were in accordance with International Mortgage Co. v. John P. Butler Accountancy Corp. (1986) 177 Cal.App.3d 806 [223 Cal.Rptr. 218] to the effect that: “An accountant owes a further duty of care to those third parties who reasonably and foreseeably rely on an audited financial statement prepared by the accountant. A failure to fulfill any such duty is negligence.” The jury exonerated Arthur Young with respect to the allegations of intentional fraud and negligent misrepresentation, but returned a verdict in plaintiffs’ favor based on professional negligence. No comparative negligence on plaintiffs’ part was found. The jury awarded compensatory damages of approximately $4.3 million, representing approximately 75 percent of each investment made by plaintiffs. The Court of Appeal affirmed the resulting judgment in plaintiffs’ favor with respect to all matters relevant to the issue now before us. II. The Audit Function in Public Accounting Although certified public accountants (CPA’s) perform a variety of services for their clients, their primary function, which is the one that most frequently generates lawsuits against them by third persons, is financial auditing. (Hagen, Certified Public Accountant’s Liability for Malpractice: Effect of Compliance with GAAP and GAAS (1987) 13 J. Contemp. Law 65, 66 [hereafter Hagen]; Siliciano, Negligent Accounting and the Limits of Instrumental Tort Reform (1988) 86 Mich.L.Rev. 1929, 1931 [hereafter Siliciano].) (1) “An audit is a verification of the financial statements of an entity through an examination of the underlying accounting records and supporting evidence.” (Hagen, supra, 13 J. Contemp. Law at p. 66.) “In an audit engagement, an accountant reviews financial statements prepared by a client and issues an opinion stating whether such statements fairly represent the financial status of the audited entity.” (Siliciano, supra, 86 Mich.L.Rev. at p. 1931.) In a typical audit, a CPA firm may verify the existence of tangible assets, observe business activities, and confirm account balances and mathematical computations. It might also examine sample transactions or records to ascertain the accuracy of the client company’s financial and accounting systems. For example, auditors often select transactions recorded in the company’s books to determine whether the recorded entries are supported by underlying data (vouching). Or, approaching the problem from the opposite perspective, an auditor might choose particular items of data to trace through the client’s accounting and bookkeeping process to determine whether the data have been properly recorded and accounted for (tracing). (Hagen, supra, 13 J. Contemp. Law at pp. 66-67, fn. 15.) For practical reasons of time and cost, an audit rarely, if ever, examines every accounting transaction in the records of a business. The planning and execution of an audit therefore require a high degree of professional skill and judgment. Initially, the CPA firm plans the audit by surveying the client’s business operations and accounting systems and making preliminary decisions as to the scope of the audit and what methods and procedures will be used. The firm then evaluates the internal financial control systems of the client and performs compliance tests to determine whether they are functioning properly. Transactions and data are sampled, vouched for, and traced. Throughout the audit process, results are examined and procedures are reevaluated and modified to reflect discoveries made by the auditors. (Hagen, supra, 13 J. Contemp. Law at pp. 67-68.) “For example, if the auditor discovers weaknesses in the internal control system of the client, the auditor must plan additional audit procedures which will satisfy himself that the internal control weaknesses have not caused any material misrepresentations in the financial statements.” (Ibid.) The end product of an audit is the audit report or opinion. The report is generally expressed in a letter addressed to the client. The body of the report refers to the specific client-prepared financial statements which are attached. In the case of the so-called “unqualified report” (of which Arthur Young’s report on the company’s 1982 financial statements is an example), two paragraphs are relatively standard. In a scope paragraph, the CPA firm asserts that it has examined the accompanying financial statements in accordance with GAAS. GAAS are promulgated by the American Institute of Certified Public Accountants (AICPA), a national professional organization of CPA’s, whose membership is open to persons holding certified public accountant certificates issued by state boards of accountancy. (Hagen, supra, 13 J. Contemp. Law at pp. 72-73.) The GAAS include 10 broadly phrased sets of standards and general principles that guide the audit function. They are classified as general standards, standards for fieldwork, and standards of reporting. General Standard No. 1 provides: “The examination is to be performed by a person or persons having adequate technical training as . . . auditor[s].” General Standard No. 3 provides: “Due professional care is to be exercised in the performance of the examination and the preparation of the report.” Standard of Fieldwork No. 2 provides: “A sufficient understanding of the internal control structure is to be obtained to plan the audit and to determine the nature, timing, and extent of tests to be performed.” The generality of these statements is somewhat mitigated by the Statements on Auditing Standards (SAS), which are periodic interpretations of the standards issued by the Auditing Standards Board of the AICPA. (Miller & Bailey, Comprehensive GAAS Guide (1991) pp. 5.03, 5.11, 6.07 [hereafter GAAS Guide].) For example, SAS-55, which relates to internal financial control structure, includes steps to be followed in understanding and testing accounting control systems in relation to information provided in financial statements. (GAAS Guide at p. 7.03 et seq.) The GAAS Guide, a commonly used summary of GAAS, that purports to integrate and comprehensively restate pertinent auditing standards, includes 140 major sections and more than 1,000 pages. In an opinion paragraph, the audit report generally states the CPA firm’s opinion that the audited financial statements, taken as a whole, are in conformity with GAAP and