I’m no fan of Sarbanes-Oxley because I believe it was ridiculously expensive, and hasn’t really produced any meaningful results. Fraud is just as rampant as before SOX became law, and the only thing companies have to show for it is a huge bill from auditors and consultants.

But let’s suppose for a minute that SOX really is a good thing because it forces companies to take a harder look at internal controls. As a small public company, Koss wasn’t yet subject to audits of their internal controls.

As a public company with a market cap well below $75 million, Koss is a non-accelerated filer and therefore not yet subject to Section 404(b) of the Sarbanes-Oxley Act, which requires an external auditor’s review of internal controls over financial reporting. The company must perform its own review of controls and assert in its financial statements whether those controls are adequate (that is Section 404(a) of SOX), but they are not required to get an auditor’s opinion on those controls.

And clearly Koss had almost no internal controls over the finance function.

My comments on the internal controls and Grant Thornton’s work:

Tracy Coenen, a forensic accountant and fraud examiner at Sequence Inc. who has been following the Koss spectacle closely, notes that Koss had no formal internal audit function, and that certainly could have been a red flag to Grant Thornton that the quality of controls would be suspect. But there’s no way to know from publicly available documentation what the auditor thought of Koss’s controls.

Coenen says the audit fees Koss paid to Grant Thornton were low enough ($151,300 in fiscal 2009 but only $71,400 in 2008) that one can’t help but wonder how much audit work actually occurred. Kyviakidis, on the other hand, says auditors have enough pressure about fees and legal liability these days that the amount paid may not reflect the amount of work that truly went into the audit.

Even if Grant Thornton had been required to take a harder look at the internal controls at Koss, I doubt that the fraud committed by Sachdeva would have been discovered sooner. Maybe it would have. But that’s not a foregone conclusion. Sachdeva likely knew exactly what the auditors were looking for each year, and hid her fraud accordingly.

This is a great time to talk about internal controls over fraud by executives. It’s certainly an issue that needs to be visited by all companies. It certainly is a huge problem, but I’ve always said that the problem of fraud is not going to be solved by regulations. It’s going to be solved by companies being proactive about preventing and detecting fraud. Shareholders and management need to force the issue so that companies are “encouraged” to police the issue of fraud by executives and make substantive changes that reduce the fraud risks and fraud losses.

The indictment is interesting. Not only did she use company funds to pay her American Express bill as we had heard, she’s also been accused of getting cashier’s checks from a bank account belonging to Koss, writing Koss checks to Petty Cash and keeping the funds, and using Koss traveler’s checks for personal purposes.

People are suggesting Sachdeva had some sort of sickness, an addiction to shopping. Her attorney is quoted:

“It is obvious there are some unusual facts and some unusual behaviors being alleged,” Michael F. Hart said in an interview. “We intend to show that mental health issues played a substantial role in Ms. Sachdeva’s conduct.”

My guess is that it was something else. I think she was reselling the merchandise paid for with money stolen from Koss.  There were massive amounts of clothes found in storage, including 461 pairs of shoes and 34 fur coats. The clothing she bought ranged in size from 8 to 14. She couldn’t have worn that range of sizes, but that range would have been perfect for someone retailing the merchandise. I bet we’re going to hear soon that Sachdeva was selling this merchandise to domestic and overseas retailers at a fraction of their wholesale value.

And what happened to all the money? The media and federal indictment report some of the personal use of the funds: travel, hotels, airfare, home renovations, personal services, and household furnishings. My guess is that there will be another use of the funds revealed soon. These things don’t seem to add up to all the money missing from Koss.

There still are no clues as to how Sachdeva hid the fraud from Koss management and Grant Thornton (the auditors). The indictment merely says:

(f) To conceal her fraud, Sachdeva made, and directed other Koss employees to make, numerous fraudulent entries in Koss’s books and records to make it appear that Sachdeva’s fraudulent transfers were legitimate business transactions.

