I have been criticized for “defending” Grant Thornton, the auditors of Koss Corp, which has suffered a fraud loss of at least $31 million at the hands of the company’s Vice President of Finance, Sue Sachdeva. In fact, my comments relating to this case are not a defense of Grant Thornton, in the least. They are meant to point the finger squarely at Koss management, which is wholly responsible for this fraud.
I’m not saying that Grant Thornton did a bang-up job when it comes to Koss. I couldn’t possibly know that without knowing exactly how the fraud was carried out (Koss still hasn’t said) and without seeing GT’s workpapers and taking a good look at what they actually did. What I am saying is that audits have so little usefulness and are so awful at detecting fraud, that it’s a given that a woman like Sue Sachdeva would easily be able to get away with a massive theft.
How often do we see an executive running off with a company’s money while auditors were hovering? We see it all the time. Enron, WorldCom, and Tyco brought fraud by management to light, and the problem still exists several years later. Legislation such as Sarbanes-Oxley hasn’t cured the problem, in fact, a recent study by the Association of Certified Fraud Examiners found that the problem is even worse than before SOX. This is a persistent problem, one that auditors clearly haven’t been able to eradicate, so to suggest that Grant Thornton should have stopped the fraud (when all the other large auditing firms have failed to find fraud at their clients too) is nonsense.
My respected colleague Francine McKenna did a great deal of research and writing about why Grant Thornton shouldn’t get a pass in the Koss case. She’s found a lot of interesting information about Koss Corp., its finance function, its auditors, and its management in general. But instead of proving why this makes Grant Thornton guilty, it only seems to prove my original theory: that management alone is to blame for this fraud.
Francine points out the following notable facts:
- NASDAQ, where Koss was listed, does not require an internal audit function in companies. Koss did not have internal auditors.
- Grant Thornton’s planning of their audit work required them to assess the company’s internal audit function, or in this case, Koss’s lack of internal auditors.
- The auditors were required to adjust their substantive testing (read: do more) based on the risk factors Koss presented per SAS 109 (AU 314), Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement.
Clearly there were issues with how Koss was managed. Francine writes:
If they had performed a proper SAS 99 review (AU 316), Consideration of Fraud in a Financial Statement Audit, it would have hit’em smack in the face like a _______ . (Fill in the blank.) Management oversight of the financial reporting process is severely limited by Mr. Koss Jr.’s lack of interest, aptitude, and appreciation for accounting and finance. Koss Jr., the CEO and son of the founder, held the titles of COO and CFO, also. Ms. Sachdeva, the Vice President of Finance and Corporate Secretary who is accused of the fraud, has been in the same job since 1992 and during one ten year period worked remotely from Houston!
How do you audit a company like Koss which apparently had little to no substantive internal controls over the financial reporting process? Well you could examine every single transaction for the year. But obviously no company is ever going to pay an auditor the type of fee it would require to do this. So the auditors instead do some “extra” testing. If the extra testing turns out okay, all is deemed happy in auditland.
Sounds laughable, doesn’t it? But that’s what auditing is, whether we like it or not. Audits test. Audits sample. They hope they catch the big stuff, but often they do not. Check out the number of articles returned by Google for a search for “auditor” and “lawsuit” for the last year.
There were obvious problems with the finance function at Koss. But at the end of the day, an audit needs to be done and someone is going to do it. No matter how awful a company’s management is, there is always an auditing firm willing to step up to the plate. Trainwreck Overstock.com is a great example of this. After numerous instances of financial reporting irregularities were pointed out by a variety of journalists and bloggers, Overstock fired Pricewaterhouse Coopers (PwC) and hired Grant Thornton. More issues, and Grant Thornton was fired less than a year later. And KPMG has stepped up to take over this financial reporting mess.
How often do auditors make “Management Recommendations” to companies? Every single year, the auditors complete their work and tell their clients where they could improve. Probably on the most frequently recommended list are better internal controls, better segregation of duties, and better ways to prevent the head of the finance function from overriding controls. And often companies ignore these recommendations, citing the fact that they haven’t had any problems (yet!) or that changes would cost too much.
I could suggest that auditors “man up” and refuse to work with clients unless they became more diligent about their internal controls, but doesn’t often happen. Some auditing firm is all too happy to accept a client recently fired by their auditors. And the auditors are reluctant to tell one another the real reasons why they quit or were fired. It’s just not good for business.
Frankly, I don’t know why any accounting firms even do audits anymore, especially of publicly traded companies. There is not enough insurance in the world to protect them from situations like this. Grant Thornton’s reputation will be tarnished in the Milwaukee business community for years to come, and there will likely be effects in other markets as well. Is it really worth it to do audits when this type of liability exists?
The problem with blaming the auditors in this case is that if we do so, then we should blame the auditors in nearly every other corporate fraud. Why? Find me a company that does not let the CFO hold the keys to the kingdom? Find me a company in which the CFO or VP of Finance isn’t able to override almost all of the controls.
Instead, we still play this game of pretend. We wish that auditors could be good at finding fraud and that they would really provide value to a business. Neither is true, and what is required is either an acceptance of this truth or a fundamental change in thinking regarding audits. Let’s accept audits for what they are, or completely change the process if we want audits to do something useful, such as find fraud.
The bottom line here is that the management of Koss Corp., and specifically wonder boy Michael Koss, is solely to blame for the $31 million fraud committed by VP of Finance Sue Sachdeva. No one was stopping Koss from asking the auditors to do more work or from hiring other professionals that could help improve internal controls and find fraud. The auditors are going to get sued, and they’ll have a hard time walking away without any liability. That’s just the way the game goes. Fraud is found, auditor has professional liability insurance, auditor gets sued, insurance company pays out at least something.
So make no mistake, I’m not absolving Grant Thornton of guilt in this situation. There is a chance that they have some liability. But the blame needs to be focused on management at Koss Corp. Audits aren’t going to start finding fraud on a wide scale any time soon. But management can do something about fraud if they choose to. Koss did not, and now they are paying the price. They put themselves into this situation, and they are to blame.