present fairly in all material respects the financial position, results of operations, and changes in financial position of the client in the relevant periods. (GAAS Guide at p. 11.03; Hagen, supra, 13 J. Contemp. Law at pp. 74-76.) The GAAP are an amalgam of statements issued by the AICPA through the successive groups it has established to promulgate accounting principles: the Committee on Accounting Procedure, the Accounting Principles Board, and the Financial Accounting Standards Board. Like GAAS, GAAP include broad statements of accounting principles amounting to aspirational norms as well as more specific guidelines and illustrations. The lack of an official compilation allows for some debate over whether particular announcements are encompassed within GAAP. (Hagen, supra, 13 J. Contemp. Law at pp. 74-76.) One standard text purporting to comprehensively restate GAAP includes 90 major sections and more than 500 pages. (M. Miller, GAAP Guide (1991).) In addition to or in place of the standardized statements in an audit report, the auditing CPA firm may also qualify its opinion, noting exceptions or matters in the financial statements not in conformity with GAAP or significant uncertainties which might affect a fair evaluation of the statements. The report may also contain a disclaimer stating the accountant’s inability to express any opinion about the statements or an adverse opinion that the statements do not fairly present the financial position of the client in conformity with GAAP. (Hagen, supra, 13 J. Contemp. Law at pp. 69-72.) Arthur Young correctly observes that audits may be commissioned by clients for different purposes. Nonetheless, audits of financial statements and the resulting audit reports are very frequently (if not almost universally) used by businesses to establish the financial credibility of their enterprises in the perceptions of outside persons, e.g., existing and prospective investors, financial institutions, and others who extend credit to an enterprise or make risk-oriented decisions based on its economic viability. The unqualified audit report of a CPA firm, particularly one of the “Big Six,” is often an admission ticket to venture capital markets—a necessary condition precedent to attracting the kind and level of outside funds essential to the client’s financial growth and survival. As one commentator summarizes: “In the first instance, this unqualified opinion serves as an assurance to the client that its own perception of its financial health is valid and that its accounting systems are reliable. The audit, however, frequently plays a second major role: it assists the client in convincing third parties that it is safe to extend credit or invest in the client.” (Siliciano, supra, 86 Mich.L.Rev. at p. 1932.) The GAAP acknowledge that financial audit reporting is “a principal means of communicating accounting information to those outside an enterprise.” (Statement of Financial Accounting Concepts of the Financial Accounting Standards Board of the AICPA No. 1, SI 6, p. 7.) As the AICPA recently stated: “The independent audit, through the process of examining evidence underlying the financial statements, adds credibility to management’s representations in the statements. In turn, the audit provides investors, bankers, creditors, and others with reasonable assurance that the financial statements are free of material misstatement.” (AICPA, Understanding Audits and the Auditor’s Report, A Guide for Financial Statement Users (1989) p. 36; see also Bus. & Prof. Code, § 5051, subd. (d) [practice of accountancy includes preparation of reports on audits for purpose of obtaining credit or filing documents with government agencies]; Cal. Code Regs., tit. 16, § 58.3 [accountant may not issue report on unaudited financial statements to client or others without complying with professional standards].) The AICPA’s professional standards refer to the public responsibility of auditors: “A distinguishing mark of a profession is acceptance of its responsibility to the public. The accounting profession’s public consists of clients, credit grantors, governments, employers, investors, the business and financial community, and others who rely on the objectivity and integrity of certified public accountants to maintain the orderly functioning of commerce. This reliance imposes a public interest responsibility on certified public accountants.” (2 AICPA Professional Standards (CCH 1988) § 53.01.) The United States Supreme Court had also recognized the public function of the CPA auditor as a reason to deny work product protection to the auditor’s work papers. Distinguishing CPA firms from lawyers and other professionals who perform services for clients, the high court stated: “By certifying the public reports that collectively depict a corporation’s financial status, the independent auditor assumes a public responsibility transcending any employment relationship with the client. The independent public accountant performing this special function owes ultimate allegiance to the corporation’s creditors and stockholders, as well as to the investing public. This ‘public watchdog’ function demands that the accountant maintain total independence from the client at all times and requires complete fidelity to the public trust.” (United States v. Arthur Young & Co. (1984) 465 U.S. 805, 817-818 [79 L.Ed.2d 826, 835-837, 104 S.Ct. 1495].) III. Approaches to the Problem of Auditor Liability to Third Persons The complex nature of the audit function and its economic implications has resulted in different approaches to the question whether CPA auditors should be subjected to liability to third parties who read and rely on audit reports. Although three schools of thought are commonly recognized, there are some variations within each school and recent case law suggests a possible trend toward merger of two of the three approaches. A substantial number of jurisdictions follow the lead of Chief Judge Cardozo’s 1931 opinion for the New York Court of Appeals in Ultramares, supra, 174 N.E. 441, by denying recovery to third parties for auditor negligence in the absence of a third party relationship to the auditor that is “akin to privity.” (See pt. III(A), post.) In contrast, a handful of jurisdictions, spurred by law review commentary, have recently allowed