(g) Sachdeva concealed, and directed other Koss employees to conceal, her fraudulent transfers, as well as the fraudulent entries in Koss’s books and records, from Koss’s management and its auditors.

There is no hint as to what kind of entries were made on the books to conceal the fraud. There is also no information regarding whether the employees knew that they were doing something wrong. (They may have just been doing their jobs, with no inkling that Sachdeva was directing them to do something shady.)

The fraud seemed to be going along fine until Sachdeva got too greedy. The amount of theft gradually increased each year, which probably made it easier to hide. Then in late 2009 (which is fiscal 2010 for Koss) she got greedy and stole much more in a six month period than she ever had in one year.  Of the $10 million she allegedly stole in late 2009, here are the wire transfers from Koss to Sachdeva’s personal American Express card that were listed in the indictment:

• September 4, 2009 $250,000
• September 10, 2009 $760,000
• September 17, 2009 $600,000
• October 22, 2009 $618,595
• October 27, 2009 $400,000
• December 15, 2009 $350,000

So that brings us back to the issue of the auditors again. How did they miss a fraud of this size? I’ve come up with at least one scenario under which it could have easily gotten past them. If Sachdeva booked the theft to cost of goods sold, any yearly increase in this part of the income statement could be explained by rising material costs, and the auditors would likely be no wiser.

On commenter on the site Going Concern agreed that it would be relatively easy to hide the fraud from the auditors:

Look, the Company’s total revenues were $38 million in FY ‘09 and net income was approximately $1.9 million. I am going to to a rough assessment that materiality was within the range of $90k to $200k.
A lot of chatter is coming out from a few people that they thought the fraud was based on posting low value, large volumes of expenditures to accounts where fluctuations/increases would not be observed during the fiscal year, and keeping the transactions off of the balance sheet (i.e.- all false entries recording the transactions were recorded as direct debits to expense and credits to cash, with no entries recorded in the last and first months of the year. Had they performed a test of details over the entries to test cost of goods sold, then in theory some of these would have popped up, and either Sue would have been forced to become an expert on photo-shop, or these entries would have hopefully triggered the need to bring in forensics.

• Safeguarding of Assets Fraud vs. Financial Reporting Fraud
Based on what the experts are saying about the nature of fraud (i.e. – cash outflows were recorded in the period incurred, and posted to expense accounts with large volumes of activity already in order to minimize the significance of these variances), this fraud technically was recorded to the financial statements, and accordingly, the net income, net change in cash and balance sheet at year-end were not misstated.

Misappropriation of assets, while both a theft of shareholder value, and a presentation issue in terms of classification of these costs, did not result in a misstatement of net income and EPS, which is typically the risk auditors are most concern about, restatements of EPS for a given year.

• Cost of Sales TW
I am suspecting that GT most likely tested COGS using some form of gross margin analysis. Often, teams will allow for a larger precision level if an appropriate level of balance sheet work is performed. If we assume that fraud truly started in 2005, then we can assume that margins back in 2004 and SG&A in 2004 were appropriate and sans fraud. If I assumed that the margins were the same throughout 2005 – 2009, and SG&A only grew by 4% (approximation of CPI over the period), this explains approximately $12.7 million of fraud.

This tells me the following that the Company’s management was cutting actual costs in a reaction to increased SG&A costs (in part due to fraud committed by Sue Sachdeva (allegedly)), only to have even greater volume of fraudulent expenditures posted to the P&L. This is funny both because Sue’s ability to increase the fraud in this scenario would be due in part to the even great cushion made available from the actual costs savings. But this is scary because is shows just how predictable auditors can be. I am guessing that there was a lot of “trend” analysis involved by the auditors, and that they used a lot of inquiry to get through this.

• Audit Fees – I am not sure how a public audit of an entity like this could be done at $50,000. I am betting that a large reason for this was because GT has a very simple approach towards auditing the income statement, and relied on balance sheet work. If you look at the Company’s balance sheet, this could easily be accomplished at year-end with likely small sample sizes, and minimal effort. I bet the audit team consisted of 1 Partner, 1 Concurring, 1 manager and a Sr. associate and a first-year or intern.

