A finance executive’s alleged embezzlement of as much as $31 million over five years from headphone-maker Koss Corp. could serve as fodder for critics of legislation that would permanently exempt smaller publicly traded companies from fully complying with the Sarbanes-Oxley Act.
Observers of the case believe Koss, which reported $38.3 million in sales last year, wouldn’t be starting off 2010 in reputation-repair mode if it had had better internal controls in place to notice that money was continually moving out of the company’s bank account, allegedly to pay off an executive’s personal credit-card charges. Small companies like Koss have not been required to comply with Sarbox audit requirements.
Just before Christmas, the company fired Sujata Sachdeva, its vice president of finance and secretary, after U.S. attorneys filed a criminal complaint against her, claiming she used more than $4.5 million of Koss’s money to buy clothing, fur, and jewelry at various luxury stores in Milwaukee during the past two years. “It seems from everything I have heard, this vice president of finance had an awful lot of autonomy to do her own thing,” says Tracy Coenen, a fraud examiner and forensic accountant who has been following the case.
Koss has since disclosed that the monetary fallout could be worse than the amount cited in the criminal complaint. An internal investigation has uncovered additional unauthorized transactions, from as far back as five years ago, totaling more than $31 million. As a result, Koss plans to restate its financial records for the past three fiscal years and may go back to 2005 to make corrections. In the meantime, the company’s stock is in limbo, since Nasdaq halted its trading on December 21. At least one law firm has opened an investigation for a possible shareholder lawsuit.
Moreover, the company fired its accounting firm, Grant Thornton, on New Year’s Eve. The auditor’s response has been to highlight the fact that Koss is one of the companies that are not yet subject to Sarbox’s Section 404(b), which requires an auditor sign-off of internal controls. “The company did not engage Grant Thornton to conduct an audit or evaluation of internal controls over financial reporting,” says a spokesperson for the accounting firm. “Establishing and maintaining effective internal control is management’s and the board’s responsibility.”
Koss’s management claims the company did have effective internal controls for fiscal years ending June 30, 2009, and June 20, 2008. Still, the management report, enclosed in its most recent 10-K, acknowledges in boilerplate language that “because of the inherent limitations in all control systems, no evaluation of controls can provide absolute assurance that all control issues and instances of fraud, if any, within the company have been detected.”
The Securities and Exchange Commission has allowed nonaccelerated filers — companies with market caps below $75 million — to only self-report on the effectiveness of their internal controls for the past two years. But the regulator has continually delayed the auditor-attestation portion of Section 404 for those filers. If there are no more delays or exemptions, companies like Koss will have to get their auditors to review their internal controls starting this summer, depending on their fiscal year-end.