John C. Koss is recognized for creating the stereo headphone industry in 1958 with his first stereo headphone. Koss Corp. (KOSS) was incorporated in 1971 in Milwaukee, Wisconsin and manufactures stereo headphones, speaker phones, computer headsets, telecom headsets, noise reducing headsets, and wireless headsets. It is in the audio/video segment of the home entertainment industry. Koss Corp. went public in 1965 at $5 per share. Over the last ten years, its stock price has ranged from $8 in July 2002, to its peak at $15 in July 2006 to its low at $4 in July 2010. It currently trades at approximately $5.50 per share. Accordingly, its market capitalization has ranged from $3.4 million to $12.8 million to its current level of $5.1 million. Thus, it was below the full implementation level of the Sarbanes-Oxley Act (SOX) where the cutoff is a market valuation of $75 million. The Chief Executive Officer (CEO), Michael J. Koss, the founders son, and his family directly or indirectly own in excess of 70 percent of the companys 851,000 shares. A $34 million embezzlement of cash from the Koss Corp. occurred over a 12 year period from 1997 through December 2009.
June 30, 2009 10-K Report Excerpts
The Koss Corp. received an unqualified opinion on its financial statements as of June 30, 2009 and 2008 (as well as in prior years) by a Big Five auditing firm. However, in accordance with SOX, the audit firm was not required to have, nor was it engaged to perform an audit of Kosss internal control over financial reporting. The audit did include consideration of internal control over financial reporting as a basis for designing audit procedures that were appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of Kosss internal control over financial reporting. The following excerpts are from the Managements Report in those same financial statements.
Management believes that the financial statements have been prepared in conformity with accounting principles generally accepted in the United States of America appropriate under the circumstances and necessarily include amounts that are based on best estimates and judgments. The Company maintains a system of internal controls to provide reasonable assurance that assets are safeguarded and that the book and records reflect the authorized transactions of the Company. Oversight of managements financial reporting and internal accounting control responsibilities are exercised by the Board of Directors, through an Audit Committee that is comprised solely of independent directors.
The Company maintains a system of disclosure controls and procedures that are designed to provide reasonable assurance that information, which is required to be timely disclosed, is accumulated and communicated to management in a timely fashion. The Company, under the supervision and with the participation of the Companys management, including the Companys Chief Executive Officer/Chief Financial Officer (CFO), after evaluating the effectiveness of the Companys disclosure controls and 2 procedures, has concluded that the Companys disclosures controls and procedures are effective to provide reasonable assurance..
The Companys management, including its CEO/CFO, is responsible for establishing and maintaining adequate internal control of financial reporting and designing such internal controls to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with GAAP. Management conducted its evaluation of its internal controls over financial reporting based on the framework in Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) as of June 2009. Based upon this assessment, the Companys management, including its CEO/CFO, believes that as of June 30, 2009, the Companys internal control over financial reporting was effective based on the criteria set forth by COSO in its Internal Control-Integrated Framework. This annual report does not include an attestation report of the Companys registered public accounting firm regarding internal control over financial reporting. Managements report was not subject to attestation by the Companys registered public accounting firm pursuant to temporary rules of the Securities and Exchange Commission (SEC) that permit the Company to provide only managements report in this Form 10-K.
