1

Embezzlement at Koss over 12 Years!

Introduction

John C. Koss is recognized for creating the stereo headphone industry in 1958 with his
first stereo headphone. Koss Corp. (KOSS) was incorporated in 1971 in Milwaukee,
Wisconsin and manufactures stereo headphones, speaker phones, computer headsets,
telecom headsets, noise reducing headsets, and wireless headsets. It is in the audio/video
segment of the home entertainment industry. Koss Corp. went public in 1965 at $5 per
share. Over the last ten years, its stock price has ranged from $8 in July 2002, to its peak
at $15 in July 2006 to its low at $4 in July 2010. It currently trades at approximately
$5.50 per share. Accordingly, its market capitalization has ranged from $3.4 million to
$12.8 million to its current level of $5.1 million. Thus, it was below the full
implementation level of the Sarbanes-Oxley Act (SOX) where the cutoff is a market
valuation of $75 million. The Chief Executive Officer (CEO), Michael J. Koss, the
founders son, and his family directly or indirectly own in excess of 70 percent of the
companys 851,000 shares. A $34 million embezzlement of cash from the Koss Corp.
occurred over a 12 year period from 1997 through December 2009.

June 30, 2009 10-K Report Excerpts

The Koss Corp. received an unqualified opinion on its financial statements as of June 30,
2009 and 2008 (as well as in prior years) by a Big Five auditing firm. However, in
accordance with SOX, the audit firm was not required to have, nor was it engaged to
perform an audit of Kosss internal control over financial reporting. The audit did
include consideration of internal control over financial reporting as a basis for designing
audit procedures that were appropriate in the circumstances, but not for the purpose of
expressing an opinion on the effectiveness of Kosss internal control over financial
reporting. The following excerpts are from the Managements Report in those same
financial statements.

Management believes that the financial statements have been prepared in conformity with
accounting principles generally accepted in the United States of America appropriate
under the circumstances and necessarily include amounts that are based on best estimates
and judgments. The Company maintains a system of internal controls to provide
reasonable assurance that assets are safeguarded and that the book and records reflect the
authorized transactions of the Company. Oversight of managements financial reporting
and internal accounting control responsibilities are exercised by the Board of Directors,
through an Audit Committee that is comprised solely of independent directors.

The Company maintains a system of disclosure controls and procedures that are designed
to provide reasonable assurance that information, which is required to be timely
disclosed, is accumulated and communicated to management in a timely fashion. The
Company, under the supervision and with the participation of the Companys
management, including the Companys Chief Executive Officer/Chief Financial Officer
(CFO), after evaluating the effectiveness of the Companys disclosure controls and
2
procedures, has concluded that the Companys disclosures controls and procedures are
effective to provide reasonable assurance..

The Companys management, including its CEO/CFO, is responsible for establishing and
maintaining adequate internal control of financial reporting and designing such internal
controls to provide reasonable assurance regarding the reliability of financial reporting
and the preparation of financial statements for external purposes in accordance with
GAAP. Management conducted its evaluation of its internal controls over financial
reporting based on the framework in Internal Control-Integrated Framework issued by
the Committee of Sponsoring Organizations of the Treadway Commission (COSO) as of
June 2009. Based upon this assessment, the Companys management, including its
CEO/CFO, believes that as of June 30, 2009, the Companys internal control over
financial reporting was effective based on the criteria set forth by COSO in its Internal
Control-Integrated Framework. This annual report does not include an attestation report
of the Companys registered public accounting firm regarding internal control over
financial reporting. Managements report was not subject to attestation by the
Companys registered public accounting firm pursuant to temporary rules of the
Securities and Exchange Commission (SEC) that permit the Company to provide only
managements report in this Form 10-K.

October 24, 2011 Accounting and Auditing Enforcement Release No. 3330
SEC v. Koss Corporation and Michael J. Koss, Civil Case No. 2:11-cv-00991
Excerpts

The SEC on October 24, 2011 filed a Complaint against, and proposed settlement with,
Koss Corporation (Koss) and Michael J. Koss (MJK), its CEO and former CFO, based on
Koss Corporations preparation of materially inaccurate financial statements, book and
records, and lack of adequate internal controls from fiscal years 2005 through 2009.
During this period, Sujata Sachdeva, Kosss former Principal Accounting Officer,
Secretary, and Vice-President of Finance, and Julie Mulvaney, Kosss former Senior
Accountant, engaged in a wide-ranging accounting fraud to cover up Sachdevas
embezzlement of $34 million from Koss. The SEC Complaint alleges that:

The yearly amounts stolen were significant to Kosss financial statements. For
example, during fiscal year, June 30, 2009, Sachdeva stole approximately $8.5
million, while Koss reported total sales of $41.7 million, a net loss of $257,000,
cash of $1.5 million, total assets of $29.6 million, and total equity of $17.1
million with retained earnings of $16 million.
Sachdeva and Mulvaney were able to hide the substantial embezzlements in
Kosss financial records in part because Koss and MJK did not adequately
maintain internal controls to reasonable assure the accuracy and reliability of
financial reporting. The $34 million embezzlement started in 1997 and ran until
December 2009.
While Kosss internal controls policy required MJK to approve invoices of $5,000
or more for payment, its controls did not prevent Sachdeva and Mulvaney from
stealing $34 million from Koss to pay for Sachdevas personal purchases (lavish
3
shopping sprees at Neiman Marcus among others) without seeking or obtaining
MJKs approval.
MJK knew that Kosss computerized accounting system was almost 30 years old
and he twice deferred proposals for a new system. Access to the accounting
systems could not be locked at the end of the month and there was no audit trail.
Sachdeva and Mulvaney were thus able to make undetected post-closing changes
(false journal entries) to the books and bypass an internal control requiring
Michael J. Koss to authorize those changes.
Koss did not regularly change the password to access the computers and
accounting terminals were not locked when unattended. Koss did not have
information technology (IT) security policies and controls to log and monitor
network and application security violations or to report incidents to management.
Due to the limited number of people working in Kosss accounting department,
many critical duties were combined and given to a few employees. Based upon
the fraudulent accounting books and records prepared by Sachdeva and
Mulvaney, Koss prepared, and MJK certified, materially inaccurate audited
financial statements and materially inaccurate current, quarterly and annual
reports.

Epilogue

Koss and MJK have consented to the entry of an injunctive order without admitting or
denying the allegations in the Commissions complaint. Under this agreement, the order
1) enjoins Koss from violating and MJK from aiding and abetting violations of the
reporting, books and records and internal control provisions of the Securities Exchange
Act of 1934 and 2) orders Michael J. Koss to reimburse Koss $242,419 in cash and
160,000 of stock options pursuant to Section 304 of the Sarbanes-Oxley Act, i.e., the
clawback provision. This bonus reimbursement, together with his previous voluntary
reimbursement of $208,895 in bonuses to Koss Corporation represents his entire fiscal
year 2008, 2009 and 2010 incentive bonuses.

A federal judge in Milwaukee has criticized the SEC for being too soft with corporate
enforcement, marking the third time the agency has been criticized for weak settlements
by a federal judge in the past year (the other two were both with Citigroup for similar
settlements of $258 million and $75 million without any admission of guilt). The
Milwaukee judge told the SEC that its proposed settlement with the Koss Corp. was too
vague and did not force the corporation to admit guilt. He asked the agency to provide
more facts within one month. In a related criminal matter in the U.S. District Court on
November 17, 2010, Sachdeva pleaded guilty to six counts of fraud, was ordered to pay
$34 million in restitution, and was sentenced to 11 years in prison.

In a separate lawsuit from the fallout of this embezzlement, the Koss shareholders
received $1 million from Kosss insurance company. The Koss Corporation is still
pursuing litigation against its auditors for failing to spot or alert Koss to this
embezzlement and is in the process of collecting approximately $680,000 in restitution
from the liquidation of Sachdevas retirement and stock ownership accounts.
4

President Obamas Council on Jobs and Competitiveness has urged Congress to make
compliance with all or part of SOX voluntary for all public companies with market
valuations up to $1 billion or, alternatively, to exempt all companies from SOX
compliance for five years after they go public. This job council report suggests that
weakening fraud protections is necessary to encourage more small companies to go
public in order to help create jobs and cites the fact that the lowest number of venture-
backed Initial Public Offerings (IPOs) had occurred in 2008 and 2009 since 1985.
However, since SOX was never fully implemented for companies with market valuations
below $75 million as noted above, it cannot be blamed for the drop in small company
IPOs.

Required:

1. Describe methods that Sachdeva and Mulvaney could have used to steal $34
million in cash over 12 years under Kosss existing internal controls.

2. Describe various false journal entries that Sachdeva and Mulvaney could have
used to cover up the $34 million theft of cash over 12 years.

