22 Aug

Detecting Overrides of Internal Controls

Where can employees, outside consultants, and board members look for evidence of override of internal controls? This isn’t a simple list of numbers or documents that must be checked off. Instead, looking for improper override of controls requires looking for red flags that point to something being amiss.<!–more–>
<ul>
<li>Complete an analytical review, looking for unusual changes between periods in terms of dollars and percentages.</li>
<li>Look for large, round numbers that enhance the financial position, especially if these numbers just happen to occur at the end of an accounting period</li>
<li>Examine reversing entries at the beginning of an accounting period, looking for evidence that these entries relate to an improper entry at the end of the previous period</li>
<li>Determine whether transactions have been completed on an arms’ length basis, and with legitimate business partners</li>
<li>Look for evidence of undisclosed relationships or agreements</li>
<li>Listen carefully to employees who may be reporting wrongdoing or hinting that there is a problem</li>
</ul>
When examining these things there are three critical items which are the most troublesome:
<ul>
<li>Missing or altered documentation</li>
<li>Withholding of information</li>
<li>Unexplained variances in numbers</li>
</ul>
All three of these suggest something is not right. If there is nothing to hide, why are things being hidden? That is often the first clue to a much larger problem.

<strong>Trust but Verify</strong>
The key reason why employees are able to steal from companies is that the employees are trusted. That trust is obviously inherent to being able to operate a business. If you don’t trust employees to do their jobs, the business cannot accomplish anything.

However, that trust should not be blind trust. Skepticism is an essential element for everyone involved in the process of ensuring that a company’s assets are protected and the financial statements are accurate.

The skepticism must go beyond simply acknowledging that fraud risks are present in every company. Professionals must be alert to the most likely risks and must be willing to ask difficult questions and required support for the answers given. The process of asking questions might be uncomfortable, but it’s necessary to get to the bottom of things.

Remember that if an executive is intent on overriding controls to cover dishonest or unethical behavior, she or he has also likely taken steps to conceal the override. These instances won’t just jump right out at you and announce themselves. Detecting the override of controls and the associated fraud or malfeasance will take a lot of work and a bit of luck. But it is nonetheless important to make the search for the override controls a regular (and important) part of the financial management of a company.

18 Nov

Overriding Internal Controls (With Permission?)

It’s clear that there is a time and place for management to occasionally override a control. Everything in business is not routine, and there are times when special situations require special treatment. It would be silly to prohibit management from ever overriding the policies and procedures that are in place. There has to be guidance in place to direct employees when they may consider overriding controls.

However, it’s important to recognize that the override of controls should be the exception rather than the rule. Employees should be able to circumvent the system only on an infrequent basis, and these instances must be actively monitored to determine if the override process is being abused.

For example, there may be a policy specifying levels of approval before a payment can be issued. What if the person who normally approves the payment is on emergency sick leave and a payment needs to be made? There must be a process for getting an alternate employee to approve the payment. This transaction should then be flagged for later follow-up to determine that the payment was still proper. In this case, there is a need for overriding the normal control, but this is something that should happen infrequently.

Read More

01 Apr

Groupon’s Latest Accounting Problem

On Friday, the market eagerly awaited the release of Groupon’s (GRPN)10-K, detailing results for the year ended December 31, 2011. Shares were up 3.84% during regular trading hours, but dropped as much as 8% (eventually settling at -5.93%) in after hours trading when the company announced its figures were not as good as reported in February.

Revised Numbers

Some news sites are billing this as a restatement, although it would appear to be more of a revision to the numbers, as the original numbers were simply cited in an earnings release and the financial statements weren’t actually issued until Friday. Read More

22 Nov

Compliance Week: Koss Embezzlement and Small Company Internal Controls

Today’s Compliance Week article, “SEC Pursues Small Company Over Lax Internal Controls,” [subscription required] discusses the SEC settlement with Koss Corp over the $34 million embezzlement by former Vice President of Finance Sujata (Sue) Sachdeva.

The article explains the settlement, which is essentially a clawback of some of Michael Koss’s compensation: Read More

01 Nov

Ways to Help Prevent Corporate Fraud

Executives have the means to commit and cover up the largest frauds.

