The Koss Corp. fraud case has been in the news since the end of December, so why am I just getting around to writing about it now? Because, that's the way I roll, man.
I don't know if anyone has noticed that a great many of my blog posts are based on not-so-current events. My style, if you can call it that, has been to keep a low profile initially (my father would have called it "procrastinating"), and eventually attempt to provide a new slant on a more mature topic. That's why, for example, you shouldn't expect much from me on the SEC's latest IFRS missive for the next few weeks. In the meantime, you'll have these thoughts on Koss to chew on, plus a related post to come on the role of audit committees.
What Can We Learn from the Fraud at Koss?
According to Koss's SEC filings, it has only 73 employees, and 79% of the shares of this small company are owned by its directors and executive officers. I certainly don't want to minimize the losses of the passive investors in Koss (although it must be said that Koss's stock price is holding pretty steady), but methinks the legs of this case as a national story has less to do with a internal control deficiencies and/or a busted audit than with the entertainment value of a story fit for reality TV; to wit, the comeuppance of a two-bit embezzler cum pillar of the community, who also happens to be a world-class shopaholic.
The fraud at Koss was allegedly committed by the company's vice president of finance, Sujata Sachdeva, who is accused of siphoning off about $31 million of the company's cash over a five-year period. That's almost one year's worth of the company's revenues, which she allegedly spent on vast quantities of designer clothing and other high-priced tchotchkes.
Incredibly, the fraud might have continued for much longer than five years had American Express not called to the attention of Koss's CEO two large wire transfers made from its bank account to Sachdeva's personal credit card. Sachdeva allegedly did her best to conceal the wire transfers by falsifying the bank account balance.
So, at first blush, the Koss fraud appears to be little more than a sad tale of listless second-generation family management getting fleeced, along with a few passive dabblers in Koss shares. But, others apparently see it differently. For example, the headline of a CFO.com article, "Fraud Case Feeds Sarbox-Exemption Critics" from early January strongly implies that some believe that if smaller reporting companies had not been exempted from the requirement to obtain an audit of internal controls over financial reporting (ICFR), tragedies like this could be prevented.
The Lesson: Fix That Which is Broken
I actually do agree that there are important lessons to be learned from the Koss case, despite its modest parameters; but that lesson is not that smaller reporting companies should have to obtain an audit of their ICFR. The lesson is more like, 'simple problems have simple solutions.' There are two sorts of reasons for this.
The first sort is related to the costs and benefits of the ICFR audit. These are discussed at length elsewhere, including previous posts of my own, so I won't bore you by repeating them here. But the second kind of reasoning is where the path to improved financial reporting lies. Not to put too sharp a point on it, but there are much more efficient options available than to simply award the audit industry a new franchise.
To see what those alternatives could be from the perspective of the Koss case, I will enumerate (in no particular order) the major overlapping systems that together serve as the barrier to financial reporting abuses. I'll demonstrate that each of them could be easily improved in ways that would significantly affect the likelihood of a fraud, like the one at Koss, from occurring.
An issuer's board of directors has a fiduciary duty to shareholders to ensure that the issuer is led by competent individuals who are motivated to achieve appropriate operational and financial objectives.
If I were a consultant to Koss, the first thing to be evaluated would be its planning and budgeting processes. Indeed, I would be surprised if Koss actually did very much beyond, say, set sales goals. But, if Koss had a profit plan, and the discipline to rigorously evaluate itself periodically against that plan, the unauthorized expenditures on clothes and tchotchkes would have become self-evident; the improper expenditures would have been too significant to ignore.
The larger lesson is that boards of even small companies have to exercise a degree of oversight that ensures that management sets goals for itself, and that management is evaluated against those goals.
An ICFR audit won't fix that.
The issuer's principal executive and financial officers certify that, to the best of their knowledge and after taking the appropriate steps to become informed, the financial statements are free of material errors.
Sachdeva's official title was "vice president of finance and secretary," and Michael Koss, who has served as "president, chief operating officer and chief financial officer" for over 20 years, signed the certifications required S-OX as both head honcho and head finance guy. Thusly, Sachdeva, who must have had free reign over the company's finances, was able to escape signing off on financial statements that she must have known were materially misstated.
This unusual statement of affairs presumably occurred with the blessing of Koss's legal counsel, who would have provided a very liberal interpretation of the applicable provisions of S-OX and SEC regulations. But, who benefited from that liberal interpretation other than Sachdeva, the only named executive officer in the executive compensation disclosures described as having a finance function? A clear lesson from this case for the SEC is that it should issue additional guidance for determining when one person at a company can sign a S-OX certification as both CEO and CFO. In my experience, the strong tendency of securities lawyers is to recommend that a company should avoid if at all possible doing more than is minimally required.disclosure regulations.
An ICFR audit isn't needed to fix that, but a more watchful securities lawyer could have come in handy.
The "independent" auditors certify the financial statements
CFO.com reported that Koss:
"… fired its accounting firm, Grant Thornton, on New Year's Eve. The auditor's response has been to highlight the fact that Koss is one of the companies that are not yet subject to Sarbox's Section 404(b), which requires an auditor sign-off of internal controls. 'The company did not engage Grant Thornton to conduct an audit or evaluation of internal controls over financial reporting,' says a spokesperson for the accounting firm. 'Establishing and maintaining effective internal control is management's and the board's responsibility.'"
Nothwithstanding anything that Grant Thornton has put out there for public consumption in their own defense, who among us has not asked themselves how GT could have missed a falsified bank balance? Few details are available, but it must be noted that the alleged fraud took place over five years, and consequently, five audits. I can't resist speculating that the bank reconciliation portions of the audit work papers were produced by the most junior person on the engagement, who failed to perceive that the large transfers to American Express (a non-vendor) for $382,000 and $1.4 million were very large red flags that something was amiss.
