The latest news in the Koss Corporation fraud committed by ex-VP of Finance Sue Sachdeva is a lawsuit filed by the company against Sachdeva and auditors Grant Thornton. It’s unlikely that the company will collect much from Sachdeva, but the auditors are a great target because they have deep pockets (especially in the form of a professional liability insurance policy).
Everyone expected Koss to sue Grant Thornton. It’s just standard procedure to sue the auditors after a fraud is discovered. It never matters to the companies that audits are not designed to detect fraud and the auditors tell management this over and over.
It never matters to the companies that they are the ones responsible for establishing and maintaining internal controls over financial reporting, as well as putting procedures in place to prevent and detect fraud.
The standard management representation letter required to be given by the companies to the auditors has language something like this:
We confirm that we are responsible for the fair presentation in the financial statements of financial position, results of operations, and cash flows in conformity with US GAAP. We also acknowledge our responsibility for establishing and maintaining effective internal control over financial reporting, including designing and implementing programs and controls to prevent and detect fraud.”
But when things blow up, someone has to be held responsible, and Koss is pointing the finger at Grant Thornton.
Here’s what I find so funny about the lawsuit: It goes through the fraudulent payments Sachdeva initiated in great detail, listing dates, payees, and amounts. The accusation being made is that if Grant Thornton had examined those checks and looked at the endorsements on the back of the checks, they would have immediately known Sachdeva was defrauding the company.
Why is that so funny? Because Koss management could have (and should have) done exactly what they’re saying Grant Thornton should have done.
Talk about making yourselves look like absolute morons.
Financial statement audits are very limited in scope. Companies may not like that fact, but it’s just the way it is. If companies want their auditors to find fraud, then they ought to hire the auditors to do more than the audit. As it stands, when you hire auditors to do audits, you have very little chance that they will find a fraud-in-progress. If you want them to look for fraud, then you have to hire them for additional work.
Contrary to what many may believe, the auditors don’t sit and go through canceled checks as part of their audit procedures. Their job is not to sit and go through every payment that passes through the bank account. That’s a different project with a different scope. Get over it.
You should read my article at Daily Finance about this lawsuit. I point out some interesting contradictions in statements Koss made to the SEC and that they’re now making in their lawsuit. Maybe if the company had spent as much time and money on the management of their business as they will spend on this lawsuit, this all could have been avoided.
You are right on target as it is the company that owns their controls, not the auditor. Koss should have had both preventative and detective controls to thwart the fraudulent payments. These would logically include controls pertaining to vendor selection activity; an independent review of cash disbursement pertaining to detail, dates, payees, amount; and an analytical review of account activity by someone other than the VP-Finance. In addition, the board (usually through their audit committee) should have been comfortable with controls over management override. If I were a Koss director, I would be nervous regarding adverse legal action.
However, the auditors are not entirely off the hook as one element of their audit standards (paragraphs #22-25 of PCAOB standard 5) requires them to test entity-level controls, which include “controls over management override.” The standard goes on to define this as; “Controls over management override are important to effective internal control over financial reporting for all companies, and may be particularly important at smaller companies because of the increased involvement of senior management in performing controls and in the period-end financial reporting process. For smaller companies, the controls that address the risk of management override might be different from those at a larger company. For example, a smaller company might rely on more detailed oversight by the audit committee that focuses on the risk of management override.”
From Auditing Standard No. 5 http://pcaobus.org/Standards/Auditing/Pages/Auditing_Standard_5.aspx:
” This standard establishes requirements and provides direction that applies when an auditor is engaged to perform an audit of management’s assessment of the effectiveness of internal control over financial reporting (“the audit of internal control over financial reporting”) that is integrated with an audit of the financial statements.”
From the audit opinion:
“The Company is not required to have, nor were we engaged to perform an audit of its internal control over financial reporting.”
Grant Thornton was not engaged to do this (an audit of internal controls) and so Standard No. 5 does not apply.
now wait Tracy, while I agree that auditor does not necessarily look for fraud, the auditor must be comfortable that the financials are free of any material mistatements. In this scenario, the fraud was MATERIAL, and thus should have been caught by GT as part of thier regular audit (and not the “internal controls” audit as mandated by 404).
Ofcourse, it is always foremost management’s resposnbibility to maintain adequate controls and the fair presentation of FS. But GT sure does deserve its share of the blame.
An audit provides REASONABLE ASSURANCE that the financial statements are free of material misstatements. It does NOT provide FULL or ABSOLUTE assurance that the financial statements are free of material misstatements.
Further, fraud is much more difficult to find than simple errors because people are taking proactive steps to conceal their actions from the auditors. It’s hard to apply the same level of responsibility for finding fraud to the auditors as finding errors, as someone is going out of their way to hide fraud and make sure the auditors don’t find it.