recovery based on auditor negligence to third parties whose reliance on the audit report was “foreseeable.” (See pt. III(B), post.) Most jurisdictions, supported by the weight of commentary and the modern English common law decisions cited by the parties, have steered a middle course based in varying degrees on Restatement Second of Torts section 552, which generally imposes liability on suppliers of commercial information to third persons who are intended beneficiaries of the information. (See pt. III(C), post.) Finally, the federal securities laws have also dealt with the problem by imposing auditor liability for negligence-related conduct only in connection with misstatements in publicly filed and distributed offering documents. (See pt. 111(D), post.) In this section we will review and briefly analyze each of the recognized approaches to the problem before us. A. Privity of Relationship In Ultramares, supra, 174 N.E. 441, plaintiff made three unsecured loans totalling $165,000 to a company that went bankrupt. Plaintiff sued the company’s auditors, claiming reliance on their audit opinion that the company’s balance sheet “presented] a true and correct view of the financial condition of [the company].” (Id. at p. 442.) Although the balance sheet showed a net worth of $1 million, the company was actually insolvent. The company’s management attempted to mask its financial condition; the auditors failed to follow paper trails to “off-the-books” transactions that, if properly analyzed, would have revealed the company’s impecunious situation. The jury, precluded by the trial judge from considering a fraud cause of action, returned a verdict in plaintiff’s favor based on the auditor’s negligence in conducting the audit. The New York Court of Appeals, speaking through Chief Judge Cardozo, reinstated the fraud cause of action but set aside the negligence verdict. The auditor in Ultramares knew the company was in need of capital and that its audit opinion would be displayed to third parties “as the basis of financial dealings.” (Ultramares, supra, 174 N.E. at p. 442.) In this regard, it supplied to the company 32 copies of the opinion “with serial numbers as counterpart originals.” (Ibid.) Plaintiff’s name, however, was not mentioned to the auditor nor was the auditor told about any actual or proposed credit or investment transactions in which its audit opinion would be presented to a third party. With respect to the negligence claim, the court found the auditor owed no duty to the third party creditor for an “erroneous opinion.” In an often quoted passage, it observed: “If liability for negligence exists, a thoughtless slip or blunder, the failure to detect a theft or forgery beneath the cover of deceptive entries, may expose accountants to a liability in an indeterminate amount for ah indeterminate time to an indeterminate class. The hazards of a business conducted on these terms are so extreme as to enkindle doubt whether a flaw may not exist in the implication of a duty that exposes to these consequences.” (Ultramares, supra, 174 N.E. at p. 444.) Although acknowledging the demise of privity of contract as a limitation on tort liability in the context of personal injury and property damage, the court distinguished between liability arising from a “physical force” and “the circulation of a thought or the release of the explosive power resident in words.” (Ultramares, supra, 174 N.E. at p. 445.) It also distinguished its own prior decision in Glanzer v. Shepherd (1922) 233 N.Y. 236 [135 N.E. 275, 23 A.L.R. 1425], in which a seller of beans requested the operator of a public scale to give a certificate of weight to the buyer. When the certificate proved inaccurate and the buyer sued, the court held the operator liable for negligence. As the court explained, the difference between the cases was that “the transmission of the certificate [in Glanzer] was not merely one possibility among many, but the ‘end and aim of the transaction,’ as certain and immediate and deliberately willed as if a husband were to order a gown to be delivered to his wife, or a telegraph company, contracting with the sender of a message, were to telegraph it wrongly to the damage of the person expected to receive it.” (174 N.E. at p. 445, italics added.) In summarizing its holding, the court emphasized that it was not releasing auditors from liability to third parties for fraud but merely for “honest blunder.” (Glanzer v. Shepherd, supra, 174 N.E. at p. 448.) It questioned “whether the average business man receiving a certificate without paying for it, and receiving it as one of a multitude of possible investors, would look for anything more.” (Ibid.) In cases following Ultramares, the New York Court of Appeals has not required privity of contract as a universal prerequisite to third party suits against auditors; rather, on occasion, it has found an equivalent privity of relationship between the auditor and the plaintiff. For example, in White v. Guarente (1977) 43 N.Y.2d 356 [401 N.Y.S.2d 474, 372 N.E.2d 315], one of 40 limited partners sued the partnership’s auditor for professional negligence in failing to disclose in an audit report that the general partners had withdrawn funds from the partnership in violation of the partnership agreement. Observing: (1) the limited partnership agreement contained an express provision requiring an annual audit by a CPA; and (2) the CPA had also prepared the partnership’s tax returns on which the limited partners relied in preparing their personal returns, the court found a duty on the part of the CPA to exercise due care for the benefit of the limited partners. Distinguishing Ultramares, the court commented that the “services of the accountant were not extended to a faceless or unresolved class of persons, but rather to a known group possessed of vested rights, marked by a definable limit and made up of certain components.” (White v. Guarente, supra, 372 N.E.2d at p. 318.) Following Glanzer v. Shepherd, supra, 135 N.E. 275, it found the famishing of the audit and tax return information to be “one of the ends and aims” of the CPA’s engagement and “within the contemplation of the parties to the accounting retainer.” (372 N.E. at p. 319.) The New York Court of Appeals restated the law in light of Ultramares, White v. Guarente, and other