October 24, 2011 Accounting and Auditing Enforcement Release No. 3330 SEC v. Koss Corporation and Michael J. Koss, Civil Case No. 2:11-cv-00991 Excerpts
The SEC on October 24, 2011 filed a Complaint against, and proposed settlement with, Koss Corporation (Koss) and Michael J. Koss (MJK), its CEO and former CFO, based on Koss Corporations preparation of materially inaccurate financial statements, book and records, and lack of adequate internal controls from fiscal years 2005 through 2009. During this period, Sujata Sachdeva, Kosss former Principal Accounting Officer, Secretary, and Vice-President of Finance, and Julie Mulvaney, Kosss former Senior Accountant, engaged in a wide-ranging accounting fraud to cover up Sachdevas embezzlement of $34 million from Koss. The SEC Complaint alleges that:
The yearly amounts stolen were significant to Kosss financial statements. For example, during fiscal year, June 30, 2009, Sachdeva stole approximately $8.5 million, while Koss reported total sales of $41.7 million, a net loss of $257,000, cash of $1.5 million, total assets of $29.6 million, and total equity of $17.1 million with retained earnings of $16 million. Sachdeva and Mulvaney were able to hide the substantial embezzlements in Kosss financial records in part because Koss and MJK did not adequately maintain internal controls to reasonable assure the accuracy and reliability of financial reporting. The $34 million embezzlement started in 1997 and ran until December 2009. While Kosss internal controls policy required MJK to approve invoices of $5,000 or more for payment, its controls did not prevent Sachdeva and Mulvaney from stealing $34 million from Koss to pay for Sachdevas personal purchases (lavish 3 shopping sprees at Neiman Marcus among others) without seeking or obtaining MJKs approval. MJK knew that Kosss computerized accounting system was almost 30 years old and he twice deferred proposals for a new system. Access to the accounting systems could not be locked at the end of the month and there was no audit trail. Sachdeva and Mulvaney were thus able to make undetected post-closing changes (false journal entries) to the books and bypass an internal control requiring Michael J. Koss to authorize those changes. Koss did not regularly change the password to access the computers and accounting terminals were not locked when unattended. Koss did not have information technology (IT) security policies and controls to log and monitor network and application security violations or to report incidents to management. Due to the limited number of people working in Kosss accounting department, many critical duties were combined and given to a few employees. Based upon the fraudulent accounting books and records prepared by Sachdeva and Mulvaney, Koss prepared, and MJK certified, materially inaccurate audited financial statements and materially inaccurate current, quarterly and annual reports.
Epilogue
Koss and MJK have consented to the entry of an injunctive order without admitting or denying the allegations in the Commissions complaint. Under this agreement, the order 1) enjoins Koss from violating and MJK from aiding and abetting violations of the reporting, books and records and internal control provisions of the Securities Exchange Act of 1934 and 2) orders Michael J. Koss to reimburse Koss $242,419 in cash and 160,000 of stock options pursuant to Section 304 of the Sarbanes-Oxley Act, i.e., the clawback provision. This bonus reimbursement, together with his previous voluntary reimbursement of $208,895 in bonuses to Koss Corporation represents his entire fiscal year 2008, 2009 and 2010 incentive bonuses.
A federal judge in Milwaukee has criticized the SEC for being too soft with corporate enforcement, marking the third time the agency has been criticized for weak settlements by a federal judge in the past year (the other two were both with Citigroup for similar settlements of $258 million and $75 million without any admission of guilt). The Milwaukee judge told the SEC that its proposed settlement with the Koss Corp. was too vague and did not force the corporation to admit guilt. He asked the agency to provide more facts within one month. In a related criminal matter in the U.S. District Court on November 17, 2010, Sachdeva pleaded guilty to six counts of fraud, was ordered to pay $34 million in restitution, and was sentenced to 11 years in prison.
In a separate lawsuit from the fallout of this embezzlement, the Koss shareholders received $1 million from Kosss insurance company. The Koss Corporation is still pursuing litigation against its auditors for failing to spot or alert Koss to this embezzlement and is in the process of collecting approximately $680,000 in restitution from the liquidation of Sachdevas retirement and stock ownership accounts. 4
President Obamas Council on Jobs and Competitiveness has urged Congress to make compliance with all or part of SOX voluntary for all public companies with market valuations up to $1 billion or, alternatively, to exempt all companies from SOX compliance for five years after they go public. This job council report suggests that weakening fraud protections is necessary to encourage more small companies to go public in order to help create jobs and cites the fact that the lowest number of venture- backed Initial Public Offerings (IPOs) had occurred in 2008 and 2009 since 1985. However, since SOX was never fully implemented for companies with market valuations below $75 million as noted above, it cannot be blamed for the drop in small company IPOs.
Required:
1. Describe methods that Sachdeva and Mulvaney could have used to steal $34 million in cash over 12 years under Kosss existing internal controls.
2. Describe various false journal entries that Sachdeva and Mulvaney could have used to cover up the $34 million theft of cash over 12 years.
3. Although Michael J. Koss reimbursed Koss Corp about $450,000 and gave up 160,000 stock options, he did not admit any guilt. What errors did he commit?