Trying to make enough money on this audit to justify the Partner’s take home would left little room for the team to spend extra time and effort to specifically test for inappropriate expenditures.

It’s easy to say that the auditors should have caught the fraud. That’s said all the time when a big fraud hits the media. But the fact is that audits rarely find fraud, and relying on the auditors to find fraud is silly. Sure, we can think of a bunch of ways that auditors could have found a fraud if they looked in the right places. But the auditors are not finding fraud. Let’s stop pretending that auditors do find fraud, because they don’t.

Accounting standards exist so that financial statements have some uniformity. Users of financial statements outside of the companies producing the numbers are able to compare financial statements and understand what the users mean because standards have … standardized… financial statements.

U.S. GAAP has been around for about 75 years. But in 2008 the SEC declared that companies would start switching to IFRS soon, with all companies using IFRS by 2016. Why the switch? Well some argue that there are two main reasons why we should switch to IFRS:

1. It is in the interest of international business. Financial statements for U.S. businesses will be easier to compare to businesses in other countries.
2. There are too many rules in GAAP. IFRS is “principles based,” which means there are fewer hard and fast rules, leaning more toward guidelines which management uses their judgment to apply.

The switch from GAAP to IFRS won’t be cheap. It’s estimated that it will take a company 2 to 3 years to make the transition, and it’s going to be an awful lot of work.

IFRS is easy to criticize. Allowing management more judgment in applying the principles to their company’s books leaves more room for financial statement manipulation. As a forensic accountant, I can certainly see how abuses may be more prevalent. Just look at GAAP-based financial statements – - the accounts most at risk for manipulation by shady executives are the ones in which management apply estimates and judgment.

Professor Albrecht says:

Switching the United States from U.S. GAAP to IFRS is desired in the U.S. only by large audit firms, CEOs of large multinationals, and SEC regulators and their staffs.  Investors, rank and file accountants and accounting professors oppose the move.  Audit firm principals and corporate executives stand to profit, one way or another, by billions and billions and billions and billions of U.S. dollars.  It is self-debasing greed.  It is avarice of the corrupted soul.

Let us not be fooled. Accountants and auditors are not in business for altruistic reasons. They don’t exist because of a great love for numbers and a deep desire to help craft the most accurate financial statements ever. They’re in business to make money. And make money they will if companies are forced to move to IFRS.

Large accounting and auditing firms are making scads of money. And this chart from The 2009 Big Four Firms Performance Analysis demonstrates it nicely.

Professor Albrecht notes that Sarbanes Oxley helped the accounting firms make a lot of money, but most of the revenue growth related to SOX was over by 2005. So what is behind the growth since then? Growth in consulting fees.

And what will drive revenue growth in the future? The adoption of IFRS. The amount of money to be made by providing consulting services to companies making the switch will be huge.

And will financial reporting improve? No. In fact, the reliability of financial statements from companies using IFRS will go down because it will be much easier to manipulate earnings.

Disclaimer: I have no inside knowledge of the situation at Koss. I have never worked for or with them, and I have never worked for or with Grant Thornton, the auditors. I haven’t seen anything other than what’s been released publicly by the press. I am merely speculating.

The contention has been made that the auditors should have found this fraud, as they are required to consider fraud in planning and performing their audits. Further, the fraud is at an estimated $31 million (my guess is it will end around $50 million), which is clearly material to Koss.  “Material” generally means it’s big enough to matter to the overall financial picture of the company. With annual sales hovering around $40 million a year at Koss Corp., $31 million (or more) stolen over a 5+ year period is certainly material.

So how did the auditors miss it? That’s easy. Three simple steps by Koss VP of Finance Sue Sachdeva could prevent the auditors from encountering evidence pointing them to the fraud.