cases in Credit Alliance v. Arthur Andersen & Co. (1985) 65 N.Y.2d 536 [493 N.Y.S.2d 435, 483 N.E.2d 110]. Credit Alliance subsumed two cases with different factual postures: in the first case, plaintiff alleged it loaned funds to the auditor’s client in reliance on audited financial statements overstating the client’s assets and net worth; in the second, the same scenario occurred, but plaintiff also alleged the auditor knew plaintiff was the client’s principal lender and communicated directly and frequently with plaintiff regarding its continuing audit reports. The court dismissed plaintiff’s negligence claim in the first case, but sustained the claim in the second. The New York court promulgated the following rule for determining auditor liability to third parties for negligence: “Before accountants may be held liable in negligence to noncontractual parties who rely to their detriment on inaccurate financial reports, certain prerequisites must be satisfied: (1) the accountant must have been aware that the financial reports were to be used for a particular purpose or purposes; (2) in the furtherance of which a known party or parties was intended to rely; and (3) there must have been some conduct on the part of the accountants linking them to that party or parties, which evinces the accountants’ understanding of that party or parties’ reliance.” (Credit Alliance v. Arthur Andersen & Co., supra, 483 N.E.2d at p. 118.) Discussing the application of its rule to the cases at hand, the court observed the primary, if not exclusive, “end and aim” of the audits in the second case was to satisfy the lender. The auditor’s “direct communications and personal meetings [with the lender] resulted] in a nexus between them sufficiently approaching privity.” (Credit Alliance v. Arthur Andersen & Co., supra, 483 N.E.2d at p. 120.) In contrast, in the first case, although the complaint did allege the auditor knew or should have known of the lender’s reliance on its reports: “There was no allegation of either a particular purpose for the reports’ preparation or the prerequisite conduct on the part of the accountants . . . [nor] any allegation [the auditor] had any direct dealings with plaintiffs, had agreed with [the client] to prepare the report for plaintiffs’ use or according to plaintiffs’ requirements, or had specifically agreed with [the client] to provide plaintiffs with a copy [of the report] or actually did so.” (Credit Alliance v. Arthur Andersen & Co., supra, 483 N.E.2d at p. 119.) The evolution of the New York rule illustrates a primary difficulty of articulating a standard of auditor liability to third parties: As one moves from privity of contract to privity of relationship, a wide variety of possible circumstances and relationships emerges. From preengagement communications with its client, an auditor may acquire full knowledge of third party recipients of the audit report and a specific investment or credit transaction that constitutes the “end and aim” of the audit. As a consequence, the auditor is placed on notice of a specific risk of liability that accompanies the audit engagement. Yet, under the Credit Alliance test, the auditor appears to have no liability in this situation in the absence of further, distinct conduct “linking” the auditor to the third party in a manner that “evinces [auditor] understanding” of third party reliance. (Credit Alliance v. Arthur Andersen & Co., supra, 483 N.E.2d at p. 118.) The New York court offers no rationale for the distinct “linking” element of its rule nor does it specify what conduct is required to satisfy this element, although direct communications between auditor and third party were deemed sufficient on the facts. One might question whether “linking” conduct should be necessary if, as in the example given in the previous paragraph, the auditor knows his engagement is for the express purpose of benefiting an identifiable class of third parties. Indeed, the New York court’s previous decision in White v. Guarente, supra, 372 N.E.2d 315, poses a case in which the auditor knew the audit was to be conducted for the benefit of the limited partners as required by the client’s partnership agreement, but was not “linked” to the limited partners in any other significant way. In such cases, “linkage” is arguably achieved by the auditor’s conduct in undertaking and carrying out the engagement with knowledge of its specific purpose and the ultimate use to be made of the audit report. (See Credit Alliance v. Arthur Andersen & Co., supra, commenting on White v. Guarente as follows: “Indeed, as a member of the limited partnership and as a specifically intended beneficiary of the partnership’s contract with the accountants, the limited partner might well have been considered actually in privity with the accountants.” (483 N.E.2d at p. 117, fn. 9.) The “linking conduct” element of the New York rule will undoubtedly be defined more precisely as New York case law continues to develop. Although the first two elements of the rule (and the New York court’s decision in White v. Guarente) are functionally similar to Restatement Second of Torts section 552, the “linking conduct” element appears to require not only that the existence of the third person be known to the auditor, but that the auditor either directly convey the audit report to the third person or otherwise act in some manner specifically calculated to induce reliance on the report. (See Haddon View Inv. Co. v. Coopers & Lybrand (1982) 70 Ohio St.2d 154 [24 Ohio Ops.2d 268,436 N.E.2d 212, 214-215]; First Nat. Bank of Commerce v. Moneo Agency Inc. (5th Cir. 1990) 911 F.2d 1053, 1060.) In this regard, a mere “unsolicited phone call” by the third party to the auditor is insufficient. The auditor must be aware of a “particular purpose” for the audit engagement and must act to further that purpose. (Security Pacific Business Credit, Inc. v. Peat Marwick Main & Co. (1992) 79 N.Y.2d 695, 705-707 [586 N.Y.S.2d 87, 597 N.E.2d 1080].) This additional showing is not required by the Restatement test, which is discussed in part III(C), post. From the cases cited by the parties, it appears at least nine states purport to follow privity or near privity rules restricting the liability of auditors to parties with whom they have a contractual or similar relationship. In five