Where can employees, outside consultants, and board members look for evidence of override of internal controls? This isn’t a simple list of numbers or documents that must be checked off. Instead, looking for improper override of controls requires looking for red flags that point to something being amiss.
It’s clear that there is a time and place for management to occasionally override a control. Everything in business is not routine, and there are times when special situations require special treatment. It would be silly to prohibit management from ever overriding the policies and procedures that are in place. There has to be guidance in place to direct employees when they may consider overriding controls.
However, it’s important to recognize that the override of controls should be the exception rather than the rule. Employees should be able to circumvent the system only on an infrequent basis, and these instances must be actively monitored to determine if the override process is being abused.
For example, there may be a policy specifying levels of approval before a payment can be issued. What if the person who normally approves the payment is on emergency sick leave and a payment needs to be made? There must be a process for getting an alternate employee to approve the payment. This transaction should then be flagged for later follow-up to determine that the payment was still proper. In this case, there is a need for overriding the normal control, but this is something that should happen infrequently.
On Friday, the market eagerly awaited the release of Groupon’s (GRPN)10-K, detailing results for the year ended December 31, 2011. Shares were up 3.84% during regular trading hours, but dropped as much as 8% (eventually settling at -5.93%) in after hours trading when the company announced its figures were not as good as reported in February.
Some news sites are billing this as a restatement, although it would appear to be more of a revision to the numbers, as the original numbers were simply cited in an earnings release and the financial statements weren’t actually issued until Friday.
Today’s Compliance Week article, “SEC Pursues Small Company Over Lax Internal Controls,” [subscription required] discusses the SEC settlement with Koss Corp over the $34 million embezzlement by former Vice President of Finance Sujata (Sue) Sachdeva.
The article explains the settlement, which is essentially a clawback of some of Michael Koss’s compensation:
The latest news in the Koss Corporation fraud committed by ex-VP of Finance Sue Sachdeva is a lawsuit filed by the company against Sachdeva and auditors Grant Thornton. It’s unlikely that the company will collect much from Sachdeva, but the auditors are a great target because they have deep pockets (especially in the form of a professional liability insurance policy).
Everyone expected Koss to sue Grant Thornton. It’s just standard procedure to sue the auditors after a fraud is discovered. It never matters to the companies that audits are not designed to detect fraud and the auditors tell management this over and over.
It never matters to the companies that they are the ones responsible for establishing and maintaining internal controls over financial reporting, as well as putting procedures in place to prevent and detect fraud.
Koss Corporation (NASDAQ:KOSS) filed a 10-Q with the Securities and Exchange Commission yesterday that pointed out the obvious… Now that their VP of Finance isn’t stealing at least $31 million from them, they think they’ll be more profitable.
The company says they’ll be restating the financial statements for the fiscal years ended June 2008 and June 2009, at the very least, and also restate the quarterly reports filed so far for fiscal 2010. The company says their numbers will improve now that Sue Sachdeva isn’t stealing from them (bold added by me):
My friend Francine McKenna wrote yesterday on her blog, re:The Auditors, about what Sarbanes-Oxley has accomplished:
My contention is that Sarbanes-Oxley has at least raised the tone and tenor of the conversation about internal controls and about common sense, tried and true, reasonable practices for financial reporting to shareholders and other stakeholders. Sarbanes-Oxley has raised the expectations, to an appropriately high level, of corporate governance and ethical, non- self-serving behavior of corporate executives. Sarbanes-Oxley has given stakeholders the tools to bring the hammer down on irresponsible, non-responsive, fat headed, cigar chomping, belligerent, insular, seemingly untouchable “big swinging sticks.” The Tone at the Top as improved in most major corporations and their professional advisors, if not by design then by default – the fear of prosecution.