Again, it’s important to point out that I have no idea whether the auditors failed in their role. I have no idea whether things were uncovered in their audits that should have been investigated further, and which would have exposed the fraud if they had been investigated.

For purposes of this discussion, I’m asking you to assume the auditors did the right thing. Assume they properly planned and carried out their audits, even in light of the poor internal controls it appears Koss had. Pretend the auditors were diligent and thorough. How, then, might Sachdeva commit her fraud so that no one would discover it?

All it takes are three steps to make this fraud nearly undetectable in a company in which the other members of the executive team aren’t paying attention. (And don’t worry, dear readers, that I may be giving away any secrets to committing fraud and covering it up. Any serious fraudster already knows these three things.)

1. Keep the fraud off the balance sheet.
2. Keep all transactions below the scope of testing by the auditors.
3. Don’t commit fraud during the last month of the fiscal year and the first month of the following fiscal year.

Can it really be this simple? Yes, and here’s how.

Keep the fraud off the balance sheet: The substantive testing of the auditors focuses very heavily on the balance sheet. Probably 80% or more of the auditors’ work is spent testing balances on the balance sheet. The focus on the income statement is minimal because the theory goes that if the balance sheet is right, the bottom line profit is also right and a lot of testing does not need to be done on the profit and loss statement.

How could Sachdeva keep the fraud off the balance sheet? We’ve been told she used company funds to pay her own massive credit card bills. The accounting entry would credit the bank account (so that the account will always be balanced to the bank statement and not draw attention) and debit an expense account. Normally, paying a bill would require using accounts payable, a balance sheet account. But by skipping that step and going right to the income statement, this generally keeps the fraud off the balance sheet.  (Except of course for the use of the bank account, which I’ll address in point #3.)

Where on the income statement do you hide the theft? Ideally you would split it up between a number of line items. Cost of Goods Sold is probably one of the best areas to dump the theft because it’s likely one of the largest line items, and everyone agrees that material costs can vary in manufacturing. It’s easy to explain away an increase in COGS. Payroll will be a larger item too, so some of the fraud might be dumped there. Generally, you should consider using 5 or 10 of the biggest line items which won’t draw scrutiny if they increase.

Here is how Koss has said Sachdeva’s fraud was broken out between fiscal years, based on information available last week:

2005 – $2,195,477
2006 – $2,227,669
2007 – $3,160,310
2008 – $5,040,968
2009 – $8,485,937
2010 – $10,243,310 (two quarters)

With the company selling about $40 million of products per year, you can see how easy it would have been to conceal $2 million or $3 million on the income statement. As long as that amount is broken up across several line items, it likely won’t be noticed.

The dollar figures in the last three years were obviously much larger and probably a bit more difficult to conceal.  But remember…. By 2007, $3 million in theft was concealed in the income statement. That means in 2008, only $2 million of the total $5 million stolen needs to be hidden. The first $3 million in theft would already be in line with the prior year’s expenses and wouldn’t draw scrutiny.

The same thing goes for 2009. Presumably $5 million in theft was already concealed in 2008 and integrated into the income statement. Only $3 million extra (of the $8 million total theft) needs to be concealed in 2009.

Keep all transactions below the scope of testing by the auditors: Most of the audit work involves testing transactions. They can’t possibly look at all the transactions for the year, so they examine transactions on a test basis. If the testing turns out right (the numbers were recorded correctly, they add up the way they should, and the accounting rules were followed when recording the transactions), then the untested items are also deemed to be correctly recorded.

The auditors rely heavily on their “scope.” They’ll determine a number which guides the transactions they’ll test. Let’s pretend that $50,000 is the scope on an audit. When testing transactions, the auditors are generally going to look at transactions $50,000 and above. Any transactions of an amount lower than this are almost certainly not going to be tested.

It’s simple math that guides the scope of the testing. By testing the larger dollar amounts, the auditors get greater “coverage” in their audit. They can say they tested ___% of the dollars on the balance sheet. The higher the percentage of dollars tested, the more thorough the audit work looks. So by testing larger dollar items, the auditors get better coverage.

