Could an alleged $31 million fraud at a company that reported $38 million in sales last year quash claims that internal-controls checks don't matter?
Sarah Johnson, CFO.com | US
January 7, 2010
there is no money in these "little" audits for the larger accounting firms; they often conduct boiler plate audits and over rely on a small managment team to give them just enough to overlook many, many internal control issues. Sox or no Sox, it's very difficult to justify to a small company the costs associated with full compliance. The pressure from the Board and the Street to deliver is intoxicating, especially for the small public companies. the wolf is always at the door.
Posted by Rick Macchiarulo | January 11, 2010 01:40 pm
There?s a HUGE expectation gap between what investors and owners think a financial statement audit does and what it really does. The biggest reason for the expectation gap has to do with audit materiality. Under the theory of audit materiality, auditors tend to waive errors that are under ten percent of either total assets or revenues. For a $100 million dollar company, that would mean uncorrected errors totally $10 million dollars discovered during the audit would not prevent an auditor from issuing a clean opinion. The sins that are hidden within materiality cannot be underestimated. Uncorrected errors can represent sloppy accounting, inefficiency and even out-and-out abuse. Under the best of circumstances, these rather large errors represent missed opportunities to improve systems and operational flows to improve profitability and shareholder value. At the very worst, these uncorrected errors could be red flags pointing to much larger frauds. It may take months, or even years, to determine the reason for why Grant Thornton missed the fraud at Koss, but in the end, the answer will no doubt be attributed to red flags ignored due to audit materiality. Improving corporate governance is already at the top of the list for many board members. Financial statement audits are NOT designed to discover frauds, and they are very effective for their intended purposes. Diligent board members interested in using the relevant and actionable data made available after an audit can start by requesting that the auditors supply a schedule of all of the uncorrected errors discovered during the audit. Auditors are already in the practice to summarizing uncorrected errors, so the information is readily available. How corporate boards use this information will vary. Some with audit committees can investigate the errors themselves, to determine which uncorrected errors are red flags to waste or abuse. For corporate boards without an audit committee, a trusted professional such as a Certified Fraud Examiner (CFE) or a CPA would be a great choice to help corporate boards make the most of actionable data. Frauds like those at Koss damage the public trust, and that pains many auditors who perform a valuable service. Financial statements, for all their shortcomings, are still the best way to verify management reports for the purposes of investors. The answer to this fraud at Koss is not more regulation for auditors or using more expensive internal controls audits. The answer for many businesses looking to avoid Koss's outcome could be as easy as implementing a basic fraud detection and prevention program. The Association of Certified Fraud Examiners (ACFE) conducts bi-annual tests to determine the effectiveness of several fraud detection and prevention tools. The ACFE 2008 Report to the Nation of Fraud and Abuse reported that fraud losses were significantly reduced, cutting some in half, using whistleblower hotlines, surprise audits, ethics training and segregation of duties. These hard-working fraud detection/prevention tools can be implemented in just a few days a year, making them feasible for even the smallest companies. With fraud losses accounting for 7% of GDP, it?s a problem too expensive to ignore.
Posted by Sheila Keefe | January 09, 2010 08:36 pm
This fraud case should not be held as an example of Sarbox "necessity." It's a huge reminder to the CEO and the Board that every business needs internal controls for their cash management and financial reporting procedures. Shame on them for not taking responsibility and assuming their CFO would do so. Yes, it's like putting the wolf in charge of the hen house. And where is their internal audit team? If they even exist, they are probably reporting to the CFO as well. Prior reader comments are all valid, too, but first line of ownership is with management and the Board. What rock have they been living under?
Posted by Marissa Crean | January 08, 2010 10:38 am
I agree with Teresa's assessment of the audit. Seems there were many warning signs that were ignored.
Posted by Jeff Wakefield | January 08, 2010 07:57 am
A good audit consists of many things including reperforming reconciliations, tying those back to the trial balance & bank recons, and verifying the support for legitimacy and accuracy. This is the same for journal entries; they must all be supported and tie to the general ledger. If something looks suspicious, you investigate. If something doesnęt tie, you investigate. That is the role of an auditor. How could Grant Thornton not take any responsibility here? $31M in fraud and they saw nothing. Internal controls could have helped the company for sure but that do not mean that an audit is good for nothing and it was just because 404(b) hadnęt kicked in that made the fraud possible. All my best, Teresa Bockwoldt MBA, MST CEO & Co-Founder Vibatoę, LLC 655 Montgomery Street, 5th Floor, Suite 540 San Francisco, CA 94111 Office: 415.240.4867 x 2300 | Mobile: 707.477.0008 | Fax: 888.407.7725 SOX Compliance Made Simpleę | http://www.vibato.com
Posted by Teresa Bockwoldt | January 07, 2010 06:03 pm© CFO Publishing Corporation 2009. All rights reserved.