DECISION AND ORDER
JANE S. SOLOMON, J.S.C.:
This professional malpractice action arises from the audit by defendant Salibello & Broder LLP (S & B), an accounting firm, of the certified financial statements of plaintiff Nina Footwear, Inc. (Nina), for the years 2004 and 2005.
Nina alleges that S & B negligently failed to detect a fraudulent embezzlement scheme whereby Nina's accounts payable clerk, Dwight Ashe (Ashe), with the assistance of a mail room employee, Rovin Smith (Smith), stole in excess of $1.5 million by forging checks between June 2004 and August 2006.
S & B moves for summary judgment (CPLR 3212) dismissing the complaint in its entirety or, in the alternative, dismissing all claims for amounts embezzled prior to June 13, 2005, the date that S & B issued its audit report for 2004. S & B also moves for summary judgment on its counterclaim for contractual indemnification pursuant to a provision in the engagement letters.
Nina cross-moves for an order striking the first and second affirmative defenses in S S B's answer. The first affirmative defense asserts that Nina's damages were caused solely by its own negligence and culpable conduct. The second affirmative defense pleads comparative negligence on the ground that Nina's damages were caused in part by its own negligence or culpable conduct. Also, Nina withdraws its breach of contract claim, leaving only a single cause of action for malpractice.
S & B's motion for summary judgment is granted to the extent of dismissing all claims for amounts embezzled prior to June 13, 2005, the date of issuance of S & B's 2004 audit report, and otherwise is denied. Nina's cross-motion is denied.
Nina is a family-owned business begun in 1953. It has four divisions, each with its own president. The offices of chairman, CEO, secretary, and treasurer are all held by members of the founding Silverstein family, but only the CEO, Mr. Scott Silverstein (Silverstein), had a full-time management role during the 2004 through 2006 period. At that time, Nina had between 100: and 150 employees. Silverstein had no experience or involvement i in the financial side of the business.
The way the embezzlement scheme worked was that Ashe used his access to Nina's financial software programs to generate phantom invoices from regular vendors, obtain payment approval, and generate checks payable to that vendor. Ashe's access to that software enabled him to initiate, edit or cancel transactions without supervision or oversight. After these checks were duly signed by the two required signatories—the CFO, Gary Wool (Wool) and one of several other authorized persons, Ashe voided them, again by accessing the accounting software programs, and generated new checks for the same amounts payable to himself, one of his personal creditors, or one of six other persons who acted as depositors; Ashe forged the authorized signatures on these replacements. After they were cashed, Ashe again accessed the computer records of the checks and cancelled them. The final step was his physical removal of the fraudulent checks from the bank statements, which he intercepted from the mail room with Smith's assistance.
The scheme came to Nina's attention when one of Ashe's depositors attempted to withdraw funds before a check had cleared. A suspicious bank teller called Nina, and it was discovered that the payee on the check did not match the payee of record. Ashe confessed when he was then questioned by Wool. Ashe pleaded guilty to criminal charges following his arrest, and was imprisoned.
The total amount embezzled was $1, 585 million. It is undisputed that this amount constitutes a material discrepancy well beyond the tolerated margin of error: For 2004, the theft represented a 23% reduction in pre-tax profits. For 2005, it was; 16%. Nina's internal investigation into the embezzlement showed that one reason the scheme escaped detection for so long was that the Nina employee assigned to reconcile monthly bank statements did not do so properly. The employee did not ascertain that each check listed on the statement had been returned and conformed as to payee and amount, and did not compare the amounts and payees of the processed checks with the entries on the statement, or compare the number of checks identified on the statements with the number of returned and cleared checks.
As part of its 2004 and 2005 audits, S & B examined the December statements for each year, but did not discover that checks were missing. During the prior year's audit, that for 2003, S & B noted in its work papers a weakness in internal controls because one person, Ashe, handled both the check preparation and check releasing functions (see Rhee aff., ex. W), and recommended segregating them. But S & B did not treat this as a reportable event, which would have required a written notification to Nina. S & B alleges that it orally advised Wool of this issue. In his deposition testimony, Wool denied being so; informed (ex. G to mov. aff. at 115, 122), as did Silverstein (Silvertein aff., at ff 19-21).
S & B's workpapers for the 2004 audit contain a "Fraud Considerations Checklist, " dated December 31, 2003 (ex. B to Rhee reply aff.), which includes a form of questionnaire with important questions given to the CFO and containing his responses. To the question, "where are the weaknesses in the company's internal controls?" the handwritten response is "check preparer also releases check after approval of authorized personnel" (id. at 4554). This supports S & B's contention that Wool knew of the weakness in internal controls before the 2004 audit. Rhee asserts that it was unnecessary to repeat this advice in connection ...