A CFO or VP of Finance (and many others in the accounting department) are well aware of the scope of the auditors. The auditors are not supposed to tell the client what the scope is, but it’s pretty easy to figure out when every request for documentation is above a particular dollar figure.

Suppose the scope at Koss was $50,000 (again, this is a completely made up number). Sachdeva would have to keep her transactions well below that figure to almost guarantee herself that the auditors would not look at those transactions. So she either needs to do wire transfers to her bank account of less than $50,000 at a time, or if she does wire transfers at or above $50,000, the transfers need to be recorded on the books in pieces smaller than $50,000. Obviously, the lower she keeps the recorded transactions, the less of a chance of detection by the auditors. (And it’s also advisable to record these transactions as odd dollars and cents – - such as $27,352.23 – - rather than large round numbers like $30,000 which are more likely to draw the attention of the auditors.)

This is where it makes sense to split up the transactions between several expense accounts. Again, focus on the expense accounts for which an increase could be easily explained and unlikely to be examined further.

Don’t commit fraud during the last month of the fiscal year and the first month of the following fiscal year: I keep getting asked why the auditors didn’t see these apparently large transfers to American Express on the bank statements. The answer is simple: They most likely weren’t looking at all of the bank statements, which is common in an audit. When auditing a bank balance on the balance sheet, the auditor is trying to determine whether the ending balance on the financial statement is correct. The ins and outs throughout the year don’t matter because of other testing done during the audit (or so the theory goes). The test is whether or not the ending balance is fairly stated, so that auditors are only going to look at the last bank statement of the year.

They will also look at the first bank statement of the next year, as they will do some work related to checks written and deposits made at the very end of the year, but which didn’t clear the bank until the next month. There are some other tests in various parts of the audit that may require the auditors to look at that first bank statement of the year.

So the trick is to keep the theft off the last bank statement of the year, and the first bank statement of the next year.

A disclaimer again: I do not have any information about how Sachdeva committed her fraud or covered it up. I’m speculating liberally here, and offering my theory as to how it could have been concealed from the auditors.

I’m not saying that Grant Thornton did a bang-up job when it comes to Koss. I couldn’t possibly know that without knowing exactly how the fraud was carried out (Koss still hasn’t said) and without seeing GT’s workpapers and taking a good look at what they actually did. What I am saying is that audits have so little usefulness and are so awful at detecting fraud, that it’s a given that a woman like Sue Sachdeva would easily be able to get away with a massive theft.

How often do we see an executive running off with a company’s money while auditors were hovering? We see it all the time.  Enron, WorldCom, and Tyco brought fraud by management to light, and the problem still exists several years later. Legislation such as Sarbanes-Oxley hasn’t cured the problem, in fact, a recent study by the Association of Certified Fraud Examiners found that the problem is even worse than before SOX. This is a persistent problem, one that auditors clearly haven’t been able to eradicate, so to suggest that Grant Thornton should have stopped the fraud (when all the other large auditing firms have failed to find fraud at their clients too) is nonsense.

My respected colleague Francine McKenna did a great deal of research and writing about why Grant Thornton shouldn’t get a pass in the Koss case. She’s found a lot of interesting information about Koss Corp., its finance function, its auditors, and its management in general. But instead of proving why this makes Grant Thornton guilty, it only seems to prove my original theory: that management alone is to blame for this fraud.

Francine points out the following notable facts:

• NASDAQ, where Koss was listed, does not require an internal audit function in companies. Koss did not have internal auditors.
• Grant Thornton’s planning of their audit work  required them to assess the company’s internal audit function, or in this case, Koss’s lack of internal auditors.
• The auditors were required to adjust their substantive testing (read: do more) based on the risk factors Koss presented per SAS 109 (AU 314), Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement.

