Fraud Files: Koss Corp. Sues Its Auditor for Failing to Detect Fraud
Jun 25th 2010 4:30PM
Updated Jun 25th 2010 5:13PM
You knew it was coming. Koss Corporation has sued its auditors Grant Thornton for failing to find the alleged $31 million fraud perpetrated by the company's VP of Finance over at least five years. The company is also suing the accused fraudster, Sue Sachdeva, but it's not clear what money the company could ever hope to collect from her.
Instead, it's much better to go after the auditors, who have assets and a large professional liability insurance policy backing them. It probably doesn't even matter to Koss whether or not Grant Thornton is at fault for not finding the fraud. Never mind that the company had little to no controls in place to stop such a fraud. Or that accusations are flying about the Koss family doing fancy footwork of their own when it came to personal expenses and the company's funds.
This lawsuit was expected. Whenever there's a sizable fraud, the independent auditors often get blamed. It never seems to matter that the entire process of financial statement auditing is not designed to detect fraud, and companies are regularly reminded of this fact. Audits have a very limited purpose -- to check the math and make sure the company is following the accounting rules.
The Narrow Scope of Audits
It's easy to say the auditors should have found the fraud. Accountants and auditors can probably think of plenty of procedures that might have uncovered the fraud. But this does not necessarily mean that the auditors should have done any of these. Audits have a very narrow purpose and scope, and if Grant Thornton carried out those duties competently, they may not be to blame for missing the fraud.
Wanting auditors to find fraud, and engaging them to do more procedures that increase the likelihood of finding fraud are two separate issues. Koss could have asked Grant Thornton to do more. They could have asked for a more in-depth financial statement audit, an internal controls review, or any additional procedures specifically designed to detect fraud. The company did none of that.
The lawsuit against Grant Thornton isn't surprising, but what a Koss press release said about the case is:
The Complaint further alleges that Grant Thornton, the company's auditor during those same years, failed to properly perform audits of the company's financial statements and failed to properly assess the company's internal controls, thus allowing the embezzlement to continue and the damage to the company to escalate. In particular, the lawsuit claims that Grant Thornton repeatedly assured Koss' management and its board that the company's internal controls were effective and that Koss could rely on those same internal controls and Grant Thornton's work.
These statements about the company's internal controls are in contrast with what Koss has previously said. In a 10-Q filed for Dec. 31, 2009, following the discovery of the fraud, Koss said there were no formal changes or material affects to the company's internal controls over financial reporting.
Yet in its press release about the lawsuit, Koss blames Grant Thornton for not telling them that their internal controls were ineffective. If the controls were so ineffective, why did the company say in December that it didn't make formal changes or do anything to materially affect the controls?
Where the Blame Lies
Even more curious is Koss' allegation the auditor told the board that its internal controls were effective, despite the most recent audit opinion by Grant Thornton stating the following
The Company is not required to have, nor were we engaged to perform an audit of its internal control over financial reporting. Our audit included consideration of internal control over financial reporting as a basis for designing audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the Company's internal control over financial reporting.
Under the auditing standards, Grant Thornton was required to assess internal controls and use the results in designing effective audit procedures. But that analysis for the purpose of designing audit tests does not automatically create liability for the ineffective internal controls that the company itself was responsible for creating and maintaining.
This lawsuit is going to cost a lot of money and take much time and effort. How different this story would be if Koss' board and executives had put forth an equal amount of money and effort toward properly managing the finance function. The blame for this embezzlement still rests with the management of Koss, no matter how much finger-pointing the company does.