An article in today’s Compliance Week, Koss Fraud Spotlights Small Filers’ Internal Control Issues (subscription required), quotes me on internal controls and the auditors as it relates to the huge fraud committed by VP of Finance Sue Sachdeva at Koss Corp (NASDAQ:KOSS).

I’m no fan of Sarbanes-Oxley because I believe it was ridiculously expensive, and hasn’t really produced any meaningful results. Fraud is just as rampant as before SOX became law, and the only thing companies have to show for it is a huge bill from auditors and consultants.

But let’s suppose for a minute that SOX really is a good thing because it forces companies to take a harder look at internal controls. As a small public company, Koss wasn’t yet subject to audits of their internal controls.

As a public company with a market cap well below $75 million, Koss is a non-accelerated filer and therefore not yet subject to Section 404(b) of the Sarbanes-Oxley Act, which requires an external auditor’s review of internal controls over financial reporting. The company must perform its own review of controls and assert in its financial statements whether those controls are adequate (that is Section 404(a) of SOX), but they are not required to get an auditor’s opinion on those controls.

And clearly Koss had almost no internal controls over the finance function.

My comments on the internal controls and Grant Thornton’s work:

Tracy Coenen, a forensic accountant and fraud examiner at Sequence Inc. who has been following the Koss spectacle closely, notes that Koss had no formal internal audit function, and that certainly could have been a red flag to Grant Thornton that the quality of controls would be suspect. But there’s no way to know from publicly available documentation what the auditor thought of Koss’s controls.

Coenen says the audit fees Koss paid to Grant Thornton were low enough ($151,300 in fiscal 2009 but only $71,400 in 2008) that one can’t help but wonder how much audit work actually occurred. Kyviakidis, on the other hand, says auditors have enough pressure about fees and legal liability these days that the amount paid may not reflect the amount of work that truly went into the audit.

Even if Grant Thornton had been required to take a harder look at the internal controls at Koss, I doubt that the fraud committed by Sachdeva would have been discovered sooner. Maybe it would have. But that’s not a foregone conclusion. Sachdeva likely knew exactly what the auditors were looking for each year, and hid her fraud accordingly.

This is a great time to talk about internal controls over fraud by executives. It’s certainly an issue that needs to be visited by all companies. It certainly is a huge problem, but I’ve always said that the problem of fraud is not going to be solved by regulations. It’s going to be solved by companies being proactive about preventing and detecting fraud. Shareholders and management need to force the issue so that companies are “encouraged” to police the issue of fraud by executives and make substantive changes that reduce the fraud risks and fraud losses.

One Comment

  1. Cynthia Mignogna 02/03/2010 at 12:13 pm - Reply

    Tracy-

    This is a great post, and I couldn’t agree with you more!

    Regulations may help to foster an environment of heightened awareness of the risk of fraud, but they certainly won’t prevent it.

    Shareholders and investors can’t rely on auditors to catch fraud, for precisely the reasons that you cited. A slick fraudster will know exactly which red-flags auditors will spot, and will make every attempt to fly under that radar for as long as possible.

    Investors and shareholders must be proactive about encouraging companies to take internal controls seriously…no matter whether that company is a startup or a mature, public company.

    Company executives could also take more responsibility to learn about internal controls, potential risk areas, red flags to watch for in their companies’ internal management reporting and analysis. Understandably, many executives have no interest or desire to learn about these things…and CFOs and CEOs will usually need to do some education of their executive teams on this front.

    Boards of directors can usually always do more to ensure more thorough background checks on senior finance hires, as well as becoming more engaged with a critical eye over the financial reporting and internal financial controls of their companies.

    Financial managers and staff should also, quite frankly, know better…but unfortunately there will always be bad apples.

    Best,

    Cynthia Mignogna
    Finance Principal
    OpenView Venture Partners

Leave a Reply