states, this result has been reached by decisions of their highest courts. In four other states, the rule has been enacted by statute. Federal court decisions have held that the rule represents the law of three additional states whose highest courts have not expressly considered the question. The more recent of the cited cases generally follow the New York rule as reformulated in Credit Alliance. B. Foreseeability Arguing that accountants should be subject to liability to third persons on the same basis as other tortfeasors, Justice Howard Wiener advocated rejection of the rule of Ultramares in a 1983 law review article. (Wiener, Common Law Liability of the Certified Public Accountant for Negligent Misrepresentation (1983) 20 San Diego L.Rev. 233 [hereafter Wiener].) In its place, he proposed a rule based on foreseeability of injury to third persons. Criticizing what he called the “anachronistic protection” given to accountants by the traditional rules limiting third person liability, he concluded: “Accountant liability based on foreseeable injury would serve the dual functions of compensation for injury and deterrence of negligent conduct. Moreover, it is a just and rational judicial policy that the same criteria govern the imposition of negligence liability, regardless of the context in which it arises. The accountant, the investor, and the general public will in the long run benefit when the liability of the certified public accountant for negligent misrepresentation is measured by the foreseeability standard.” (Id. at p. 260.) Under the rule proposed by Justice Wiener, “[fjoreseeability of the risk would be a question of fact for the jury to be disturbed on appeal only where there is insufficient evidence to support the finding.” (Id. at pp. 256-257.) Following in part Justice Wiener’s approach, the New Jersey Supreme Court upheld a claim for negligent misrepresentation asserted by stock purchasers against an auditor who had rendered an unqualified audit report approving fraudulently prepared financial statements. (Rosenblum v. Adler (1983) 93 N.J. 324 [461 A.2d 138, 35 A.L.R.4th 199].) The court found no reason to distinguish accountants from other suppliers of products or services to the public and no reason to deny to third party users of financial statements recovery for economic loss resulting from negligent misrepresentation. (Id. at pp. 142-146.) From its review of the purpose and history of the audit function, it concluded: “The auditor’s function has expanded from that of a watchdog for management to an independent evaluator of the adequacy and fairness of financial statements issued by management to stockholders, creditors, and others.” (Id. at p. 149.) Noting the apparent ability of accounting firms to obtain insurance against third party claims under the federal securities laws, the court posited the same or similar protection would be available for common law negligent misrepresentation claims. (Ibid.) From a public policy standpoint, the court emphasized the potential deterrent effect of a liability-imposing rule on the conduct and cost of audits: “The imposition of a duty to foreseeable users may cause accounting firms to engage in more thorough reviews. This might entail setting up stricter standards and applying closer supervision, which should tend to reduce the number of instances in which liability would ensue. Much of the additional cost incurred either because of more thorough auditing review or increased insurance premiums would be borne by the business entity and its stockholders or its customers.” (Rosenblum v. Adler, supra, 461 A.2d at p. 152.) Notwithstanding its broad pronouncements about the public role of auditors and the importance of deterring negligence by imposing liability, when the New Jersey court formulated a rule of liability it restricted the auditor’s duty to “all those whom that auditor should reasonably foresee as recipients from the company of the statements for its proper business purposes, provided that the recipients rely on the statements pursuant to those business purposes.” (Rosenblum v. Adler, supra, 461 A.2d at p. 153, italics added.) According to the court, its rule would preclude auditor liability to “an institutional investor or portfolio manager who does not obtain audited statements from the company” or to “stockholders who purchased the stock after a negligent audit” unless they could demonstrate “the necessary conditions precedent.” (Ibid.) The New Jersey court offered no principled basis for its “conditions precedent” requirement. Institutional investors, portfolio managers, or prospective stock purchasers who may pick up an audit report from a stockbroker, friend, or acquaintance or otherwise acquire it indirectly are no less “foreseeable” users. In view of the lack of any effective limits on access to audit reports once they reach the client, an auditor can foresee its reports coming into the hands of practically anyone. Thus, the court’s approach evinces an Ultramares-like concern about the prospect of unlimited auditor liability, but offers no reasoned explanation of its decision to establish a limit based solely on the company’s distribution, a factor over which the auditor has no control. Two other state high courts—those of Wisconsin and Mississippi—have endorsed foreseeability rules. In Citizens State Bank v. Timm, Schmidt & Co. (1983) 113 Wis.2d 376 [335 N.W.2d 361], the Wisconsin Supreme Court relied on compensation, risk-spreading, and deterrence rationales, commenting: “Unless liability is imposed, third parties who rely on the accuracy of financial statements will not be protected. Unless an accountant can be held liable to a relying third party, this negligence will go undeterred. ... If relying third parties, such as creditors, are not allowed to recover, the cost of credit to the general public will increase because creditors will either have to absorb the cost of bad loans made in reliance on faulty information or hire independent accountants to verify the information received. Accountants may spread the risk through the use of liability insurance.” (Id. at p. 365.) Notwithstanding its adoption of the foreseeability rule, the Wisconsin court left open the prospect that “public policy” factors inherent in the particular case might call for a limitation of