And, just for good measure, I'll mention yet one more time my support for mandatory audit firm rotation. Merely the fear of a fresh set of eyes every few years could have given the edge the auditors and needed to catch the alleged fraud before the numbers became as ridiculously high as they did.
An ICFR audit shouldn't be needed to do a bank reconciliation properly.
The issuer's audit committee, which is composed of "independent" board members and has unfettered access to its own outside experts, oversees the work of the "independent" auditors.
Three of the four members of Koss's audit committee had been serving on the board for more than two decades, and none of them list any direct experience whatsoever in accounting or auditing matters.
The audit committee financial expert was, and is still, 77-year old John Mattson. The only qualification listed for him is that he is the retired president of Oster Company, a division of Sunbeam Corporation. I don't want to cast unwarranted aspersions, but the shareholders of Sunbeam were the victims of an infamous and massive accounting fraud perpetrated by one Albert (Chainsaw Al) Dunlap in the late 1990s. I don't know whether Mr. Mattson was involved with Oster at the time, but the irony of a former Sunbeam executive at Koss while a fraud occurred is inescapable.
An ICFR audit of Koss could have easily devolved into a mere compliance exercise with nothing to show for it is left to be overseen by an evidently disinterested, uninformed, and moribund audit committee.
The threat of enforcement of the securities laws and SEC regulations by the SEC itself and private parties discourage intentional misstatements.
Although I have nothing specifically with respect to Koss in this regard, I do want to point out a very interesting op-ed piece from Joel Seligman that recently appeared in the New York Times. Among the points he made was that the rate of financial fraud at various points in time is negatively correlated with the size of the SEC staff.
The SEC and analysts review issuers' financial statements
A fraud that siphoned about 20% of revenue each year could not possibly escape detection by analysts of any stripe (or the auditors for that matter) if detailed reconciliations of the beginning and ending balances of all balance sheet accounts were required in the financial statement notes. There would simply be no place to hide the fancy clothes and the overpriced tchotchkes.
An audit of internal controls does not obviate the need for appropriate external controls over financial reporting.
If the SEC is looking for demonstrable improvement in the quality of financial reporting through convergence with IFRS, they should unambiguously state to both Boards that they regard full transparency of changes to balance sheet accounts as the most effective measure for discouraging fraud and earnings management.
Winding Up
The point of this post is to show that strengthening elements of the financial reporting system that are already in place for all public companies would be more effective than adding a new element, such as an audit of ICFR.
We should require increased transparency through comprehensive reconciliations of balance sheet accounts, strengthen auditor independence through mandatory audit firm rotation; and strengthen board and audit committee independence through enhanced disclosure requirements and regulatory oversight. Any of these, singly or in combination, are logical next steps before considering the imposition of ICFR audits on smaller reporting companies.
Tom,
Really good post. Thoughtful and to the point. I agree whole-heartedly with your minimalist approach.
Dave Albrecht
Posted by: David Albrecht | March 03, 2010 at 06:29 PM
Tom:
I agree with you. Francine McKenna had a post about Koss a few weeks ago and I made some comments about the post. The Big 87654 and various Sox consultants want to ram Sox audits down the throat of smaller companies. I repeat: they are largely a waste of money.
IA
Posted by: Independent Accountant | March 07, 2010 at 08:27 PM
I know this isn't exactly on topic, but the report on Lehman's bankruptcy appears to focus on an unusual off-balance sheet transaction known as "Repo 105" that took liabilities off the books temporarily. I don't know enough about it to know if it was "valid" under FAS 140, but if it was, might that mean that all the focus on ICOFR is misguided, even at large institutions? After all, ICOFR can't "fix" what the rules say isn't broken.
Posted by: KPO'M | March 13, 2010 at 07:51 AM
The problem with the entire auditing process is that external auditors know NOTHING about fraud detection. The auditors are not trained in audit detection, they have no education in fraud detection, they have no work experience in fraud detection, and they would not know a fraud if it was occurring right under their noses. Conseqently, rules, regulations, guidance, enforcement, etc. and all sorts of things which SHOULD help auditors perform audits that involve discovery of frauds that cause material misstatements will not meaningfully address the underlying problem. And that is, auditors are totally incompetent when it comes to fraud. Making auditors take fraud seminars or getting certifications like the "certified fraud examiner" or "certified in financial forensics" won't help them become competent either. One could earn those credentials and still emerge incompetent to detect frauds. And that is because NONE of those programs are designed by practitioners who have actually DISCOVERED financial statement reporting frauds first hand. Those very rare individuals, like me, who actually discover fraudulent financial reporting are NEVER selected to actually create the guidance that auditors would need to follow to detect fraud. And that is because the big accounting firms and the educational organizations that they influence (e.g., ACFE, AICPA), LIKE it that way. They want low-paid, fraud-incompetent employees doing the audits so that the top partners can maximize thier profits. Having qualified forensic accountants with REAL fraud detection experience would add to the expense of the audit and cut into the multi-million annual paychecks of the top partners. It's really as simple as that. The bean counters at the audit firms have even figured out that it's more profitable to get involved in lawsuits over their poor audits than to invest in top quality audit and forensic accounting talent. That is why nothing will change. When the PCAOB really does its job (for the first time) and implements heavy duty FINES for poor audits, then maybe the big accounting firms will wake up and take notice. But I wouldn't hold my breath on that, as the PCAOB has about as competence and integrity as the SEC, which means that they know and care much more about Internet pornography than they do about fraud. So now you know why things are the way they are.
Posted by: Ralph Adamo | July 18, 2010 at 01:15 AM