Clearly there were issues with how Koss was managed. Francine writes:

If they had performed a proper SAS 99 review (AU 316), Consideration of Fraud in a Financial Statement Audit, it would have hit’em smack in the face like a _______ . (Fill in the blank.) Management oversight of the financial reporting process is severely limited by Mr. Koss Jr.’s lack of interest, aptitude, and appreciation for accounting and finance. Koss Jr., the CEO and son of the founder, held the titles of COO and CFO, also.  Ms. Sachdeva, the Vice President of Finance and Corporate Secretary who is accused of the fraud, has been in the same job since 1992 and during one ten year period worked remotely from Houston!

How do you audit a company like Koss which apparently had little to no substantive internal controls over the financial reporting process? Well you could examine every single transaction for the year. But obviously no company is ever going to pay an auditor the type of fee it would require to do this. So the auditors instead do some “extra” testing. If the extra testing turns out okay, all is deemed happy in auditland.

Sounds laughable, doesn’t it? But that’s what auditing is, whether we like it or not. Audits test. Audits sample. They hope they catch the big stuff, but often they do not.  Check out the number of articles returned by Google for a search for “auditor” and “lawsuit” for the last year.

There were obvious problems with the finance function at Koss. But at the end of the day, an audit needs to be done and someone is going to do it. No matter how awful a company’s management is, there is always an auditing firm willing to step up to the plate. Trainwreck Overstock.com is a great example of this. After numerous instances of financial reporting irregularities were pointed out by a variety of journalists and bloggers, Overstock fired Pricewaterhouse Coopers (PwC) and hired Grant Thornton. More issues, and Grant Thornton was fired less than a year later. And KPMG has stepped up to take over this financial reporting mess.

How often do auditors make “Management Recommendations” to companies? Every single year, the auditors complete their work and tell their clients where they could improve. Probably on the most frequently recommended list are better internal controls, better segregation of duties, and better ways to prevent the head of the finance function from overriding controls. And often companies ignore these recommendations, citing the fact that they haven’t had any problems (yet!) or that changes would cost too much.

I could suggest that auditors “man up” and refuse to work with clients unless they became more diligent about their internal controls, but doesn’t often happen. Some auditing firm is all too happy to accept a client recently fired by their auditors. And the auditors are reluctant to tell one another the real reasons why they quit or were fired. It’s just not good for business.

Frankly, I don’t know why any accounting firms even do audits anymore, especially of publicly traded companies. There is not enough insurance in the world to protect them from situations like this. Grant Thornton’s reputation will be tarnished in the Milwaukee business community for years to come, and there will likely be effects in other markets as well. Is it really worth it to do audits when this type of liability exists?

The problem with blaming the auditors in this case is that if we do so, then we should blame the auditors in nearly every other corporate fraud. Why? Find me a company that does not let the CFO hold the keys to the kingdom? Find me a company in which the CFO or VP of Finance isn’t able to override almost all of the controls.

Instead, we still play this game of pretend. We wish that auditors could be good at finding fraud and that they would really provide value to a business. Neither is true, and what is required is either an acceptance of this truth or a fundamental change in thinking regarding audits. Let’s accept audits for what they are, or completely change the process if we want audits to do something useful, such as find fraud.

The bottom line here is that the management of Koss Corp., and specifically wonder boy Michael Koss, is solely to blame for the $31 million fraud committed by VP of Finance Sue Sachdeva. No one was stopping Koss from asking the auditors to do more work or from hiring other professionals that could help improve internal controls and find fraud. The auditors are going to get sued, and they’ll have a hard time walking away without any liability. That’s just the way the game goes. Fraud is found, auditor has professional liability insurance, auditor gets sued, insurance company pays out at least something.

So  make no mistake, I’m not absolving Grant Thornton of guilt in this situation. The chance of them having some liability is great. But the blame needs to be focused on management at Koss Corp. Audits aren’t going to start finding fraud on a wide scale any time soon. But management can do something about fraud if they choose to. Koss did not, and now they are paying the price. They put themselves into this situation, and they are to blame.