liability, declining to decide that issue on summary judgment. (Id. at pp. 366-367.) In Touche Ross v. Commercial Union Ins. (Miss. 1987) 514 So.2d 315, the Mississippi Supreme Court was also confronted with a negligent audit claim. Although the court adopted a foreseeability rule, the precedential value of its decision is limited by two circumstances: (1) the court’s statement of the rule is dictum; it held there was no liability on the part of the auditor because the loss suffered by the third party resulted from criminal conduct occurring after the audit (id. at pp. 323-325); and (2) even within the context of the court’s discussion of foreseeability, its reasoning was based in large part on a unique Mississippi statute precluding the application of privity as an element of all tort actions, including those claiming economic loss. (Id. at p. 321.) In addition to these out-of-state cases, the Court of Appeal in International Mortgage Co. v. John Butler Accountancy Corp., supra, 177 Cal.App.3d 806, also adopted, with certain variations, a foreseeability approach. That decision will be discussed in the next part of this opinion. In the nearly 10 years since it was formally proposed, the foreseeability approach has not attracted a substantial following. And at least four state supreme courts have explicitly rejected the foreseeability approach in favor of the Restatement’s “intended beneficiary” approach since the New Jersey court’s decision in Rosenblum. The foreseeability approach has also encountered substantial criticism from commentators, who have questioned, among other matters, its failure to consider seriously the problem of indeterminate liability and its prediction of a significant deterrent effect that will improve the quality of audit reporting. Other commentators have disagreed. The body of scholarly and practical literature is substantial. C. The Restatement: Intent to Benefit Third Persons Section 552 of the Restatement Second of Torts covers “Information Negligently Supplied for the Guidance of Others.” It states a general principle that one who negligently supplies false information “for the guidance of others in their business transactions” is liable for economic loss suffered by the recipients in justifiable reliance on the information. (Id., subd. (1).) But the liability created by the general principle is expressly limited to loss suffered: “(a) [B]y the person or one of a limited group of persons for whose benefit and guidance he intends to supply the information or knows that the recipient intends to supply it; and (b) through reliance upon it in a transaction that he intends the information to influence or knows that the recipient so intends or in a substantially similar transaction.” (Id., subd. (2).) To paraphrase, a supplier of information is liable for negligence to a third party only if he or she intends to supply the information for the benefit of one or more third parties in a specific transaction or type of transaction identified to the supplier. Comment (h) to subdivision (2) of section 552, Restatement Second of Torts, observes that the liability of a negligent supplier of information is appropriately more narrowly restricted than that of an intentionally fraudulent supplier. It also notes that a commercial supplier of information has a legitimate concern as to the nature and scope of the client’s transactions that may expand the supplier’s exposure liability. As the comment states: “In many situations the identity of the person for whose guidance the information is supplied is of no moment to the person who supplies it, although the number and character of the persons to be reached and influenced, and the nature and extent of the transaction for which guidance is furnished may be vitally important. This is true because the risk of liability to which the supplier subjects himself by undertaking to give the information, while it may not be affected by the identity of the person for whose guidance the information is given, is vitally affected by the number and character of the persons, and particularly the nature and the extent of the proposed transaction.” (Ibid., italics added.) To offer a simple illustration of comment (h) to subdivision (2) of section 552, Restatement Second of Torts, an auditor engaged to perform an audit and render a report to a third person whom the auditor knows is considering a $10 million investment in the client’s business is on notice of a specific potential liability. It may then act to encounter, limit or avoid the risk. In contrast, an auditor who is simply asked for a generic audit and report to the client has no comparable notice. The authors of the Restatement Second of Torts offer several variations on the problem before us as illustrations of section 552. For example, the auditor may be held liable to a third party lender if the auditor is informed by the client that the audit will be used to obtain a $50,000 loan, even if the specific lender remains unnamed or the client names one lender and then borrows from another. (Com. (h), illus. 6, 7.) However, there is no liability where the auditor agrees to conduct the audit with the express understanding the report will be transmitted only to a specified bank and it is then transmitted to other lenders. (Com. (h), illus. 5.) Similarly, there is no liability when the client’s transaction (as represented to the auditor) changes so as to increase materially the audit risk, e.g., a third person originally considers selling goods to the client on credit and later buys a controlling interest in the client’s stock, both in reliance on the auditor’s report. (Com. (j) and illus. 14.) Under the Restatement rule, an auditor retained to conduct an annual audit and to furnish an opinion for no particular purpose generally undertakes no duty to third parties. Such an auditor is not informed “of any intended use of the financial statements; but . . . knows that the financial statements, accompanied by an auditor’s opinion, are customarily used in a wide variety of financial transactions by the [client] corporation and that they may be relied upon by lenders, investors, shareholders, creditors, purchasers and the like, in numerous possible kinds of transactions. [The client corporation] uses the financial statements and accompanying auditor’s opinion to obtain a loan from [a particular] bank. Because of [the auditor’s] negligence, he issues an unqualifiedly favorable opinion upon a balance sheet that materially misstates the financial position of [the corporation] and through reliance upon it [the bank] suffers pecuniary loss.” (Rest.2d Torts, § 552, com. (h), illus. 