3. Although Michael J. Koss reimbursed Koss Corp about $450,000 and gave up
160,000 stock options, he did not admit any guilt. What errors did he commit?

4. Recommend internal controls that Koss should implement to prevent future cash
thefts.

5. Did the Board of Directors and the external auditors have any blame in this case?



















5
Case Solutions

Questions and Answers:

1. Describe methods that Sachdeva and Mulvaney could have used to steal $34
million in cash over 12 years under Kosss existing internal controls.

Sachdeva and Mulvaney processed large wire transfers and cashiers checks (over 500 of
them) outside of the accounts payable system to pay for Sachdevas personal purchases
without seeking or obtaining Michael J. Kosss approval. As a result, Sachdeva, with
Mulvaneys assistance, was able both to initiate and authorize wire transfers of Kosss
funds to her personal creditors totaling $16.5 million, and to order cashiers checks
payable to credit card companies and her designated payees totaling $17.5 million.

Many account reconciliations were either not prepared or were not maintained as part of
Kosss accounting records. To the extent that reconciliations were conducted, they were
improperly performed by the same persons who initiated or recorded the transactions, i.e.,
Sachdeva or Mulvaney, enabling those persons to make modifications to the
reconciliations to cover up fraudulent entries.

2. Describe various false journal entries that Sachdeva and Mulvaney could have
used to cover up the $34 million theft of cash over 12 years.

Sachdeva and Mulvaney used various methods to disguise the embezzlements in Kosss
books and records. First, false journal entries reclassified cash to sales, thereby masking
Sachdevas thefts of cash as reductions in sales. Second, false journal entries were made
to eliminate sales and reduce cash balances. Third, false journal entries decreased both
accrued liabilities and Kosss bank account balance. Fourth, false entries increased
Kosss bank account balance and the costs of goods sold and decreased accounts
receivable, inventory, and finished goods which kept the inventory balance in check with
the false journal entries reducing sales and increasing the cost of goods sold. Sachdeva
and Mulvaney entered these false journal entries without any supporting documentation
for the transactions as was required by Kosss internal controls for legitimate
transactions.

3. Although Michael J. Koss reimbursed Koss Corp about $450,000 and gave up
160,000 stock options, he did not admit any guilt. What errors did he commit?

While Sachdeva provided Michael J. Koss (MJK) with reporting certifications for his
review, he did not conduct an adequate review of Kosss accounting in connection with
these certifications. Based upon the fraudulent accounting books and records prepared by
Sachdeva and Mulvaney, Koss prepared, and MJK certified, materially inaccurate audited
financial statements and materially inaccurate current, quarterly and annual reports. The
numerous false journal entries went undetected in part because of ineffective internal
controls, including MJKs failure to review adjusting entries and to verify that
6
reconciliations of accounts were in fact being performed on a regular basis. See
additional errors committed by MJK in the following internal control analysis.

4. Recommend internal controls that Koss should implement to prevent future cash
thefts.

Instead of lasting 12 years, this fraud could have been caught at the end of the first day
when the bank posts the wire transfers and cashier checks to Kosss checking account.
Today MJK would just have to review the Koss checking account online to catch this
fraud. In prior years before online access to bank accounts, MJK could have called the
bank or, at least, could have caught the fraud at the end of the month by doing a bank
statement reconciliation with the checking account balance on Kosss books after
reviewing all adjusting and post-closing journal entries.

Due to the limited number of people working in Kosss accounting department, many
critical duties were combined and given to a few employees. A single individual,
Sachdeva, had authority to sign checks, approve and, with Mulvaneys assistance, submit
wire transfers, review and, with Mulvaneys assistance, approve bank reconciliations and
maintain the general ledger. Koss did not properly segregate duties or assign someone
outside of the accounting function to provide an independent check and balance on
employees integrity and to maintain a sufficiently strong control system. Among other
things, different employees should have performed the separate duties of signing checks,
processing cash receipts and cash disbursements, and maintaining books of original entry.
Such duties need to be separated in the accounting department. Even though Koss is a
small company, various non-accounting executives should take more supervisory duties
in approving and reviewing material accounting transactions. The CEO should not also
be the CFO.

Koss did not regularly perform monthly reconciliations of its bank accounts or balance
sheet accounts. Koss did not have someone outside the accounting department, such as
MJK as the CFO or the Vice President of Operations, review large wire transfers,
cashiers checks, or the recording of payments on accounts payable when not processed
through the accounts payable system. Koss did not adequately periodically review
documentation to support the general ledger entries to verify that the corresponding
transactions were being executed in accordance with Kosss accounting policies and
recorded as necessary to permit preparation of financial statements in conformity with
GAAP with respect to completeness, existence, occurrence, right and obligation,
measurement and valuation.