In this news story from Milwaukee’s ABC affiliate, WISN 12, I talk about how a company with annual revenue in the $40 million range can fall victim to a fraud loss of $31 million (current estimate, up from original estimate of $4.5 million and first revision of $20 million):

I’ve also been quoted by the Milwaukee Journal Sentinel, and the Milwaukee Business Journal. At Daily Finance, I have written about why executives everywhere should fear a situation like this and why the auditors from Grant Thornton aren’t necessarily to blame. More of my comments are seen in this article on CFO.com: Fraud Case Feeds Sarbox-Exemption Critics.

Koss has hired Baker Tilly Virchow Krause as its new auditors, and this firm will not only do future audits, but will also audit any prior period financial statements that need to be restated.

As much as people would like audits to uncover fraud, that’s not what they’re designed to do. Financial statement audits rarely detect fraud because that’s not what the auditors are hired to do. If companies want someone to detect fraud, then they need to hire forensic accountants specifically to perform tests aimed at detecting and preventing fraud. They simply can’t rely on the auditors.

Some people say that auditors should change their work in order to detect more fraud. But that’s not what they’re engaged to do. They are engaged to audit. They are not engaged to detect fraud. The responsibility lies with the companies and their management, and they need to do something in addition to financial statement audits if they want to find fraud.

For a look at how Sachdeva spent the money she embezzled from Koss, check out this feature at Clusterstock.

My comments in the article:

The situation has left investors and others wondering how a company as small as Koss, with sales of $38?million in the most recent fiscal year, could have lost so much money without anyone’s noticing. The embezzlement came to light, according to the federal complaint, after American Express alerted Koss that money was being transferred from a company bank account to pay Sachdeva’s multimillion- dollar charges for clothing and jewelry.

Executives at Koss, or members of the board of directors, should have noticed the diversions, Tracy L. Coenen, a certified public accountant who specializes in forensic accounting and fraud investigation, said Monday. If Sachdeva spent millions on herself, as alleged, the financial statements should have looked unusual, Coenen said.

“It’s likely that her spending was dumped into cost of goods sold, a line item which can vary with market conditions,” Coenen said. “Nonetheless, the other executives at Koss should know enough about their own business and the market conditions to question whether cost of goods sold looks higher than it should.”

And on the issue of why the annual financial statement audits didn’t find the fraud:

Koss Corp. does have its books audited annually by an outside firm, Grant Thornton. But traditional financial-statement audits are unlikely to detect embezzlement, Coenen said. She said audits aren’t designed to uncover fraud and that the auditors wouldn’t know enough about the business to seriously question the variances in expenses caused by a scheme such as the one that Sachdeva allegedly engineered.

Because of its size, Koss hasn’t been required to have its outside auditor assess the effectiveness of the company’s internal controls over its financial reporting. Grant Thornton’s annual statements specify that Koss did not contract with the accounting firm to conduct such reviews.

The survival of the large auditing firms is in question right now, in my opinion. The business model of the auditing firms really isn’t working as well as it used to, and their are many liability issues. Auditors are being sued left and right, and these are expensive cases to defend, and difficult to win. (All the disclaimers in the world don’t protect the auditors from accusations of malpractice.)

Last week the the Public Company Accounting Oversight Board released reports on auditors Grant Thornton and BDO Seidman. And they’re not pretty.

In many ways, auditors have a low level of responsibility. So long as they follow their work programs, doing the procedures that are outlined, and documenting the work they did, they can mitigate their exposure to malpractice claims. The problem is that auditing firms are continuously being tagged for not doing all the necessary procedures and failing to follow up on issues uncovered during the audit (i.e. the audit testing reveals a problem, the auditors have to actually do something about it).

What did these audit firms hammered by PCAOB do?

BDO didn’t perform some important audit procedures, or failed to perform them well enough. One example… the auditors noted that revenue increased toward the end of the year for a brand new client, but didn’t actually examine the revenue further to see why that was. (Anyone who investigates financial statement fraud will immediately recognize that as a risk factor. Why is revenue jumping up at the end of the year? Is management trying to pad the numbers?) Something like this must be examined further!!!