They have access to the information and computer systems, they have power over all employees and they have access to the money. The finance function is riddled with fraud risks and the company’s executives are in the best position to take advantage of those risks.

Because of the risk of losing large sums of money to fraud by executives, companies must ensure owners and boards of directors are actively involved in creating and maintaining an environment that is not conducive to fraud. This involves active oversight of daily operations, continuous monitoring of potential red flags of fraud and swift action when fraud is discovered. Read More

22 Jul

Permission to Override Internal Controls?

It’s clear that there is a time and place for management to occasionally override a control. Everything in business is not routine, and there are times when special situations require special treatment. It would be silly to prohibit management from ever overriding the policies and procedures that are in place. There has to be guidance in place to direct employees when they may consider overriding controls.

However, it’s important to recognize that the override of controls should be the exception rather than the rule. Employees should be able to circumvent the system only on an infrequent basis, and these instances must be actively monitored to determine if the override process is being abused. Read More

20 Jul

Internal Controls: Good Controls are Useless if Management Can Override Them

Some companies think they are protected against employee fraud because they have strong internal controls. Often, that’s the case. Good controls mean the rules are followed and the money is properly accounted for.

Sometimes, however, good controls are meaningless. What about the controls over the controls? All the rules and designated procedures in the world are meaningless if management has the ability to override them at will. When these overrides go unchecked, the company is often no better off than if they didn’t have any controls in place.

Indeed, the risk that management will override controls established to prevent fraud and ensure accurate financial statements is great. It is a constant risk as executives are in a position to manipulate numbers and direct employees to aid the manipulation. They can easily fabricate transactions or modify numbers to craft the financial statements to report whatever their hearts desire. Read More

26 Jun

Koss Fraud: We Didn’t Bother to Look at the Endorsements On Our Own Checks, But Grant Thornton Should Have!

The latest news in the Koss Corporation fraud committed by ex-VP of Finance Sue Sachdeva is a lawsuit filed by the company against Sachdeva and auditors Grant Thornton. It’s unlikely that the company will collect much from Sachdeva, but the auditors are a great target because they have deep pockets (especially in the form of a professional liability insurance policy).

Everyone expected Koss to sue Grant Thornton. It’s just standard procedure to sue the auditors after a fraud is discovered. It never matters to the companies that audits are not designed to detect fraud and the auditors tell management this over and over.

It never matters to the companies that they are the ones responsible for establishing and maintaining internal controls over financial reporting, as well as putting procedures in place to prevent and detect fraud. Read More

17 Feb

Koss Says They’ll Be More Profitable Now That Their VP of Finance Isn’t Stealing $31 Million From Them

Koss Corporation (NASDAQ:KOSS) filed a 10-Q with the Securities and Exchange Commission yesterday that pointed out the obvious… Now that their VP of Finance isn’t stealing at least $31 million from them, they think they’ll be more profitable.

The company says they’ll be restating the financial statements for the fiscal years ended June 2008 and June 2009, at the very least, and also restate the quarterly reports filed so far for fiscal 2010. The company says their numbers will improve now that Sue Sachdeva isn’t stealing from them (bold added by me): Read More

09 Aug

But Sarbanes-Oxley Hasn’t Actually Reduced Fraud…

My friend Francine McKenna wrote yesterday on her blog, re:The Auditors, about what Sarbanes-Oxley has accomplished:

My contention is that Sarbanes-Oxley has at least raised the tone and tenor of the conversation about internal controls and about common sense, tried and true, reasonable practices for financial reporting to shareholders and other stakeholders. Sarbanes-Oxley has raised the expectations, to an appropriately high level, of corporate governance and ethical, non- self-serving behavior of corporate executives. Sarbanes-Oxley has given stakeholders the tools to bring the hammer down on irresponsible, non-responsive, fat headed, cigar chomping, belligerent, insular, seemingly untouchable “big swinging sticks.” The Tone at the Top as improved in most major corporations and their professional advisors, if not by design then by default – the fear of prosecution. Read More