4. Recommend internal controls that Koss should implement to prevent future cash thefts.
5. Did the Board of Directors and the external auditors have any blame in this case?
5 Case Solutions
Questions and Answers:
1. Describe methods that Sachdeva and Mulvaney could have used to steal $34 million in cash over 12 years under Kosss existing internal controls.
Sachdeva and Mulvaney processed large wire transfers and cashiers checks (over 500 of them) outside of the accounts payable system to pay for Sachdevas personal purchases without seeking or obtaining Michael J. Kosss approval. As a result, Sachdeva, with Mulvaneys assistance, was able both to initiate and authorize wire transfers of Kosss funds to her personal creditors totaling $16.5 million, and to order cashiers checks payable to credit card companies and her designated payees totaling $17.5 million.
Many account reconciliations were either not prepared or were not maintained as part of Kosss accounting records. To the extent that reconciliations were conducted, they were improperly performed by the same persons who initiated or recorded the transactions, i.e., Sachdeva or Mulvaney, enabling those persons to make modifications to the reconciliations to cover up fraudulent entries.
2. Describe various false journal entries that Sachdeva and Mulvaney could have used to cover up the $34 million theft of cash over 12 years.
Sachdeva and Mulvaney used various methods to disguise the embezzlements in Kosss books and records. First, false journal entries reclassified cash to sales, thereby masking Sachdevas thefts of cash as reductions in sales. Second, false journal entries were made to eliminate sales and reduce cash balances. Third, false journal entries decreased both accrued liabilities and Kosss bank account balance. Fourth, false entries increased Kosss bank account balance and the costs of goods sold and decreased accounts receivable, inventory, and finished goods which kept the inventory balance in check with the false journal entries reducing sales and increasing the cost of goods sold. Sachdeva and Mulvaney entered these false journal entries without any supporting documentation for the transactions as was required by Kosss internal controls for legitimate transactions.
3. Although Michael J. Koss reimbursed Koss Corp about $450,000 and gave up 160,000 stock options, he did not admit any guilt. What errors did he commit?
While Sachdeva provided Michael J. Koss (MJK) with reporting certifications for his review, he did not conduct an adequate review of Kosss accounting in connection with these certifications. Based upon the fraudulent accounting books and records prepared by Sachdeva and Mulvaney, Koss prepared, and MJK certified, materially inaccurate audited financial statements and materially inaccurate current, quarterly and annual reports. The numerous false journal entries went undetected in part because of ineffective internal controls, including MJKs failure to review adjusting entries and to verify that 6 reconciliations of accounts were in fact being performed on a regular basis. See additional errors committed by MJK in the following internal control analysis.
4. Recommend internal controls that Koss should implement to prevent future cash thefts.
Instead of lasting 12 years, this fraud could have been caught at the end of the first day when the bank posts the wire transfers and cashier checks to Kosss checking account. Today MJK would just have to review the Koss checking account online to catch this fraud. In prior years before online access to bank accounts, MJK could have called the bank or, at least, could have caught the fraud at the end of the month by doing a bank statement reconciliation with the checking account balance on Kosss books after reviewing all adjusting and post-closing journal entries.
Due to the limited number of people working in Kosss accounting department, many critical duties were combined and given to a few employees. A single individual, Sachdeva, had authority to sign checks, approve and, with Mulvaneys assistance, submit wire transfers, review and, with Mulvaneys assistance, approve bank reconciliations and maintain the general ledger. Koss did not properly segregate duties or assign someone outside of the accounting function to provide an independent check and balance on employees integrity and to maintain a sufficiently strong control system. Among other things, different employees should have performed the separate duties of signing checks, processing cash receipts and cash disbursements, and maintaining books of original entry. Such duties need to be separated in the accounting department. Even though Koss is a small company, various non-accounting executives should take more supervisory duties in approving and reviewing material accounting transactions. The CEO should not also be the CFO.
Koss did not regularly perform monthly reconciliations of its bank accounts or balance sheet accounts. Koss did not have someone outside the accounting department, such as MJK as the CFO or the Vice President of Operations, review large wire transfers, cashiers checks, or the recording of payments on accounts payable when not processed through the accounts payable system. Koss did not adequately periodically review documentation to support the general ledger entries to verify that the corresponding transactions were being executed in accordance with Kosss accounting policies and recorded as necessary to permit preparation of financial statements in conformity with GAAP with respect to completeness, existence, occurrence, right and obligation, measurement and valuation.
