Today’s Compliance Week article, “SEC Pursues Small Company Over Lax Internal Controls,” [subscription required] discusses the SEC settlement with Koss Corp over the $34 million embezzlement by former Vice President of Finance Sujata (Sue) Sachdeva.
The article explains the settlement, which is essentially a clawback of some of Michael Koss’s compensation:
Michael Koss, who remains president and CEO, agreed to pay back bonuses totaling more than $450,000 in cash and 160,000 options. The company faced no monetary penalty. Sachdeva is already serving 11 years in prison for helping herself to more than $30 million from corporate accounts beginning in 2005 to support her lavish personal spending.
The SEC charged that the company and its CEO didn’t maintain a system of internal controls that would have reasonably assured accurate and reliable financial reporting. The scope of the embezzlement scheme was significant compared to the company’s sales and retained earnings, according to the SEC. In 2009—the first of two fiscal years and three subsequent quarters that Koss restated as a result of the fraud—Sachdeva skimmed $8.5 million in corporate funds on sales of $41.7 million and retained earnings of $17.1 million. Sachdeva and Mulvaney hid their embezzlement through an accounting fraud.
The article recounts some specific problems within Koss:
- Koss Corporation prepared materially inaccurate financial statements, book and records, and lacked adequate internal controls from fiscal years 2005 through 2009.
- Michael Koss was supposed to approve the payment of invoices greater than $5,000, but no approval was needed for wire transfers or cashier’s checks (the primary method of theft by Sachdeva).
- The computer system was more than 30 years old, and did not lock the accounting system at the end of a month to prevent later changes to the books.
- Many account reconciliations were either not prepared or were not maintained as part of Koss’s accounting records. To the extent that reconciliations were conducted, they were improperly performed by the same persons who initiated or recorded the transactions, enabling those persons to make modifications to the reconciliations to cover up fraudulent entries.
- While Sachedeva provided Michael J. Koss with reporting certifications for his review, he did not conduct an adequate review of Koss’s accounting in connection with these certifications.
One lawyer thinks the punishment was too harsh:
Keith Bishop, a partner in the corporate and securities practice at law firm Allen Matkins, is disturbed by the SEC’s pursuit of the company and its CEO. “It smacks of punishing the victim and second guessing,” he says. “I have a concern that the SEC is using this as a message case without really recognizing that no matter how well you have designed internal controls, they only provide reasonable not absolute assurance that there won’t be fraud.”
In Bishop’s view, the SEC singles out Michael Koss and criticizes him for not inspecting the general ledger trial balance, not investigating unusual or frequent journal entries, and not looking behind certifications that were provided to him. “In any environment, the person who signs the certification and the SEC reports is going to have to rely on other people,” he says. “You can’t expect them to double check everything.”
I disagreed, and stated that I thought the penalty was mild:
“The penalty was so insignificant,” say Tracy Coenen, a forensic accountant and founder of forensics firm Sequence. “There was absolutely no internal control in place. (Michael) Koss was signing off of the financial statements without doing any due diligence on any company records. While he may not have directly perpetrated the fraud, his inaction allowed it to go on for so long.” She expected more criminal liability for a failure to carry out basic duties to the company, she says.
With relatively lax punishment for Michael Koss, a CFO who thoroughly neglected his financial duties at the company, other CFOs might as well roll the dice and forget to do their jobs too:
Coenen points out that Koss more closely resembles a family-owned business than a public company, with the majority of its shares held by family members or insiders. It helps explain why the company had a small finance and accounting staff, with very few people holding key roles in managing books and records. She worries the SEC enforcement action doesn’t come down hard enough, giving companies some cause to weigh the costs and benefits of internal controls. “It almost feels like a roll-the-dice situation,” she says. “If that’s the only penalty, maybe I don’t have to go through the cost and trouble of shoring up controls.”