10.) Consistent with the text of section 552, the authors conclude: “[The auditor] is not liable to [the bank].” (Ibid.) Although the parties debate precisely how many states follow the Restatement rule, a review of the cases reveals the rule has somewhat more support than the privity of relationship rule and much more support than the foreseeability rule. At least 17 state and federal decisions have endorsed the rule in this and related contexts. Whatever the exact number of states that have endorsed it, the Restatement rule has been for many, if not most, courts a satisfactory compromise between their discomfort with the traditional privity approach and the “specter of unlimited liability.” (Briggs v. Sterner (S.D.Iowa 1981) 529 F.Supp. 1155, 1177.) In attempting to ascertain the presence of an intent to benefit third parties from the facts of particular audit engagements and communications with auditors, the Restatement rule inevitably results in some degree of uncertainty. Dean William L. Prosser, the Reporter for the Restatement, reflected on the difficulty of formulating a comprehensive rule in this area: “The problem is to find language which will eliminate liability to the very large class of persons whom almost any negligently given information may foreseeably reach and influence, and limit the liability, not to a particular plaintiff defined in advance, but to the comparatively small group whom the defendant expects and intends to influence. Neither the Reporter, nor, it is believed, the Advisers nor the Council, is entirely satisfied with the language of Subsection (2); and if anyone can do better, it will be most welcome.” (Rest.2d Torts, Tent. Draft No. 11 (Apr. 15, 1965) § 552, p. 56.) D. Federal Securities Law Auditors may also incur liability to third persons under the federal securities laws. Under section 10(b) of the Securities Exchange Act of 1934 (1934 Act) and rule 10(b)-5 of the Securities and Exchange Commission (SEC), accountants may be held liable to actual purchasers or sellers of securities for fraud or gross negligence. (15 U.S.C. § 78j(b); see Ernst & Ernst v. Hochfelder (1976) 425 U.S. 185 [47 L.Ed.2d 668, 96 S.Ct. 1375]; Blue Chip Stamps v. Manor Drug Stores (1975) 421 U.S. 723 [44 L.Ed.2d 539, 95 S.Ct. 1917].) Accountants may incur liability to third parties without a showing of fraud or gross negligence under section 18 of the 1934 Act, 15 United States Code section 78r, or section 11 of the Securities Act of 1933 (1933 Act), 15 United States Code section 77k. Section 11 of the 1933 Act provides in part: “In case any part of the registration statement . . . contained an untrue statement of a material fact or omitted to state a material fact required to be stated therein or necessary to make the statements therein not misleading, any person acquiring such security (unless it is proved that at the time of such acquisition he knew of such untruth or omission) may, either at law or in equity, in any court of competent jurisdiction sue—. . . (4) every accountant, engineer, or appraiser, or any person whose profession gives authority to a statement made by him, who has with his consent been named as having prepared or certified any part of the registration statement, or as having prepared or certified any report or valuation which is used in connection with the registration statement, with respect to the statement in such registration statement, report, or valuation, which purports to have been prepared or certified by him.” (15 U.S.C. § 77k(a)(4).) An accountant or other professional within the scope of section 11 can escape liability for a false or misleading statement by proving due diligence, i.e., that after “reasonable investigation” he or she had “reasonable ground to believe and did believe” that the statement was “true and not misleading.” (Id., § 77k(b)(3).) The liability of accountants and other professionals to third parties under section 11 of the 1933 Act is circumscribed by several factors: (1) the accountant’s liability is limited to situations in which he or she prepares or certifies the accuracy of a portion of a registration statement and thus is aware he or she is creating part of a communication to the public, (2) liability is limited to third parties who actually purchase securities; (3) damage exposure is limited to the out-of-pocket loss suffered by the purchaser and can be no greater than the amount of the offering. (15 U.S.C. § 77k(a), (e) and (g).) Thus, under section 11: “[T]he plaintiff class, the proof of violation, and the measure of damages are statutorily defined in a manner that enhances the accountant’s ability to gauge, ex ante, its liability exposure.” (Siliciano, supra, 86 Mich.L.Rev. at p. 1954, fn. 131, italics in original.) Section 18 of the 1934 Act imposes liability on accountants for misstatements contained in documents filed with the SEC. Liability is limited to third persons who, in reliance on the accountant’s statement, “have purchased or sold a security at a price which was affected by such statement, for damages caused by such reliance.” (15 U.S.C. § 78r(a).) The accountant may successfully defend the action by proving that “he acted in good faith and had no knowledge that such statement was false or misleading.” (Ibid.) In summary, under the federal securities laws, an auditor’s liability to third persons on theories akin to common law negligence is limited to those situations in which the third party suffers a loss in the purchase or sale of a security in reliance on an auditor’s misstatement in a public registration statement or other public document filed with the SEC for use in connection with an identified securities registration. In these situations, the auditor is placed on notice of the extent of its potential liability exposure. IV. Analysis of Auditor’s Liability to Third Persons for Audit Opinions “Every person is bound, without contract, to abstain from injuring the person or property of another, or infringing upon any of his