Also related to fraud, on one audit the BDO auditors noted a specific fraud risk (channel stuffing), but didn’t do any work to determine whether that was happening at the client.

Grant Thornton found errors in how their clients applied the accounting rules (GAAP), but didn’t actually address them. At some clients they didn’t even find the misapplication of the rules. The other deficiencies included a variety of things, such as a failure to understand the valuation of auction rate securities, a failure to determine whether a company’s accounting for it post-retirement benefits plan was correct, and a failure to audit an acquisition transactions.

Here’s the best part of this all: The PCAOB inspections included the examination of 7 BDO audits and 8 Grant Thornton audits. Of the BDO audits examined, 5 had deficiencies in testing of revenue. Of the Grant Thornton audits examined, 5 had deficiencies in testing of assets, and 2 had deficiencies related to auction rate securities. Those aren’t good failure rates, and they raise the issue of just how prevalent audit failures are at these firms and others.

PCAOB has basically said these audit opinions cannot be relied upon. And the auditing firms say “move along, nothing to see here.”

BDO even criticized the fact that such small sample of audits is used for these PCAOB repors, and doesn’t “…lend itself to a portrayal of the overall high quality of our audit practice.” I take the opposite view. If so many problems were found in such a small sample of your audit work, that should be cause for alarm about all the rest of your work

Those who want audits to do that should just keep on wishing. It’s not going to happen.But auditors, of course, have a vested interest in being relevant. They can’t actually admit that audits are nearly worthless, or they put themselves out of jobs. Auditing is a massive industry, raking in billions of dollars each year in the U.S. alone.

Following the big scandals at companies like Enron and Tyco, the auditing industry took it upon itself to develop its own “watchdog,” the Public Company Accounting Oversight Board (PCAOB). Oversight? That’s a good thing, right?

Normally, yes. In this case, it was more a matter of convincing the public that auditors were serious about actually accomplishing something. If they didn’t “self-regulate” more, then outsiders would regulate more, and very possibly put auditors out of business.

An article on CFO.com from Friday is another bit of proof that the PCAOB is near worthless, just like audits. PCAOB is telling auditors to “focus on the CFO.”

Are they serious? They’re feeling important and relevant because they’re letting auditors in on the big secret that the CFOs of companies are in charge of the numbers? The subtitle of the article says: “A new guidance by the audit oversight board shows how finance chiefs can either buttress or make a hash out of a small company’s internal controls.”

Seriously? Auditors needed to be told that the CFO has control over a company’s numbers and can fiddle with them at will?

The article goes on to say:

A sharp and experienced CFO with broad knowledge of a small company’s operation can make for a much easier and cheaper audit of the company’s internal controls over financial reporting. An unruly finance chief, however, can wreak havoc on the controls of a tiny firm.

Through pithy scenarios, a Public Company Accounting Oversight Board staff guidance issued today reveals such down-home wisdom about the crucial role of the CFO in the audit process.

Reveals? Reveals????? Sorry, but if auditors didn’t already know that CFOs exert control over the financial statements and internal controls, then the auditing profession is far worse off than even I suspected.

Here are the numbers that were compiled by researchers from Syracuse University, using data from the Justice Department:

• 133 securities fraud prosecutions in the first eleven months of 2008
• 437 securities fraud prosecutions in 2000
• 513 securities fraud prosecutions in 2002
• 9 Justice Department prosecutions for securities fraud that came from SEC investigations in 2007
• 69 Justice Department prosecutions for securities fraud that came from SEC investigations in 2000

The excuse for the almost complete failure to prosecute for securities fraud? A focus on investigating terrorism threats since 2001.

And the SEC says that it’s using “non-criminal means” like fines and deferred prosecution agreements to regulate the marketplace. They say that cases handled with civil or administrative remedies are at 636 this year, compared to 503 in 2000.