I’ve been talking here, at DailyFinance.com, and to the media about the massive fraud at Koss Corp. and how I think it may have been committed and covered up. The time has come to get more specific about how I think it happened, and why I think the auditors did not find it.
Disclaimer: I have no inside knowledge of the situation at Koss. I have never worked for or with them, and I have never worked for or with Grant Thornton, the auditors. I haven’t seen anything other than what’s been released publicly by the press. I am merely speculating.
The contention has been made that the auditors should have found this fraud, as they are required to consider fraud in planning and performing their audits. Further, the fraud is at an estimated $31 million (my guess is it will end around $50 million), which is clearly material to Koss. “Material” generally means it’s big enough to matter to the overall financial picture of the company. With annual sales hovering around $40 million a year at Koss Corp., $31 million (or more) stolen over a 5+ year period is certainly material.
So how did the auditors miss it? That’s easy. Three simple steps by Koss VP of Finance Sue Sachdeva could prevent the auditors from encountering evidence pointing them to the fraud.
Again, it’s important to point out that I have no idea whether the auditors failed in their role. I have no idea whether things were uncovered in their audits that should have been investigated further, and which would have exposed the fraud if they had been investigated.
For purposes of this discussion, I’m asking you to assume the auditors did the right thing. Assume they properly planned and carried out their audits, even in light of the poor internal controls it appears Koss had. Pretend the auditors were diligent and thorough. How, then, might Sachdeva commit her fraud so that no one would discover it?
All it takes are three steps to make this fraud nearly undetectable in a company in which the other members of the executive team aren’t paying attention. (And don’t worry, dear readers, that I may be giving away any secrets to committing fraud and covering it up. Any serious fraudster already knows these three things.)
- Keep the fraud off the balance sheet.
- Keep all transactions below the scope of testing by the auditors.
- Don’t commit fraud during the last month of the fiscal year and the first month of the following fiscal year.
Can it really be this simple? Yes, and here’s how.
Keep the fraud off the balance sheet: The substantive testing of the auditors focuses very heavily on the balance sheet. Probably 80% or more of the auditors’ work is spent testing balances on the balance sheet. The focus on the income statement is minimal because the theory goes that if the balance sheet is right, the bottom line profit is also right and a lot of testing does not need to be done on the profit and loss statement.
How could Sachdeva keep the fraud off the balance sheet? We’ve been told she used company funds to pay her own massive credit card bills. The accounting entry would credit the bank account (so that the account will always be balanced to the bank statement and not draw attention) and debit an expense account. Normally, paying a bill would require using accounts payable, a balance sheet account. But by skipping that step and going right to the income statement, this generally keeps the fraud off the balance sheet. (Except of course for the use of the bank account, which I’ll address in point #3.)
Where on the income statement do you hide the theft? Ideally you would split it up between a number of line items. Cost of Goods Sold is probably one of the best areas to dump the theft because it’s likely one of the largest line items, and everyone agrees that material costs can vary in manufacturing. It’s easy to explain away an increase in COGS. Payroll will be a larger item too, so some of the fraud might be dumped there. Generally, you should consider using 5 or 10 of the biggest line items which won’t draw scrutiny if they increase.
2005 – $2,195,477
2006 – $2,227,669
2007 – $3,160,310
2008 – $5,040,968
2009 – $8,485,937
2010 – $10,243,310 (two quarters)
With the company selling about $40 million of products per year, you can see how easy it would have been to conceal $2 million or $3 million on the income statement. As long as that amount is broken up across several line items, it likely won’t be noticed.
The dollar figures in the last three years were obviously much larger and probably a bit more difficult to conceal. But remember…. By 2007, $3 million in theft was concealed in the income statement. That means in 2008, only $2 million of the total $5 million stolen needs to be hidden. The first $3 million in theft would already be in line with the prior year’s expenses and wouldn’t draw scrutiny.
The same thing goes for 2009. Presumably $5 million in theft was already concealed in 2008 and integrated into the income statement. Only $3 million extra (of the $8 million total theft) needs to be concealed in 2009.
Keep all transactions below the scope of testing by the auditors: Most of the audit work involves testing transactions. They can’t possibly look at all the transactions for the year, so they examine transactions on a test basis. If the testing turns out right (the numbers were recorded correctly, they add up the way they should, and the accounting rules were followed when recording the transactions), then the untested items are also deemed to be correctly recorded.
The auditors rely heavily on their “scope.” They’ll determine a number which guides the transactions they’ll test. Let’s pretend that $50,000 is the scope on an audit. When testing transactions, the auditors are generally going to look at transactions $50,000 and above. Any transactions of an amount lower than this are almost certainly not going to be tested.
It’s simple math that guides the scope of the testing. By testing the larger dollar amounts, the auditors get greater “coverage” in their audit. They can say they tested ___% of the dollars on the balance sheet. The higher the percentage of dollars tested, the more thorough the audit work looks. So by testing larger dollar items, the auditors get better coverage.
A CFO or VP of Finance (and many others in the accounting department) are well aware of the scope of the auditors. The auditors are not supposed to tell the client what the scope is, but it’s pretty easy to figure out when every request for documentation is above a particular dollar figure.
Suppose the scope at Koss was $50,000 (again, this is a completely made up number). Sachdeva would have to keep her transactions well below that figure to almost guarantee herself that the auditors would not look at those transactions. So she either needs to do wire transfers to her bank account of less than $50,000 at a time, or if she does wire transfers at or above $50,000, the transfers need to be recorded on the books in pieces smaller than $50,000. Obviously, the lower she keeps the recorded transactions, the less of a chance of detection by the auditors. (And it’s also advisable to record these transactions as odd dollars and cents – – such as $27,352.23 – – rather than large round numbers like $30,000 which are more likely to draw the attention of the auditors.)
This is where it makes sense to split up the transactions between several expense accounts. Again, focus on the expense accounts for which an increase could be easily explained and unlikely to be examined further.
Don’t commit fraud during the last month of the fiscal year and the first month of the following fiscal year: I keep getting asked why the auditors didn’t see these apparently large transfers to American Express on the bank statements. The answer is simple: They most likely weren’t looking at all of the bank statements, which is common in an audit. When auditing a bank balance on the balance sheet, the auditor is trying to determine whether the ending balance on the financial statement is correct. The ins and outs throughout the year don’t matter because of other testing done during the audit (or so the theory goes). The test is whether or not the ending balance is fairly stated, so that auditors are only going to look at the last bank statement of the year.
They will also look at the first bank statement of the next year, as they will do some work related to checks written and deposits made at the very end of the year, but which didn’t clear the bank until the next month. There are some other tests in various parts of the audit that may require the auditors to look at that first bank statement of the year.
So the trick is to keep the theft off the last bank statement of the year, and the first bank statement of the next year.
A disclaimer again: I do not have any information about how Sachdeva committed her fraud or covered it up. I’m speculating liberally here, and offering my theory as to how it could have been concealed from the auditors.