Yes – correction noted to my previous comment as I had assumed that Koss was an accelerated filer in which case they would have been subject to the internal control audit for the last few years. While not rendoring the opinion on financial reporting controls clearly lessons the auditor’s legal exposure, some still exists as it will now be left to the attorneys and legal system to figure it out.
Tracy, reasonable assurance is still considered “high” level of assurance. Now in the case of Koss, the embezzelement amount (~30 mil) is almost equal to their yearly revenue (~37 mil). Now would it be REASONABLE that GT found did NOT find a misstatement that almost totals a company’s annual revenue? Is it REASONABLE that GT did NOT find a misstatement that’s causing a Fin Stmt restatement for last 3/4 yrs? We”ll I will leave that judgement to the legal system.
As far fraud being harder to catch, the auditing standards are very clear. The auditor has the SAME responsibility to catch misstatement either by error or fraud. “Tough to find” is not an excuse. Interestingly enough, ethical standards ask the firms to resign as auditors if they do feel that management is unethical and they cannot get reasonable assurance over the FS.
Though I do find it absurd that management is suing GT. It was their primary responsiblity to catch the fraud. Now investors suing GT? that would make sense.
Reasonable is not a “high” level of assurance. Audit assurance is a higher level than review or compilation, but is still not high.
Yes, it may be perfectly reasonable that GT did not catch this fraud since Sachdeva (and apparently some other employees as well) was proactively concealing the fraud from the auditors.
The audit standards do NOT apply the same responsibility to catch errors or fraud. Common sense tells you that management can appear honest while committing fraud and going to extraordinary lengths to hide it. Thus, fraud is much harder to find than simple errors in accounting, and so there is a distinction in the world of auditing.
Without seeing the audit workpapers, I have no idea whether or not GT did their jobs as auditors. But simply because the amount stolen was large, does not automatically mean that GT erred.
Tracy, you’re mistaken. Please see AICPA SAS#1 Section 230 that states:
“The HIGH, but not absolute, level of assurance that is intended to be obtained by the auditor is expressed in the auditor’s report as obtaining reasonable assurance about whether the financial statements are free of material misstatement (whether caused by ERROR OR FRAUD). “
Written by auditors, of course. You win on this issue of whether someone calls an audit “high” assurance. I win on the reality – No real business person who actually understands what an audit is considers it high assurance of anything other than a large fee paid each year to the auditors.
Unsure where you are getting your “reality” from Tracy, unless you’re an external auditor yourself? or is just all based on hearsay?
If an auditor or firm cannot perform an audit to obtain resonable aka high assurance (as per standards), they shouldn’t be auditing in the first place. It’s fairly black & white IMO.
Right. Auditors should be following the standards. And they very well might have performed an audit competently and still did not find a fraud.
The reality I speak of is the level of assurance an audit really provides. People sufficiently familiar with the work of auditors know that the work provides little actual value to anyone. So to say it is “high” assurance … well that means something different in audit-speak and in real business world terms.
Agreed. Even well designed audits can fail to detect material misistatements.
Auditors provide little actual value? Try telling that to the investors and pension holders that lost billions in enron/worldcomm when the auditors failed to do their jobs.
I don’t know, Tracy– this is tricky ground. According to the SEC, AS 5 “directs auditors to those areas that present the highest risk, such as the financial statement close process and controls designed to prevent fraud by management. It emphasizes that the auditor is not required to scope the audit to find deficiencies that don’t constitute material weaknesses.” Certainly what happened at Koss is NOT immaterial. ALso– what about SAS 99– clearly the GT example is another indication that auditors don’t give a crap about SAS 99. If they did, they’d catch a lot more fraud. I guess it’s not illegal to ignore audit standards, but I do see Koss’s point in trying to prove that it is.
HOWEVER– I could not agree more with that management are the real bozos here– I believe you used the term “morons”— very apt. That they are now wasting tons more money trying to blame it on GT is sort of understandable, but for the sake of the business, if I were Michael Koss, I would do a mea culpa get my internal control act together, and move the f–k on– taking advantage of peoples’ short memories to let this nightmare fade away.
What exactly was the CEO/CFO/et al doing to earn that $300k salary?!
[…] cases in which management or shareholders suing the auditors after fraud was uncovered involve Koss Corp. (auditors Grant Thornton) and Navistar International Corp. (Deloitte & […]
[…] how absurd these claims are. It is the company’s responsibility to prevent and detect fraud. This is not the first time that the company made silly claims against parties it was suing in order avoid taking responsibility for Michael Koss’s own mismanagement of the company. […]