Many account reconciliations were either not prepared or were not maintained as part of Kosss records. To the extent that the reconciliations were conducted, they were improperly performed by the same persons who initiated or recorded the transactions, i.e., Sachdeva or Mulvaney, enabling those persons to make modifications to the reconciliations to cover up fraudulent entries. MJK did not review or verify the existence of reconciliations. MJK also did not review or verify the appropriateness of any unusual 7 reconciling items and did not review or authorize any adjusting journal entries. Support for adjusting and post-closing entries was not documented.
In his review of Kosss monthly financial statements, MJK did not inspect the general ledger detail trial balance (which details all of the posted transactions), significant journal entries and the reconciliations of all subsidiary ledgers or schedules that supported significant account balances. MJK did not investigate unusual or infrequent journal entries on a regular and recurring basis.
Kosss internal controls over cash were inadequate. While Kosss internal controls policy required MJK to approve invoices of $5,000 or more for payment, its controls did not prevent Sachdeva or Mulvaney from processing large wire transfers and cashiers checks outside of the accounts payable system to pay for Sachdevas personal purchases without seeking or obtaining MJKs approval. In addition, there was no independent review of the petty cash account. Although MLK was required to review accounts payable checks before the checks were mailed, MJK and Sachdeva were each authorized to independently withdraw or transfer funds from Kosss bank accounts. As a result, Sachdeva, with Mulvaneys assistance, was able both to initiate and authorize wire transfers of Kosss funds to her personal creditors totaling $16.5 million and to order cashiers checks (over 500 of them) payable to credit card companies and her other designated payees totaling $17.5 million.
The most significant total dollar amounts of improper journal entries were made to understate sales and overstate cost of sales. Although monthly analytical procedures were performed, the procedures were not sufficient to detect unusual relationships between critical items, inconsistency with trends developed over Kosss operating history, balances which were out of line with expectations or any other unusual items.
MJK knew that Kosss computerized accounting system was almost 30 years old and he twice deferred proposals for a new system. Kosss and MJKs failure to implement and maintain effective controls over Kosss information systems in part allowed Sachdeva and Mulvaney to carry out the embezzlement and accounting fraud. Because access to the old accounting system could not be locked at the end of the month, Sachdeva and Mulvaney were able to bypass an internal control requiring MLK to authorize changes to the monthly books after they were closed. Thus, they accessed the accounting system and made improper post-closing entries.
MJK did not properly verify that Kosss accounting systems were secure or adequately monitored. Kosss computer system did not have an audit trail of usage, so there was no record of who made entries into the accounting system. Koss did not regularly change the password to access the computers and accounting terminals were not locked when unattended. Koss did not have IT security policies and controls to log and monitor network and application security violations or to report incidents to management. Without propr access controls, Kosss financial data could be retrieved and used by unauthorized individuals, accounting data could be lost or changed, and programs could be tampered with or destroyed. 8
5. Did the Board of Directors and the external auditors have any blame in this case?
Why didnt either the Board or the external auditors discover the following internal control deficiencies and expand their work? Kosss computerized accounting systems were almost 30 years old and access to the accounting systems could not be locked at the end of the month and there was no audit trail. Sachdeva and Mulvaney were thus able to make undetected post-closing changes (false journal entries) to the books and bypass an internal control requiring Michael J. Koss to authorize those changes.
Due to the limited number of people working in Kosss accounting department, many critical duties were combined and given to a few employees. Both the Board and the external auditors should have identified the major internal control deficiencies previously discussed. The major deficiency was little separation of duties in the accounting department without any external supervision. Even though Koss was a small company, various non-accounting executives should take more supervisory duties in approving and reviewing material accounting transactions. The CEO should not also be the CFO. Due to these limitations in internal controls at this small company, the Board should have insisted that the external auditors do a formal internal control report as required by SOX for larger companies. For the same reason, the external auditors should have insisted on such a report. Accordingly, the Koss Corp. is pursuing litigation against its auditors for failing to spot or alert Koss to this $34 million embezzlement which lasted over 12 years!