Many account reconciliations were either not prepared or were not maintained as part of
Kosss records. To the extent that the reconciliations were conducted, they were
improperly performed by the same persons who initiated or recorded the transactions, i.e.,
Sachdeva or Mulvaney, enabling those persons to make modifications to the
reconciliations to cover up fraudulent entries. MJK did not review or verify the existence
of reconciliations. MJK also did not review or verify the appropriateness of any unusual
7
reconciling items and did not review or authorize any adjusting journal entries. Support
for adjusting and post-closing entries was not documented.

In his review of Kosss monthly financial statements, MJK did not inspect the general
ledger detail trial balance (which details all of the posted transactions), significant journal
entries and the reconciliations of all subsidiary ledgers or schedules that supported
significant account balances. MJK did not investigate unusual or infrequent journal
entries on a regular and recurring basis.

Kosss internal controls over cash were inadequate. While Kosss internal controls
policy required MJK to approve invoices of $5,000 or more for payment, its controls did
not prevent Sachdeva or Mulvaney from processing large wire transfers and cashiers
checks outside of the accounts payable system to pay for Sachdevas personal purchases
without seeking or obtaining MJKs approval. In addition, there was no independent
review of the petty cash account. Although MLK was required to review accounts
payable checks before the checks were mailed, MJK and Sachdeva were each authorized
to independently withdraw or transfer funds from Kosss bank accounts. As a result,
Sachdeva, with Mulvaneys assistance, was able both to initiate and authorize wire
transfers of Kosss funds to her personal creditors totaling $16.5 million and to order
cashiers checks (over 500 of them) payable to credit card companies and her other
designated payees totaling $17.5 million.

The most significant total dollar amounts of improper journal entries were made to
understate sales and overstate cost of sales. Although monthly analytical procedures
were performed, the procedures were not sufficient to detect unusual relationships
between critical items, inconsistency with trends developed over Kosss operating
history, balances which were out of line with expectations or any other unusual items.

MJK knew that Kosss computerized accounting system was almost 30 years old and he
twice deferred proposals for a new system. Kosss and MJKs failure to implement and
maintain effective controls over Kosss information systems in part allowed Sachdeva
and Mulvaney to carry out the embezzlement and accounting fraud. Because access to
the old accounting system could not be locked at the end of the month, Sachdeva and
Mulvaney were able to bypass an internal control requiring MLK to authorize changes to
the monthly books after they were closed. Thus, they accessed the accounting system
and made improper post-closing entries.

MJK did not properly verify that Kosss accounting systems were secure or adequately
monitored. Kosss computer system did not have an audit trail of usage, so there was no
record of who made entries into the accounting system. Koss did not regularly change
the password to access the computers and accounting terminals were not locked when
unattended. Koss did not have IT security policies and controls to log and monitor
network and application security violations or to report incidents to management.
Without propr access controls, Kosss financial data could be retrieved and used by
unauthorized individuals, accounting data could be lost or changed, and programs could
be tampered with or destroyed.
8



5. Did the Board of Directors and the external auditors have any blame in this case?

Why didnt either the Board or the external auditors discover the following internal
control deficiencies and expand their work? Kosss computerized accounting systems
were almost 30 years old and access to the accounting systems could not be locked at the
end of the month and there was no audit trail. Sachdeva and Mulvaney were thus able to
make undetected post-closing changes (false journal entries) to the books and bypass an
internal control requiring Michael J. Koss to authorize those changes.

Due to the limited number of people working in Kosss accounting department, many
critical duties were combined and given to a few employees. Both the Board and the
external auditors should have identified the major internal control deficiencies previously
discussed. The major deficiency was little separation of duties in the accounting
department without any external supervision. Even though Koss was a small company,
various non-accounting executives should take more supervisory duties in approving and
reviewing material accounting transactions. The CEO should not also be the CFO. Due
to these limitations in internal controls at this small company, the Board should have
insisted that the external auditors do a formal internal control report as required by SOX
for larger companies. For the same reason, the external auditors should have insisted on
such a report. Accordingly, the Koss Corp. is pursuing litigation against its auditors for
failing to spot or alert Koss to this $34 million embezzlement which lasted over 12 years!