rights.” (Civ. Code, § 1708; all further statutory references are to this code unless otherwise indicated.) Civil liability for injury to others is imposed based on causes of action in tort, which include, insofar as relevant to this case: negligence, negligent misrepresentation, and fraud. A. Negligence “[Njegligence is conduct which falls below the standard established by law for the protection of others.” (Rest.2d Torts, § 282.) “Every one is responsible, not only for the result of his willful acts, but also for an injury occasioned to another by his want of ordinary care or skill in the management of his property or person, except so far as the latter has, willfully or by want of ordinary care, brought the injury upon himself.” (§ 1714, subd. (a).) The threshold element of a cause of action for negligence is the existence of a duty to use due care toward an interest of another that enjoys legal protection against unintentional invasion. (Rest.2d Torts, § 281, subd. (a); 6 Witkin, Summary of Cal. Law (9th ed. 1988), Torts, § 732, p. 60.) Whether this essential prerequisite to a negligence cause of action has been satisfied in a particular case is a question of law to be resolved by the court. (6 Witkin, supra, § 748 at p. 83.) A judicial conclusion that a duty is present or absent is merely “ ‘a shorthand statement . . . rather than an aid to analysis .... “[Djuty,” is not sacrosanct in itself, but only an expression of the sum total of those considerations of policy which lead the law to say that the particular plaintiff is entitled to protection.’ ” (Dillon v. Legg (1968) 68 Cal.2d 728, 734 [69 Cal.Rptr. 72, 441 P.2d 912, 29 A.L.R.3d 1316], quoting Prosser, Law of Torts (3d ed.) pp. 332-333.) “Courts, however, have invoked the concept of duty to limit generally ‘the otherwise potentially infinite liability which would follow from every negligent act . . . .’” (Thompson v. County of Alameda (1980) 27 Cal.3d 741, 750 [167 Cal.Rptr. 70, 614 P.2d 728, 12 A.L.R.4th 701], quoting Dillon, supra, 68 Cal.2d at p. 739.) We have employed a checklist of factors to consider in assessing legal duty in the absence of privity of contract between a plaintiff and a defendant. In Biakanja v. Irving (1958) 49 Cal.2d 647 [320 P.2d 16, 65 A.L.R.2d 1358], a notary public undertook to prepare a will for the decedent and then negligently failed to have it properly attested. We allowed the decedent’s brother, the sole beneficiary under the will, to recover from the notary public. In permitting negligence liability to be imposed in the absence of privity, we outlined the factors to be considered in making such a decision: “The determination whether in a specific case the defendant will be held liable to a third person not in privity is a matter of policy and involves the balancing of various factors, among which are the extent to which the transaction was intended to affect the plaintiff, the foreseeability of harm to him, the degree of certainty that the plaintiff suffered injury, the closeness of the connection between the defendant’s conduct and the injury suffered, the moral blame attached to the defendant’s conduct, and the policy of preventing future harm. . . . Here, the ‘end and aim’ of the transaction was to provide for the passing of [the] estate to plaintiff. . . . Defendant must have been aware from the terms of the will itself that, if faulty solemnization caused the will to be invalid, plaintiff would suffer the very loss which occurred. As [decedent] died without revoking his will, plaintiff, but for defendant’s negligence, would have received all of the . . . estate, and the fact that she received only one-eighth of the estate was directly caused by defendant’s conduct.” (Id. at pp. 650-651.) Viewing the problem before us in light of the factors set forth above, we decline to permit all merely foreseeable third party users of audit reports to sue the auditor on a theory of professional negligence. Our holding is premised on three central concerns: (1) Given the secondary “watchdog” role of the auditor, the complexity of the professional opinions rendered in audit reports, and the difficult and potentially tenuous causal relationships between audit reports and economic losses from investment and credit decisions, the auditor exposed to negligence claims from all foreseeable third parties faces potential liability far out of proportion to its fault; (2) the generally more sophisticated class of plaintiffs in auditor liability cases (e.g., business lenders and investors) permits the effective use of contract rather than tort liability to control and adjust the relevant risks through “private ordering”; and (3) the asserted advantages of more accurate auditing and more efficient loss spreading relied upon by those who advocate a pure foreseeability approach are unlikely to occur; indeed, dislocations of resources, including increased expense and decreased availability of auditing services in some sectors of the economy, are more probable consequences of expanded liability. In a broad sense, economic injury to lenders, investors, and others who may read and rely on audit reports is certainly “foreseeable.” Foreseeability of injury, however, is but one factor to be considered in the imposition of negligence liability. Even when foreseeability was present, we have on several recent occasions declined to allow recovery on a negligence theory when damage awards threatened to impose liability out of proportion to fault or to promote virtually unlimited responsibility for intangible injury. In placing explicit limits on recovery for negligent infliction of emotional distress by accident bystanders, we commented: “ ‘[Fjoreseeability’... ‘is endless because [it], like light, travels indefinitely in a vacuum.’ ” (Thing v. La Chusa (1989) 48 Cal.3d 644, 659 [257 Cal.Rptr. 865, 771 P.2d 814].) “ ‘[It] proves too much. . . . Although it may set tolerable limits for most types of physical harm, it provides virtually no limit on liability for nonphysical harm.’ . . . It is apparent that reliance on foreseeability of injury alone in finding a duty, and thus a right to recover, is not adequate when the damages sought are for an intangible injury. In order to avoid limitless liability out of all proportion to the degree of a defendant’s negligence, and against which