In the spirit of O.J. Simpson, Tracy Coenen explains today, that if Sue Sachdeva stole $31 million and spent most of it on some high-end threads and then sold the crap she didn’t want, it would’ve been a snap.
We’re not talking Enron type stuff here, just making off with cash:
All it takes are three steps to make this fraud nearly undetectable in a company in which the other members of the executive team aren’t paying attention. (And don’t worry, dear readers, that I may be giving away any secrets to committing fraud and covering it up. Any serious fraudster already knows these three things.)
1. Keep the fraud off the balance sheet.
2. Keep all transactions below the scope of testing by the auditors.
3. Don’t commit fraud during the last month of the fiscal year and the first month of the following fiscal year.
Can it really be this simple?
Here’s the quick and dirty:
Point 1 – Tracy notes that 80% of audit procedures focus on the balance sheet so if Suze was slamming all the bogus transactions amongst 4 or 5 income statement expense lines, no one would get wise to it.
Point 2 – If she did it, Suze probably knew what GT’s scope was (it’s supposed to be super-secret). She could plan the amount of her transactions to fall under this scope every time.
Point 3 – Auditors probably spent most of their time looking at bank statements for the last month of the fiscal year and the first month of the subsequent fiscal year. The rest of them don’t get much attention.
So there you have it. Throw in the incestuous management team, auditors that may be trying to get on each other and you’ve got a slam dunk.
UPDATE 7:38 pm: We got to wondering if Tracy’s statement “Any serious fraudster already knows these three things” were true, so we asked one. Crazy Eddie CFO, Sam Antar indulged us:
[Tracy] is correct. The fraudster always has the initiative because they are judgment oriented in their approach to crime, while auditors are process oriented in their approach to audits. In other words, fraudsters know how to think out of the box to solve problems and achieve their goals, while auditors rely too much on process and procedure to accomplish their missions. In the criminal’s world, judgment is more powerful than process.
We’ll leave it there (that’s right CNN).
Koss Corp.: Commit the fraud and cover it up [Fraud Files Blog]
It is that simple but GT’s procedures should not have been so feeble.
Any competent person using IDEA or ACL and running some standard and non-standard routines based on the revenue and expense ledgers would have discovered anomalies immediately. So, she could have started the fraud and gotten away with it for some time but had these procedures been done she would’ve been caught sooner. Poor audit planning – ZERO SAS 99 audit steps.
Where the fuck was internal audit on this?
No internal audit required for NASDAQ registered companies.
guessing that the focus would have been on revenue recognition, and probably not as much on cogs testing.
Look, the Company’s total revenues were $38 million in FY ‘09 and net income was approximately $1.9 million. I am going to to a rough assessment that materiality was within the range of $90k to $200k.
A lot of chatter is coming out from a few people that they thought the fraud was based on posting low value, large volumes of expenditures to accounts where fluctuations/increases would not be observed during the fiscal year, and keeping the transactions off of the balance sheet (i.e.- all false entries recording the transactions were recorded as direct debits to expense and credits to cash, with no entries recorded in the last and first months of the year. Had they performed a test of details over the entries to test cost of goods sold, then in theory some of these would have popped up, and either Sue would have been forced to become an expert on photo-shop, or these entries would have hopefully triggered the need to bring in forensics.
• Safeguarding of Assets Fraud vs. Financial Reporting Fraud
Based on what the experts are saying about the nature of fraud (i.e. – cash outflows were recorded in the period incurred, and posted to expense accounts with large volumes of activity already in order to minimize the significance of these variances), this fraud technically was recorded to the financial statements, and accordingly, the net income, net change in cash and balance sheet at year-end were not misstated.
Misappropriation of assets, while both a theft of shareholder value, and a presentation issue in terms of classification of these costs, did not result in a misstatement of net income and EPS, which is typically the risk auditors are most concern about, restatements of EPS for a given year.
• Cost of Sales TW
I am suspecting that GT most likely tested COGS using some form of gross margin analysis. Often, teams will allow for a larger precision level if an appropriate level of balance sheet work is performed. If we assume that fraud truly started in 2005, then we can assume that margins back in 2004 and SG&A in 2004 were appropriate and sans fraud. If I assumed that the margins were the same throughout 2005 – 2009, and SG&A only grew by 4% (approximation of CPI over the period), this explains approximately $12.7 million of fraud.
This tells me the following that the Company’s management was cutting actual costs in a reaction to increased SG&A costs (in part due to fraud committed by Sue Sachdeva (allegedly)), only to have even greater volume of fraudulent expenditures posted to the P&L. This is funny both because Sue’s ability to increase the fraud in this scenario would be due in part to the even great cushion made available from the actual costs savings. But this is scary because is shows just how predictable auditors can be. I am guessing that there was a lot of “trend” analysis involved by the auditors, and that they used a lot of inquiry to get through this.
• Audit Fees – I am not sure how a public audit of an entity like this could be done at $50,000. I am betting that a large reason for this was because GT has a very simple approach towards auditing the income statement, and relied on balance sheet work. If you look at the Company’s balance sheet, this could easily be accomplished at year-end with likely small sample sizes, and minimal effort. I bet the audit team consisted of 1 Partner, 1 Concurring, 1 manager and a Sr. associate and a first-year or intern.
Trying to make enough money on this audit to justify the Partner’s take home would left little room for the team to spend extra time and effort to specifically test for inappropriate expenditures.
pubes.
Great analysis @3.
@3 – doesn’t this prove that an incompentent management team/BOD was asleep at the wheel? Also, smaller companies (private and public) generally have inherent internal control issues due to their structure – the fact that the management team was kept in the family should have raised some red flags. But I am guessing the person responsible for the fraud was also the primary contact for the auditors. There was prob lack of discussion between executives on the engagement team and the management team!
@6, It would be a shame if GT spent their time talking to the VP-Finance who was the person committed the fraud. But my understanding from a source at GT indicates that is the case. Yes, they probably should have talked to the COO, CEO, and President! Clearly, it is correct that the other management and Board of directors are to burden some of the blame – no question. With a structure like this, additional auditing screams out as being required but apparently wasn’t done which explains the drop in audit fees Koss was paying since 2004 when GT was hired.